APIPA: Automatic Private IP Addressing

Have you ever found that you could not pull up a web page, and while troubleshooting the problem you found an unexpected IP address of 169.254.x.x? What did you later find out the trouble was? I will bet a dollar that for some reason, your computer could not find the DHCP server.

Windows and Apple computers (and some Linux flavors) have a default setting in the operating system that is based on international standards. When the interface is configured for DHCP but is unable to receive a response from a DHCP server, the OS automatically configures the interface with an address.

First of all, I assume you know what an IP address is. And you know what DHCP is? Let's keep this short and sweet and you can look up the details in Wikipedia later on if you need. An IP address is what ubniquely identifies your computer on the internet; without an IP address, you can be found. Imagine if your house did not have an address; how would you get any mail?

DHCP stands for Dynamic Host Configuration Protocol. You can either configure your network interface for DHCP or assign it a static address. If you assign static, that means you have to manually assign an address on every PC, one at a time. If you administer 100 PC's, that can get complex and time consuming. DHCP allows each PC to request an address from a server (as well as the Gateway and DNS addresses). This allows the administrator to set up one server, let the PC's configure themselves, and go home early.

However, cables break. Segments fail. Routers and servers fail. Stuff happens. If your PC is configured for DHCP, it sends out a request, and it never hears a reply, what can it do?

Well, it could just continually transmit requests; however, this consumes resources and becomes pointless after a few minutes. It could cause a hardware failure if this scenario was not planned for by the design engineers. It could disable the interface; however, when the DHCP server becomes available you are at a disadvantage--especially if you are a novice without support.

The solution is to allow APIPA to assign a private address to the network interface. This simply ends the DHCP request process and keeps the interface alive. Later, when the DHCP server is functional, the interface will automatically discover it at reconfigure itself. Windows will assign an APIPA address and attempt to discover the DHCP server every 3 minutes (5 minutes if the DHCP lease expired while connected) by default.

APIPA is an IANA (Internet Assigned Numbers Authority) standard, which means that it is applicable to the internet as a whole. The IANA has assigned the IP range of 168.254.0.0 through 169.254.255.255 as APIPA addresses only. These addresses are not routable and can be used by anyone without registering. However, without a functional DHCP server, you probably have bigger troubles on your hands than addressing.

MCDST

I am well on my way now to the MCDST, or Microsoft Certified Desktop Support Technician. This consists of two exams, the 70-271 and the 70-272. Both of those tests cover your ability to install, upgrade, and support Windows XP. Passing either one of them will make you an MCP, or Microsoft Certified Professional. That adds another line to your resume and another Logo to your email signature but doesn't really impress anyone.

After passing both of them, you earn the MCDST. That still isn't much, but it is something. Three more tests later (70-270, 70-290, and 70-291) and you are an MCSA, or Microsoft Certified Systems Administrator. This is a more common and slightly more impressive cert. The crowning achievement is the MCSE, but I have my eye on other achievements.

My company is encouraging us to get the MCDST. My company pays the bills, I like the job, and the MCDST is not far off of my career goals. Therefore, that is my current focus. I am using "Skillsoft" CBT's (Computer Based Training) to study for the 70-271. I am also using resources on the Microsoft websites, especially Technet. I am hoping that will be sufficient for these entry-level tests. Since this is not a lifelong dream, I am trying to avoid coughing up my own cash for the certification.

What I really want is to study security, beginning with firewalls. I would like to pass the Cisco 642-552 "Securing Network Devices", with an eye on the FIrewall Specialist cert, and then the CCSP "Cisco Certified Security Professional".

However, I am also keeping an eye on the big picture. I cannot do everything I want all at once without neglecting my family. Achieving my goals at the expense of my family seems like ultimate failure. Also, I feel a need for a graduate degree to expand my future options. Therefore, I have begun my MBA studies at Baker University. Finally, I need to play besides work, so I am training for a marathon in 2008. I also waste an hour or so a day in front of my TV, but I often watch documentaries to feel smart while being lazy.

If you are interested in the MSDST, stay tuned. I will let you know how the study goes and what the exam is like.

CCNA Obtained

On October 30, 2007, I obtained my CCNA. That was the original point of this blog; to aid me in my pursuit of my CCNA. However, this blog will continue on as I develop myself.

Now that I have my CCNA, I have a taste for Certifications. It is like a Shark; normally, they don't view humans as a source of sustenance. However, once they have tasted an arm or a leg, they will come back for more. At least, that is what I learned by watching Jaws.

Certification is only meaningful if you make it so. I am not making more money today, nor I am truly a better engineer just because I have certificate and wallet card from Cisco. However, my thinking is a little different. I am more confident. I have a sense of accomplishment from setting and achieving a goal. I also have more ammunition when presenting myself as an expert in a situation: Cisco says that I am a CCNA, what have you got?

My company wants us to obtain our Microsoft Desktop Support Technician certificate (MCDST). It is not something I am excited about, but it won't hurt. It consists of the 70-271 and 70-272 exams, and covers your skill at supporting Windows XP on individual PCs in workgroup and domain networks. Passing either exam designates you as a Microsoft Certified Professional (MCP), which is another line on your resume and another logo under your email signature. Successfully passing both exams gets you the MCDST, which will make my VP happy.

Three more tests after that and you are a Microsoft Certified System Administrator (MCSA). That is a little more interesting to me. From MCSA to Microsoft Certified Systems Engineer (MCSE) is just a few more tests. Combining MCSE with a Cisco specialist certification will definitely help out in the marketplace.

Which brings me to what I want to do. I want to get up to speed on firewalls. I have a lot to learn on routers and switches, but I am competent enough now to get the job done. I am not very knowledgeable on VPNs and security using firewalls. In the future, I would like to spend a lot more time on network security. Therefore, in 2008 I will work earnestly towards passing the Cisco 642-552 Securing Network Devices (SND) exam. This will extend my CCNA certification past October 30, 2010. It will also count towards a Cisco Firewall Specialist designation, and ultimately towards the Cisco Certified Security Professional (CCSP), which is like gold.

I have to pay the bills, and my current job is doing that well, so I am buckling down on the 70-271 right now. I hope to pass that during my two weeks of vacation at the end of November. That exam will spell out the rest of my journey. If it is as easy as I hope, then I will complete my MCDST by January and then focus on the Cisco SND exam. If the 70-271 is tricky and requires more brain cells than I am willing to commit, I will scrap it and try to convince the powers that be that my SND is much more valuable to them. Stay tuned.

Classfull / Classless Routing

There are three main classes of IP addresses. You know about A, B, and C already, right? If not, you are lost already; this is not the post for you. You need to gain an understanding of IP addresses before you venture further. It is painfully boring, but it is information you will use on a daily basis in the networking world. Just Google or Wiki "IP addressing and subnetting".

Your Cisco router is classfull by default. This means that it will obey the conventions of the IP classes when routing. If you have configured RIP as your routing protocol and enabled the network 172.16.0.0 for broadcasts, then your router will assume that the interface with an address on 172.16.0.0 will be able to route all 172.16.0.0 traffic.

Here is the problem: Let's say that Fastethernet 0/0 on your router is at 172.16.1.1 with a 255.255.255.0 address. This means that it is attached to a network that includes 172.16.1.1 through 172.16.1.255, right?

Now, your router is also attached to a 10.10.10.0 network, which attaches to a remote router with an interface in the 172.16.99.0 network (/24 or 255.255.255.0 subnet mask, as well.) Therefore, the remote router (which shares RIP updates with your router) can get to 172.16.99.1 through 172.16.99.255 and your local router knows this; you can see it in the routing table.

The point of using RIP is so that your router and the remote router talk to each other and share this information, right? So, if your local router receives a packet destined for 172.16.99.100 it should look in its routing table and see that the most specific match is to use the 10.10.10.0 network and route the packet to the remote router, which has a directly connected interface in the 172.16.99.0 network. However, if you have left the router defaulted to "classfull", this will not happen.

If your router is operating as classfull, it will take a packet destined for 172.16.99.100 and only look at the "172.16" portion. That is bacause those are the only octets relevant in a class B address. If it is only looking at the first two octets when it makes its routing decision, the router will choose the directly connected interface with "172.16" every time--even though that interface does not have access to 172.16.99.100. Stupid router.

If you want to make your router a free spirit, throw out the conventions of classfull routing, break all the rules, and find its way to 172.16.99.100, you need to enter the following command:

Router(config)#ip classless

Your router will no longer have any class, just like you. More importantly, your router will look for a more specific match in its routing table, taking into account the subnets that it knows about through RIP.

IGRP Facts

Interior Gateway Routing Protocol (IGRP) is an improvement on RIP, but just barely. I have never seen it in use in the field, nor have I ever read someone claiming that IGRP is the best protocol for a specific purpose. Basically, it is an option on Cisco routers so you need to know about it if you are studying for certification, but you will probably never need this information in real life.

Real world routing protocol advice: if you have a small, simple network use RIP to dynamically share routing information among routers. If you have a large, complex network and/or security is a concern, use EIGRP. The other protocols (IGRP, OSPF, and IS-IS) are just about worthless in comparison to RIP and EIGRP. The only caveat to this is if you are connecting your network to a non-Cisco powered network. In that case, your routing protocol will be dictated by the capabilities of the neighbor router, and OSPF may be your best choice here. Let's hope that never happens to you.

IGRP Facts

I just want to share a few quick facts about IGRP that you may not know which will help when you sit for a Cisco certification:

-The components of the IGRP routing metric are bandwidth, delay, reliability, load, and MTU.

-IGRP differs from rip because IGRP is more suitable for large networks, it uses a more flexible metric for route selection, and it can select multiple non-equal paths to a destination.

-When you configure IGRP for un-equal cost load-balancing, you must observe several rules. First, The maximum paths you can set is 6. Second, The next-hop must be closer to your destination than the local router, according to the local router's best path. Third, the alternate path metrics must be within a specified variance of the best local metric.

Quit Buggin Me

There is a command that I so rarely need that I sometimes forget its syntax when I do need it.

Have you ever been on a router where someone left debugging on? Perhaps it was you, or it was the last dial-in support jerk who did what he had to do and left the debug on because...why would he care if debugging is on, he's out of it.

Anyhow, debugging is on and scrolling crap accross your screen so fast you can't remember where you were in the command you are typing out. Remember this gem:

router#no debug all

Do yourself, and the next guy, a favor: remember to enter that command when you resolve the issue you had debuggin on for, huh?

My Favorite Router Commands

I hate to wait for anything, and I hate for anything to slow my momentum when I am trying to get something done. Unfortunately, Cisco routers, by default, are designed to make me mad.

First of all, they are designed to lookup every single command you type--or mis-type. First, the router looks in its own database of known commands. It then goes out to a domain server to look for additional commands. If you have not established a domain server (why would you?) then it goes to 255.255.255.255 and waits for someone to respond to the request. Of course, no one will. After an eternity (I think it is 30 seconds) it times out. If you are fast but inaccurate, you will see this alot and it will drive you nuts. Fortunately, there is a remedy:

Router(config)#no ip domain-lookup

That one is going to save me from having a full head of gray by the time I am 40.

Another thing that drives me batty is when the router is scrolling errors while I am trying to read an output or type in a long command. If an interface is bouncing or EIGRP is running into issues, I would rather the router wait until I am done typing before it scrolls its lines of complaint. Therefore, when I am configuring the logins for console and vty, I add the following line:
Router(config-line)#logging synchronous

CoRuSt

Just a quick update to share a joke that just popped into my head. Maybe no one would find this funny, but only a brilliant network geek would even understand that Jesus copy run starts.

OSI Model: Layer 3 - The Network Layer

Okay, we are building our network communications one layer at a time. We have built the Physical Layer 1, which is the cabling and electricity. We then addressed the devices plugged into the cabling and checked the electrical signals for errors at Layer 2, the Data Link Layer. Now we are ready to build our Network Layer, Layer 3.

Why do we need a Layer 3? We already have electricity, cables, and addressing. Let's gets this show on the road, right? Well, before we begin to transmit email, web pages, pictures, and phone calls, we need to subdivide our network.

The Postal System is often a great method of illustrating network principles. Imagine that every house in the U.S. had a unique address, and that is all the post office had to go on. Without the information of street, city, state, and zip code, any house would be difficult to find. Now imagine that when you move, you have the option to take that unique address with you: you are now even harder to find.

Layer 3 allows us to subdivide all the devices on the Internet into logical hierarchies. This makes finding your way through the Internet much easier. Layer 3 also limits traffic on local networks, making your network more efficient. Finally, layer 3 allows you to limit access to a network, increasing security.

Layer 3 is all about routers. At Layer 1, you have everything plugged into a cable: PC, server, printer, etcetera. At Layer 2, you subdivided the wires with a switch to make sure that the wires were used more efficiently. A network can be one cable connecting two devices, a switch connecting several devices, or even several switches. At some point, that network becomes too large; too many switches, cables, and devices. It is time to subdivide that network with a router.

In this case, you may have 46 devices connected to two switches, with those two switches connected to each other (with a cross-over cable.) It may make sense to create two networks here, with a router dividing the two switches.

Why divide the two switches? Because there are many times that a device needs to broadcast a packet to every device in the network. An example is when a PC knows the IP address of a resource it needs (e.g. a printer or server) but does not know the MAC Address. The network will be more efficient if the PC transmits its data directly to the MAC address of the destination device, allowing the switch to do its job of connecting the two ports based on a MAC address. However, the PC needs to first learn that MAC address, so it broadcasts to every device a request for the MAC based on the IP address; this is define by Address Resolution Protocol (ARP). It happens constantly; a PC does not retain a table of MAC address for very long because an efficient network does not require it and the database could grow very large.

ARP is a low impact to an efficient network. However, if you have hundreds of devices you will clog your network with these broadcasts and the real data will never get through. Therefore, you use a router to subdivide a network into a broadcast domain. That way, if the PC needs a resource that is local, it can broadcast to the few devices on its network and find the resource. If the IP address is not local, rather than broadcasting an ARP request the PC can transmit the packet to its default gateway and let the network infrastructure find the proper device. Routers and switches are designed to know how to find network devices, PCs should be allowed to just worry about their job of user functionality.

Routers are the end of a network broadcast. Switches will receive a broadcast and forward it out all ports in that network. A router receives a broadcast, responds to it, if necessary, directly to the device who initiated it, and that is the end of that broadcast. The only way to get to other computers on other networks is through a router; therefore, if the router does not send the broadcast to the other networks, the broadcast will remain local. This prevents my PC and network from being effected by broadcasts on your network that have nothing to do with us.

Ownership: There are times when you want to divide ownership of a network. For instance, you may be willing to maintain the network in your home, but you are unwilling to maintain the cables and devices between you and the Google servers. Therefore, you establish your network and divide it from your ISP's network with a router. More importantly, your ISP would want to subdivide networks to keep its interests divided from its competitors.

Efficient Administration: The Internet is a big place. Layer 3 helps us to keep this manageable. First of all, layer 3 addressing allows us to form a system similar to the Postal system of states, cities, and zip codes; Layer 3 allows us to create hierarchical networks. At Layer 2, every device was equally on the same network. At Layer 3 we can subdivide address down to hosts of thousands, hundreds, tens, or even just two. That way, not every router needs to know the address of every host on the Internet; that would require a database of gigabytes and the processing power of several computers. With hierarchical networks, your router just needs to know about its local peer networks and the next higher-layer router (usually your ISP's router). Once your packet reaches the ISP router, it will quickly find its way to a router that knows the way to your destination.

Security: The Internet is a scary place. It is easy to gain access to critical systems and data anonymously and disappear without a trace. One way to limit security risks is to use Layer 3 subdivision. Obviously, subdividing yourself from a network that you neither own nor control will increase you security. You may also want to subdivide two networks that you own. For instance, you will probably want to divide the accounting department from the sales department. This will not only improve their network performance and ease the administration of both networks, it will allow the administrator to control the access to each network. In that manner, a malicious sales person will be less likely to access the data in the accounting department. Other precautions are necessary, but subdividing networks is a large step in preventing security breaches.

How to "See" Layer 3: There is a quick and easy way to view Layer 3 from your Windows computer. If you are on a MAC, I can't help you; maybe Google can. If your are on a Linux machine, I assume that you already know how to view your IP address, route table, and perform a traceroute. If not, Google it.

On a Windows computer, click on Start, then Run. In the white text box, type "CMD" and hit return. This will pop-up a black screen with white letters known as a Command Prompt now; we used to call this DOS. Anyhow, at the ">" prompt, type "ipconfig" and hit return. You will now see several lines, depending on your configuration. The first line of interest to you is the IP Address. The number depicted is the address used to locate your computer in the network. The second line to look at is the Subnet Mask. In a future post, I will explain how this can be used to subdivide a network for efficiency and convenience. The third line to notice is your Default Gateway. This address is the router on your network that allows your PC to find other networks.

Your PC knows that the subnet mask determines your local network relative to your IP address. Based on those two numbers, your PC will know if you are trying to access a device on another network and will send that data to the Default Gateway (a specified router).

Another method of viewing Layer 3 on your PC is to use the CMD window and type "route print". This is called a routing table; it is similar to what routers use to find their way around the internet. PCs keep a very general and small routing table; many routers would fill your screen with known routes.

A third way to view Layer 3 on your PC is to use the CMD window and type "tracert 4.2.2.1". Tracert is the command for trace route, a standard network tool that works on Windows, Linux, Unix, Routers, Switches, and various other devices. Almost anything on a network that understands Internet Protocol (IP) will understand trace route, even if the command is a little different.

Trace route sends a packet to the host you specify, in this case it is a DNS server at 4.2.2.1. The packet you send tells the host to simply reply back to you and let you know they exist. Your PC then sends another packet to this same host, but configures it to be rejected one router before it reaches the destination. The router that kills that transmission is identified in a packet that it sends back to you telling you that it will not allow you to go further. Your PC now knows what router is next to last and sends a packet to die two routers before the destination, which identifies itself in a message sent back to you.

In this manner, your PC is able to map out the path between you and your destination. You can also get this to work by typing "tracert www.google.com" or whatever your favorite website is. Trace route may show a different path each time; this demonstrates how dynamic routing can be.

There are two ways that routing can work: statically or dynamically. A static route is one that you type in. For instance, you can create a static route on your PC to send all traffic for outside networks to a default gateway, which is the third line you observed in the output of "ipconfig". This makes it easy: you pass the responsibility to someone else. However, someone needs to know how to get around the Internet, so you usually do not want just a "Default Gateway" programmed into every router. Routers should know more than PCs.

If you tried to type a static route into your router for every network on the Internet, it would take your whole life and be out-of-date within a few seconds. Connections go up and down, networks change locations and sizes, and prices to connect between some routers change. Therefore, you need a way of deciding quickly and easily what the best way is to traverse the Internet. Therefore, since routers can store millions of lines or more and can think at billions of times per second, it is better to just let them manage the network. This is called dynamic routing. The routers talk to each other and share information about what is connected to them and what shape those connections are in. In this manner, routers can always know better than a human how to get around. I wish there was a way for our cars to do this during rush hour.

I go into a little more depth about this in my post on Routing Protocols.

To summarize Layer 3:

• Layer 3 increases performance by limiting broadcats allowed by a switch.


• Layer 3 allows for security by creating divisions between disparate users.


• Layer 3 allows for better and more efficient organization of networks.


• Layer 3 is run by routers.


• Routers divide networks into hierarchies.


• Routers dynamically discover paths accross the internet.


• Without Layer 3, the Internet would be too large and inefficient to navigate.
  

Layer 2

Layer 2 - Data Link Layer: Layer 2 is the domain of switches. You may not have a switch at home, but your PC at work certainly connects to one. The idea at Layer 2 is this: provide a software solution to address the physical layer devices, and provide a means of verifying that the physical signal is error free.

The most common method of implementing Layer 2 on the Internet is called Ethernet (that first "e" must be pronounced as a long e, as in "eat" or I will pounce on you...sorry, pet peeve of mine). With Ethernet, every device has a Media Access Control (MAC) address. In this manner, my computer's Network Interface Card (NIC; where the cable plugs into the computer) can address a message specifically to your computer's NIC if we are both on the same network. Without layer 2 addressing, if our two computers needed to talk to each other they would have to send a message to every computer on the network at once. In the meantime, those computers may be sending a message to everyone at once. It sounds like my family reunions, but it is a nightmare in the networking world. Layer two allows two device to have a quiet conversation with eachother without bother everyone else on the network.

Once devices are addressed, Ethernet at Layer 2 describes a means to pass the digital message to the physical wire or radio. This is done in an Ethernet frame; the frame is a specific pattern that must be followed to create a digital signal. The is a set length that the frame can be and there is a specific order of items that the frame contains. Included in this frame is the destination address, the source address, an identification of the type of frame it is (data, finally, Ethernet adds a Cyclical Redundancy Check (CRC) calculation to the end of each message that is passed to the physical layer; this CRC allows the remote device to verify if the message received is complete or corrupted compared to the message sent. I wish the English language had this feature built into it.

The most interesting thing at Layer 2, for me, is how it allows you to optimize and subdivide networks. Ethernet only allows one device to use the wire at a time. If two devices try to use the wire simultaneously, this is called a collision. If you have ever tried to merge onto a busy road, or get a word in edgewise among talkative people, you know how inefficient and frustrating it can be to have to wait your turn. Waiting your turn should be unnecessary in the computer world; everything should be instantaneous and perfectly efficient.

By using a switch, you can limit collisions. First, you make sure that there is only one device plugged into each port of the switch. That way, the only two devices on each wire are the switch and one other device (a PC, server, printer, router, another switch, etc...) By using Layer 2 MAC addresses, the switch can then determine which two ports to connect for each conversation. For instance: Assume that I am on Port 1 and the network printer is on Port 20. When I need to send a print job, I can do so immediately since the wire is dedicated to me. First, my PC uses Address Resolution Protocol (ARP) to discover the MAC address of the printer based on its known IP address (which is coming up in Layer 3). My PC then sends out an Ethernet frame onto the wire with my MAC address as the source and the printer's MAC address as the destination. The next device in the physical path, the switch, receives this frame on Port 1, reads the destination port, checks its list of known MAC Addresses per port (the CAM table) and forwards the frame to port 20.

Prior to the affordability and prevalence of switches, people often used hubs to connect a network together. With a hub, everyone is connected to everyone else automatically; you are all on the same wire, essentially. Therefore, if I try to download music on my computer while you are trying to send a print job, we will collide. Then, our PC's each wait a random interval before trying to use the wire again. In the meantime, either the wire is unused or someone else seizes the opportunity to check their email. The network is a lot slower. Imagine have 8 teenage girls in a house with one bathroom. Now imagine that same house with 9 bathrooms (to include a place for your hygiene). Which house would have fewer boyfriends waiting in the parlor?

A switch can be subdivided into VLANs. This subdivision is accomplished at layer 2. To connect VLANs, you need to move up to layer three. A switch has multiple ports, and normally every port has access to every other port on the switch. If you tell the switch that some ports should be in VLAN 1 and others in VLAN 2, then the switch will make sure that frames are not switched to ports from one VLAN to another. There are times when a device will broadcast a series of frames to every device on the network; by subdividing a switch into multiple VLANs, you make sure that broadcasts are not received by devices that are unrelated. Broadcasts take up time and bandwidth; therefore, the fewer broadcasts that each network experiences, the better. This is called creating a Broadcast Domain.

Layer 2 also ensures that the physical layer did not corrupt the frame during transmission. If a cable is experiencing excessive resistance which degrades the electrical signal, or if the signal is interfered with from Electrical Magnetic Frequency (EMF), the received frame may be quite different from what was transferred. Layer two adds a value to the end of the packet that is based on the numeric value of the data that is transmitted. The receiving device looks at the bits coming off the wire, adds up their numeric value, runs a calculation on that value, and then com[pares its answer to the value that was added by the transmitting device to the end of the frame. This is called a Cyclical Redundancy Check (CRC). It is a mathematical method of determining whether the data has been accurate received compared to what was transmitted.

How to "See" Layer 2 on your PC: You can see layer 2 on your Windows PC easily. First, click on the Start button, then the "Run" button. In the white text box, type "CMD". In the black box that pops-up here, type "ipconfig -all". Look for the line that says "Physical Address". That code is your MAC Address, in hexadecimal form.

To see more Layer 2, type "arp -a". This will show you all the MAC addresses that you PC knows about. Remember, MAC addresses remain local your network. Therefore, your PC will never know the MAC address of the Google server, nor does it need to. It only needs to know what the MAC address is of the router on your network that will take you to Google, which is probably the only thing in your ARP table right now. If you know the IP address of another device on your local network, such as a PC or printer, "ping" it and then do "arp -a" again. You will now see the MAC address of that device in your ARP table's output.

To sum up, Layer 2 provides addressing, collision avoidance, and error checking. The key concepts at Layer 2 that will further your knowledge are MAC Addresses, CRC, ARP, and VLANs. Understanding the importance and mechanics of collision and broadcast domains will help you grasp concepts of layers 2 and 3, as well as help you design efficient networks throughout your career.

Helpful Links

Until I get a chance to continue with my OSI Model discussion, I want to post two helpful websites to develop your knowledge of networking:

Firewall: This is a fantastic website full of free information.

Bright Spark/Celtic Rover's Internetworking Gateway: Another fantastic, free site jam-packed with networking information.

OSI: Layer 1 - The Physical Layer

Layer 1 - Physical: This is the wires and connectors of the network, as well as the electrical signal on the wire. Examples that you can see on your computer right now: The network cable that runs to the wall, switch, or cable modem. Also, there is probably a green or amber light next to that cable which is evidence of physical, Layer 1 connectivity. If your network connection is ethernet, the cable plugs into your computer using an RJ45 jack and the cable is called Category 5 (Cat 5; you may have Cat 6 if you are really up to speed). If you are on dial-up, then the phone cable connected to your computer is using an RJ11 jack and Cat 3 (or, twisted-pair) cabling for Layer 1. If your computer is using wireless 802.11 to connect to the internet, then the antennaes and radio signal are the physical, Layer 1 elements.

The physical layer is usually the most common culprit of network connection problems. Cables have a tendency to get unplugged, cut, pinched, damaged, or just plain go bad. Also, it is possible you have the wrong type of cable, there is electrical interference, or power issues. A wise troubleshooter will always verify physical connectivity twice before proceeding with any troubleshooting; I cannot tell you how frustrating it is to troubleshoot for an hour using every advanced resource available to you and then find out that the cable is unplugged.

Layer 1 is the third largest consideration in designing a network, after considering cost-justification and security. You need to make sure you have the right cables and adapters for the network, and that they will be secure from damage, interference, and maliciousness. You also need to plan for the limitations of your signals; cables can only be so long and can only handle so many users. Radio signals are easier to prevent damage to, but are increasingly running into problems with interference and will never be the most secure solution. Radio signals are also faced with many limitations and will make a larger impact in your budget.

The OSI Model Overview

Before I take off more advanced CCNA topics, I feel like I should first re-visit the fundamentals. This will help any reader who is starting out, and it will ensure that I myself am building on a solid foundation. Every baseball player re-visits the fundamentals in spring training camp; by the same hand I know that I would also benefit from some fundamental.

The fundamental concept that builds networks today is the Open Systems Interconnect (OSI) model. This model drives the design of network appliances, network application software, network protocols, and network cabling. It also assists the field engineer with designing and troubleshooting networks. Understanding the OSI Model is essential if you wish to have success at any level or in any function of networking.

The OSI model describes the seven logical layers of networking. This is not something tangible; you cannot hold an OSI layer in your hand or click on an icon to view it. You can hold or click on items that are examples of the OSI concept, but in the end these are just concepts that all the networking geeks have agreed on.

The real purpose of the OSI model when it was first written was to make sure that everyone who designed a piece of hardware or software intended for a network could do so and ensure that it would be compatible with all the other devices in a network. The OSI model is like a framework upon which to build the details of network communications. The details are listed elsewhere, such as by the Internet Engineering Task Force and the Institute of Electrical and Electronic Engineers.

The OSI Model consists of seven layers:

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

To remember this order, I like to use the mnemonic phrase Please Do Not Throw Sausage Pizza Away. Another good one, though it is in reverse order: All People Seem To Need Data Processing. A learned a new one (also reversed) tonight: All People Standing Totally Naked Don't Perspire.

In the future, I will describe each layer in a little more depth.

Overview of Routing Protocols

There are routing protocols and routed protocols. Examples of the latter are HTML and SMTP; these are protocols that are routed between networks and their purpose is to facilitate the end device's purposes. Routing protocols assist with routing; they facilitate the intermediate devices that make up the infrastructure of the internetwork.

Why do we need routing protocols? Ask yourself this: if you had to tell your computer how to get a packet to Google's website, would you know the way? Of course not; there are routers between you and Google that you do not know about, you do not know what traffic conditions exist, what links are down, which links are more reliable and/or cheaper to use, which are faster, etc. Therefore, you allow the routers to make those path decisions for you.

How does a router know the best way? Well, one way is to build a routing table on each router. If you are connected to, and enabled on, a router you can type "show ip route" to display the router's known paths. This table will automatically show networks that are directly connected to it. For instance, a router may have two interfaces, and one network on each interface: 1.1.1.0 on "Ethernet 0" and 2.2.2.0 on "Ethernet 1". If the router receives a packet that has a source destination for network 1.1.1.0 or 2.2.2.0, it will know which interface to use to forward this packet since those networks are located on the router.

If you have not provided further instructions to the router and it receives a packet destined for network 3.3.3.0, it will not know what to do with the packet and will return "Network not available." If you do not tell a router about other networks or provide a means to learn about other networks on its own, it will only know about the networks that are physically, directly connected to it.

To teach your router the path to a network that is not directly connected to it you can add to the route table by programming a "static" route. In this manner, you decide how the router finds the network 3.3.3.0. You can type in "ip route x.x.x.x s.s.s.s y.y.y.y" Replace the x with the destination network, the s with the subnet mask for that network, the y with the address of the router that your router knows about (directly connected network or statically assigned) and will use to find the 3.3.3.0 network. For instance, assume that your router (Router 1) has an interface named "Ethernet 1" which is attached to the 2.2.2.0 network. In that network, Router 1's "Ethernet 1" interface is addressed as 2.2.2.1 and there is another router at address 2.2.2.2 (Router 2). Router 2 also has two interfaces: "Ethernet 0" is on the 2.2.2.0 network and "Ethernet 1" is on the 3.3.3.0 network. Therefore, if Router 1 needs to forward a packet to 3.3.3.x, it can send the packet to Router 2, which will know exactly what to do with it.

Router 1 does not intuitively know that it can send these packets to Router 2. By creating a static route statement Router 1 now knows to send all packets for network 3.3.3.0 to Router 2 using interface "Ethernet 1". Here's the rub: If you did that for every network you needed your router to know about, you would soon end up with a very long and confusing routing table.

Imagine programming statements to www.google.com, www.yahoo.com, www.thekansascitychannel.com, etc... Every time you wanted to go to a new website or send an email to a new organization, you would have to create a static route statement on every router between you and your destination. Because network conditions change often, you would need an army of people to keep that table updated.

Another method would be to tell Router 1 to send all unknown packets to Router 2. The command for this is "ip route 0.0.0.0 0.0.0.0 2.2.2.2". We call this the "Gateway of Last Resort". The zeros in the place of the address and subnet mask are wildcards that tell the router to match all values. In other words, the 0 in each octet represents any value between 0 and 255, which covers any and all scenarios.

This is a great solution for Router 1: when in doubt pass the buck. It is also a great solution for finding network 3.3.3.0 since Router 2 has it directly connected. However, what if Router 1 receives a packet addressed to a device on network 4.4.4.0? It will forward the packet to Router 2 and be done with it. However, the network 4.4.4.0 is not directly connected to Router 2; if we have not told Router 2 how to find this network, we will end up with "Network Not Available" again. If we setup a "Gateway of Last Resort" on Router 2, we will move the packet further along the Internet, but who's to say that the next router will know how to find network 4.4.4.0? Also, are you sure that you didn't set Router 3's "Gateway of Last Resort" to Router 1, which puts the packet in an endless loop?

There is a set number of routers that a packet can hit before it is discarded; this is designed into the TCP/IP routed protocol to make sure that lost packets do not traverse the Internet indefinetely, wasting time and bandwidth and eventually clogging up the links. By default, a packet can hit 29 routers; the thirtieth router will discard the packet and end its life. This is called "Hop Count" and will pop-up in later discussions.

At some point in the network, we need to have a router that can make intelligent decisions quickly and efficiently without constant human input. This is the purpose of routing protocols; they allow routers to talk to each other, sharing information about the networks that they know about, which links are up and down, how fast each link is, how many hops to the known network, how much it costs to use the link, how reliable the path is, etc. Basically, routing protocols are a method for routers to gossip.

There are two basic types of routing protocols that we are concerned with for the CCNA exam: Distance-Vector and Link-State. A Distance-Vector routing protocol focuses on how many hops it takes to get to a network. A Link-state routing protocol focuses more on the details of each link and on the whole topology of the network.

When routers are configured with a Distance Vector routing protocol, then each router is told who its neighbor routers are. They send their entire routing table to each of these configured neighbors on a set schedule.

In this case, assume that Router 2 has two interfaces. Interface "Ethernet 0" is directly connected to a network that includes Router 1. Interface "Ethernet 1" is directly connected to a network that includes Router 3. Router 1 and Router 3 do not have a direct connection; they require Router 2 to "route" the packets between its own interfaces "Ethernet 0" and "Ethernet 1".

Router 1 receives a packet for a network on Router 3. We do not want to have to program every network we will need as a static route into Router 1. We do not want to just forward the packet to Router 2 using a "Gateway of Last Resort" and hope that Router 2 makes the right decision. Instead, we program all three routers for a Distance Vector routing protocol. Router 3 sends its routing table to Router 2. Router 2 now knows about the networks that are directly connected to itself and the networks that are directly connected to Router 3. Router 2 then sends this new routing table to Router 1. In this way, Router 1 learns that, in addition to the networks that are directly connected to it, there are networks available to it through Router 2. It doesn't know that network 4.4.4.0 is on Router 3; it doesn't even know that Router 3 exists. However, due to the updates from the Distance Vector routing protocol, it does know that it can send packets destined for network 4.4.4.0 to Router 2 and they will find their way to their destination. Once they reach Router 3, and a reply packet needs to be sent back to the device on the network that is connected to Router 1, Router 3 will know that Router 2 knows how to find that network because it also has a copy of Router 2's route table.

Unfortunately, Router 2 is forced to keep a huge routing table and then transmit the whole thing over two links on a regular basis. These two links will also be consumed by the updates from Router 1 and Router 3. This means that less bandwidth is available on each link when the routing tables are being transmitted. It also means that Router 2, in order to make the best routing decision, must look at every entry in a long routing table for every single packet it routes. Routing tables consume memory and processing time, just like having programs open on your computer. If you try to do too many things at once on your PC, you will slow it down and risk crashing it. By keeping long routing tables on Router 2, you also slow it down and risk crashing it. With three routers, this is improbable. However, if we tried to connect every router on the Internet using a Distance Vector routing protocol, we would overload every link with gigabits of routing table data, we would exceed the memory of almost every router, and the processors in most routers would virtually melt down.

Even if we have unlimited resources on each router and googleplex-bits of bandwidth on every link, imagine how long it would take for your router to learn about a network that required 10 hops; in other words, a network that is 10 routers away. Each router between you and your target router would have to send their entire routing table to the next router, who would then pass that information down to the next, until it reached your router. By that time, a router may have gone down, a cable could have been unplugged, a more direct route could have been installed, etc. Distance Vector takes a long time to converge (completely learn the paths) and is inefficient at learning complex network routing.

There is another problem to consider with Distance-Vector routing protocols: what kind of link is each connection? Distance-Vector has no idea which links are better than others; it is only concerned with how many hops it would take to get from Router 1 to Router 3. If every link is equal, then this is a near-perfect philosophy. However, any two links are rarely equal.

For purposes of illustration, let us add another link between these two routers: we will directly connect the routers with a dial-up connection. I can program both routers to know that if they ever need each other, they can use interface "Analog 0" to dial each other up and talk. What they do not understand is that the connection is a sluggish phone line that transmits at 28,000 bits per second and costs me $1.50 per minute to use. They know that they can also connect through Router 2, but they do not realize that the connections through Router 2 are 100 million bits per second and do not incur additional cost for me. What the Distance-Vector neighbors know is that hop counts are bad. Therefore, Router 1 and Router 3 using a Distance-Vector routing protocol would use the connection with the least hops by default, unless I told them otherwise. If I failed to configure the shorter, "backup" link with a high metric, they would choose the 1-hop, slow, expensive route every time.

A small-ish and simple network with equal links is great for a Distance-Vector philosophy, but a larger and more complex internetwork would do better with a Link-State routing protocol. With Link-State, the philosophy is to discover each participating router in the internetwork and then send a status of your router's links to each participant. In this case, Router 2 may know about Router 1's networks but it doesn't gossip this information with Router 3. It simply minds its own business and only sends out the status of its own links. If Router 3 needs to know about Router 1's new T1 interface, or how it is always having trouble with interface "Ethernet 1", it will just have to learn that from Router 1 itself. And it will; Router 1 will send the status of its links directly to Router 3 (via Router 2, who kindly routes the packets). Once a router has this information from all of the participants (the state of convergence) it is able to build a topological database. When a routing decision is required, the router considers the various paths to that destination based on the database and uses an algorithm to determine the most efficient path. This algorithm is called Shortest Path First (SPF) based on Dijkstra's algorithm.

Now let's consider a ten-hop network. This network is all in one company, under one network administrator, spread across the United States. Bob in IT located in New York needs his PC to connect to Iggy in Accounting, located in Hawaii. There are two ways for this company's Hawaiian office to connect to the mainland: through a T1 point-to-point connection from Hawaii to the office in California, or over a dial-up connection from Hawaii directly to New York. If you use the T1 to California, you are then connected to any number of links that will get you to New York; none of which are direct but all of which include high-speed OC3 connections (OC3 = 155.52 million bits per second).

If you, as a human, had to make this decision you would probably just go with the easiest connection: the dial-up phone connection. Getting from California to New York over the various OC3 connections would require a lot of research, time, and effort. Also, the path may need to change for every packet you send in each direction, depending on changing conditions of outages and congestion. However, if you know the phone number, the connection between New York and Hawaii is easy.

If a router has an accurate database of the network's topology and uses the SPF algorithm to determine the best path from New York to Hawaii for each packet, it will probably never use the dial-up connection. SPF is looking for fast, cheap, direct, and uncongested.

Dial-up is slow and expensive (long-distance phone rates from Hawaii to New York at 56,000 bits per second). Imagine Bob's computer will be sending 500 MB in this session: 500,000,000 Bytes; a Byte = 8 bits; 500 MB multiplied by 8 bits= 4,000,000,000,000 bits per second; how long would it take to transfer this data over a 56,000 bits per second link? Then multiply that length of time by the minute-by-minute rate of the long-distance company to calculate how quickly Bob will get fired!

The SPF algorithm will prefer the T1 point-to-point connection to get from Hawaii to California because a T1 transmits at 1.544 million bits per second. However, it will also take into account if that T1 is down or is already congested with other traffic of equal or higher priority (see QoS in a future posting, or look it up for extra credit.) If the T1 is down when Bob needs to get to Hawaii, SPF will try to calculate the cheapest way to call Hawaii: perhaps the network administrator has already anticipated this scenario and programmed California's router to have a lower cost to use dial-up to Hawaii than New York's router due to reduced long-distance rates. A routing protocol will take care of most decisions for you, but it is occasionally necessary to change the settings when it suits your purposes, like when it is cheaper to call Hawaii from California than from New York.

Of course, if someone is already using the dial-up connection from California to Hawaii, SPF will resort to the slow and expensive connection from New York. However, you can see how many alternatives SPF can consider, and it hasn't even started yet! If it is going to use either connection from California to Hawaii, it will need to find a way from New York to California. This is where SPF earns its pay.

From New York, there may be three OC3's connecting to Boston, Buffalo, and Newark. From any one of these, there are OC3 connections to other cities, which are connected to each other, to California, and to New York. It resembles a spider web or a maze, and it would be easy for a human to get lost, get overwhelmed, or overlook efficient connections. However, SPF can keep up with which OC3 is unplugged, which one is overloaded, which one is up and down sporadically, etc. SPF can tell if it is quicker to take the New York-Boston-Detroit-Chicago-Kansas City-Dallas-Phoenix-Los Angeles routeOR the New York-Newark-Atlanta-Dallas-Las Vegas-Los Angeles route. In fact, it may use the first route for the first few packets, and then use the second route for next several packets, and then need an entirely different route to finish the session. Whatever the network state, if two paths exist between source and destination then SPF will determine the best one.

Therefore, Link-State routing protocols maintain a better picture of the network, they make better decisions, and they make more efficient use of the network's bandwidth by not broadcasting everything it knows on a regular basis, unlike Distance-Vector protocols (don't you wish some people would quit broadcasting everything they know all the time..yeah, everyone except me, right?).

However, Link-State protocols take up a lot of router resources. Maintaining a topological database and calculating algorithms for every packet means that the router has a lot to remember and think about. What this really means is that it is going to cost you; there may be a $50 router available with all the interfaces you need, but it will not be able to handle the demands of Link-State routing. You will have to spend more on your router, but you will end up with a more efficient network.

In the Link-State example, we never left our company's internetwork; every link and router was controlled by Ralph, the company's network administrator. Now, what if Bob wants to connect to http://larryslobodzian.blogspot.com, which is located on a separately owned/controlled network? In order to do so, he will have to leave Ralph's networks and find his way across the vast unknown of the Internet. How in the world are we going to do that?

The best design for any network that will ultimately allow Internet connectivity is to create a hierarchical model. You start with lower, smaller networks: for instance, every department at a location has its own network, and those networks are connected within the location using small, affordable, routers running a Distance-Vector routing protocol. Then, each location is connected together using dedicated links that connect to a larger, more powerful router running a Link-State routing protocol.

All of the smaller, Distance-Vector routers have a static route that tells them that if they do not know what to do with a packet, send it to the local Link-State router (The Gateway of Last Resort: Router# ip route 0.0.0.0 0.0.0.0 {insert address of the link-state router}). That Gateway router, running a Link-State protocol, will know what to do with every packet it receives. If it receives a packet destined for a remote destination within the company, it will have learned about the best paths available from its Link-State conversations with other Gateway routers within the company.

If the Gateway router receives a packet for a destination outside the company, there are three options to keep the packet moving. First of all, you can program each Gateway to have its own "Gateway of Last Resort" based on each location's details--especially if each location has its own Internet connection. Another option is to have all locations access the Internet through one location. In this case, the location with the Internet connection would have it's router that is part of the Link-State topology programmed with a "Gateway of Last Resort" that pointed the unknown traffic to the Internet (via an ISP's router.) Through Link-State routing updates, the other routers in the topology would learn that 0.0.0.0 is available through this one router. This is a solution for an organization that needs to closely monitor and control its Internet traffic for security or cost reasons. In fact, this was once necessary for reasons of cost and Internet availability; however, now that cable, DSL, wireless, and satellite is fast, affordable and widely available, this solution is less common.

The final option is to have each router run an Exterior Gateway or Border Gateway Protocol. Either of these two protocols (EGP and BGP) can be used to exchange information between two separately owned/controlled networks. Gateway Protocols are merely mentioned on the CCNA exam, and I have little experience with them, so their discussion ends here.

Routing protocols explain how the internet works. They help the network administrator makes connections quickly and more efficiently than he or she could ever do. They also help us design efficient and cost-effective networks. Understanding routing protocols not only help you pass your CCNA exam, they help you build and maintain a better network.

Troubleshooting VLANs

First of all, I should mention that the posts on this blog are not in any particular order. Sometimes, I will just grab a random topic in order to study something. This is how my brain works, and I apologize to the orderly-minded people who consider this chaotic.

Second of all, I am assuming that you are already familiar with this subject. I may skip many fundamentals and jump to the meat. That is exactly what I will do today.

Virtual Local Arean Networks (VLANs) are a means of subdividing switches into broadcast domains. Switches are normally collision domains. If you will have several Layer 3 networks on one switch (such as a network for VOIP and a network for Computers), it is wise and often necessary to create VLANs.

To troubleshoot VLANs on a switch, you can use the following commands:
#show vlan brief (lists the vlans and interfaces in each vlan)
#show vlan id x (replace x with the vlan number you are looking at for status.)
#show spanning-tree vlan x (use this to check root id, discover possible loops)

The New Blog

I have created this second blog because it matches my goals but does not match the theme of my primary blog. Perceptions of Reality is geared more toward social science and topical commentary. This blog focuses on real knowledge in the subject of computer networks. If my opinion appears, it will only do so with a purpose: to make your study and real-world application more effective based on my experiences. Other than that, this blog will real information about networks.

I have been in the IT industry in various roles for ten years. I have never passed the Cisco Certified Network Associate exam though it has been a goal of mine since my first attempt at it in 2000. There are various reasons and excuses for such failures, but I am leaving those behind me. I am now at a point in my life where I can focus on my CCNA, and I will pass it as soon as possible.

My CCNA study is the purpose of this blog. I hope that my writing here helps someone else, but the real purpose here is to focus my study. By encoding knowledge in my head into written form, I learn better--most people do. That is why you write so many papers in school. I will try to write about at least one topic from the CCNA exam every day on this blog until my studies are through.

In the future, I may pursue further certifications in the field. In that case, this blog will live on. Only time will tell. In the meantime, lets learn something together.

If I can be of assistance, or I need to be corrected, please email me: lslobodzian@gmail.com