Okay, we are building our network communications one layer at a time. We have built the Physical Layer 1, which is the cabling and electricity. We then addressed the devices plugged into the cabling and checked the electrical signals for errors at Layer 2, the Data Link Layer. Now we are ready to build our Network Layer, Layer 3.
Why do we need a Layer 3? We already have electricity, cables, and addressing. Let's gets this show on the road, right? Well, before we begin to transmit email, web pages, pictures, and phone calls, we need to subdivide our network.
The Postal System is often a great method of illustrating network principles. Imagine that every house in the U.S. had a unique address, and that is all the post office had to go on. Without the information of street, city, state, and zip code, any house would be difficult to find. Now imagine that when you move, you have the option to take that unique address with you: you are now even harder to find.
Layer 3 allows us to subdivide all the devices on the Internet into logical hierarchies. This makes finding your way through the Internet much easier. Layer 3 also limits traffic on local networks, making your network more efficient. Finally, layer 3 allows you to limit access to a network, increasing security.
Layer 3 is all about routers. At Layer 1, you have everything plugged into a cable: PC, server, printer, etcetera. At Layer 2, you subdivided the wires with a switch to make sure that the wires were used more efficiently. A network can be one cable connecting two devices, a switch connecting several devices, or even several switches. At some point, that network becomes too large; too many switches, cables, and devices. It is time to subdivide that network with a router.
In this case, you may have 46 devices connected to two switches, with those two switches connected to each other (with a cross-over cable.) It may make sense to create two networks here, with a router dividing the two switches.
Why divide the two switches? Because there are many times that a device needs to broadcast a packet to every device in the network. An example is when a PC knows the IP address of a resource it needs (e.g. a printer or server) but does not know the MAC Address. The network will be more efficient if the PC transmits its data directly to the MAC address of the destination device, allowing the switch to do its job of connecting the two ports based on a MAC address. However, the PC needs to first learn that MAC address, so it broadcasts to every device a request for the MAC based on the IP address; this is define by Address Resolution Protocol (ARP). It happens constantly; a PC does not retain a table of MAC address for very long because an efficient network does not require it and the database could grow very large.
ARP is a low impact to an efficient network. However, if you have hundreds of devices you will clog your network with these broadcasts and the real data will never get through. Therefore, you use a router to subdivide a network into a broadcast domain. That way, if the PC needs a resource that is local, it can broadcast to the few devices on its network and find the resource. If the IP address is not local, rather than broadcasting an ARP request the PC can transmit the packet to its default gateway and let the network infrastructure find the proper device. Routers and switches are designed to know how to find network devices, PCs should be allowed to just worry about their job of user functionality.
Routers are the end of a network broadcast. Switches will receive a broadcast and forward it out all ports in that network. A router receives a broadcast, responds to it, if necessary, directly to the device who initiated it, and that is the end of that broadcast. The only way to get to other computers on other networks is through a router; therefore, if the router does not send the broadcast to the other networks, the broadcast will remain local. This prevents my PC and network from being effected by broadcasts on your network that have nothing to do with us.
Ownership: There are times when you want to divide ownership of a network. For instance, you may be willing to maintain the network in your home, but you are unwilling to maintain the cables and devices between you and the Google servers. Therefore, you establish your network and divide it from your ISP's network with a router. More importantly, your ISP would want to subdivide networks to keep its interests divided from its competitors.
Efficient Administration: The Internet is a big place. Layer 3 helps us to keep this manageable. First of all, layer 3 addressing allows us to form a system similar to the Postal system of states, cities, and zip codes; Layer 3 allows us to create hierarchical networks. At Layer 2, every device was equally on the same network. At Layer 3 we can subdivide address down to hosts of thousands, hundreds, tens, or even just two. That way, not every router needs to know the address of every host on the Internet; that would require a database of gigabytes and the processing power of several computers. With hierarchical networks, your router just needs to know about its local peer networks and the next higher-layer router (usually your ISP's router). Once your packet reaches the ISP router, it will quickly find its way to a router that knows the way to your destination.
Security: The Internet is a scary place. It is easy to gain access to critical systems and data anonymously and disappear without a trace. One way to limit security risks is to use Layer 3 subdivision. Obviously, subdividing yourself from a network that you neither own nor control will increase you security. You may also want to subdivide two networks that you own. For instance, you will probably want to divide the accounting department from the sales department. This will not only improve their network performance and ease the administration of both networks, it will allow the administrator to control the access to each network. In that manner, a malicious sales person will be less likely to access the data in the accounting department. Other precautions are necessary, but subdividing networks is a large step in preventing security breaches.
How to "See" Layer 3: There is a quick and easy way to view Layer 3 from your Windows computer. If you are on a MAC, I can't help you; maybe Google can. If your are on a Linux machine, I assume that you already know how to view your IP address, route table, and perform a traceroute. If not, Google it.
On a Windows computer, click on Start, then Run. In the white text box, type "CMD" and hit return. This will pop-up a black screen with white letters known as a Command Prompt now; we used to call this DOS. Anyhow, at the ">" prompt, type "ipconfig" and hit return. You will now see several lines, depending on your configuration. The first line of interest to you is the IP Address. The number depicted is the address used to locate your computer in the network. The second line to look at is the Subnet Mask. In a future post, I will explain how this can be used to subdivide a network for efficiency and convenience. The third line to notice is your Default Gateway. This address is the router on your network that allows your PC to find other networks.
Your PC knows that the subnet mask determines your local network relative to your IP address. Based on those two numbers, your PC will know if you are trying to access a device on another network and will send that data to the Default Gateway (a specified router).
Another method of viewing Layer 3 on your PC is to use the CMD window and type "route print". This is called a routing table; it is similar to what routers use to find their way around the internet. PCs keep a very general and small routing table; many routers would fill your screen with known routes.
A third way to view Layer 3 on your PC is to use the CMD window and type "tracert 4.2.2.1". Tracert is the command for trace route, a standard network tool that works on Windows, Linux, Unix, Routers, Switches, and various other devices. Almost anything on a network that understands Internet Protocol (IP) will understand trace route, even if the command is a little different.
Trace route sends a packet to the host you specify, in this case it is a DNS server at 4.2.2.1. The packet you send tells the host to simply reply back to you and let you know they exist. Your PC then sends another packet to this same host, but configures it to be rejected one router before it reaches the destination. The router that kills that transmission is identified in a packet that it sends back to you telling you that it will not allow you to go further. Your PC now knows what router is next to last and sends a packet to die two routers before the destination, which identifies itself in a message sent back to you.
In this manner, your PC is able to map out the path between you and your destination. You can also get this to work by typing "tracert www.google.com" or whatever your favorite website is. Trace route may show a different path each time; this demonstrates how dynamic routing can be.
There are two ways that routing can work: statically or dynamically. A static route is one that you type in. For instance, you can create a static route on your PC to send all traffic for outside networks to a default gateway, which is the third line you observed in the output of "ipconfig". This makes it easy: you pass the responsibility to someone else. However, someone needs to know how to get around the Internet, so you usually do not want just a "Default Gateway" programmed into every router. Routers should know more than PCs.
If you tried to type a static route into your router for every network on the Internet, it would take your whole life and be out-of-date within a few seconds. Connections go up and down, networks change locations and sizes, and prices to connect between some routers change. Therefore, you need a way of deciding quickly and easily what the best way is to traverse the Internet. Therefore, since routers can store millions of lines or more and can think at billions of times per second, it is better to just let them manage the network. This is called dynamic routing. The routers talk to each other and share information about what is connected to them and what shape those connections are in. In this manner, routers can always know better than a human how to get around. I wish there was a way for our cars to do this during rush hour.
I go into a little more depth about this in my post on Routing Protocols.
To summarize Layer 3:
- Layer 3 increases performance by limiting broadcats allowed by a switch.
- Layer 3 allows for security by creating divisions between disparate users.
- Layer 3 allows for better and more efficient organization of networks.
- Layer 3 is run by routers.
- Routers divide networks into hierarchies.
- Routers dynamically discover paths accross the internet.
- Without Layer 3, the Internet would be too large and inefficient to navigate.
No comments:
Post a Comment