Using Cisco Discovery Protocol (CDP)
Simple Network Management Protocol (SNMP)
respond.
Version 1 of SNMP, which is the most widely used, uses a very weak authentication scheme based on only the community string, which amounts to a fixed password transmitted over the network unencrypted. SNMP version 1 is ill-suited for use across the public Internet for the following reasons:
-It uses cleartext authentication ASCII strings that anyone can capture on a network. Most SNMP implementations send the authentication strings as part of their periodic polling.
-It sends all data in cleartext.
-It uses UDP as a transport and is dif.cult to .lter due to its connectionless state.
-It is an easily spoofable, datagram-based transaction protocol.
Routing Algorithms
Routing and Routed Protocols
“Understanding OSI and TCP/IP,” you learned about routable or routed protocols. This book concentrates on TCP/IP, but there are other routable protocols, such as IPX and AppleTalk. These three protocol suites provide sufficient information in the network layer header to allow the router to forward packets from the source node to the destination node even when the router has to forward packets across various networks.
Routing Protocols
Whereas routable protocols provide the logical addressing system that makes routing possible, routing protocols provide the mechanisms for maintaining router routing tables. Routing protocols facilitate inter-router communication, which allows them to share route information used to build and maintain routing tables. Several different routing protocols exist, including Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP). And while these different routing protocols use different methods for determining the best path for packets routed from one network to another, each basically serves the same purpose. They help accumulate routing information related to a speci.c routed protocol such as the Internet Protocol. It is not uncommon to .nd host and server machines running more than one network protocol to communicate. For example, a Windows 2000 (W2K) Server in a domain might be using TCP/IP to communicate with its clients, while at the same time using IPX/SPX to support .le and print servers. Routing protocols also embrace this concept of simultaneously but independently running protocols. Multiple independent routing protocols can run on the same router, building and updating routing tables for several different routed protocols. This means that the same media can actually support different types of networking (e.g., peer-to-peer and client/server).
Routing Protocol Basics
Routing protocols not only provide information for router routing tables, but also have responsibility for determining the best route through an internetwork for packets as they move from the source station to the destination station. Designers have re.ned routing protocols to optimize routes on an internetwork and also to remain stable and show .exibility. They also designed routing protocols to use as little processing overhead as they determine and provide route information. This means that the router itself does not have to have a large multi-processor device to handle the routing of packets. The next section discusses the mechanisms that routing protocols use to determine paths.
Router Components
Random Access Memory (RAM)
RAM serves as a temporary working storage area for the router. RAM contains data such as routing tables, cache, buffers, and I/O queues. RAM also provides storage for temporary memory for the router’s active IOS and configuration .(i.e., the running-con.g). You lose the entire contents of RAM when you power down or restart the router.
Non-Volatile RAM (NVRAM)
Conversely, NVRAM is permanent and retains its contents when you power down or restart the router. NVRAM stores permanent information, such as the router’s backup con.guration .le. The router retrieves the startup-con.g from NVRAM at start-up and loads into RAM.
Flash
Flash stores the Cisco IOS image and associated microcode. Flash is erasable, programmable, read-only memory (EPROM) that retains its contents when you power down or restart the router. You can store several versions of IOS images in Flash memory. Flash allows you to upgrade the router without adding, removing, or replacing microchips on the router.
Read-Only Memory (ROM)
ROM, like Flash, maintains a copy of the IOS but it is an older version of the IOS. ROM also stores the bootstrap program and power-on diagnostic programs. Unlike Flash, you can only upgrade ROM by replacing chips on the motherboard.
Interfaces
Interfaces provide the network connections where packets move in and out of the router. Depending on the router model, the interfaces might exist on the motherboard or on separate, modular interface cards.
Routing Activities
Path Determination
Routers enable you to divide a large network into logical subnets; doing so keeps network traffic local on each subnet, enabling you to take better advantage of the available bandwidth. It is then the job of the router to move data packets between different subnets when required. Routers can also serve as a connection device between your networks. Routers can also serve as the connective device to other networks to which your network is attached.
Packet Switching
After the router has the packets, packet switching comes into play. This means that the router will move the packets from the router interface that they came in on and switch them over to the router interface connected to the subnet they must go out on. However, in some cases, the packets might have to pass through more than one router to reach the final destination. In our example, there is only one router. Router 1 knows that the logical address 10.16.0.1 is on Subnet 10.16. So, the router will switch packets from Router Interface 1 to Router Interface 2. Again, the router uses broadcast messages to resolve logical address 10.16.0.1 to the actual hardware address of FF-FF-FF-FF-FF-F5. The router addresses the
packets correctly and then forwards them to Subnet 10.16. When Node 1 on Subnet 10.16 sees the packets for itself (hardware address FF-FF-FF-FF-FF-F5), it copies the messages into its memory space.
Routing Tables for Router 1
Subnet Logical Destination Router Interface
10.8 1
10.16 2
Routing involves the use of logical addresses and hardware addresses to get packets from the source (i.e., the sender) to the destination. Each routable protocol (e.g., IP and IPX) uses a slightly different method for resolving logical addresses to hardware addresses, but the overall theory is pretty much the same as outlined here.
Cisco Router Overview
The Cisco IOS is the most important part of the router. The IOS is the program code that defines how the router functions. Without it, the router cannot route packets. The IOS is feature-rich and pretty much standard across the various Cisco platforms. So once you become familiar with IOS commands on one router, you do not have to learn new commands to work on a new router.The IOS provides a labor-saving command line interface for configuring routers that is easy to navigate.
User Interface
The Cisco IOS provides a robust user interface called EXEC for its routers. EXEC, short for executive, intercepts commands and executes them. For security purposes, EXEC supports two types of access:
_ User mode
_ Privileged mode
User Mode
Upon logging in to the router, you are automatically put into user mode. EXE commands in user mode allow you to display information but you cannot change router configuration settings. User mode commands are a subset of the larger privileged mode commands.
Privileged Mode
You must enter a password before you can access privileged mode. Privileged mode allows execution of all of the user mode commands, as well as setting configuration parameters, performing extensive testing and debugging, and accessing the other router modes.
TCP/IP
The Internet layer includes the following protocols:
_ Internet protocol (IP)
_ Internet Control Message Protocol (ICMP)
_ Address Resolution Protocol (ARP)
_ Reverse Address Resolution Protocol (RARP)
At the internet layer, TCP/IP uses the Internet Protocol (IP) for logical addressing and path determination. The Internet Control Message Protocol (ICMP) provides messaging that can help troubleshoot a network. The Address Resolution Protocol (ARP) provides the service to match a known IP address for a destination address to a MAC or physical address. The Reverse Address Resolution Protocol(RARP) provides the reverse service of ARP; that is, it translates known MAC addresses to IP addresses.
Internet Protocol
The IP concerns itself with routing functions — getting packets from network A to network B. IP is used by all other protocols except the Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) to transfer packets from host to host over an internetwork.In the IP packet header, there are fields that communicate things such as logical addressing, path determination, and limited quality-of-service features. The IP header contains several fields that are of interest to anybody concerned with security, audit, and control..
Transport Layer
There are two protocols at the transport layer: Transmission Control Program (TCP) and User Datagram Protocol (UDP). TCP is a connection-oriented transport while UDP is a connectionless transport.
Transmission Control Protocol
TCP is the connection-oriented transport layer protocol for the TCP/IP suite. Many TCP/IP applications use TCP for transport, including FTP,HTTP, SMTP, and Telnet. TCP as a transport is commonly used by an application when reliability is necessary at the transport layer.
User Datagram Protocol
UDP,is sometimes called the Unreliable Data Protocol. It is a connectionless protocol and delivery is on a best-effort basis. It is a very simple transport protocol with a minimal amount of overhead. There is no sequencing, acknowledgments, flow control, or windowing, so there is no guarantee that the packets will arrive. The receiving host validates the UDP header checksum, and where there is a difference, the device drops the packet without reporting the error back to the sending host. Applications using UDP may implement reliability features within the application itself where required.
The OSI Model
The OSI model describes the method for transmitting data between two systems. The OSI model allows you to selectmultiple vendors in your organization. Thus, you can have Cisco routers and 3Com hubs connecting IBM mainframes and Compaq computers. Manufacturers
that develop products that meet the standard can, in theory, connect their products to any other manufacturer whose products meet the standard. While most of you are probably familiar with the model, different people de.ne the seven layers differently. Thus, the OSI model is offered here in review.
The Open Systems Interconnection (OSI) model consists of seven layers. Each of
these layers has a distinct function and interacts and communicates with the layers
directly above and below it.
Application Layer
The application layer is the highest layer of the OSI model. This is responsible for supporting the communication components of an application. This is an important concept. Programs that use the application layer are known as application processes.
It is possible for a user program to interface directly with the presentation layer; however, to do this, the program must initialize communication with peer application processes, establish appropriate presentation contexts, and transfer .les or messages itself. Alternately, user-level processes may include available modules that support commonly required application-related services, such as .le transfer, e-mail, or and print services. User-level processes are actually gateways to the presentation layer.
Presentation Layer
Different machines have different ways of representing data internally, so conversions are necessary to ensure that different computers can understand each other. The job of the presentation layer is to take the internally formatted data from the sending machine, convert it into a suitable bitstream for transmission, and then decode it to a format the receiving machine can understand at the other end. That is, the presentation layer acts as an interpreter that understands both formats and is responsible for making sure both computers get information in a format each can understand. This is true whether one is talking about compression, conversion, or encryption.
Session Layer
The primary function of the session layer is to allow users to establish connections or sessions, and to transfer data over those connections (or sessions) in a controlled manner. There are two types of services provided by the session layer: administrative and dialog. The administrative service handles the establishment and teardown of a connection between two presentation entities. The administrative service also determines the type of connection established. For example, the connection might be full-duplex or half-duplex. Sessions are established when one application process requests access to another application process. After the session is established, dialog services are used to control and supervise the actual data transfer.
Transport Layer
The transport layer is the highest layer directly associated with the transport of data through the network. This layer defines end-to-end connectivity between host applications. The basic functions of the transport layer are to:
_ Establish end-to-end operations: provides end-to-end transport services, which constitute logical connections between the sending and receiving hosts
_ Segment upper-layer applications: allows multiple applications to use the network simultaneously, as it segments data from multiple upper-layer applications into the same data streams for transport on the network
_ Send segments from one host to another: uses checksum calculations and built-in .ow control to ensure the integrity of segmented data
_ Ensure data reliability: can optionally request that the receiving host acknowledge that it is actually receiving the data
Network Layer
The primary concern of the network layer is getting data all the way from the source to the destination. The layers above the network layer (i.e., transport, session, presentation, and application) typically run on the user’s machine. The most important function of the network layer is route determination.The network layer determines the path that data will take to travel between a node on one network to a node on another network. What path is actually used depends on what routing protocols are used within the network. The functions implemented at the network layer include routing, switching, .ow control, data sequencing, and error recovery. Some of these functions might appear to duplicate those of the transport layer, but, in fact, they do not. The network layer’s functions are concerned with end-to-end connections, possibly spanning multiple network links. The transport layer does not concern itself with the intermediary links and devices as does the network layer. Flow control at the network layer is concerned not with the two end stations, but instead with the links and devices that the conversation crosses. If too many packets are present at any one link at any given time, those packets will interfere with each other, causing congestion errors and bottlenecks. Communicating systems use flow control at the network layer to prevent those types of conditions from occurring by trying to provide fair, orderly, and ef.cient access to network
links.
Data-Link Layer
The data-link layer is the layer responsible for moving data in and out across the physical network. There are two sublayers in the data-link layer:
_ The Logical Link Control (LLC) sublayer
_ The Media Access Control (MAC) sublayer
The MAC sublayer deals with interfacing the physical media, while the LLC sublayer handles the interface to the network layer. The LLC sublayer is responsible for assembly and disassembly of frames, addressing, address recognition, and cyclical redundancy check (CRC)
calculations and validation. The MAC sublayer is responsible for de.ning how access is gained to the shared network media. This is dependent on the type of network, while the LLC is media independent. Together, the two sublayers divide output data into frames for transmission
on the physical link. The data-link layer provides framing, .ow control, and error detection and correction.
Physical Layer
The bottom layer of the OSI model is the physical layer. At the physical layer, bits are transformed into signals (for analog lines) on the transmission medium. It is the physical layer that defines what signals on the line constitute 1s and 0s, and which are just noise. Physical layer speci.cations de.ne things such as allowable cable lengths, maximum capacities, and the physical wiring of the network. It is worth noting that the application, presentation, and session layers provide communication. The communication layers set up the interactions for user-level applications.