6. Routing strategy
Static routing (can't adjust its routing table according to changes in network traffic and topology, and can't find the best route):
Fixed routing: Each network node stores a table, and each item in the table records the next node or link corresponding to a destination node. When a packet arrives at a node, the node only needs to follow the address on the packet. information, the corresponding destination node and the next node to be selected can be found out from the fixed routing table.
Flood routing: also known as the diffusion method, a packet is sent by the source station to all its adjacent nodes, and one or several packets that first reach the destination node must go through the shortest path, which is mainly used in military networks such as For occasions with high requirements for strength:
Random routing: a packet randomly selects only one forwarding among its neighbors:
Dynamic routing selection (the routing selection of nodes depends on the current state information of the network. This strategy can better adapt to changes in network traffic and topology, and is conducive to improving the performance of the network. However, due to the complexity of the algorithm, it will increase the network traffic. burden):
Distributed routing. The basic algorithms include the distance vector algorithm (each node periodically sends routing refresh messages to all adjacent nodes) and the link state algorithm (each node independently calculates the shortest path, can quickly adapt to network changes, and exchange less routing information, which is complex and difficult to achieve. accomplish):
Centralized routing. The Network Control Center (NcC) is responsible for the collection of the state information of the whole network, the calculation of the route and the realization of the best route. The easiest way is to periodically send the latest route to each node in the network for hybrid dynamic routing. Mix distributed routing with centralized routing, and other routing methods.
7. IP address
Classification address format: The P address is divided into four segments, each segment consists of eight bits and a total of 32 binary digits.
Logically, these 32-bit P addresses are divided into network numbers and host numbers. Depending on the number of digits in the network numbers, IP addresses can be divided into the following categories:
Among them, the network number of the class A address occupies 8 bits, the host number is 32-8=24 bits, and the number of hosts that can be allocated is 224-2 (note: the host number with all 0s and all 1s cannot be allocated, it is a special address );
In the same way, the network number of the class B address is 16 bits, and the network number of the class C address is 24 bits. The number of digits of the host number and the number of hosts can also be calculated.
The number of bits in red in the above figure indicates that the bit is fixed to this value, which is the identification of each type of IP address.
Subnetting:
The three types of ABC divided by the above are generally the most commonly used, but they are not practical, because the difference between the number of hosts is too large, which is not conducive to allocation. Therefore, we generally use the method of subnetting to divide the network, that is,
By customizing the number of digits of the network number, you can customize the number of digits of the host number, and you can divide the most suitable number according to the number of hosts.
solution without wasting resources.
Therefore, there is the concept of subnet. After the general IP address is divided into ABC classes according to the standard, a further step can be performed.
Divide, take out a few bits of the host number as the subnet number, and you can divide multiple subnets. At this time, the IP address is composed of:
Network number + subnet number + host number.
The network number and subnet number are both 1, and the host number is both 0. Such an address is the subnet mask .
It should be noted that the subnet number can be all 0 and all 1, and the host number cannot be all 0 or all 1. Therefore, the number of hosts needs to be
To -2, but not the number of subnets.
It is also possible to aggregate the network into a super network, which is the reverse process of dividing subnets, and take out a few digits of the network number as the host number. At this time, the number of hosts in this network increases and becomes a larger network.
Uncategorized Addressing:
In addition to the above classified addressing, there is also unclassified addressing, that is, the network number is automatically specified without following the AB class rules. The unclassified addressing format is: 1P address/network number, for example: P represented by 128.168.0.11/20 The address is 128.168.0.11, and its network number occupies 20 digits, so the host number occupies 32-20=12 digits, and it can also be divided into subnets.
IP addresses with special meaning:
8.IPv6
It is mainly designed to solve the situation that the number of IPv4 addresses is not enough. IPv6 has the following characteristics:
The length of the IPv6 address is 128 bits, and the address space is increased by 296 times;
Flexible IP packet header format, replacing the variable-length option field in IPv4 with a series of fixed-format extension headers. The appearance of the options part in IPv6 has also changed, so that the router can simply scroll through the options without any processing, which speeds up the packet processing speed;
IPv6 simplifies the packet header format, speeds up packet forwarding, and improves throughput;
Improved security, authentication and privacy are key features of Pv6:
Support more service types;
Allows the protocol to continue to evolve, adding new features and adapting it to future technological developments.
The hierarchical network model is divided into three layers from bottom to top:
Access layer: It has a single function and provides user access to the local network segment.
Convergence layer: It has various functions and can have multiple layers, including network access policies, data packet processing, filtering, addressing and other intermediate operations.
Core layer: single function, only responsible for high-speed data exchange.
Network address translation AT: There are many computers in the company, which can communicate with each other in the company's local area network, but when accessing the external Internet, only a small number of fixed addresses can be provided to access the Internet, and the large address set of all the computers in the company can be mapped to access the Internet. The process of collecting a small number of IP addresses is called NAT. Obviously, after using NAT, a company has only a small number of fixed IP addresses to access the Internet, which greatly reduces the usage of IP addresses.
Default Gateway: A host can have multiple gateways. The default gateway means that if a host cannot find an available gateway, it will send the data packet to the default designated gateway, and this gateway will process the data packet. The gateway used by the host now generally refers to the default gateway.
The P address of the default gateway must be in the same network segment as the local P address, that is, the same network number.
Collision domain and broadcast domain:
Routers can block broadcast domains and collision domains, while switches can only block collision domains, so a router can be divided into multiple broadcast domains and multiple collision domains; a switch as a whole is a broadcast domain, but can be divided into multiple collision domains ; while the physical layer device hub acts as a collision domain and a broadcast domain as a whole.
Virtual LAN VLAN:
It is a logical group of devices and users. These devices and users are not limited by physical location. They can be organized according to factors such as functions, departments, and applications, and communicate with each other as if they are in the same network segment. Same. VLANs work on layers 2 and 3 of the OSI reference model. A VLAN is a broadcast domain, and the communication between VLANs is accomplished through a layer 3 router. Compared with traditional local area network technology, LAN technology is more flexible, it has the following advantages: the management overhead of moving, adding and modifying network equipment is reduced; broadcast activities can be controlled; network security can be improved.
Virtual Private Network VPN:
It is a technology for establishing a private network on a public network. The reason why it is called a virtual network is mainly because the connection between any two nodes of the entire VPN network does not have the end-to-end physical link required by the traditional private network, but is constructed on the network platform provided by the public network service provider. , such as the Internet, ATM (Asynchronous Transfer Mode), Frame Relay (Frame Relay), etc. above the logical network, user data is transmitted in the logical link.
8. Cybersecurity
The physical layer mainly uses physical means to isolate and shield physical devices, etc. The other layers rely on protocols to ensure the security of transmission, as shown in the following figure:
SSL protocol for online banking transactions
Three aspects of services: legal verification of users and servers, encryption of data to hide the transmitted data, and protection of data integrity.
Implementation process: connection phase - password exchange phase (the client and the server exchange passwords recognized by both parties) - a password conversation phase (the client and the server generate a conversation password for each other's conversation) - verification phase - client Certification phase - the end phase.
9. Firewall
A firewall is a security protection measure added between the internal network and the external Internet. It considers the internal network to be safe and the external network to be unsafe.
It is divided into network-level firewall and application-level firewall. The security measures between the two levels are as follows:
The network-level firewall has a low level but high efficiency. Because it uses packet filtering and state monitoring methods, it generally only checks whether the external (starting address, state) attributes of network packets are abnormal. , so it is transparent to the application and the user. But the problem is that if you encounter dangerous packets that are disguised, there is no way to filter them.
Application-level firewalls have high levels and low efficiency, because application-level firewalls will disassemble network packets and check whether there is any problem with the data inside, which will consume a lot of time, resulting in low efficiency, but high security strength. Including dual-homed hosts, shielded host gateways, shielded subnets and other methods.
The shielded subnet method is to add a shielded subnet between the internal network and the external network, which is equivalent to an additional layer of network, called the DMZ (demilitarized zone) , so that the internal and external network communication must pass through more A firewall that shields the subnet generally stores mail servers, WEB servers, and other servers that interact with internal and external network data . It can block some internal attacks, but attacks completely from the internal servers of the system still cannot be blocked.