thanks for reading
statement
This article is mainly based on Google IT support certification. When translating the original text, I refined it and added my own understanding and personal experience.
The TCP/IP Five Layer Network Model
original:
To really understand networking, we need to understand all of the components involved. We’re talking about everything from the cables that connect devices to each other to the protocols that these devices use to communicate. There are a bunch of models that help explain how network devices communicate, but in this course, we will focus on a five-layer model. By the end of this lesson, you’ll be able to identify and describe each layer and what purpose it serves. Let’s start at the bottom of our stack, where we have what’s known as the physical layer. The physical layer is a lot like what it sounds. It represents the physical devices that interconnect computers. This includes the specifications for the networking cables and the connectors that join devices together along with specifications describing how signals are sent over these connections. The second layer in our model is known as the data link layer. Some sources will call this layer the network interface or the network access layer. At this layer, we introduce our first protocols. While the physical layer is all about cabling, connectors and sending signals, the data link layer is responsible for defining a common way of interpreting these signals, so network devices can communicate. Lots of protocols exist at the data link layer, but the most common is known as Ethernet, although wireless technologies are becoming more and more popular. Beyond specifying physical layer attributes, the Ethernet standards also define a protocol responsible for getting data to nodes on the same network or link. The third layer, the network layer is also sometimes called the Internet layer. It’s this layer that allows different networks to communicate with each other through devices known as routers. A collection of networks connected together through routers is an internetwork, the most famous of these being the Internet. Hopefully you’ve heard of it. While the data link layer is responsible for getting data across a single link, the network layer is responsible for getting data delivered across a collection of networks. Think of when a device on your home network connects with a server on the Internet. It’s the network layer that helps gets the data between these two locations. The most common protocol used at this layer is known as IP or Internet Protocol. IP is the heart of the Internet and most small networks around the world. Network software is usually divided into client and server categories, with the client application initiating a request for data and the server software answering the request across the network. A single node may be running multiple client or server applications. So, you might run an email program and a web browser, both client applications, on your PC at the same time, and your email and web server might both run on the same server. Even so, emails end up in your email application and web pages end up in your web browser. That’s because our next layer, the transport layer. While the network layer delivers data between two individual nodes, the transport layer sorts out which client and server programs are supposed to get that data. When you heard about our network layer protocol IP, you may have thought of TCP IP, which is a pretty common phrase. That’s because the protocol most commonly used in the fourth layer, the transport layer, is known as TCP or Transmission Control Protocol. While often said together as the phrase TCP IP, to fully understand and troubleshoot networking issues, it’s important to know that they’re entirely different protocols serving different purposes. Other transfer protocols also use IP to get around, including a protocol known as UDP or User Datagram Protocol. The big difference between the two is that TCP provides mechanisms to ensure that data is reliably delivered while UDP does not. Spoiler alert, we will cover differences between the TCP and UDP transfer protocols in more detail later. For now, it’s important to know that the network layer, in our case IP, is responsible for getting data from one node to another. Also, remember that the transport layer, mostly TCP and UDP, is responsible for ensuring that data gets to the right applications running on those nodes. Last but not least, the fifth layer is known as the application layer. There are lots of different protocols at this layer, and as you might have guessed from the name, they are application-specific. Protocols used to allow you to browse the web or send receive email are some common ones. The protocols at play in the application layer will be most familiar to you, since they are ones you probably interacted with directly before even if you didn’t realize it. You can think of layers like different aspects of a package being delivered. The physical layer is the delivery truck and the roads. The data link layer is how the delivery trucks get from one intersection to the next over and over. The network layer identifies which roads need to be taken to get from address A to address B. The transport layer ensures that delivery driver knows how to knock on your door to tell you your package has arrived. And the application layer is the contents of the package itself.
translate
In order to truly understand networking, we need to understand all the components involved. We're talking about the cables that connect devices and the protocols those devices use to communicate. There are many models that explain how network devices communicate between each other, but in this course we will focus on a five-layer model. After taking this course, you will be able to identify and describe each layer and its function. Let's start at the bottom of the stack, the physical layer. The physical layer is as its name suggests. It represents the physical device that interconnects computers. This includes specifications for network cables and connectors, as well as specifications describing how signals are sent over those connections. The second layer in the model is called the data link layer. Some sources refer to this layer as the network interface or network access layer. At this layer, we introduce our first protocol. While the physical layer involves cables, connectors, and signaling, the data link layer is responsible for defining a common way to interpret signals so that network devices can communicate with each other. Many protocols exist for the data link layer, but the most common is Ethernet, although wireless technologies are gaining in popularity. In addition to specifying physical layer properties, the Ethernet standard defines a protocol responsible for passing data to nodes on the same network or link. The third layer, the network layer, is sometimes called the Internet layer. It is this layer that allows different networks to communicate with each other through devices called routers. A group of networks connected together by routers is called the Internet, the most famous of which is the Internet. Hope you've heard of it. While the data link layer is responsible for transmitting data over a single link, the network layer is responsible for passing data across a set of networks. Imagine when a device on your home network connects with a server on the internet, the network layer helps pass data between these two locations. The most commonly used protocol at this layer is IP or Internet Protocol. IP is at the heart of the internet and most small networks around the world. Network software is often divided into client and server categories, with client applications making requests for data and server software responding to requests over the network. A single node may run multiple client or server applications concurrently. So you might be running both an email program and a web browser on your PC, both of which are client applications, and your email and web server might both be running on the same server. Above the network layer, we have a fourth layer called the transport layer. The main goal of the transport layer is to ensure the reliability and integrity of end-to-end communications. The transport layer protocol is responsible for breaking the data into smaller packets and reassembling them at the receiving end. This layer is also responsible for detecting and repairing errors in data transmission to ensure data Accurate transmission of data. The most common transport layer protocol is Transmission Control Protocol (TCP), which is widely used on the Internet, especially in applications that require reliable data transmission, such as web browsing and file downloading. Additionally, there is a transport layer protocol called User Datagram Protocol (UDP), which is used in applications that do not require reliability, such as audio and video streaming.
Finally, we come to the top layer of the stack, the application layer. The application layer is the network layer that interacts with users, and it contains many common applications, such as email, web browser, file transfer, remote login, etc. Application layer protocols define the format and rules for transferring data between applications. In the application layer, there are many different protocols such as Hypertext Transfer Protocol (HTTP) for web browsers, Simple Mail Transfer Protocol (SMTP) for email, File Transfer Protocol (FTP) for file transfer, etc.
This five-layer model, namely Physical Layer, Data Link Layer, Network Layer, Transport Layer, and Application Layer, is often referred to as the OSI Reference Model and is a common way of organizing and describing network protocols and functions in computer networks. Different network devices and protocols play different roles in these five layers to ensure the reliability, security and efficiency of network communication.
Network Device Basics
original
Lots of different cables and network devices can be used to allow computers to properly communicate with each other. By the end of this lesson, you’ll be able to identify and describe various networking cables and networking devices. Computer networking is a huge part of the day to day role of many IT specialists. Knowing how to differentiate different network devices will be essential to your success. Let’s start with the most basic component of a wired network. Cables: cables are what connect different devices to each other, allowing data to be transmitted over them. Most network cables used today can be split into two categories: copper and fiber. Copper cables are the most common form of networking cable. They’re made up of multiple pairs of copper wires inside plastic insulator. You may already know that computers communicate in binary, which people represent with ones and zeros. The sending device communicates binary data across these copper wires by changing the voltage between two ranges. The system at the receiving end is able to interpret these voltage changes as binary ones and zeros, which can then be translated into different forms of data. The most common forms of copper twisted pair cables used in networking, are Cat 5, Cat 5e, and Cat 6 cables. These are all shorthand ways of saying category 5 or category 6 cables. These categories have different physical characteristics, like the number of twists in the pair of copper wires that results in different usable lengths and transfer rates. Cat 5 is older and has been mostly replaced by Cat 5e and Cat 6 cables. From the outside they all look about the same and even internally, they’re very similar to the naked eye. The important thing to know is that differences in how the twisted pairs are arranged inside these cables can drastically alter how quickly data can be sent across them and how resistant these signals are to outside interference. Cat 5e cables have mostly replaced those older Cat 5 cables because their internals reduce crosstalk. Crosstalk is when an electrical pulse on one wire is accidentally detected on another wire. The receiving end isn’t able to understand the data causing a network error. Higher level protocols have methods for detecting missing data and asking for the data a second time, but of course this takes up more time. The higher quality specifications of a Cat 5e cable make it less likely that data needs to be retransmitted. That means on average, you can expect more data to be transferred in the same amount of time. Cat 6 cables, following even more strict specification to avoid crosstalk, making those cables more expensive. Cat 6 cables can transfer data faster and more reliably than Cat 5e cables can, but because of their internal arrangement, they have a shorter maximum distance when used at higher speeds. The second primary form of networking cable is known as fiber, short for fiber-optic cables. Fiber cables contain individual optical fibers, which are tiny tubes made out of glass about the width of a human hair. These tubes of glass can transport beams of light. Unlike copper, which uses electrical voltages, fiber cables use pulses of light to represent the ones and zeros of the underlying data. Fiber is even sometimes used specifically in environments where there’s a lot of electromagnetic interference from outside sources because this can impact data being sent across copper wires. Fiber cables can generally transport data quicker than copper cables can, but they’re much more expensive and fragile. Fiber can also transport data over much longer distances than copper can without suffering potential data loss. Now you know a lot more about the pros and cons of fiber cables, but keep in mind, you’ll be way more likely to run into fiber cables in computer data centers than you would in an office or at home.
translate
Many different cables and network equipment can be used to enable proper communication between computers. After taking this course, you will be able to identify and describe a variety of network cables and network devices. Computer networking is an important part of the daily work of many IT professionals. Knowing how to differentiate between different network devices is critical to your success. Let's start with the most basic components of a wired network. Cable: A cable is the part that connects different devices, allowing data to be transmitted across them. Most network cables in use today can be broken down into two categories: copper and fiber optic. Copper cables are the most common form of network cable. They consist of pairs of copper wires surrounded by plastic insulation. As you probably already know, computers communicate in binary and people use ones and zeros. The sending device communicates binary data on these copper wires by varying the voltage between two ranges. The system on the receiving end is able to interpret these voltage changes as binary ones and zeros, which can then be translated into different forms of data. The most common copper twisted pair cables used in networking are Cat 5, Cat 5e and Cat 6 cables. These are shorthand ways to indicate Category 5 or Category 6 cables. These categories have different physical characteristics, such as the number of twists in the copper pair, resulting in different usable lengths and transmission rates. Cat 5 is an older specification that has been largely superseded by Cat 5e and Cat 6 cables. Externally, they are all similar, and even internally similar to the naked eye. It's important to know that differences in the way the twisted pairs are arranged inside these cables can drastically change the speed at which data can be transmitted on them and how resistant those signals are to external interference. Cat 5e cables replace older Cat 5 cables due to their reduced crosstalk internally. Crosstalk is a phenomenon in which electrical current is accidentally detected on one wire and onto another. The receiving end cannot understand the data causing a network error. Higher level protocols have ways of detecting lost data and requesting that it be transmitted again, but this of course takes more time. The higher quality specification of Cat 5e cables makes it less likely that data will need to be retransmitted. This means that on average, more data can be transferred in the same amount of time. Cat 6 cables follow stricter specifications to avoid crosstalk, so these cables are more expensive. Compared with Cat 5e network cable, Cat 6 Network cables can transmit data faster and more reliably, but due to their internal construction, have a shorter maximum transmission distance when used at higher speeds. The second major type of network cable is fiber optic, or fiber optic cable for short. Fiber-optic cables contain multiple tiny fiber-optic tubes made of glass, about the width of a human hair. These glass tubes transmit light beams. Unlike copper cables, which use voltage to represent binary data, fiber optic cables use pulses of light to represent binary 1s and 0s in the underlying data. Fiber optics are even sometimes used specifically in environments where external electromagnetic interference is present, as this can affect data sent over copper cables. Fiber-optic cables typically transfer data faster than copper cables, but they are more expensive and fragile. Fiber can also transmit data over longer distances without potential data loss. Now that you know more about the pros and cons of fiber optic cables, keep in mind that you are more likely to encounter fiber optic cables in a computer data center than you might be in an office or home.
original
Hubs and switches are the primary devices used to connect computers on a single network, usually referred to as a LAN, or local area network. But we often want to send or receive data to computers on other networks, this is where routers come into play. A router is a device that knows how to forward data between independent networks. While a hub is a layer 1 device and a switch is a layer 2 device, a router operates at layer 3, a network layer. Just like a switch can inspect Ethernet data to determine where to send things, a router can inspect IP data to determine where to send things. Routers store internal tables containing information about how to route traffic between lots of different networks all over the world. The most common type of router you’ll see is one for a home network or a small office. These devices generally don’t have very detailed routing tables. The purpose of these routers is mainly just to take traffic originating from inside the home or office LAN and to forward it along to the ISP, or Internet service provider. Once traffic is at the ISP, a way more sophisticated type of router takes over. These core routers form the backbone of the Internet, and are directly responsible for how we send and receive data all over the Internet every single day. Core ISP routers don’t just handle a lot more traffic than a home or small office router, they also have to deal with much more complexity in making decisions about where to send traffic. A core router usually has many different connections to many other routers. Routers share data with each other via a protocol known as BGP, or border gateway protocol, that let’s them learn about the most optimal paths to forward traffic. When you open a web browser and load a web page, the traffic between computers and the web servers could have traveled over dozens of different routers. The Internet is incredibly large and complicated, and routers are global guides for getting traffic to the right places.
translate
Hubs and switches are the main devices used to connect computers on the same network (often called a local area network or LAN). However, we often need to send or receive data from other networks, and that's what routers do. A router is a device that forwards data between separate networks. While a hub is a layer 1 (physical layer) device, a switch is a layer 2 (data link layer) device, and a router operates at layer 3 (network layer). Just like a switch can examine Ethernet data to determine where to send it, a router can examine IP data to determine where to send it. The router store contains internal tables about how traffic is routed around the world. The most common type of router you're likely to see on a regular basis is the one used in a home network or small office. These devices usually do not have very detailed routing tables. The main purpose of these routers is simply to forward traffic originating from your home or office LAN to your ISP (Internet Service Provider). Once the traffic reaches the ISP, more complex types of routers take over. These core routers make up the backbone of the internet and are directly responsible for the way we send and receive data on the internet every day. A core ISP router not only handles more traffic than a home or small office router, but it must also handle more complex decisions about where to send the traffic. A core router is usually connected together with many other routers. Routers learn the best path to forward traffic by sharing data between them through a protocol called Border Gateway Protocol (BGP). When you open a web browser and load a web page, the traffic between your computer and the web server may pass through many different routers. The internet is huge and complex, and routers are the global guides for routing traffic to the right places.
Ethernet and MAC Address
original
Wireless and cellular internet access are quickly becoming some of the most common ways to connect computing devices to networks, and it’s probably how you’re connected right now. So you might be surprised to hear that traditional cable networks are still the most common option you find in the workplace and definitely in the data center. The protocol most widely used to send data across individual links is known as Ethernet. Ethernet and the data link layer provide a means for software at higher levels of the stack to send and receive data. One of the primary purposes of this layer is to essentially abstract away the need for any other layers to care about the physical layer and what hardware is in use. By dumping this responsibility on the data link layer, the Internet, transport and application layers can all operate the same no matter how the device they’re running on is connected. So, for example, your web browser doesn’t need to know if it’s running on a device connected via a twisted pair or a wireless connection. It just needs the underlying layers to send and receive data for it. By the end of this lesson, you’ll be able to explain what MAC addresses are and how they’re used to identify computers. You’ll also know how to describe the various components that make up an Ethernet frame. And you’ll be able to differentiate between unicast, multicast and broadcast addresses. Lastly, you’ll be able to explain how cyclical redundancy checks help ensure the integrity of data sent via Ethernet. Understanding these concepts will help you troubleshoot a variety of problems as an IT support specialist. Warning: a history lesson on old-school technology is headed your way. Here it goes. Ethernet is a fairly old technology. It first came into being in 1980 and saw its first fully polished standardization in 1983. Since then, a few changes have been introduced primarily in order to support ever-increasing bandwidth needs. For the most part though, the Ethernet in use today is comparable to the Ethernet standards as first published all those years ago. In 1983, computer networking was totally different than it is today. One of the notable differences in land topology was that the switch or switchable hub hadn’t been invented yet. This meant that frequently, many or all devices on a network shared a single collision domain. You might remember from our discussion about hubs and switches that a collision domain is a network segment where only one device can speak at a time. This is because all data in a collision domain is sent to all the nodes connected to it. If two computers were to send data across the wire at the same time, this would result in literal collisions of the electrical current representing our ones and zeros, leaving the end result unintelligible. Ethernet, as a protocol, solved this problem by using a technique known as carrier sense multiple access with collision detection. Doesn’t exactly roll off the tongue. We generally abbreviate this to CSMA/CD. CSMA/CD is used to determine when the communications channels are clear and when the device is free to transmit data. The way CSMA/CD works is actually pretty simple. If there’s no data currently being transmitted on the network segment, a node will feel free to send data. If it turns out that two or more computers end up trying to send data at the same time, the computers detect this collision and stop sending data. Each device involved with the collision then waits a random interval of time before trying to send data again. This random interval helps to prevent all the computers involved in the collision from colliding again the next time they try to transmit anything. When a network segment is a collision domain, it means that all devices on that segment receive all communication across the entire segment. This means we need a way to identify which node the transmission was actually meant for. This is where something known as a media access control address or MAC address comes into play. A MAC address is a globally unique identifier attached to an individual network interface. It’s a 48-bit number normally represented by six groupings of two hexadecimal numbers. Just like how binary is a way to represent numbers with only two digits, hexadecimal is a way to represent numbers using 16 digits. Since we don’t have numerals to represent any individual digit larger than nine, hexadecimal numbers employed the letters A, B, C, D, E, and F to represent the numbers 10, 11, 12, 13, 14, and 15. Another way to reference each group of numbers in a MAC address is an octet. An octet, in computer networking, is any number that can be represented by 8 bits. In this case, two hexadecimal digits can represent the same numbers that 8 bits can. Now, you may have noticed that we mentioned that MAC addresses are globally unique, which might have left you wondering how that could possibly be. The short answer is that a 48-bit number is much larger than you might expect. The total number of a possible MAC addresses that could exist is 2 to the power 48 or 281,474,976,710,656 unique possibilities. That’s a whole lot of possibilities. A MAC address is split into two sections. The first three octets of a MAC address are known as the organizationally unique identifier or OUI. These are assigned to individual hardware manufacturers by the IEEE or the Institute of Electrical and Electronics Engineers. This is a useful bit of information to keeping your back pocket because it means that you can always identify the manufacturer of a network interface purely by its MAC address. The last three octets of MAC address can be assigned in any way that the manufacturer would like with the condition that they only assign each possible address once to keep all MAC addresses globally unique. Ethernet uses MAC addresses to ensure that the data it sends has both an address for the machine that sent the transmission, as well as the one that the transmission was intended for. In this way, even on a network segment, acting as a single collision domain, each node on that network knows when traffic is intended for it.
translate
Wireless and cellular Internet access is quickly becoming one of the most common ways to connect computing devices to the web, and it's probably how you're connected today. So you might be surprised to hear that traditional cable networks are still the most common option in workplaces and data centers. The protocol used to send data over a single link is called Ethernet. The Ethernet and data link layers provide a way to enable higher-level software to send and receive data. One of the main purposes of this layer is to essentially abstract away the need for other layers to care about the physical layer and the hardware being used. By shifting this responsibility to the data link layer, the internet, transport, and application layers can operate the same way on any device, no matter how they are connected. So, for example, your web browser doesn't need to know whether it's running on a device connected via twisted pair or wirelessly. It only requires the underlying layers to send and receive data. By the end of this course, you will be able to explain what MAC addresses are and how they are used to identify computers. You'll also learn how to describe the various components that make up an Ethernet frame. You will be able to distinguish between unicast, multicast and broadcast addresses. Finally, you'll be able to explain how cyclic redundancy checks help ensure the integrity of data sent over Ethernet. Knowing these concepts will help you solve various problems as an IT support professional. Warning: A history lesson on old-fashioned tech is coming. Here are its contents. Ethernet is a fairly old technology. It was first created in 1980 and was first fully standardized in 1983. Since then, several changes have been introduced, mainly to support the ever-increasing bandwidth demands. But for the most part, Ethernet in use today is comparable to the Ethernet standard first published all those years ago. In 1983, computer networking was nothing like it is today. A notable difference in LAN topology at the time was that switches or switchable hubs hadn't been invented yet. This means that often, many or all devices on the network share a single collision domain. As you may recall from our discussion about hubs and switches, a collision domain is a network segment where only one device can talk at a time. This is because all data in a collision domain is sent to all nodes connected to it.
Datagrams and IP Encapsulation
original
Just like all the data packets at the Ethernet layer have a specific name, Ethernet frames, so do packets at the network layer. Under the IP protocol, a packet is usually referred to as an IP datagram. Just like any Ethernet frame, an IP datagram is a highly structured series of fields that are strictly defined. The two primary sections of an IP datagram are the header and the payload. You’ll notice that an IP datagram header contains a lot more data than an Ethernet frame header does. The very first field is four bits, and indicates what version of Internet protocol is being used. The most common version of IP is version four or IPv4. Version six or IPv6, is rapidly seeing more widespread adoption, but we’ll cover that in a later module. After the version field, we have the Header Length field. This is also a four bit field that declares how long the entire header is. This is almost always 20 bytes in length when dealing with IPv4. In fact, 20 bytes is the minimum length of an IP header. You couldn’t fit all the data you need for a properly formatted IP header in any less space. Next, we have the Service Type field. These eight bits can be used to specify details about quality of service or QoS technologies. The important takeaway about QoS is that there are services that allow routers to make decisions about which IP datagram may be more important than others. The next field is a 16 bit field, known as the Total Length field. It’s used for exactly what it sounds like; to indicate the total length of the IP datagram it’s attached to. The identification field, is a 16-bit number that’s used to group messages together. IP datagrams have a maximum size and you might already be able to figure out what that is. Since the Total Length field is 16 bits, and this field indicates the size of an individual datagram, the maximum size of a single datagram is the largest number you can represent with 16 bits: 65,535. If the total amount of data that needs to be sent is larger than what can fit in a single datagram, the IP layer needs to split this data up into many individual packets. When this happens, the identification field is used so that the receiving end understands that every packet with the same value in that field is part of the same transmission. Next up, we have two closely related fields. The flag field and the Fragmentation Offset field. The flag field is used to indicate if a datagram is allowed to be fragmented, or to indicate that the datagram has already been fragmented. Fragmentation is the process of taking a single IP datagram and splitting it up into several smaller datagrams. While most networks operate with similar settings in terms of what size an IP datagram is allowed to be, sometimes, this could be configured differently. If a datagram has to cross from a network allowing a larger datagram size to one with a smaller datagram size, the datagram would have to be fragmented into smaller ones. The fragmentation offset field contains values used by the receiving end to take all the parts of a fragmented packet and put them back together in the correct order. Let’s move along to The Time to Live or TTL field. This field is an 8-bit field that indicates how many router hops a datagram can traverse before it’s thrown away. Every time a datagram reaches a new router, that router decrements the TTL field by one. Once this value reaches zero, a router knows it doesn’t have to forward the datagram any further. The main purpose of this field is to make sure that when there’s a misconfiguration in routing that causes an endless loop, datagrams don’t spend all eternity trying to reach their destination. An endless loop could be when router A thinks router B is the next hop, and router B thinks router A is the next hop, spoiler alert. In an upcoming module, you’ll learn that the TTL field has valuable troubleshooting qualities, but secrets like these are only released to those who keep going. After the TTL field, you’ll find the Protocol field. This is another 8-bit field that contains data about what transport layer protocol is being used. The most common transport layer protocols are TCP and UDP, and we’ll cover both of those in detail in the next few lessons. So next, we find the header checksum field. This field is a checksum of the contents of the entire IP datagram header. It functions very much like the Ethernet checksum field we discussed in the last module. Since the TTL field has to be recomputed at every router that a datagram touches, the checksum field necessarily changes, too. After all of that, we finally get to two very important fields, the source and destination IP address fields. Remember that an IP address is a 32 bit number so, it should come as no surprise that these fields are each 32 bits long. Up next, we have the IP options field. This is an optional field and is used to set special characteristics for datagrams primarily used for testing purposes. The IP options field is usually followed by a padding field. Since the IP options field is both optional and variable in length, the padding field is just a series of zeros used to ensure the header is the correct total size. Now that you know about all of the parts of an IP datagram, you might wonder how this relates to what we’ve learned so far. You might remember that in our breakdown of an Ethernet frame, we mentioned a section we described as the data payload section. This is exactly what the IP datagram is, and this process is known as encapsulation. The entire contents of an IP datagram are encapsulated as the payload of an Ethernet frame. You might have picked up on the fact that our IP datagram also has a payload section. The contents of this payload are the entirety of a TCP or UDP packet which we’ll cover later. Hopefully, this helps you better understand why we talk about networking in terms of layers. Each layer is needed for the one above it.
translate
Just like all packets in the Ethernet layer have a specific name, Ethernet frame, packets in the network layer also have a specific name. Under the IP protocol, a data packet is usually called an IP datagram. Like any Ethernet frame, an IP datagram is a highly structured sequence of fields with a strictly defined purpose for each field. The two main parts of an IP datagram are the header and the payload. You'll notice that the header of an IP datagram contains more data than the header of an Ethernet frame. The first field is four bits long and is used to indicate the version of the Internet Protocol being used. The most common version of IP is version four or IPv4. Version six, or IPv6, is rapidly gaining widespread adoption, but we will cover this in a subsequent module. After the version field, we have the header length field. This is also a four-bit long field that declares the length of the entire header. When dealing with IPv4, this field is usually 20 bytes. In fact, 20 bytes is the minimum length for an IP header. You can't fit all the data needed for a well-formed IP header in less space. Next, we have the service type field. This eight-bit long field can be used to specify the quality of service (Quality of Service, QoS) technology details. The important thing about QoS is that there are services that allow routers to decide which IP datagrams may be more important than others. The next field is a 16-bit long field called the total length field. It is used to indicate the total length of the attached IP datagram. The identification field is a 16-bit long number used to group messages together. IP datagrams have a maximum size, and you can probably already guess what that size is. Since the total length field is 16 bits long, and this field represents the size of a single datagram, the maximum size of a single datagram is the largest number that can be represented using 16 bits: 65535. If the total amount of data that needs to be sent is larger than a single datagram can hold, the IP layer needs to split this data into many individual packets. When this happens, the identification field is used to let the receiving end know that every packet with the same value is part of the same transmission. Next, we have two closely related fields, the flags field and the slice offset field. The Flags field is used to indicate whether the datagram is allowed to be fragmented, or whether the datagram has been fragmented. Fragmentation is the process of breaking a single IP datagram into several smaller datagrams. While most networks have similar settings in terms of allowed IP datagram sizes, it may sometimes be configured differently
original
In the most basic of terms, subnetting is the process of taking a large network and splitting it up into many individual smaller subnetworks or subnets. By the end of this lesson, you’ll be able to explain why subnetting is necessary and describe how subnet masks extend what’s possible with just network and host IDs. You’ll also be able to discuss how a technique known as CIDR allows for even more flexibility than plain subnetting. Lastly, you’ll be able to apply some basic binary math techniques to better understand how all of this works. Incorrect subnetting setups are a common problem you might run into as an IT support specialist, so it’s important to have a strong understanding of how this works. That’s a lot, so let’s dive in. As you might remember from the last lesson, address classes give us a way to break the total global IP space into discrete networks. If you want to communicate with the IP address 9.100.100.100, core routers on the Internet know that this IP belongs to the 9.0.0.0 Class A Network. They then route the message to the gateway router responsible for the network by looking at the network ID. A gateway router specifically serves as the entry and exit path to a certain network. You can contrast this with core internet routers, which might only speak to other core routers.
Once your packet gets to the gateway router for the 9.0.0.o Class A network, that router is now responsible for getting that data to the proper system by looking at the host ID. This all makes sense until you remember that a single Class A network contains 16,777,216 individual IPs. That’s just way too many devices to connect to the same router. This is where subnetting comes in. With subnets you can split your large network up into many smaller ones. These individual subnets will all have their own gateway routers serving as the ingress and egress point for each subnet.
translate:
In the most basic terms, subnetting is the process of dividing a large network into many smaller subnetworks or subnetworks. After taking this course, you'll be able to explain why subnetting is needed and describe how subnet masks extend what is possible using network and host IDs alone. You will also be able to discuss how CIDR technology provides greater flexibility than ordinary subnetting. Finally, you'll be able to apply some basic binary math tricks to better understand how it all works. Improper subnetting settings are a common problem you may encounter as an IT support professional, so it is important to understand how the process works. This is a massive task, so let's get started. You may recall address classes from the last lesson, which gave us a way to divide the global IP address space into discrete networks. If you want to communicate with the IP address 9.100.100.100, the internet core router will know that this IP address belongs to the 9.0.0.0 class A network and will route the message to the gateway router responsible for that network by looking at the network ID. Gateway routers are used exclusively as ingress and egress paths for a network. You can contrast this with core internet routers, which may only communicate with other core routers.
original
So far, we’ve learned about network IDs, which are used to identify networks, and host IDs, which are used to identify individual hosts. If we want to split things up even further, and we do, we’ll need to introduce a third concept, the subnet ID. You might remember that an IP address is just a 32-bit number. In a world without subnets, a certain number of these bits are used for the network ID, and a certain number of the bits are used for the host ID. In a world with subnetting, some bits that would normally comprise the host ID are actually used for the subnet ID. With all three of these IDs representable by a single IP address, we now have a single 32-bit number that can be accurately delivered across many different networks. At the internet level, core routers only care about the network ID and use this to send the datagram along to the appropriate gateway router to that network. That gateway router then has some additional information that it can use to send that datagram along to the destination machine or the next router in the path to get there. Finally, the host ID is used by that last router to deliver the datagram to the intended recipient machine. Subnet IDs are calculated via what’s known as a subnet mask. Just like an IP address, subnet masks are 32-bit numbers that are normally written now as four octets in decimal. The easiest way to understand how subnet masks work is to compare one to an IP address. Warning: dense material ahead. We’re about to get into some tough material, but it’s super important to properly understand how subnet masks work because they’re so frequently misunderstood. Subnet masks are often glossed over as magic numbers. People just memorize some of the common ones without fully understanding what’s going on behind the scenes. In this course, we’re really trying to ensure that you lead with a well-rounded networking education. So, even though subnet masks can seem tricky at first, stick with it, and you’ll get the hang of it in no time. Just know that in the next video, we’ll be covering some additional basics of binary math. Feel free to watch this video a second or third time after reviewing the material. Go at your own pace, and you’ll get there in the perfect amount of time. Let’s work with the IP address 9.100.100.100 again. You might remember that each part of an IP address is an octet, which means that it consists of eight bits. The number 9 in binary is just 1001. But since each octet needs eight bits, we need to pad it with some zeros in front. As far as an IP address is concerned, having a number 9 as the first octet is actually represented as 0000 1001. Similarly, the numeral 100 as an eight-bit number is 0110 0100. So, the entire binary representation of the IP address 9.100.100.100 is a lot of ones and zeros. A subnet mask is a binary number that has two sections. The beginning part, which is the mask itself is a string of ones just zeros come after this, the subnet mask, which is the part of the number with all the ones, tells us what we can ignore when computing a host ID. The part with all the zeros tells us what to keep. Let’s use the common subnet mask of 255.255.255.0. This would translate to 24 ones followed by eight zeros. The purpose of the mask or the part that’s all ones is to tell a router what part of an IP address is the subnet ID. You might remember that we already know how to get the network ID for an IP address. For 9.100.100.100, a Class A network, we know that this is just the first octet. This leaves us with the last three octets. Let’s take those remaining octets and imagine them next to the subnet mask in binary form. The numbers in the remaining octets that have a corresponding one in the subnet mask are the subnet ID. The numbers in the remaining octets that have a corresponding zero are the host ID. The size of a subnet is entirely defined by its subnet mask. So for example, with the subnet mask of 255.255.255.0, we know that only the last octet is available for host IDs, regardless of what size the network and subnet IDs are. A single eight-bit number can represent 256 different numbers, or more specifically, the numbers 0-255. This is a good time to point out that, in general, a subnet can usually only contain two less than the total number of host IDs available. Again, using a subnet mask of 255.255.255.0, we know that the octet available for host IDs can contain the numbers 0-255, but zero is generally not used and 255 is normally reserved as a broadcast address for the subnet. This means that, really, only the numbers 1-254 are available for assignment to a host. While this total number less than two approach is almost always true, generally speaking, you’ll refer to the number of host available in a subnet as the entire number. So, even if it’s understood that two addresses aren’t available for assignment, you’d still say that eight bits of host IDs space have 256 addresses available, not 254. This is because those other IPs are still IP addresses, even if they aren’t assigned directly to a node on that subnet. Now, let’s look at a subnet mask that doesn’t draw its boundaries at an entire octet or eight bits of address. The subnet mask 255.255.255.224 would translate to 27 ones followed by five zeros. This means that we have five bits of host ID space or a total of 32 addresses. This brings up a shorthand way of writing subnet masks. Let’s say we’re dealing with our old friend 9.100.100.100 with a subnet mask of 255.255.255.224. Since that subnet mask represents 27 ones followed by five zeros, a quicker way of referencing this is with the notation /27. The entire IP and subnet mask can be written now as 9.100.100.100/27. Neither notation is necessarily more common than the other, so it’s important to understand both. That was a lot. Make sure to go back and watch this video again if you need a refresher, or if you’re a total wiz, you can move on to the next video on basic binary math. I’ll see you there or maybe here.
translate
So far, we have learned the concepts of network ID and host ID, which are used to identify a network and identify a single host. If we want to further divide, we need to introduce a third concept, subnet ID. As you may recall, an IP address is just a 32-bit number. In a world without subnets, some bits are used for network IDs and some bits are used for host IDs. In the world of subnetting, some of the bits that should be used for host IDs are actually used for subnet IDs. Now, with a single 32-bit number, we can accurately represent all three IDs to deliver packets across many different networks. At the Internet level, the core routers only care about the network ID, and use that to send packets to the appropriate gateway router. The gateway router can then use some additional information to send the packet to the destination computer or to the next router in the path. Finally, the host ID is used by the last router to deliver the packet to the intended recipient machine. The subnet ID is calculated from the subnet mask. Just like an IP address, a subnet mask is a 32-bit number and is now usually written in four decimal octets. The easiest way to understand a subnet mask is to compare it to an IP address. Warning: What follows is going to involve some dense material. We're about to get into some complex stuff, but it's important to have a proper understanding of how subnet masks work because they're often misunderstood. Subnet masks are often treated as arcane numbers. People just memorize some common subnet masks without fully understanding the principles behind them. In this course, we really want to make sure you have a well-rounded online education. So even though subnet masking might seem tricky at first, stick with it and you'll get the hang of it in no time. Feel free to watch this video again after reviewing the material. Go at your own pace and you'll master it in just the right time. Let's demonstrate again using the IP address 9.100.100.100. As you may recall, each part of an IP address is an octet. The number 9 is just 1001 in binary. But since each octet requires eight bits, we need to pad some zeros in front. In terms of IP addresses, having the number 9 as the first octet is represented as 0000 1001. Similarly, the number 100 is represented as 0110 0100 as an eight-digit binary number. Therefore, the entire binary representation of the IP address 9.100.100.100 is a string of zeros and ones
original
Address classes were the first attempt at splitting up the global Internet IP space. Subnetting was introduced when it became clear that address classes themselves weren’t as efficient way of keeping everything organized. But as the Internet continued to grow, traditional subnetting just couldn’t keep up. With traditional subnetting and the address classes, the network ID is always either 8 bit for class A networks, 16 bit for class B networks, or 24 bit for class C networks. This means that there might only be 254 classing networks in existence, but it also means there are 2,970,152 potential class C networks. That’s a lot of entries in a routing table. To top it all off, the sizing of these networks aren’t always appropriate for the needs of most businesses. 254 hosts in a class C network is too small for many use cases, but the 65,534 hosts available for use in a class B network is often way too large. Many companies ended up with various adjoining class C networks to meet their needs. That meant that routing tables ended up with a bunch of entries for a bunch of class C networks that were all actually being routed to the same place. This is where CIDR or classless inter-domain routing comes into play. CIDR is an even more flexible approach to describing blocks of IP addresses. It expands on the concept of subnetting by using subnet masks to demarcate networks. To demarcate something means to set something off. When discussing computer networking, you’ll often hear the term demarcation point to describe where one network or system ends and another one begins. In our previous model, we relied on a network ID, subnet ID, and host ID to deliver an IP datagram to the correct location. With CIDR, the network ID and subnet ID are combined into one. CIDR is where we get this shorthand slash notation that we discussed in the earlier video on subnetting. This slash notation is also known as CIDR notation. CIDR basically just abandons the concept of address classes entirely, allowing an address to be defined by only two Individual IDs. Let’s take 9.100.100.100 with a net mask of 255.255.255.0. Remember, this can also be written as 9.100.100.100/24. In a world where we no longer care about the address class of this IP, all we need is what the network mask tells us to determine the network ID. In this case, that would be 9.100.100, the host ID remains the same. This practice not only simplifies how routers and other network devices need to think about parts of an IP address, but it also allows for more arbitrary network sizes. Before, network sizes were static. Think only class A, class B or, class C, and only subnets could be of different sizes. CIDR allows for networks themselves to be differing sizes. Before this, if a company needed more addresses than a single class C could provide, they need an entire second class C. With CIDR, they could combine that address space into one contiguous chunk with a net mask of /23 or 255.255.254.0. This means, that routers now only need to know one entry in their routing table to deliver traffic to these addresses instead of two. It’s also important to call out that you get additional available host IDs out of this practice. Remember that you always lose two host IDs per network. So, if a /24 network has two to the eight or 256 potential hosts, you really only have 256 minus two, or 254 available IPs to assign. If you need two networks of this size, you have a total of 254 plus 254 or 508 hosts. A single /23 network, on the other hand, is two to the nine or 512. 512 minus two, 510 hosts. Take a second and lock that into your memory. Then when you’re ready, we have a short ungraded quiz for you before we move on to routing in the next lesson.
translate
Address classes are the original attempt to divide the IP address space of the global Internet. Subnetting was introduced after it became clear that address classes by themselves were not an efficient way to organize. But with the continuous growth of the Internet, traditional subnetting has been unable to keep up. In traditional subnetting and address classes, the network ID is always 8 bits for a class A network, 16 bits for a class B network, or 24 bits for a class C network. This means that there may only be 254 classical networks, but it also means that there may be 2,970,152 potential Class C networks. This is a large number of entries in the routing table. Worse, these networks aren't always the right size for most businesses. The 254 hosts in a Class C network are too small for many purposes, and the 65,534 hosts available for use in a Class B network are often too large. Many companies end up needing multiple adjacent Class C networks to meet their needs. This means that there are many entries in the routing table for Class C networks that are actually all routed to the same location. This is where Classless Inter-Domain Routing (CIDR) comes in. CIDR is a more flexible way of describing blocks of IP addresses. It extends the concept of subnetting by using subnet masks to divide networks. When discussing computer networks, you'll often hear the term "demarcation point" to describe where one network or system ends and another begins. In the previous model, we relied on network IDs, subnet IDs, and host IDs to deliver IP datagrams to the correct location. With CIDR, the network ID and subnet ID are combined into one. CIDR is where the kind of slash acronym we discussed in our previous video on subnetting comes from. This slash notation is also known as CIDR notation. CIDR basically abandons the concept of address classes entirely, allowing only two separate IDs to define addresses. Let's take 9.100.100.100 and subnet mask 255.255.255.0 as an example. Remember, this can also be written as 9.100.100.100/24. In a world where we no longer care about the address class of this IP address, we only need the subnet mask to determine the network ID. In this case, the network ID will be 9.100.100 and the host ID remains the same. Not only does this approach simplify the way routers and other network devices need to think about parts of an IP address, it also allows for more arbitrary network sizes. Previously, the network size was static.
Firewall
original
You know what network device we haven’t mentioned that you’re probably super familiar with? A firewall. A firewall is just a device that blocks traffic that meets certain criteria. Firewalls are a critical concept to keeping a network secure since they are the primary way you can stop traffic you don’t want from entering a network.
Firewalls can actually operate at lots of different layers of the network. There are firewalls that can perform inspection of application layer traffic, and firewalls that primarily deal with blocking ranges of IP addresses. The reason we cover firewalls here is that they’re most commonly used at the transportation layer.
Firewalls that operate at the transportation layer will generally have a configuration that enables them to block traffic to certain ports while allowing traffic to other ports. Let’s imagine a simple small business network. The small business might have one server which hosts multiple network services. This server might have a web server that hosts the company’s website, while also serving as the file server for a confidential internal document.
A firewall placed at the perimeter of the network could be configured to allow anyone to send traffic to port 80 in order to view the web page. At the same time, it could block all access for external IPs to any other port. So that no one outside of the local area network could access the file server.
Firewalls are sometimes independent network devices, but it’s really better to think of them as a program that can run anywhere. For many companies and almost all home users, the functionality of a router and a firewall is performed by the same device. And firewalls can run on individual hosts instead of being a network device. All major modern operating systems have firewall functionality built-in. That way, blocking or allowing traffic to various ports and therefore to specific services can be performed at the host level as well. Up next, firing up your brain for a short quiz.
translate
A network firewall is a network device that blocks traffic that meets certain criteria from entering the network. Firewalls can operate at different layers of the network, including the application layer and the transport layer. Firewalls operating at the transport layer are usually configured to allow traffic on certain ports while blocking traffic on others. For example, in a small business network, a firewall at the network boundary can be configured to allow external IP addresses to access port 80 for viewing web pages, but block external IP addresses from accessing other ports to protect the security of internal file servers. A firewall can be a standalone network device or a software program that runs on a router or host computer. Modern operating systems usually have a built-in firewall function, which can control access to ports and services at the host level.
DNS
original
DNS is a great example of an application layer service that uses UDP for the transport layer instead of TCP. This can be broken down into a few simple reasons. Remember that the biggest difference between TCP and UDP is that UDP is connectionless. This means there is no setup or teardown of a connection. So much less traffic needs to be transmitted overall. A single DNS request and its response can usually fit inside of a single UDP datagram, making it an ideal candidate for a connectionless protocol. It’s also worth calling out that DNS can generate a lot of traffic. It’s true that caches of DNS entries are stored both on local machines and caching name servers, but it’s also true that if the full resolution needs to be processed, we’re talking about a lot more traffic. Let’s see what it would look like for a full DNS lookup to take place via TCP. First, the host that’s making the DNS resolution request would send a SYN packet to the local name server on port 53, which is the port that DNS listens on. This name server would then need to respond with a SYN ACK packet, that means the original host would have to respond with an ACK in order to complete the three-way-handshake. That’s three packets. Now, that the connection has been established, the original host would have to send the actual request. I’d like the IP address for food accomplice. When it receives this request, the name server would have to respond with another ACK. I got your request for food.com. We’re up to five packets sent now. In our scenario, the first caching name server doesn’t have anything cached for food.com. So, it needs to talk to a root name server to find out who’s responsible for the.comTLD. This would require a three-way-handshake. The actual request, the ACK of the request, the response, and then the ACK of the response. Finally, the connection would have to be closed via a four-way-handshake. That’s 11 more packets or 16 total. Now that the recursive name server has the correct TLD name server, it needs to repeat that entire process to discover the proper authoritative name server. That’s 11 more packets, bringing us up to 27 so far. Finally, the recursive name server would have to repeat the entire process one more time while talking to the authoritative name server in order to actually get the IP of food.com. This is 11 more packets for a running total of 38. Now that the local name server finally has the IP address of food.com, it can finally respond to the initial request. A response to the DNS resolver that originally made the request, and then this computer sends an ACK back to confirm that it received the response. That’s two more packets, putting us at 40. Finally, the TCP connection needs to be closed via a four-way-handshake. This brings us to a grand total of 44 packets at the minimum in order for a fully recursive DNS request to be fulfilled via TCP. 44 packets isn’t really a huge number in terms of how fast modern networks operate. But it adds up fast as you can see. Remember that DNS traffic is just a precursor to actual traffic. A computer almost always performs a DNS lookup because it needs to know the IP of the domain name in order to send additional data, not just because it’s curious. Now, let’s check out how this would look with UDP. Spoiler alert, it doesn’t take as many packets. The original computer sends a UDP packet to its local name server on port 53 asking for the IP for food.com, that’s one packet. The local name server acts as a recursive server and sends up a UDP packet to the root server which sends a response containing the proper TLD name server, that’s three packets. The recursive name server sends a packet to the TLD server and receives back a response containing the correct authoritative server. We’re now at five packets. Next, the recursive name server sends its final request to the authoritative name server which sends a response containing the IP for food.com. That’s seven packets. Finally, the local name server responds to the DNS resolver that made the request in the first place with the IP for food.com. That brings us to a grand total of eight packets. See, way less packets. You can see now how much overhead TCP really requires. And for something as simple as DNS, it’s just not needed. It’s the perfect example for why protocols like UDP exist in addition to the more robust TCP. You might be wondering how error recovery plays into this, since UDP doesn’t have any. The answer is pretty simple. The DNS resolver just asks again if it doesn’t get a response. Basically, the same functionality that TCP provides at the transport layer is provided by DNS at the application layer in the most simple manner. A DNS server never needs to care about doing anything but responding to incoming lookups, and a DNS resolver simply needs to perform lookups and repeat them if they don’t succeed. A real showcase of the simplicity of both DNS and UDP. I should call out that DNS over TCP does in fact exist and is also in use all over. As the Web has gotten more complex, it’s no longer the case that all DNS lookup responses can fit in a single UDP datagram. In these situations, a DNS name server would respond with a packet explaining that the response is too large. The DNS client would then establish a TCP connection in order to perform the lookup.
translate
DNS is a typical example of an application layer service that uses UDP instead of TCP as the transport layer protocol. There are a few simple reasons for this. First, UDP is connectionless, there is no need to establish or tear down connections, so less traffic is transmitted. A single DNS request and response can usually fit into one UDP datagram, making it ideal for connectionless protocols. Second, DNS-generated traffic can be significant. Although caches of DNS entries are usually stored on the local computer and on caching name servers, if a full resolution is required, the traffic becomes more intensive. If you use TCP for a complete DNS lookup, there will be a lot of packet exchange, including three-way handshakes and four-way handshakes, resulting in a larger overall traffic. In contrast, using UDP can greatly reduce the number of packets and simplify the process of traffic exchange. In addition, DNS is a simple application layer protocol, and the error recovery function can be processed at the application layer, such as resending requests, thus making up for the lack of error recovery features of the UDP protocol. It's important to note that while DNS over TCP does exist and is used in some cases, as the Web has become more complex, not all DNS lookup responses can fit into a single UDP datagram anymore. In these cases, the DNS server replies with a packet stating that the response is too large, and the DNS client establishes a TCP connection to perform the lookup.