OSI seven-layer model: (Open System Interconnection Reference Model) is an open system interconnection reference model jointly developed by the International Organization for Standardization (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT), which provides an open interconnection information system. Framework for functional structure.

Seventh application layer : input and output of abstract language (human language) ---> encoding

The sixth layer presentation layer : coding (code written using various programming software) ---> binary (language recognizable by the computer)

The fifth layer of session layer : the internal address of the application, distinguishing each session in the program; (provide the session address, and establish the end-to-end session of the application)

(The upper three layers: the layer where the application program processes and processes data, and the upper three layers are collectively referred to as the "application layer")

(The next four layers: responsible for data transmission and forwarding, the next four layers are called "data flow layer")

The fourth layer of transport layer : use TCP/UDP protocol to transmit; provide port number, data segmentation (limited by MTU)

The third layer of network layer : Internet protocol--IP data transmission and sharing at the network layer

The second layer data link layer = LLC (check) + MAC (control physical layer) media access control - control physical equipment (LLC logical link control layer, MAC media access control layer, these two layers are combined into the same layer called the "Data Link Layer")

The first physical layer : the actual physical hardware used to process photoelectric signals.

Small tips:

The core function of the data link layer is to control the physical layer equipment; because physical equipment cannot work automatically; program control is required;

Since the physical layer of most network environments uses Ethernet technology, the thinking of the data link layer is mostly based on the two-layer encapsulation of Ethernet;

Ethernet second generation frame header:

Only Ethernet technology uses MAC addresses for physical addressing on the second layer;

2. Increased network

(1) Extension of transmission distance

Physically pressurize with a repeater (amplifier).

(2) Increase in the number of nodes (terminals)

HUB hub

3. Upgrade requirements in the process of network enlargement:

Wireless transmission distance; no conflict --- all nodes can send and receive their own data at the same time; unicast;

In response to the above three requirements, the "switch" was invented

4. Network expansion --- unlimited distance, no conflict, unicast ---> switch ---> MAC address ---> flooding ---> flooding range ---> router ---> ip Address ---> ARP ---> Broadcast ---> Broadcast Domain (Flooding Domain)

Two: Hub HUB

1: HUB concept

The HUB hub can be used to increase the number of network nodes (terminals), but its increased transmission distance is limited and cannot guarantee security, delay, and other issues, so it has been eliminated now.

2: Problems in the hub environment:

Security , delay , address , conflict
address: MAC address (working in the media access control layer) --- factory ID of the network card chip --- 48-bit binary composition -- hexadecimal identification, unique in the world, burned to the network card at the factory

Collision: CSMA/CD carrier sense multiple access/collision detection --- queuing --- delay increases, there is still a probability of collision

3: bridge

Bridge:

The network bridge is also called a bridge, the English name is Network Bridge, and it is a data link layer device. It is also a device for forwarding data packets, but unlike HUB, it works at the data link layer. HUB can only understand things on the physical layer (such as a physical signal), but the bridge can understand some frames. Information (on the link layer, after encapsulating the data passed down above, the encapsulated data is a frame, but here I use the general term "data packet" to replace the term "frame"). On the Ethernet-structured LAN, the final addressing is identified by the MAC address of the data link layer (that is, a unique machine can be found on the LAN with the MAC address), and the bridge can receive data from the incoming data packets. Extract the MAC information from the network, and forward the data packets purposefully according to the MAC information, instead of broadcasting, so as to reduce the occurrence of broadcast storms and improve the efficiency of the entire network.

3. Switch

1. Functions realized by the switch:

(1) Provides the same port density as the hub (inheriting the role of HUB) for more user access
(2) Based on data identification and forwarding, it realizes a theoretically unlimited transmission distance
(3) Based on data identification and storage After forwarding, all nodes can send and receive their own data at the same time, which solves the conflict problem
(4) Realize (one-to-one) unicast communication based on MAC address identification, recording, and query

Since the switch works at the media access control layer, it can recognize the current as binary data, and then reconvert it into an electrical signal to achieve wireless transmission distance;

Resolve conflicts by identifying data, storing data and forwarding logic;

By recording the interface corresponding to the MAC address in the data frame, it is uniquely forwarded to the target to achieve unicast;

2. The working process of the switch:

After the data current enters the switch, the switch first recognizes it as a layer-2 binary; then records it in the local MAC address table by identifying the source mac address in the data frame; (the interface corresponding to each MAC is recorded in the MAC table) and then pays attention to it The target MAC address in the data frame, and then check whether there is a record in the local MAC table. If there is a record, it will be forwarded only based on the recorded interface (unicast); if there is no record, it will be flooded;

4. Router

1. Concept

A router (Router) is a hardware device that connects two or more networks. It acts as a gateway between networks. It is a dedicated intelligent network device that reads the address in each data packet and then decides how to transmit it. It can understand different protocols, such as the Ethernet protocol used by a local area network, and the TCP/IP protocol used by the Internet. In this way, the router can analyze the destination addresses of data packets from various types of networks, and convert the addresses of non-TCP/IP networks into TCP/IP addresses, or vice versa; The best route is sent to the designated location. So routers can connect non-TCP/IP networks to the Internet.

2. The role of the router:

The interconnection between different networks
makes path selection for the data it carries --- path selection

3. The working principle of the router:

After receiving a piece of bit stream, first identify it as a layer 2 data frame; check the target mac address, then discard or decapsulate; after decapsulating to the third layer, pay attention to the target ip address, and query the local routing table; if there is a record in the table, it will Unconditionally re-encapsulate the layer-2 according to the record and forward it; if there is no record, the traffic will be discarded;

[r1]display ip routing-table view routing table

Default: 1. There are only routes directly connected to the network segment 2. The router defaults to a network segment as the target

The non-directly connected network segment is an unknown network segment; the method of obtaining an unknown network segment:

Static routing -- Handwritten
dynamic routing --- Negotiation, communication, and calculation between routers are automatically generated

Five: Notes on terms:

1. ARP address resolution protocol

(Know one kind of address of the peer end, get another kind of address)

(The behavior of obtaining the MAC of the peer through the IP address of the peer needs to use the broadcast mechanism)

(1) AARP---forward ARP :

Know the IP addresses of other node devices on the same network segment, and obtain the corresponding

End MAC address;

(2) Reverse ARP:

The local MAC is known, and the local IP address is obtained through the peer;

(3) Gratuitous ARP: (Gratuitous ARP)

When the device just obtains or uses the IP address, it will actively perform a forward ARP outward, and the requested IP address is the local IP address; its function is to detect that there are other nodes using the same IP address as the local in the network segment (Address Conflict Detection)

(4) Proxy ARP:

If an ARP request is sent from a host on one network to another host on the same network segment but not on the same physical network, the device connected to them with proxy ARP function can answer the request. This process is called proxy ARP (Proxy ARP). ARP).

2.DNS -- domain name resolution service

The server records the IP of each website and the corresponding domain name; when accessing the domain name, the DNS server needs to resolve the corresponding ip address, and then the client can access it; it is used for terminal query and analysis;

DNS uses the TCP protocol when performing zone transfers, and the UDP protocol at other times.

The DNS specification stipulates two types of DNS servers, one is called the primary DNS server and the other is called the secondary DNS server.

3.

Flooding: In addition to the incoming interface of the traffic, all other interfaces are copied and transferred out;

IP address: It is composed of network bits and host bits; the front part is network bits, marking the corresponding flooding range (broadcast domain); the latter part is host bits, marking the uniqueness within this range; after each ip address Both carry a subnet mask, and the subnet mask is to distinguish the network bit and the host bit in the ip address.

IPV4 address: 32-bit binary format, marked in dotted decimal notation.

ABCDE classification, where ABC is a unicast address; D is a multicast address; E is a reserved address

Although ABC are all unicast addresses, there are three types of ABC based on the default mask length;

Broadcast : Force the switch to perform flooding behavior (the target MAC is all F, and the MAC does not actually exist in the network)

Segmentation : Oversized data packets cannot share bandwidth with others in the network, and bandwidth preemption will occur, resulting in data packet damage, retransmission, and greatly increasing network delay; therefore, data packets must be segmented; MTU is required for segmentation limit.

MTU : maximum transmission unit -- default 1500 bytes

Port number : use the client to distinguish processes, and the server to distinguish services

Range: 0-65535

1-1023 is the indicated port, which is used to mark the service port of the fixed server

1024-65535 is a random port number (dynamic port, high port), used to mark each process of the terminal

When the client accesses the server, the client randomly uses the high port as the source port number to mark the local process; uses the indicated port number as the target port number to correspond to the service;

80 http 443 https 53dns 21 ftp 22 ssh 23 telnet .....

4.UDP:

UDP: User Datagram Protocol

Non-connection-oriented unreliable transport protocol --- only complete the basic work of transmission --- segmentation, port number

UDP header:

5. TCP: Transmission Control Protocol

Connection-oriented reliable transport protocol --- In addition to completing the basic work of the transport layer, it is necessary to further ensure the reliability of the transport

Connection-oriented: Before transmitting data, an end-to-end virtual link needs to be established through TCP's "three-way handshake";

Reliable transmission: 4 reliable mechanisms -- confirmation, retransmission, sequencing, flow control (sliding window)

TCP header:

TCP three-way handshake:

When TCP establishes a connection, it needs to transmit three data packets, commonly known as three-way handshake

The first handshake: the client sends a SYN identifier request to establish a connection with the server. Randomly generate a value seq=J, and send the data packet to the server, and the client enters the SYN_SENT state, waiting for the server to confirm.

The second handshake: the server replies with an ACK confirmation message to the client, confirms that there is no problem with the receiving ability of the server and the sending ability of the client, and allocates resources for this connection. After the server receives the data packet, the flag bit SYN=1 knows that the client requests to establish a connection. The server sets the flag bits SYN and ACK to 1, ack=J+1, randomly generates a value seq=K, and sends the The data packet is sent to the client to confirm the connection request, and the server enters the SYN_RCVD state.

The third handshake: the client sends an ACK message to reply to the server again, confirming that there is no problem with the receiving ability of the client and the sending ability of the server, and establishes a connection. After receiving the confirmation, the client checks whether the ack is J+1 and whether the ACK is 1. If it is correct, the flag bit ACK is set to 1, ack=K+1, and sends the data packet to the server. The server checks Whether the ack is K+1, whether the ACK is 1, if it is correct, the connection is established successfully, the client and the server enter the ESTABLISHED state, complete the three-way handshake, and then the client and the server can start transmitting data.

TCP's four waves:

The four waves of TCP are the four processes when disconnecting, which allows the computer to release resources that are no longer in use. If the connection cannot be disconnected normally, it will not only cause data transmission errors, but also cause the socket to fail to close, which will continue to occupy resources. If the concurrency is high, the server pressure will be worrying.

Process overview: a (The data transfer is complete, and the connection is requested to be disconnected.)

b (Received disconnection request, please give me some time to prepare.)

b (I'm ready to disconnect.)

a(Okay, thank you for your cooperation.)

The first wave: the client sends a FIN end identifier to disconnect the data transmission from the client to the server. The client sends a FIN to close the data transmission from the client to the server, and the client enters the FIN_WAIT_1 state.

The second wave: After receiving the FIN end identifier, the server sends an ACK confirmation message to the client. After the server receives the FIN, it sends an ACK to the client, confirming that the sequence number is the received sequence number + 1 (same as SYN, one FIN occupies one sequence number), and the server enters the CLOSE_WAIT state.

The third wave: the server sends a FIN end identifier to the client to disconnect the data transmission from the server to the client. The server sends a FIN to close the data transmission from the server to the client, and the server enters the LAST_ACK state.

The fourth wave: After receiving the FIN end identifier, the client sends an ACK confirmation message to the server. After the client receives the FIN, the client t enters the TIME_WAIT state, and then sends an ACK to the server, confirming that the serial number is the received serial number + 1, and the server enters the CLOSED state, and completes four waved hands.

6.IPV4 header:

Standard 20 bytes, expandable to 60 bytes

7. TTL: time to live

Each data packet has an initial hop count lifetime, based on a number between 255, 128, and 64 in the target system, and every time it is forwarded by a router, the value will be reduced by 1. When it is 0, the data packet will not be transmitted again; the significance lies in the ring Data transmission can be stopped on the way;

6. Encapsulation and decapsulation

Encapsulation : A process in which data is processed from high-level to low-level; during the process, the data packet will continue to grow;

Decapsulation : a process of reading and identifying data from the lower layer to the upper layer, during which the data will continue to get smaller

7. PDU (Protocol Data Unit) --- The unit of measurement for each layer of data

The upper three layers---data message; transport layer---segment; network layer---packet; data link layer---frame; physical layer---bit stream (unit: bit)

8. TCP/IP protocol stack road model, 'actual' engineering use model.

The TCP/IP protocol stack is the predecessor of the OSI model; it is also the current model that is actually running;

The difference between TCP/IP and OSI model:

1. The number of layers is different

2. TCP/IP only supports IP protocol at layer 3, while OSI supports all network layer protocols;

3. TCP/IP supports cross-layer encapsulation -- layer-skip encapsulation

The main function lies in the protocol between directly connected devices, reducing layers and speeding up calculation; the cross-layer encapsulation protocol used between non-directly connected devices is ICMP;

After the cross-layer, the cross-layer work must be carried out temporarily by other layers;

When there is no transport layer---the application layer data packet crosses the layer directly to the network layer;

After the IP header will be fragmented, fill the data into the header -- replace the fragment protocol number -- port number

When there is no transport layer and network layer--application layer packets directly across layers to the data link layer

If the second layer is Ethernet encapsulation, the second-generation Ethernet header can no longer be used; the first-generation header must be used;

The first-generation Ethernet header is divided into two sublayers - LLC logical link control sublayer + MAC media access control sublayer

LLC is 802.2 header MAC is 802.3 header

LLC is responsible for fragmentation and providing frame type numbers

MAC is responsible for the normal MAC address and preamble

9. OSI (Open Systems Interconnection 'reference' model) --- 7-layer model

10. Bandwidth Calculation

The rate is about equal to (bandwidth/8)*85%

11. For normal communication between two devices, the target ip address must be known; the way to obtain the ip address --- 1. Domain name 2. APP record 3. Provided directly by the administrator

12. The target IP address accessed by the PC is in the same network segment as the local

--- ARP obtains the peer mac address, fails to obtain the communication, and waits for timeout

Normal communication after successful acquisition

6. Classification of IP addresses

1. IPV4 address classification :

(32-bit binary format, dotted decimal notation)

（11000000101010000000000100000001 === 192.168.1.1）

An IPV4 address consists of two parts: network bits + host bits

Among them, the broadcast domain corresponding to the network bit mark, and the host bit mark the uniqueness within the broadcast domain

The network bit and host bit identification method of an ip address depends on the subnet mask

(1) ABCDE 5 classes,
where ABC is a unicast address, Class D is a multicast address, Class E is reserved for scientific research
(2) Unicast address: in the entire network, each address is unique in the whole network; unique and can be used as the target ip The address can also be used as the address of the source ip address; therefore, to configure an IP address for a device, it must be a unicast address; (3
) Based on the first segment (the first 8 bits) of the ip address, the category it belongs to can be distinguished :

Range Default subnet mask length
A 1-126 255.0.0.0
   B 128-191 255.255.0.0
   C 192-223 255.255.255.0
D 224-239
E 240-255

2. Special IP address:

(1) There is a difference between public ip and private ip in the IPV4 address

(2) In each unicast address, the host bits are all 0 :

eg: 192.168.1.00000000 255.255.255.0 (it is not an available ip and cannot be configured as the address of the device;)

Network number , used to represent the entire network segment;

192.168.1.0 255.255.255.0 = 192.168.1.x 255.255.255.0

Network number abbreviation:

192.168.1.0 255.255.255.0 = 192.168.1.0/24

(3) In each unicast address, the host bits are all 1 ;

192.168.1. 11111111 /24 = 192.168.1.255/24 (It is not an available ip address; it cannot be configured for the device; this address is a direct broadcast address;)

(4) 32 bits all 1

255.255.255.255 Restricted broadcast address ; restricted by the router, the router will not forward this information to

other broadcast domains;

(5) 32 bits all 0 : 0.0.0.0

① When there is no DHCP, it is regarded as an invalid address--represents none ②Default address--represents all

(6) 169.254.0.0/16 Link-local address Automatic private address;

It is a temporary ip address that is automatically generated locally when there is still no DHCP response after the terminal broadcasts DHCP requests multiple times;

The network bit is fixed at 169.254, and the subnet mask is 16 bits; the host bit is randomly generated locally;

(7) 127 loopback address win system default 127.0.0.1

The system is automatically generated by default to test whether the TCP/IP network of the system can work normally;

(8) Note: Only unicast addresses can be used as target ip addresses, and can also be used as source ip addresses; other addresses can only be used as target ip addresses; --- Therefore, as long as an ip address is configured for a device, it must be configured as unicast address;

3. VLSM: variable length subnet mask -- subnetting

By extending the length of the subnet mask, the effect of borrowing from the original host bit to the network bit is achieved; finally, a large network segment is divided into multiple small network segments; each new subnet, the host Less; increase the network number, reduce the number of users in each network number; improve the utilization rate of the address; at the same time, it is convenient for network planning and management;

(After dividing a network segment into multiple subnets, the parent network cannot be configured as an available IP in the network)

172.16.0.0/15 is divided into 4 subnets:

172.0001000 00 0000000 00000000 172.16.0.0 172.16.0.1--- 172.16.127.254

255.1111111 11 0000000 00000000 255.255.128.0

172.0001000 01 0000000 00000000 172.16.128.0 172.16.128.1--- 172.16.255.254

255.1111111 11 0000000 00000000 255.255.128.0

172.0001000 10 0000000 00000000 172.17.0.0 172.17.0.1--- 172.17.127.254

255.1111111 11 0000000 00000000 255.255.128.0

172.0001000 11 0000000 00000000 172.17.128.0 172.17.128.1--- 172.17.255.254

255.1111111 11 0000000 00000000 255.255.128.0

4. CIDR Classless Inter-Domain Routing -- Subnet Summary

Combine multiple small network segments into one network segment after calculation;

Take the same bit and remove the different bit;

eg: combine 192.168.1.0/24; 192.168.2.0/24; 192.168.3.0/24; into one network.

192.168.000000 01 .0

192.168.000000 10 .0

192.168.000000 11 .0

Take the same and get different: 192.168.000000 00.0/22 ---> 192.168.0.0/22

eg: combine 172.16.33.0/24; 172.16.44.0/24; 172.16.55.0/24; 172.16.63.0/24; into one network

172.16.001 00001.0

172.16.001 01100.0

172.16.001 10111.0

172.16.001 11111.0

Take the same and get different: 172.16.001 00000.0/19 ---> 172.16.32.0/19

Subnet summary: After summary, the mask of the summary network segment is longer than that of the main class;

Supernet: After summarization, the mask of the summarized network segment is shorter than the main class mask;

HCIA Network Basics (1)

One: Network working model

1. OSI seven-layer model

2. Increased network

3. Upgrade requirements in the process of network enlargement:

Two: Hub HUB

1: HUB concept

2: Problems in the hub environment:

3: bridge

3. Switch

4. Router

1. Concept

2. The role of the router:

3. The working principle of the router:

Five: Notes on terms:

2.DNS -- domain name resolution service

3.

4.UDP:

5. TCP: Transmission Control Protocol

TCP three-way handshake:

TCP's four waves:

6.IPV4 header:

7. TTL: time to live

6. Encapsulation and decapsulation

7. PDU (Protocol Data Unit) --- The unit of measurement for each layer of data

8. TCP/IP protocol stack road model, 'actual' engineering use model.

9. OSI (Open Systems Interconnection 'reference' model) --- 7-layer model

10. Bandwidth Calculation

6. Classification of IP addresses

1. IPV4 address classification :

2. Special IP address:

3. VLSM: variable length subnet mask -- subnetting

4. CIDR Classless Inter-Domain Routing -- Subnet Summary

Guess you like