1 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ 5 TCP/IP Networking Terms you’ll need to understand: ✓ Subnet mask ✓ Subnetting ✓ Classless Interdomain Routing (CIDR) ✓ Transmission Control Protocol/Internet Protocol (TCP/IP) ✓ Address Resolution Protocol (ARP) ✓ Reverse Address Resolution Protocol (RARP) ✓ Hot Standby Routing Protocol (HSRP) ✓ Telnet ✓ Ping ✓ File Transfer Protocol (FTP) Techniques you’ll need to master: ✓ Describing IP address classes ✓ Identifying TCP/IP functions ✓ Identifying the use of Network Address Translation (NAT) ✓ Explaining TCP/IP application services 2 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 5 This chapter delves into many of the commonly confused topics within the world of internetworking. Mastery of these topics is essential for CCIE candidates; these technologies will serve you well in your daily activities. We begin with the most common protocol, TCP/IP, and we’ll use it as the base for our more ad- vanced discussions throughout this chapter and the remainder of the book. The following CCIE blueprint objectives as laid out by the Cisco Systems CCIE program are covered in this chapter: ➤ Addressing—Classless Interdomain Routing (CIDR), subnetting, Address Resolution Protocol (ARP), Network Address Translation (NAT), Hot Standby Router Protocol (HSRP) ➤ Services—Domain Name System (DNS), Bootstrap Protocol (BOOTP), Dynamic Host Configuration Protocol (DHCP), Internet Control Message Protocol (ICMP) ➤ Applications—Telnet, File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP) ➤ Access Lists—Standard access lists and extended access lists, including where and how to place and design them As with other chapters in this book, we have provided additional information in this chapter for both completeness and in preparation for additional subjects as the CCIE program expands. This will allow you to use this book as a reference source throughout the CCIE certification process and beyond. TCP/IP Overview Transmission Control Protocol/Internet Protocol (TCP/IP) is by far the most popular networking protocol in use today. The Internet links many different hard- ware types, and TCP/IP enables the various hardware types to communicate effectively with each other. Figure 5.1 shows the TCP/IP protocol suite and how it maps to the seven-layer OSI model. When using TCP/IP in the OSI model, the Transport layer (TCP or UDP) provides connection orientation (TCP) or connectionless services (UDP), and the Network layer (IP) provides best-effort delivery (connectionless). The next section describes what makes up an IP address and the associated addressing schemes available. Later in this chapter, we’ll take a closer look at TCP’s functions. The Internet Protocol (IP) was described by Jon Postel in RFC 791 in September 1981. The following URL provides you with some of the most common RFC’s are available: www.cisco.com/warp/customer/ 459/index.shtml. 3 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ TCP/IP Networking IP Addressing Review The network layer addressing used by IP is a field 32 bits in length and repre- sented in a dotted decimal format, such as 10.99.34.50. IP addresses have three defined portions: a network portion, a host portion, and a subnet mask. A subnet mask (also a 32-bit field) is used to identify and distinguish between the network and host portions, as discussed later in this chapter. Figure 5.2 demonstrates a typical network address, using a Class A IP address. In Figure 5.2, the number 10 represents a network portion, and the numbers 99.34.50 represent the host portion. Together, these two portions form the IP address, which is 32 bits in length. Application Presentation Session Transport Network Data Link Physical Telnet File Transfer BOOTP, DHCP, Protocol (FTP) TFTP, NTP Ethernet T/Ring FDDI (802.3) (802.5) (ANSI X3T9.5) ATM TCP provides connection-oriented delivery UDP provides connectionless delivery OSPF, RIP, IGEP/EIGRP, BGP ICMP Figure 5.1 OSI-TCP/IP model. Network Host 10 99 34 50 8 bits 8 bits 8 bits 8 bits 32 bits Figure 5.2 A typical IP address. 4 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 5 The original RFC classified IP addressing into five main classes. Table 5.1 lists the RFC’s IP address classes. Using the table, you can see that the IP address shown in Figure 5.2 is a Class A address. The address range 127.0.0.0 is reserved for loopback devices. For ex- ample when you read the Cisco documentation CD-ROM on your PC, the address used is 127.0.0.1 to indicate the local CD-ROM drive. Class D addresses are reserved for Multicast groups. The address 255.255.255.255 is reserved for broadcasts. By applying a default mask, as shown in Table 5.1, to an IP address, the IP model is known as the classful model. IP routing protocols that use Table 5.1’s defini- tions are referred to as classful routing protocols (for example, RIP v1). This is contrasted with routing protocols that use a mask other than the default. These types of routing protocols are known as classless routing protocols (for example, OSPF). Class D addressing is reserved for multicast groups. For example, the Cisco IP routing protocol Enhanced Interior Gateway Routing Protocol (EIGRP) sends multicast hello packets to the multicast address 224.0.0.10. Class E ad- dressing is reserved for future use. A simple way to observe an IP address’s class is to look at the first couple of bits in the IP address’s first octet. The value contained within the first few bits will tell you what class of IP address you are working with: ➤ 0—Class A network ➤ 10—Class B networks ➤ 110—Class C networks ➤ 1110—Class D networks ➤ 11110—Class E networks You can clearly see how the bit pattern indicates the class of the IP address, as shown in Figure 5.3. Table 5.1 IP address classes. Address Class Range Default Subnet Mask Class A 1 through 126 255.0.0.0 Class B 128 through 191 255.255.0.0 Class C 192 through 223 255.255.255.0 Class D 224 through 239 255.255.255.240 Class E 240 through 255 Reserved 5 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ TCP/IP Networking Note: A Cisco router will apply the longest match rule when deciding where an an IP packet will be sent. Consider the case in which a router can have two or more different next hop addresses for the same network. The router will choose the next hop that has the longest mask that matches the destination network. This is called the longest match rule. Due to the rapid growth of hosts on the Internet or intranets (not public net- works), it was soon evident to the Internet community that IP addressing would eventually be depleted. Therefore, to allow for the continued expansion of the Internet, subnetting was implemented to allow IP administrators to maximize the use of an IP address space. Subnetting Subnetting allows the network or IP address administrator to maximize the use of an IP address space within the network. A subnet mask borrows bits from an IP address’s host portion and uses the bits to define new networks. If subnetting is implemented, IP addresses have three sections: ➤ Network ➤ Subnet (new) ➤ Host Address Note: All IP addresses have a mask associated with them, either implied (default) or defined. There are three address representations: dotted decimal, bitcount, and hexadecimal. The subnet or network defines the arbitrary segmentation performed by the network administrator. The subnet allows the creation of a hierarchical routing network. Network Host Class A Class B Class C 0 Network 0 Network 0 1 1 1 Host 1 1 1 1 11 21 14 7 Bits required 24 bits 16 bits 8 bits 1-126 128-191 192-223 Ranges Host Figure 5.3 Bit patterns for Class A, Class B, and Class C addressing. 6 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 5 A subnet mask is a 32-bit decimal number that is used to identify a network and its host addresses. Subnet masks can be the classful kind, as shown earlier in Table 5.1. Class A, B, and C network addressing schemes are not much use in today’s com- plex Internetworks unless you extend the mask or use variable length subnetting to avoid wasting IP address space. The phrase variable length subnet mask (VLSM) refers to the fact one network can be configured with different subnet masks. For example, a network could be configured to have one mask that allows only two hosts and another mask that can be extended to allow 512 hosts. VLSM ensures that IP addressing is not wasted. Think of a serial line that contains two routers. Why assign a Class C address for two nodes? Instead, you could assign an ad- dress (subnet) that contains only two hosts; the mask 255.255.255.252 can be used to accomplish this. To determine the number of hosts or subnets available on a network, you need to examine the IP addresses in binary. To determine the number of hosts or subnets you can assign to a network, you apply the formula 2 n -2, where n equals the number of borrowed bits. Why are two subnets subtracted? Because one address is reserved to identify the subnet and the other is used to send broadcasts (bits that are set to all 0s or all 1s are used for broadcasts). Determining how many hosts or subnets you can assign to a network is best explained with examples. Let’s assume the subnet mask 255.255.255.240 has been applied to your net- work. How many subnets are available when assigning the subnet address of 131.108.1.0? Looking at the subnet mask, you can interpret the 240 as 11110000 in binary. Hence, 4 bits have been borrowed from the host portion of the IP address to form a subnet. Therefore, the subnet mask formula would be 2 4 -2, which equates to 14 subnets (2*2*2*2=16-2=14). Why do we take away 2 subnets? The reason is that they are used to represent the subnet and the broadcast address. Bits that are set to all 0s are the network (wire address) and all 1s are used for broadcasts. This can be shown in the following: 131.108.1.0 255.255.255.240 In this subnet and subnet mask, note that: ➤ Network address 131.108.1.0 ➤ First usable host address 131.108.1.1 ➤ Last usable host address 131.108.1.14 ➤ Directed Broadcast address 131.108.1.15 ➤ Broadcast address 255.255.255.255 7 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ TCP/IP Networking Similarly, consider the mask 255.255.255.192. How many end nodes could re- side on the network? Note that 192 in binary is 11000000. Hence, two bits have been borrowed, so the end nodes can use the last six bits. The formula would be 2 6 -2, which equates to 62 hosts. Note: When using a 26-bit subnet mask, you need to use the ip subnet command to access all of the subnets that the mask allows! It is vital that you have a good understanding of how an IP address’ network and host portion is calculated. You should be able to calculate the number of hosts on a network using any IP addressing scheme. For additional review, let’s look at a couple more examples of how to calculate the host and subnet portion of any given class of address. Given the host address of 131.108.1.93/24, what is the subnet and broadcast address? You need to know what a network address such as 131.108.1.0/24 means. In this example, the address is the equivalent of the network 131.108.1.0 with a subnet mask of 255.255.255.0, or 24 bits of subnetting. The notation 131.108.1.93/24 means that the subnet mask uses 24 bits, or the equivalent of a subnet mask represented as 255.255.255.0 in dotted format. There- fore, 131.108.1.93/24 is the same as 131.108.1.93 255.255.255.0. In binary, 131.108.1.93 is: 10000011.01101100.00000001.01011101 And the mask, 255.255.255.0 in binary is: 11111111.11111111.11111111.00000000 Performing a logical AND operation on the host address and subnet mask will provide you with the subnet mask, which has been derived as 255.255.255.0, or a Class C address. To determine the subnet, you must perform a logical AND function on the host. Logical AND means that 1 and 1 equates to 1 only. The remaining options are 0 AND 0 is 0, 0 AND 1 is 0. The logical AND operation provides the following: 10000011.01101100.00000001.01011101 IP ADDRESS 11111111.11111111.11111111.00000000 Subnet Mask EQUALS NETWORK 10000011.01101100.0000001.0000000 8 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 5 10000011.01101100.0000001.0000000 is a 131.108.1.0 subnet address. To de- termine the broadcast address, you need the decimal equivalent of all one bits (11111111), which is 255; hence, the broadcast address of a 131.108.1.0 subnet is 131.108.1.255. Finally, let’s look at a Class A host address of 10.99.34.50. Using a Class C mask, what is the network portion and how many hosts can reside on this network? The logical AND function is performed once more. A Class C mask is 255.255.255.0 when represented in decimal format. Therefore, 10.99.34.50 and 255.255.255.0 in binary is 00001010.01100011.00100010.00110010 11111111.11111111.11111111.00000000 A logical AND between the address and mask yields: 00001010.01100011.00100010.00000000 00001010.01100011.00100010.00000000 indicates a subnet of 10.99.34.0. The number of hosts available on a Class C mask is 2 8 -2, or 254 hosts, because 2 addresses are used to identify the subnet and the directed broadcast address. A directed broadcast address is sent to all hosts on the subnet only. (10.99.34.0 is the subnet and 10.99.34.255 is a directed broadcast address for all users on the local subnet.) Table 5.2 provides a useful guide that can help you to prepare for the exam. Table 5.2 displays the decimal value and binary value of a subnet number followed by the number of available subnets. The number of hosts that can reside on each subnet follows. Note: Try some subnet examples on your own and then compare them to a subnet calculator freely available on the Internet. Cisco’s Web site (www.cisco.com/ techtools/ip_addr.html) has a subnet calculator. Table 5.2 Common subnets. Decimal Subnets Hosts 252 (11111100) 64 subnets 2 hosts 248 (11111000) 32 subnets 6 hosts 240 (11110000) 16 subnets 14 hosts 224 (11100000) 8 subnets 30 hosts 192 (11000000) 4 subnets 62 hosts 128 (10000000) 2 subnets 126 hosts 9 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ TCP/IP Networking Now that we’ve covered the IP addressing and the formats that are used to repre- sent IP addresses, let’s move on to a more advanced IP routing concept—Class- less Interdomain Routing (CIDR). Classless Interdomain Routing (CIDR) In the past few years, the expansion of the Internet has been phenomenal. Cur- rently, the Internet uses more than 70,000 routes. From 1994 through 1996 the routing table was increased from around 20,000 entries to more than 42,000. How can network administrators reduce the large routing table size? Each rout- ing entry requires memory and a table lookup by the router each time a packet is required to reach a destination. Reducing memory requirements and the time it takes to send a packet to the destination provides faster response times for pack- ets to travel around the Internet. Classless Interdomain Routing (CIDR) helps to reduce the number of routing table entries and memory requirements. CIDR helps to conserve resources, be- cause it removes the limitation of using the default mask (which wastes IP ad- dress space) and leaves the addressing up the IP designer. CIDR is used by routers to group networks together in order to reduce routing table size and memory requirements. CIDR is typically represented with the network number/bits used in the mask, such as 131.108.1.0/24, or the equivalent of 131.108.1.0 255.255.255.0. Now that we’ve covered CIDR and the purpose of CIDR, let’s move on to how devices such as PCs map layer 2 addresses to layer 3 addresses using Address Resolution Protocol (ARP) and Reverse Resolution Protocol (RARP). ARP and RARP Address Resolution Protocol (ARP) and Reverse Resolution Protocol (RARP) carry out important functions in the TCP/IP model, which allows devices to communicate at layer 2 of the OSI model. Remember, all frames are sent to a valid MAC address. So, before one IP host can communicate with another, the source device must have an identified layer 2 address to traverse the physical medium or use broadcast frames to locate resources on any particular physical media. ARP is used when a source device needs to know the destination’s layer 2 MAC address to allow communication between two devices. ARP is a layer 2 frame sent as a broadcast frame with a known IP address requesting the destination’s MAC address. For example, you might Telnet to a local router with a known IP address, such as 131.108.1.99. Your PC does not have a layer 2 address or MAC address to send the frame to, so ARP obtains the MAC address. For example, ARP is used between a Client PC and a Cisco router for the Telnet application protocol. In contrast, RARP is used when a source device knows a destination’s 10 ○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○ Chapter 5 MAC address but the IP address is unknown. RARP obtains the unknown IP address. Typically, RARP is used with diskless workstations where the worksta- tions send out requests for IP addresses with a known local MAC address. Figure 5.4 shows the ARP/RARP frame format. The function of each field in an ARP and RARP frame is described as follows: ➤ Hardware Type—Specifies the hardware in use. For example, this value is set to 1 for Ethernet or 6 for IEEE 802 networks. ➤ Protocol—Indicates the protocols in use. For example, 0800 is used to indicate IP. ➤ Length of Hardware Address—Indicates the length of layer 2 addresses, 48 bits. ➤ Length of Protocol Address—Defines length of protocol addresses. For example, for IP this field is set to 4 bytes (32 bits). ➤ Operation Code—Defines whether the frame is an ARP or RARP. 1 is an ARP request, 2 is an ARP reply, 3 is a RARP request, and 4 is a RARP reply. ➤ Sender Hardware Address—Identifies the sender’s layer 2 MAC address (48 bits). ➤ Sender Protocol Address—Identifies the sender’s IP address (32 bits). Target Hardware Address Target Protocol Address Hardware Type 32 bits Protocol Operation Code Length of Protocol Address Length of Hardware Address Sender Hardware Address Sender Hardware Address Sender Protocol Address Sender Protocol Address Target Hardware Address Note: Hardware addresses are 48 bits (32 + 16) and protocol address are 32 bits in length. Figure 5.4 ARP/RARP frame format. [...]... “Need to Know More” section for some TCP resources Let’s now discuss some of the application services provided by TCP/IP, including how TCP/IP users can access remote devices, how diskless workstation can boot over an IP network, and how name resolution can be handled TCP/IP Services The TCP/IP protocol provides a number of services that allow users to connect to local or remote hosts Specifically,... port 137 ➤ NetBIOS datagram service port 137 TCP/IP Networking 23 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ➤ BOOTP 68 (to server) ➤ TACAS port 49 To forward a specific port, you use the syntax ip forward-protocol {udp [port]} Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) enables TCP/IP clients to request certain parameters,... currently taking place NAT can also support many other advanced features, such as TCP load distribution See the “Need to Know More Section” at the end of this chapter for additional sources of information TCP/IP Networking 15 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Note: TCP load distribution is typically used in large IP networks that have server farms A server farm... Address (physical) 00-D0-97-D9-7000 131.108.1.2/24 E0 MAC Address (physical) 00-D0-97-D9-8000 Default gateway 131.108.1.100 Default gateway MAC Address is 00-C0-0C-C1-AC-01 Figure 5.7 Example Using HSRP TCP/IP Networking 17 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Configuring HSRP You can configure certain HSRP parameters to elect a default gateway router and monitor... SYN bit sent to 1 The destination port number will be 23 (Telnet) The PC will also place an initial sequence number (such as, 14810532) in the segment; this is a random number generated by the PC TCP/IP Networking 19 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Table 5.3 Flags in a TCP segment Flag Function URG (U) (Urgent) Informs the other station that urgent data... segments to close it Figure 5.8 A typical TCP session ○ PC Step 1 PC requests a Telnet session Flags U A P R S F 0 0 0 0 1 0 Destination Port is 23 or Telnet Inital sequence is 14810532 Ack set to 0 TCP/IP Networking 21 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Other TCP Functions TCP is a vast topic and it is impossible to cover it in one chapter (entire books have.. .TCP/IP Networking 11 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ➤ Target Hardware Address—Specifies a destination’s address In an ARP request, this field is set to a broadcast... translation and will maintain a NAT table When the packet returns from the outside network, the NAT router will again perform an address translation from the valid InterNIC address to a local inside address TCP/IP Networking 13 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Inside Network ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Inside local IP addresses Outside Network Ethernet 10.99.34.5 PC E0 10.99.35.5 PC Cisco... period indicates the network server timed out while waiting for a reply U Destination unreachable N Network unreachable P Protocol unreachable Q Source quench M Could not fragment ? Unknown packet type TCP/IP Networking 25 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ delivery, and the Application layer is responsible for resending any lost frames When you copy an image... Up Serial0 What is the HSRP state of this router, priority, and the HSRP address? ❍ a Standby,120,may preempt ❍ b Active,120,131.108.1.2 ❍ c Active,100,131.131.108.1.100 ❍ d Active,120,131.108.1.100 TCP/IP Networking 27 ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ The correct answer is d The display shows that the state of the router is Active (Local state is Active), . certification process and beyond. TCP/IP Overview Transmission Control Protocol/Internet Protocol (TCP/IP) is by far the most popular networking protocol in use. IP address classes ✓ Identifying TCP/IP functions ✓ Identifying the use of Network Address Translation (NAT) ✓ Explaining TCP/IP application services 2