TCP/IP Protocol Suite explained briefly

TCP/IP is based on a four-layer reference model. All protocols that belong to the TCP/IP protocol suite are located in the top three layers of this model.

As shown in the following diagram, each layer of the TCP/IP model corresponds to one or more layers of the seven-layer Open Systems Interconnection (OSI) reference model proposed by the International Organization for Standardization (ISO).

Diagram

The types of services performed and protocols used at each layer within the TCP/IP model are described in more detail below.

Application: Defines TCP/IP application protocols and how host programs interface with transport layer services to use the network. 

• Protocols: HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP, other application protocols

Transport: Provides communication session management between host computers. Defines the level of service and status of the connection used when transporting data. 

• Protocols: TCP, UDP, RTP, RSVP

Internetwork: Packages data into IP datagrams, which contain source and destination address information that is used to forward the datagrams between hosts and across networks. Performs routing of IP datagrams. 

• Protocols: IP, ICMP, ARP, RARP

Network Interface: Specifies details of how data is physically sent through the network, including how bits are electrically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. 

• Protocols: Ethernet, Token Ring, FDDI, X.25, Frame Relay, RS-232, v.35

The TCP/IP model and related protocols are maintained by the Internet Engineering Task Force (IETF).

Src: http://technet.microsoft.com/en-us/library/cc786900(v=ws.10).aspx
Src: http://en.wikipedia.org/wiki/Internet_protocol_suite

If you want to go deep into how each layers function please refer Microsoft's Article

Read More

Internet Protocol (IP) Addresses

Because TCP/IP networks are interconnected across the world, each computer on the Internet must have a unique address (called an IP address) to make sure that transmitted data reaches the correct destination. Blocks of addresses are assigned to organizations by the internet Assigned Numbers Authority (IANA). Individual users and small organizations may obtain their addresses either from the IANA or from an Internet service provider (ISP). You can contact IANA at http://www.iana.org.

The Internet Protocol (IP) uses a 32-bit address structure. The address is usually written in dot notation (also called dotted-decimal notation), in which each group of eight bits is written in decimal form, separated by decimal points.

For example, the following binary address:

11000011 00100010 00001100 00000111

is normally written as:

195.34.12.7

The latter version is easier to remember and easier to enter into your computer. In addition, the 32 bits of the address are subdivided into two parts. The first part of the address identifies the network, and the second part identifies the host node or station on the network. The dividing point may vary depending on the address range and the application. There are five standard classes of IP addresses. These address classes have different ways of determining the network and host sections of the address, allowing for different numbers of hosts

on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP software to identify the address class. After the address class has been determined, the software can correctly identify the host section of the address. The figure below shows the three main address classes, including network and host sections of the address for each address type.

The five address classes are:

• Class A

Class A addresses can have up to 16,777,214 hosts on a single network. They use an 8-bit network number and a 24-bit node number. Class A addresses are in this range:

1.x.x.x to 126.x.x.x.

• Class B

Class B addresses can have up to 65,354 hosts on a network. A Class B address uses a 16-bit network number and a 16-bit node number. Class B addresses are in this range:

128.1.x.x to 191.254.x.x.

• Class C

Class C addresses can have up to 254 hosts on a network. A Class C address uses a 24-bit network number and an 8-bit node number. Class C addresses are in this range:

192.0.1.x to 223.255.254.x.

• Class D

Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range:

224.0.0.0 to 239.255.255.255.

• Class E

Class E addresses are for experimental use. This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network.

For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is not usually assigned to a host. Also, the top address of the range (host address of all ones) is not assigned, but is used as the broadcast address for simultaneously sending a packet to all hosts with the same network address.

Netmask

In each of the address classes previously described, the size of the two parts (network address and host address) is implied by the class. This partitioning scheme can also be expressed by a netmask associated with the IP address. A netmask is a 32-bit quantity that, when logically combined (using an AND operator) with an IP address, yields the network address. For instance, the netmasks for Class A, B, and C addresses are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively.

For example, the address 192.168.170.237 is a Class C IP address whose network portion is the upper 24 bits. When combined (using an AND operator) with the Class C netmask, as shown here, only the network portion of the address remains:

11000000 10101000 10101010 11101101 (192.168.170.237)

combined with:

11111111 11111111 11111111 00000000 (255.255.255.0)

equals:

11000000 10101000 10101010 00000000 (192.168.170.0)

As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as “/n.” In the example, the address could be written as 192.168.170.237/24, indicating that the netmask is 24 ones followed by 8 zeros.

Link To download this Doc.
http://documentation.netgear.com/reference/enu/tcpip/pdfs/FullManual.pdf

Read More

Basic Router Concepts

What is a Router?

A router is a device that forwards traffic between networks based on network layer information in the data and on routing tables aintained by the router. In these routing tables, a router builds up a logical picture of the overall network by gathering and exchanging information with other routers in the network. Using this information, the router chooses the best path for forwarding network traffic. Routers vary in performance and scale, number of routing protocols supported, and types ofphysical WAN connection they support.

Routing Information Protocol

One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. RIP-2 supports subnet and multicast protocols. RIP is not required for most home applications. 

Read More

Security in Network

What is IT-Security?

IT-Security is not a product, it's a process. Don't think to buy a firewall which solves all your security problems! You always have to ensure good configuration and updates - this should be an integrated process. But you never will reach 100% of security, it's like a bank safe: you can make it difficult to crack, but there will always be somebody, who is able to break it with a lot of resources! Here are the most important components of IT-Security:

Authenticity

Authenticity is about the identity of a subject/object. This can be a user, a process, a system or an information. This is needed for Non Repudiation and Accountability.

Integrity

This means Data-Integrity, that data was not manipulated or destroyed in an unauthorized way and System-Integrity, that the system is available with the usual performance and was not manipulated with unauthorized access. Integrity is part of Authenticity.

Confidentiality

Information should not been seen by unauthorized persons, instances or processes. This means protection of personnel or business-critical data, privacy and anonymity.

Availability/Dependability

Refers to functionality of soft- and hardware ist not altered in any unauthorized way and about secured business continuity.

Non Repudiation/Accountability

Non Repudiation means, that actions of instances (users, processes, systems and information) can be associated with only that instance. Accountability refers to financial transactions and all communication issues.

Reliability

The usual functionality and behavior of data and systems is secured. This is needed for Integrity and Non Repudiation.

Read More

IPv6 and its difference from IPv4

Internet Protocol version 6 (IPv6) is the next-generation Internet Protocol version designated as the successor to IPv4, the first implementation used in the Internet that is still in dominant use currently. It is an Internet Layer protocol for packet-switched internetworks. The main driving force for the redesign of Internet Protocol is the foreseeable IPv4 address exhaustion. IPv6 was defined in December 1998 by the Internet Engineering Task Force (IETF) with the publication of an Internet standard specification, RFC 2460.

IPv6 has a vastly larger address space than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The new address space thus supports 2¹²⁸ (about 3.4×10³⁸) addresses. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the primary need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

IPv6 also implements new features that simplify aspects of address assignment (stateless address autoconfiguration) and network renumbering (prefix and router announcements) when changing Internet connectivity providers. The IPv6 subnet size has been standardized by fixing the size of the host identifier portion of an address to 64 bits to facilitate an automatic mechanism for forming the host identifier from Link Layer media addressing information (MAC address).

Network security is integrated into the design of the IPv6 architecture. Internet Protocol Security (IPsec) was originally developed for IPv6, but found widespread optional deployment first in IPv4 (into which it was back-engineered). The IPv6 specifications mandate IPsec implementation as a fundamental interoperability requirement.

In December 2008, despite marking its 10th anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general worldwide deployment. A 2008 study by Google Inc. indicated that penetration was still less than one percent of Internet-enabled hosts in any country. IPv6 has been implemented on all major operating systems in use in commercial, business, and home consumer environments.

Differences Between IPv4 an IPv6

IPv6 is based on IPv4, it is an evolution of IPv4. So many things that we find with IPv6 are familiar to us. The main differences are:

1.Simplified header format. IPv6 has a fixed length header, which does not include most of the options an IPv4 header can include. Even though the IPv6 header contains two 128 bit addresses (source and destination IP address) the whole header has a fixed length of 40 bytes only. This allows for faster  processing. Options are dealt with in extension headers, which are only inserted after the IPv6 header if needed. So for instance if a packet needs to be fragmented, the fragmentation header is inserted after the IPv6 header. The basic set of extension headers is defined in RFC 2460.

2.Address extended to 128 bits. This allows for hierarchical structure of the address space and provides enough addresses for almost every 'grain of sand' on the earth. Important for security and new services/devices that will need multiple IP addresses and/or permanent connectivity. 

3.A lot of the new IPv6 functionality is built into ICMPv6 such as Neighbor Discovery, Autoconfiguration, Multicast Listener Discovery, Path MTU Discovery. 

4.Enhanced Security and QoS Features.

or in simple words 

IPv4 means Internet Protocol version 4, whereas IPv6 means Internet Protocol version 6.

IPv4 is 32 bits IP address that we use commonly, it can be 192.168.8.1, 10.3.4.5 or other 32 bits IP addresses. IPv4 can support up to 2³² addresses, however the 32 bits IPv4 addresses are finishing to be used in near future, so IPv6 is developed as a replacement.

IPv6 is 128 bits, can support up to 2¹²⁸ addresses to fulfill future needs with better security and network related features. Here are some examples of IPv6 address:

1050:0:0:0:5:600:300c:326b 

ff06::c3 

0:0:0:0:0:0:192.1.56.10

Read More

How Network Address Translation (NAT) works

Introduction

If you are reading this, you are most likely connected to the Internet and there's a very good chance that you are using Network Address Translation (NAT) right now!

The Internet has grown larger than anyone ever imagined it could be. Although the exact size is unknown, the current estimate is that there are about 100 million hosts and over 350 million users actively on the Internet. That is more than the entire population of the United States! In fact, the rate of growth has been such that the Internet is effectively doubling in size each year.

So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically it works just like your street address: a way to find out exactly where you are and deliver information to you.

When IP addressing first came out, everyone thought that there were plenty of addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses (2³²). The actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated into Classes and the need to set aside some of the addresses for multicasting, testing or other specific uses.

With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (IPv6) but will take several years to implement because it requires modification of the entire infrastructure of the Internet.

The NAT router translates traffic coming into and leaving the private network:

This is where NAT (RFC 1631 ) comes to the rescue. Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network. This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
The shortage of IP addresses is only one reason to use NAT. Two other good reasons are:

• Security
• Administration

For more detailed explaination on NAT visit

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml#behindmask

Read More

Characteristics of a Network

Many characteristics are commonly used to describe and compare various network designs. When you are determining how to build a network, each of these characteristics must be considered along with the applications that will be running on the network. The key to building the best network is to achieve a balance of these characteristics. Networks can be described and compared according to network performance and structure, as follows:

■ Speed: Speed is a measure of how fast data is transmitted over the network. A more precise term would be data rate.

■ Cost: Cost indicates the general cost of components, installation, and maintenance of the network.

■ Security: Security indicates how secure the network is, including the data that is transmitted over the network. The subject of security is important and constantly evolving. You should consider security whenever you take actions that affect the network.

■ Availability: Availability is a measure of the probability that the network will be available for use when required. For networks that are meant to be used 24 hours a day, 7 days a week, 365 days a year, availability is calculated by dividing the time it is actually available by the total time in a year and then multiplying by 100 to get a percentage.

For example, if a network is unavailable for 15 minutes a year because of network outages, its percentage availability can be calculated as follows:

([Number of minutes in a year – downtime] / [Number of minutes in a year]) * 100 = Percentage availability

([525600 – 15] / [525600]) * 100 = 99.9971

■ Scalability: Scalability indicates how well the network can accommodate more users and data transmission requirements. If a network is designed and optimized for just the current requirements, it can be very expensive and difficult to meet new needs when the network grows.

■ Reliability: Reliability indicates the dependability of the components (routers, switches, PCs, and so on) that make up the network. Reliability is often measured as a probability of failure, or mean time between failures (MTBF).

■ Topology: Networks have two types of topologies: the physical topology, which is the arrangement of the cable, network devices, and end systems (PCs and servers), and the logical topology, which is the path that the data signals take through the physical topology.

These characteristics and attributes provide a means to compare different networking solutions. Increasingly, features such as security, availability, scalability, and reliability have become the focus of many network designs because of the importance of the network to the business process.

Read More

Network User Applications

The key to utilizing multiple resources on a data network is having applications that are aware of these communication mechanisms. Although many applications are available for users in a network environment, some applications are common to nearly all users.

The most common network user applications include the following:

■ E-mail: E-mail is a valuable application for most network users. Users can communicate information (messages and files) electronically in a timely manner, to not only other users in the same network but also other users outside the network (suppliers, information resources, and customers, for example). Examples of e-mail programs include Microsoft Outlook and Eudora by Qualcomm.

■ Web browser: A web browser enables access to the Internet through a common interface. The Internet provides a wealth of information and has become vital to the productivity of both home and business users. Communicating with suppliers and customers, handling orders and fulfillment, and locating information are now routinely done electronically over the Internet, which saves time and increases overall productivity. The most commonly used browsers are Microsoft Internet Explorer,

Netscape Navigator, Mozilla, and Firefox.

■ Instant messaging: Instant messaging started in the personal user-to-user space; however, it soon provided considerable benefit in the corporate world. Now many instant messaging applications, such as those provided by AOL and Yahoo!, provide data encryption and logging, features essential for corporate use.

■ Collaboration: Working together as individuals or groups is greatly facilitated when the collaborators are on a network. Individuals creating separate parts of an annual report or a business plan, for example, can either transmit their data files to a central resource for compilation or use a workgroup software application to create and modify the entire document, without any exchange of paper. One of the best-known traditional collaboration software programs is Lotus Notes. A more modern web-based

collaboration application is a wiki.

■ Database: This type of application enables users on a network to store information in central locations (such as storage devices) so that others on the network can easily retrieve selected information in the formats that are most useful to them. Some of the most common databases used in enterprises today are Oracle and Microsoft SQL Server.

Read More

What is a Network, I mean computer Network?

The first task in understanding how to build a computer network is defining what a network is and understanding how it is used to help a business meet its objectives. A network is a connected collection of devices and end systems, such as computers and servers, that can communicate with each other.

Networks carry data in many types of environments, including homes, small businesses, and large enterprises. In a large enterprise, a number of locations might need to communicate with each other, and you can describe those locations as follows:

■ Main office: A main office is a site where everyone is connected via a network and where the bulk of corporate information is located. A main office can have hundreds or even thousands of people who depend on network access to do their jobs. A main office might use several connected networks, which can span many floors in an office building or cover a campus that contains several buildings.

■ Remote locations: A variety of remote access locations use networks to connect to the main office or to each other.

— Branch offices: In branch offices, smaller groups of people work and communicate with each other via a network. Although some corporate information might be stored at a branch office, it is more likely that branch offices have local network resources, such as printers, but must access information directly from the main office.

— Home offices: When individuals work from home, the location is called a home office. Home office workers often require on-demand connections to the main or branch offices to access information or to use network resources such as file servers.

— Mobile users: Mobile users connect to the main office network while at the main office, at the branch office, or traveling. The network access needs of mobile users are based on where the mobile users are located.

Read More

Introduction to networking

From Wikipedia, the free encyclopedia

Jump to: navigation, search

CCNA is the acronym for the Cisco Certified Network Associate certification from Cisco. In speech and in writing, this certification is properly referred to by the initials CCNA rather than the full name.

CCNA certification is a second-level Cisco Career certification . CCNA certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN.

To achieve CCNA certification, one must earn a passing score on Cisco exam #640-802, or combined passing scores on both the ICND1 640-822 and ICND2 640-816 exams. Passing the ICND1 grants you the Cisco Certified Entry Networking Technician (CCENT). Passing scores are set by using statistical analysis and are subject to change. At the completion of the exam, candidates receive a score report along with a score breakout by exam section and the passing score for the given exam. Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice.

Read More