LAN Segmentation

Read It

This presentation introduces the concept of LAN segmentation: the process by which a network is divided into several parts to provide greater efficiency, greater security, or both. Requirements for LAN segmentation may be fulfilled by a switch or a router. The specific needs of each case determine the type of segmentation provided.

A classic rule-of-thumb for Ethernet networks is the 5-4-3 rule: such a network can have at most five segments, which are separated by four devices, with only three of the network segments being populated. Different architectures will also impose an upper limit upon the number of devices that can be attached to a segment, so effective segmentation requires careful design. Hubs and switches are used to expand network numbers, because a hub or a switch counts as a single device for population purposes.

Unless a fully-switched fabric is implemented, any communication along an Ethernet network involves overhead, because the CSMA/CD access method implies collisions and transmission pauses. Overhead consumes more bandwidth, because all network traffic impinges upon all networked hosts, regardless of destination. Bridges and switches implement collision segmentation to reduce overhead, relying upon the fact that 80% of traffic is local.

Switches transmit broadcasts, but again, these may represent unnecessary overhead. In a network serving multiple departments, most traffic would be within departments, so segmenting this traffic with a router would be beneficial. Routers by default do not transmit broadcasts from attached networks, because the logical address of each routed segment is different. The slight additional processing time inherent in routing is more than offset by the throughput improvement resulting from broadcast segmentation.

Segmentation provides security through physical isolation of devices. Switches and routers can combine to create virtual LANs, implementing such segmentation on the switch. Additional security can then be programmed into the router to restrict source and destination hosts/networks, the use of specific protocols, or the use of specific communications ports.

The Internet is a public network, causing justified security concerns. Segmentation can hide an internal network from ‘public’ view through a combination of private addressing (specific address ranges which cannot be used on the Internet, network address translation, and proxy service. Only the public portal of the network gateway is visible for an attack. Servers which must be visible to the Internet can be segmented from the rest of the network by firewalls, creating a Demilitarized Zone (DMZ). If the servers are attacked, then the rest of the network is safe, and the servers can readily be restored from off-site backups.

The protocols that enable computer communication can also create segmentation by their very deployment. If one segment of a network employs nonroutable protocols, it cannot be reached from any other network segment. Similarly, an internal routing protocol like Novell’s IPX can be used, with the proxy server gateway being the only system using TCP/IP. Consequently, the network segments are not visible to each other except through the dedicated server, again enhancing security.

WANs and Remote Connectivity

Read It

This presentation introduces the concepts of Wide Area Networks (WANs) and remote connectivity. A WAN is defined as a network reaching over a geographic distance greater than 1 kilometer. Normally, WAN services are purchased from telecommunications vendors. Remote connectivity is required when someone wishes to access a LAN from a distant location, accomplished either by dialing into a modem server or by accessing services through the Internet.

WAN connectivity is normally supplied to an organization as a contracted service; the cost of implementing a WAN being such that few organizations have the necessary resources. A WAN service can be provided as a dedicated circuit, as a switched circuit, or as a frame-relay virtual circuit. The WAN backbone includes massive switching, routing, and carrying capacities based upon digital technologies for long-haul communication operations.

In a Point-to-Point connection, an organization rents a dedicated digital circuit from a telecommunications provider; the provided endpoints are fixed and always functional, providing a fast, permanent, reliable link. The standard point-to-point connection type is a T-1 line, capable of 1.54Mbps transmission rate. Organizations needing less throughput can contract for a ‘fractional’ T-1 giving several parties access to a specified bandwidth on a single T-1 line, since this expensive “line” comprises bundled 64Kbs channels. Higher capacities are available fromT-2 to T-4 lines, with the latter having a bandwidth exceeding 274Mbps, but these require costly fiber optic or microwave transmission technologies.

X.25 is one of the first packed-switching technologies. It was developed in the 1970s as an International Telecommunications Union (ITU) standard. X.25 was developed to transmit digital data using existing PTSN lines. It was designed with a maximum throughput of 2.048 Mbps, which is quite slow for today’s networks. The next generation of X.25 is called Frame Relay. Frame Relay has a faster transmission rate, up to 1.544 Mbps.

Modem access uses devices which translate the digital signals of a computer into analog signals. A modem performs two functions: it converts (MODulates) a digital signal into an analog signal at the sending end. The analog signal travels through the PTSN lines to its destination, and at the receiving end, the modem converts (DEModulates) the analog signal back into a digital signal, hence the name MODEM. Synchronous modems use timing signals to control the data transmission, offering high throughput speed at higher cost. Asynchronous modems use start and stop bits to control data transmission, resulting in greater message overhead and limited speed at reduced cost. Modem access is universal throughout North America and requires no intervening service layers, but the dial-in server represents a security vulnerability which must be closely controlled.

Internet access is accomplished using a dedicated server, usually a WWW server. Employing a local ISP service, such access can be kept private by encrypting the transmission using Point-to-Point Tunneling Protocol (PPTP). The resulting circuit is designated a Virtual Private Network (VPN). In many cases, using Internet access provides fast and readily available access to a LAN, so that individuals using such access can work just as if they were directly logged on to the local network.

TCP/IP Network Protocol

Watch It

Video Player

Hear It

AUDIO

Audio Player 

00:00

03:50

Use Up/Down Arrow keys to increase or decrease volume.

Read It

This presentation introduces the Transmission Control Protocol/Internet Protocol (TCP/IP) internetworking suite of protocols. The TCP/IP protocol suite is the standard protocol for all major network operating systems, making its mastery a prerequisite for all networking professionals.

TCP/IP protocols comprise four major layers:

1. internal networking, management, and control protocols;
2. data transport protocols;
3. logical addressing protocols; and
4. physical addressing protocols.

On one hand, each layer is dedicated to handling the tasks with which it is associated. On the other hand, the layer is responsible for interfacing with adjacent layers to provide end-to-end communication.

A TCP/IP protocol is either connection-oriented or connectionless. A connection-oriented protocol first establishes the connection, transfers the data, and finally closes the connection. A connectionless protocol, on the other hand, simply labels each packet (or message) with a destination address and other control information, and sends it. Another attribute of protocols is that a protocol is either reliable or unreliable. A reliable protocol performs error checking and correction. An unreliable protocol has no error checking mechanism. Its reliability, if needed, is provided by some other protocol or the invoking application.

The management and control protocol set, comprising Internet Message Control Protocol [ICMP], Simple Network Management Protocol [SNMP], Internet Group Management Protocol [IGMP], and Simple Mail Transport Protocol [SMTP] are not administered directly, but are controlled through operating system or application software configuration.

The major function of a transport protocol is to accept the continuous data stream provided by applications and divide it into packets. In TCP, this process is called segmentation. The TCP protocol is a connection-oriented protocol. It provides reliable communication by numbering and monitoring the reception of each packet. It ensures that the sender and receiver can exchange data effectively by using flow control methods. TCP provides flow control through (1) buffering, a process by which data is stored until it can be processed; (2) windowing, establishing the maximum rate at which the receiver can accept data; and (3) congestion control, where the choke points on the network are detected and managed.

Internetwork protocols handle addressing: determining the logical address of the network and the host. Internetwork protocols, such as IP, are used by routers to ascertain the path that messages should follow through the network, and which path is most efficient. Internetwork protocols also handle the conversion between the logical address used and the physical address, Media Access Control (MAC address), used by each device on the network. Internetwork protocols create data packets, and can further subdivide segments to accommodate different maximum transmission unit sizes on different network types.

Network protocols frame the segments received from internetwork protocols with the physical address of the immediate recipient, which is different from the final address in a routed network, and provide an error checking trailer for the datagram frame. This allows frames which have been physically disrupted to be detected and dropped, so that upper-layer protocols will not waste time handling a defective message unit.

TCP/IP

Watch It

Video Player

Hear It

AUDIO

Audio Player 

00:00

04:44

Use Up/Down Arrow keys to increase or decrease volume.

Read It

TCP/IP is a suite of related protocols, services, and utilities. TCP/IP is based on its own four-layer architecture, and different protocols and utilities work at different layers of the architecture.

The four layers of the suite are:

• The Application layer, which provides the interface between user applications and the network architecture.
• The Transport layer, which provides the communications link between the source and destination hosts.
• The Internet layer, which performs routing and addressing for network packets.
• The Network Interface layer, which provides the connection with the physical network media.

Each computer on a TCP/IP network has to have a unique numeric IP address. The address consists of 32 bits, or 4 bytes, of data. In binary numbers, it looks something like this: 01111110.00000101.00000100.00001111

Computers can easily recognize and use numbers in binary format. However, most people find it hard to read and understand the underlying binary structure of IP addresses, so they’re usually translated into the less-cumbersome decimal format, like this: 126.5.4.15. Don’t forget, though, that the real IP address is the underlying binary number.

The IP address is sort of like a mailing address; some of the bits represent the network segment that the computer is on. That’s like the street name of a mailing address. Other bits represent the particular host on the segment; that’s like the house number. (A host is any system that has an IP address; this can be devices like network-attached printers as well as individual computers.) All the systems on a network segment have to use the same network address, just like all the houses on one street do. However, every system on a network segment has to have its own host address, just like each house on a street has a separate number. Every IP packet contains the full IP address of both the source computer and destination computer.

If your IP network is strictly private and doesn’t connect to the Internet, you can come up with any addressing scheme that you like. If you want to connect to the Internet, however, you need to obtain addresses that are valid but not in use in the Internet. To do this, you’ll probably go to a commercial Internet Service Provider (ISP), which is a company that’s in business to provide Internet connection services to the public. ISPs themselves, or other types of organizations that maintain their own connection to the Internet, must apply to an Internet numbers registry that’s been approved by IANA/ICANN. In North America, this is the American Registry for Internet Numbers (ARIN).

The IP address you’ll get from your ISP or from ARIN will fall into one of three pre-defined address classes. The address class tells you which bits in the IP address are used for the network address, and which are used for host addresses. This table gives you the format of each of the address classes, along with the range of decimal numbers that you’ll always see in the first byte of the address. Actually, unless your company is extremely large, you won’t get anything but a Class C address; all the Class A addresses and most of the Class B addresses are already assigned. There are two other important numbers that you need to know before you can configure TCP/IP on an individual host. The first one is the subnet mask. The subnet mask is a 32-bit number that separates the network portion of an IP address from the host portion. This figure shows a typical example of how the subnet mask works:

There’s a default subnet mask for each of the classes of IP addresses. You can see from the following table that the format of the subnet mask matches up logically with the structure of each class of IP address. Soon, you’ll be able to tell just by looking at an IP address what its default subnet mask should be. The subnet mask hides the host portion of the IP address (the host ID), and leaves only the network portion of the IP address (the network ID) for both the source and destination IP addresses. Then, the IP protocol compares the resulting network addresses. If they match, that means that both computers are on the same network segment–IP delivers the packet directly to the destination host address.

Using Analog Signals

Watch It

Video Player

Hear It

AUDIO

Audio Player 

00:00

03:38

Use Up/Down Arrow keys to increase or decrease volume.

Read It

Using Analog Signals

The public telephone network was originally designed for analog signals. From its inception in 1876 until the 1960s, telephone calls were transmitted in analog. It was natural to reproduce this wave electronically and transmit it over telephone wires, because the spoken voice is an analog wave.

Analog signals are measured in amplitude and frequency. Amplitude indicates the strength of the signal. Frequency, measured in cycles per second (or hertz), determines the content for an analog transmission. Speech is acknowledged to fall within a range of 300 to 3300 hertz.

Using Digital Signals

In 1962, a major telecommunications company began using digital transmissions for certain long distance connections. Here the analog information is decomposed into a series of binary bits, represented by either a “1” or a “0.” There are only two states to a digital signal, so they are easily deciphered, reproduced, and checked for errors. These factors made digital transmissions more reliable and less expensive to produce.

Digital signals are measured in the frequency that binary bits are transmitted. “Bits per second” (bps) is standard nomenclature. Baud rate, although often erroneously interchanged, is not the same as bps. Baud refers to changes in the sound elements in an analog transmission. The PSTN (Public Switched Telephone Network) is run at 2400 baud. Equating bps and baud would limit modem transmission to a painfully slow 2400 bits per second. Modem designers have increased the number of bits that can be transmitted each time the modem sends out its transmitted element. Thus a 19.2 kbps modem working at a 2400-baud rate is sending out eight bits each time the modem transmits a change in sound.

There are many parts of the telephone network where analog is still used although much of the PSTN today is digital. Most residences still have analog phones, and so the connections must remain analog.

Wide Area Networks (WANs)

With digital signaling becoming widespread in the telephone network, Wide Area Networks emerged. Their existence was driven by business forces needing faster and more reliable communication processes. WANs use telephone lines to provide the connections between locations and are not limited by geography. The type and size of the connections are dependent on users’ requirements. WANs may connect a branch office to its corporate center, but also can link a nationwide network of Local Area Networks (LANs).

Local Area Networks (LANs)

LANs refer to communications networks limited to a specific geographical area. The term “client” is used to represent workstations. The “server” is the device that contains the network operating system (the applications used by the clients) and is a central repository for the data shared by the clients. Small LANs can be installed using a workstation as a server, allowing one user to access another user’s machine. The network operating system (OS) is the software that controls the LAN. Each client holds a component of the OS, giving the user access to the applications installed on the server. The media used to interconnect LAN devices is usually a twisted pair of wires or optical fiber. The interface from the workstation to these media types is the network interface card (NIC). TCP/IP (Transmission Control Protocol/Internet Protocol) is used to help dissimilar workstations communicate.

Reference