[image]

Shielded cable is less susceptible to interference and crosstalk. This type of cable is required for some Ethernet standards and may also be a requirement in environments with high levels of interference.

 The attenuation of stranded cable is higher than solid cable.

support 40 GbE by provisioning 4 x 10 Gbps links. QSFP+ is typically used with parallel fiber and multi-fiber push-on (MPO) termination. 

QSFP+ can also be used with Wavelength Division Multiplexing (WDM) Ethernet standards.

Each Ethernet network interface port has a unique hardware address known as the Media Access Control (MAC) address. This may also be referred to as the Ethernet address (EA) or, in IEEE terminology, as the extended unique identifier (EUI) . A MAC address is also referred to as a local or physical address.

Preamble

The maximum size of the data payload is 1500 bytes. The upper limit of the payload is also referred to as the maximum transmission unit (MTU).

A standard Ethernet frame has a maximum length of 1518 bytes, excluding the preamble. Each frame has a header composed of various fields:

§  6-byte destination MAC address field

§  6-byte source MAC address field

§  2-byte Ether Type field

This is the tool that allows inspection of traffic received by a host or passing over a network link. A protocol analyzer depends on a packet sniffer.

A sniffer captures frames moving over the network medium.

There are three main options for connecting a sniffer to the appropriate point in the network:
1: SPAN (switched port analyzer)/mirror port

§  this means that the sensor is attached to a specially configured port on the switch that receives copies of frames addressed to nominated access ports (or all the other ports). This method is not completely reliable. Frames with errors will not be mirrored and frames may be dropped under heavy load.

§  this is a powered device that performs signal regeneration (again, there are copper and fiber variants), which may be necessary in some circumstances. Gigabit signaling over copper wire is too complex for a passive TAP to monitor and some types of fiber links may be adversely affected by optical splitting. Because it performs an active function, the TAP becomes a point of failure for the links in the event of power loss.

is a command-line packet capture utility for Linux, providing a user interface to the libpcap library. 

§  On a SOHO network, switches are more likely to be unmanaged, standalone units that can be added to the network and run without any configuration. The switch functionality might also be built into an Internet router/modem. On a corporate network, switches are most likely to be managed. This means the switch settings can be configured. If a managed switch is left unconfigured, it functions the same as an unmanaged switch does.

§  Switches that can be connected together and operate as a group. The switch stack can be managed as a single unit.

§  If there has been some undocumented change to the switch, using these commands and comparing the output may reveal the source of a problem.

show mac address-table

You can query the MAC address table of a switch to find the MAC address or addresses associated with a particular port using a command such as:

Port aggregation is often implemented by the Link Aggregation Control Protocol (LACP). LACP can be used to autonegotiate the bonded link between the switch ports and the end system, detect configuration errors, and recover from the failure of one of the physical links.

§  copies all packets sent to one or more source ports to a mirror (or destination) port. On a Cisco switch, this is referred to as a switched port analyzer (SPAN).

The mirror port would be used by management or monitoring software, such as a packet sniffer, network analyzer, or intrusion detection system (IDS) sensor.

A jumbo frame is one that supports a data payload of up to around 9,000 bytes. This reduces the number of frames that need to be transmitted, which can reduce the amount of processing that switches and routers need to do. It also reduces the bandwidth requirement so
mewhat, as fewer frame headers are being transmitted. 

The MTU value in the show interface output will indicate whether jumbo frames are accepted on a particular port.

IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames. 

§  . A switch port can be configured to enable or disable (ignore) use of PAUSE frames. The 802.3x global PAUSE mechanism does not distinguish between traffic types, however, which can pose problems with voice/video traffic and infrastructure-critical traffic, such as routing protocol updates. Class of service (CoS) and quality of service (QoS) mechanisms ensure reliable performance for these time-sensitive applications by marking and policing traffic. The updated priority flow control (PFC) mechanism (IEEE802.1Qbb) allows PAUSE frames to apply to certain traffic classes only.

Stackable means that switches can connect together and operate as a group. The sysadmin can manage the switch stack as a single unit.

A modular switch has slots for plug-in cards, meaning a sysadmin can configure them with different numbers and types of ports.

On a corporate network, switches are most likely to be managed. This means the sysadmin can configure the switch settings. If a managed switch is left unconfigured, it functions the same as an unmanaged switch does.

The maximum size of an Ethernet frame is normally 1518 bytes, excluding the preamble.

A.           Preamble

B.           SFD

The preamble is for clock synchronization and as part of the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol to identify collisions early.

The Start Frame Delimiter (SFD) is also used for clock synchronization and as part of the CSMA/CD protocol to identify collisions early.

Global configuration mode allows the user to write configuration updates. This is important to consider when automatically pushing out configuration updates as well.

User EXEC mode is a read-only mode where commands can report the configuration, show system status, or run basic troubleshooting tools.

troubleshooting methodology

1.    Identify the problem:

·         Gather information.

·         Duplicate the problem, if possible.

·         Question users.

·         Identify symptoms.

·         Determine if anything has changed.

·         Approach multiple problems individually.

troubleshooting methodology

2.    Establish a theory of probable cause:

·         Question the obvious.

·         Consider multiple approaches.

·         Top-to-bottom/bottom-to-top OSI model.

·         Divide and conquer.

3.            Test the theory to determine cause:

·         Once theory is confirmed, determine next steps to resolve problem.

·         If theory is not confirmed, reestablish new theory or escalate.

troubleshooting methodology

4.

troubleshooting methodology

5.

6.    Verify full system functionality, and if applicable, implement preventive measures.

7.    Document findings, actions, and outcomes.

In Ethernet terms, the speed is the expected performance of a link that has been properly installed to operate at 10 Mbps, 100 Mbps, 1 Gbps, or better.

§  the loss of signal strength, expressed in decibels (dB). dB expresses the ratio between two measurements; in this case, signal strength at origin and signal strength at destination.

A network loopback adapter (or loopback plug) is a specially wired RJ-45 plug with a 6" stub of cable. The wiring pinout is pin 1 (Tx) to pin 3 (Rx) and pin 2 (Tx) to pin 6 (Rx). This means that the packet sent by the NIC is received by itself. This is used to test for bad ports and network cards.

[image]

§  Solid green-The link is connected but there is no traffic.

§  Flickering green-The link is operating normally (with traffic). The blink rate indicates the link speed.

§  No light- The link is not working or the port is shut down.

§  Blinking amber- A fault has been detected (duplex mismatch, excessive collisions, or redundancy check errors, for instance).

§  Solid amber- The port is blocked by the spanning tree algorithm, which works to prevent loops within a switched network.

• a multimeter can be used to check physical connectivity. The primary purpose of a multimeter is for testing electrical circuits, but it can test for the continuity of any sort of copper wire, the existence of a short, and the integrity of a terminator.
  

   

•  if the resistance measured across UTP Ethernet cable is found to be 100 ohms, then the cable is okay, but if the resistance between the two ends of a cable is infinity, the cable has a break.

§  Continuity (open)-A conductor does not form a circuit because of cable damage or because the connector is not properly wired.

§  Short-Two conductors are joined at some point, usually because the insulating wire is damaged, or a connector is poorly wired.

§  Incorrect pin-out/incorrect termination/mismatched standards-The conductors are incorrectly wired into the terminals at one or both ends of the cable. The following transpositions are common:

·         Reversed pair-The conductors in a pair have been wired to different terminals (for example, from pin 3 to pin 6 and pin 6 to pin 3 rather than pin 3 to pin 3 and pin 6 to pin 6).

·         Crossed pair (TX/RX reverse)-The conductors from one pair have been connected to pins belonging to a different pair (for example, from pins 3 and 6 to pins 1 and 2). This may be done deliberately to create a crossover cable, but such a cable would not be used to link a host to a switch.

A network tone generator and probe are used to trace a cable from one end to the other. This may be necessary when the cables are bundled and have not been labeled properly. This device is also known as a Fox and Hound or tone probe. The tone generator is used to apply a signal on the cable to be traced where it is used to follow the cable over ceilings and through ducts.

If a cable link is too long, decibel (dB) loss (or insertion loss) may mean that the link experiences problems with high error rates and retransmissions (frame or packet loss) resulting in reduced speeds and possibly loss of connectivity. Insertion loss is measured in decibels (dB) and represents the ratio of the received voltage to the original voltage.

§  +3 dB means doubling, while -3 dB means halving.

§  +6 dB means quadrupling, while -6 dB relates to a quarter.

§  +10 dB means ten times the ratio, while -10 dB is a tenth.

§  Near End (NEXT)-This measures crosstalk on the receive pairs at the transmitter end and is usually caused by excessive untwisting of pairs or faulty bonding of shielded elements.

§  Attenuation to Crosstalk Ratio, Near End (ACRN)-This is the difference between insertion loss and NEXT. ACR is equivalent to a signal-to-noise ratio (SNR). A high value means that the signal is stronger than any noise present; a result closer to 0 means the link is likely to be subject to high error rates.

§  Attenuation-to-Crosstalk Ratio, Far End (ACRF)-Far End Crosstalk (FEXT) is measured on the receive pairs at the recipient end. The difference between insertion loss and FEXT gives ACRF, which measures cable performance regardless of the actual link length.

§  Power sum-Gigabit and 10 GbE Ethernet use all four pairs. Power sum crosstalk calculations (PSNEXT, PSACRN, and PSACRF) confirm that a cable is suitable for this type of application. They are measured by energizing three of the four pairs in turn.

Power over Ethernet

. If a break is identified in an installed cable, the location of the break can be found using an optical time domain reflectometer (OTDR). This sends light pulses down the cable and times how long it takes for any reflections to bounce back from the break. A broken cable will need to be repaired (spliced) or replaced. An OTDR can also be used to verify that new splices are sound.

§  is used for status messaging and connectivity testing.

• are protocols used by routers to exchange information about paths to remote networks.

The TCP/IP suite includes the Address Resolution Protocol (ARP) to perform the task of resolving an IP address to a hardware address

When both sending and receiving hosts are within the same broadcast domain or subnet, local address resolution takes place using ARP requests and ARP replies, as shown in the figure:.

Multicast Addressing
IPv4

IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host's content. Multicast packets are sent to a destination IP address from a special range configured for use with that multicast group.

At layer 2, multicasts are delivered using a special range of MAC addresses. The switch must be multicast capable. If the switch is not multicast-capable, it will treat multicast like a broadcast and flood the multicast transmissions out of all ports.

[image]

Anycast means that a group of hosts are configured with the same IP address. When a router forwards a packet to an anycast group, it uses a prioritization algorithm and metrics to select the host that is "closest" (that will receive the packet and be able to process it the most quickly). This allows the service behind the IP address to be provisioned more reliably. It allows for load balancing and failover between the server hosts sharing the IP address.
[image]

broadcast domains, subnets can be used to achieve other network design goals:

§  Many organizations have more than one site with WAN links between them. The WAN link normally forms a separate subnet.

§  It is useful to divide a network into logically distinct zones for security and administrative control.

§  Networks that use different physical and data link technologies, such as Token Ring and Ethernet, should be logically separated as different subnets.

• Class A: 255.0.0.0 (/8)
• Class B: 255.255.0.0 (/16)
• Class C: 255.255.255.0 (/24)

[image]

A public IP address is one that can establish a connection with other public IP networks and hosts over the Internet. The allocation of public IP addresses is governed by IANA and administered by regional registries and ISPs. Hosts communicating with one another over a LAN could use a public addressing scheme but will more typically use private addressing.

Private IP addresses can be drawn from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet:

§  10.0.0.0 to 10.255.255.255 (Class A private address range).

§  172.16.0.0 to 172.31.255.255 (Class B private address range).

§  192.168.0.0 to 192.168.255.255 (Class C private address range).

Automatic Private IP Addressing (APIPA) was developed by Microsoft as a means for clients that could not contact a DHCP server to communicate on the local network anyway. If a Windows host does not receive a response from a DHCP server within a given time frame, it selects an address at random from the range 169.254.1.1 to 169.254.254.254.

Loopback Addresses

While nominally part of Class A, the range 127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved. This range is used to configure a loopback address, which is a special address typically used to check that TCP/IP is correctly installed on the local host. The loopback interface does not require a physical interface to function. A packet sent to a loopback interface is not processed by a network adapter but is otherwise processed as normal by the host's TCP/IP stack. Every IP host is automatically configured with a default loopback address, typically 127.0.0.1. On some hosts, such as routers, more than one loopback address might be configured. Loopback interfaces can also be configured with an address from any suitable IP range, as long as it is unique on the network. A host will process a packet addressed to a loopback address regardless of the interface on which it is received.

§  Used when a specific address is unknown. This is typically used as a source address by a client seeking a DHCP lease.

§  Used to broadcast to the local network when the local network address is not known.

100.64.0.0/10,
192.0.0.0/24,
192.88.99.0/24,
198.18.0.0/15

§  Set aside for use in documentation and examples.

netsh interface ip set address "Ethernet" dhcp

netsh interface ip set address "Ethernet" static 10.1.0.1 255.255.255.0 10.1.0.254

You can also use netsh to report the IP configuration ( netsh interface ip show config , for example).

Get-NetAdapter

Get-NetIPAddress

cmdlets can be used to query the existing configuration.
A new configuration can be applied using New-NetIPAddress or an existing one can be modified using Set-NetIPAddress 

• classically identified as eth0, eth1 , eth2 etc.
  although some network packages now use different schemes, such as en

The persistent configuration is the one applied after a reboot or after a network adapter is reinitialized. The method of applying an IP configuration to an adapter interface is specific to each distribution. Historically, the persistent configuration was applied by editing the /etc/network/interfaces file and bringing interfaces up or down with the ifup and ifdown scripts. Many distributions now use the NetworkManager package, which can be operated using a GUI or the nmcli tools. 

ip addr - The basic reporting functionality of ifconfig (show the current address configuration)
ip addr show dev eth0 - to report a single interface only 
ip link - command shows the status of interfaces,
ip -s link reports interface statistics.
ip link set eth0 up|down command is used to enable or disable an interface,
ip addr add|delete can be used to modify the IP address configuration.

These changes are not persistent and apply only to the running configuration unless run as part of a startup script.

arp -a (or arp -g) - §  shows the ARP cache contents. You can use this with IPAddress to view the ARP cache for the specified interface only. The ARP cache will not necessarily contain the MAC addresses of every host on the local segment. There will be no cache entry if there has not been a recent exchange of frames.
arp -s IPAddress MACAddress - §  adds an entry to the ARP cache. Under Windows, MACAddress needs to be entered with hyphens between each hex byte.

arp -d * deletes all entries in the ARP cache; it can also be used with IPAddress to delete a single entry.

In Linux, the ip neigh command shows entries in the local ARP cache (replacing the old arp command).

The millisecond measures of Round Trip Time (RTT) can be used to diagnose latency problems on a link.

The Time to Live (TTL) IP header field is reduced by one every time a packet is forwarded by a router (referred to as a hop). The TTL output field in the ping command shows the value of the counter when the packet arrived at its destination.

§  There is no routing information (that is, the local computer does not know how to get to that IP address). This might be caused by some sort of configuration error on the local host, such as an incorrect default gateway, by a loss of connectivity with a router, or by a routing configuration error.

IGMP snooping 

Like IPv4, IPv6 can use unicast, multicast, and anycast addressing. Unlike IPv4, there is no broadcast addressing.

IPv6 Global Addressing

Globally scoped unicast addresses are routable over the Internet and are the equivalent of public IPv4 addresses. The parts of a global address are:

§  The first 3 bits (001) indicate that the address is within the global scope. Most of the IPv6 address space is unused. The scope for globally unique unicast addressing occupies just 1/8th of the total address space. In hex, globally scoped unicast addresses will start with a 2 (0010 in binary) or 3 (0011).

§  The next 45 bits are allocated in a hierarchical manner to regional registries and from them to ISPs and end users.

§  The next 16 bits identify site-specific subnet addresses.

§  The final 64 bits are the interface ID.

Interface ID/EUI-64

The 64-bit interface ID can be determined by using two techniques.

• First, the digits fffe are added in the middle of the MAC address.
• Second, the first 8 bits, or 2 hex digits, are converted to binary, and the 7th bit (or U/L bit) is flipped (from 0 to 1 or 1 to 0).
  
  As a MAC address is currently 48 bits (6 bytes), a (relatively) simple translation mechanism allows driver software to create a 64-bit interface ID (an EUI-64) from these 48 bits.

Link local addresses span a single subnet (they are not forwarded by routers). Nodes on the same link are referred to as neighbors. The link local range is fe80::/10. Link local addresses start with a leading fe80, with the next 54 bits set to 0, and the last 64 bits are the interface ID.

The equivalent in IPv4 is Automatic Private IP Addressing (APIPA) and its 169.254.0.0 addresses. However, unlike IPv4, an IPv6 host is always configured with link local addresses (one for each link), even if it also has a globally unique address.

[image]

A link local address is also appended with a zone index (or scope id) of the form %1 (Windows) or %eth0 (Linux). This is used to define the source of the address and make it unique to a particular link. For example, a given host may have links to a loopback address, Ethernet, and a VPN. Each of these links may use the same link local address, so each is assigned a zone ID to make it unique. Zone indices are generated by the host system, so where two hosts communicate, they may be referring to the link using different zone IDs.

Address autoconfiguration-Enables a host to configure IPv6 addresses for its interfaces automatically and detect whether an address is already in use on the local network, by using neighbor solicitation (NS) and neighbor advertisement (NA) messages.

§  Prefix discovery-Enables a host to discover the known network prefixes that have been allocated to the local segment. This facilitates next-hop determination (whether a packet should be addressed to a local host or a router). Prefix discovery uses router solicitation (RS) and router advertisement (RA) messages. An RA contains information about the network prefix(es) served by the router, information about autoconfiguration options, plus information about link parameters, such as the MTU and hop limit. Routers send RAs periodically and in response to a router solicitation initiated by the host.

§  Local address resolution-Allows a host to discover other nodes and routers on the local network (neighbors). This process also uses neighbor solicitation (NS) and neighbor advertisement (NA) messages.

§  Redirection-Enables a router to inform a host of a better route to a particular destination.

§  The host generates a link local address and tests that it is unique by using the Neighbor Discovery (ND) protocol.

§  The host listens for a router advertisement (RA) or transmits a router solicitation (RS) using ND protocol messaging. The router can either provide a network prefix, direct the host to a DHCPv6 server to perform stateful autoconfiguration, or perform some combination of stateless and stateful configuration.

ICMPv6

§  Error messaging-ICMPv6 supports the same sort of destination unreachable and time exceeded messaging as ICMPv4. One change is the introduction of a Packet Too Big class of error. Under IPv6, routers are no longer responsible for packet fragmentation and reassembly, so the host must ensure that they fit in the MTUs of the various links used.

ICMPv6 supports ICMPv4 functions, such as echo and redirect, plus a whole new class of messages designed to support Neighbor Discovery (ND) and Multicast Listener Discovery (MLD), such as router and neighbor advertisements and solicitations.

§  The first 8 bits indicate that the address is within the multicast scope (1111 1111 or ff).

§  The next 4 bits are used to flag types of multicast if necessary; otherwise, they are set to 0.

§  The next 4 bits determine the scope; for example, 1 is node-local (to all interfaces on the same node) and 2 is link local.

§  The final 112 bits define multicast groups within that scope.

The Multicast Listener Discovery (MLD) protocol allows nodes to join a multicast group and discover whether members of a group are present on a local subnet.

Dual stack hosts and routers can run both IPv4 and IPv6 simultaneously and communicate with devices configured with either type of address. Most modern desktop and server operating systems implement dual stack IP. Most modern dual stack systems will try to initiate communications using IPv6 by default.

Tunneling

As an alternative to dual stack, tunneling can be used to deliver IPv6 packets across an IPv4 network. Tunneling means that IPv6 packets are inserted into IPv4 packets and routed over the IPv4 network to their destination. Routing decisions are based on the IPv4 address until the packets approach their destinations, at which point the IPv6 packets are stripped from their IPv4 carrier packets and forwarded according to IPv6 routing rules. This carries a high protocol overhead and is not nearly as efficient as operating dual stack hosts.

use the prefix 2002::/16

With 6RD, the 2002::/16 prefix is replaced by an ISP-managed prefix and there are various other performance improvements.

Generic Routing Encapsulation (GRE) GRE allows a wide variety of Network layer protocols to be encapsulated inside virtual point-to-point links. This protocol has the advantage that because it was originally designed for IPv4, it is considered a mature mechanism and can carry both v4 and v6 packets over an IPv4 network.

COMMON IPV6 ADDRESS PREFIXES

The 0000::/8 block (that is, IPv6 addresses where the first bits are 0000 0000) is reserved for special functions. Within this block, there are two special addresses defined:

§  Unspecified address (0:0:0:0:0:0:0:0)-A host that has not obtained a valid address. This is often expressed as ::.

§  Loopback address (0:0:0:0:0:0:0:1)-Used for testing (for the host to send a packet to itself). This is often expressed as ::1.

§  Protocol-The source of the route.

§  Destination-Routes can be defined to specific hosts but are more generally directed to network IDs. The most specific destination prefix (the longest mask) will be selected as the forwarding path if there is more than one match.

§  Interface-The local interface to use to forward a packet along the chosen route. This might be represented as the IP address of the interface or as a layer 2 interface ID.

Gateway/next hop-The IP address of the next router along the path to the destination.

§  Direct network routes, for subnets to which the router is directly attached.

§  Remote network routes, for subnets and IP networks that are not directly attached.

§  Host routes, for routes to a specific IP address. A host route has a /32 network prefix.

§  Default routes, which are used when an exact match for a network or host route is not found.

directly connected routes.

The IP network or subnet for each active router interface is automatically added to the routing table. These are known as directly connected routes.

A static route is manually added to the routing table and only changes if edited by the administrator. Configuring static routing entries can be useful in some circumstances, but it can be problematic if the routing topology changes often, as each route on each affected router needs to be updated manually.

A default route is a special type of static route that identifies the next hop router for a destination that cannot be matched by another routing table entry. The destination address 0.0.0.0/0 (IPv4) or ::/0 (IPv6) is used to represent the default route. The default route is also described as the gateway of last resort. Most end systems are configured with a default route (pointing to the default gateway). This may also be the simplest way for an edge router to forward traffic to an ISP's routers.

PACKET FORWARDING

When a router receives a packet, it reads the destination address in the packet and looks up a matching destination network IP address and prefix in its routing table. If there is a match, the router will forward the packet out of one of its interfaces by encapsulating the packet in a new frame:

§  If the packet can be delivered to a directly connected network via an Ethernet interface, the router uses ARP (IPv4) or Neighbor Discovery (ND in IPv6) to determine the interface address of the destination host.

§  If the packet can be forwarded via a gateway over an Ethernet interface, it inserts the next hop router's MAC address into the new frame.

§  If the packet can be forwarded via a gateway over another type of interface (leased line or DSL, for instance), the router encapsulates the packet in an appropriate frame type.

§  If the destination address cannot be matched to a route entry, the packet is either forwarded via the default route or dropped (and the source host is notified that it was undeliverable).

Hop Count

Time To Live

At each router, the Time to Live (TTL) IP header field is decreased by at least 1. This could be greater if the router is congested. The TTL is nominally the number of seconds a packet can stay on the network before being discarded. While TTL is defined as a unit of time (seconds), in practice, it is interpreted as a maximum hop count. When the TTL is 0, the packet is discarded. This prevents badly addressed packets from permanently circulating the network.

FRAGMENTATION

IPv6 does not allow routers to perform fragmentation. Instead, the host performs path MTU discovery to work out the MTU supported by each hop and crafts IP datagrams that will fit the smallest MTU.

Convergence is the process whereby routers running dynamic routing algorithms agree on the network topology. Routers must be capable of adapting to changes such as newly added networks, router or router interface failures, link failures, and so on. Routers must be able to communicate changes to other routers quickly to avoid black holes and loops. A black hole means that a packet is discarded without notification back to the source; a loop causes a packet to be forwarded around the network until its TTL expires.

The Routing Information Protocol (RIP) is a distance vector routing protocol. RIP only considers a single piece of information about the network topology-the next hop router to reach a given network or subnet (vector). It considers only one metric to select the optimal path to a given destination network-the one with the lowest hop count (distance).

§  RIPv1 is a classful protocol and uses inefficient broadcasts to communicate updates over UDP port 520.

§  RIPv2 supports classless addressing and uses more efficient multicast transmissions over UDP port 520. It also supports authentication.

§  RIPng (next generation) is a version of the protocol designed for IPv6. RIPng uses UDP port 521.

ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL

There are versions for IPv4 and IPv6. Like RIP, EIGRP is a distance vector protocol because it relies on neighboring routers to report paths to remote networks. Unlike RIP, which is based on a simple hop count metric, EIGRP uses a metric composed of administrator-weighted elements. The two default elements are bandwidth and delay.

§  Bandwidth-Applies a cost based on the lowest bandwidth link in the path.

§  Delay-Applies a cost based on the time it takes for a packet to traverse the link. This metric is most important if the route is used to carry time-sensitive data, such as voice or video. Delay is calculated as the cumulative value for all outgoing interfaces in the path.

EIGRP does use regular hello messaging to confirm connectivity with its neighbors. Unlike RIP, EIGRP maintains a topology table alongside its routing information base. The topology table is used to prevent loops while also supporting a greater number of maximum hops than RIP (nominally up to 255).

Unlike RIP, EIGRP is a native IP protocol, which means that it is encapsulated directly in IP datagrams, rather than using TCP or UDP. It is tagged with the protocol number 88 in the Protocol field of the IP header. Updates are transmitted using multicast addressing.

In a given area, routers exchange OSPF hello messages, both as a form of a keep-alive packet and in order to acquire neighbors with which to exchange routing information. Neighbors share Link State Advertisement (LSA) updates to build a consistent link state database (LSDB) that represents the network topology of the area. The router applies an algorithm called shortest path first (SPF) to analyze the LSDB and add least-cost, loop free routes to its routing table. This use of a topology table of the whole network to select routes is the key difference between link state and distance vector algorithms.

The small, frequent updates used by OSPF lead to more rapid convergence and more efficiently support larger networks. The use of areas to subdivide the network minimizes the amount of routing traffic that must be passed around the network as a whole, further improving convergence performance. However, link state algorithms can be more expensive to implement because they require more CPU and memory resource.

BGP works with classless network prefixes called Network Layer Reachability Information (NLRI). Path selection is based on multiple metrics, including hop count, weight, local preference, origin, and community. BGP is not a pure distance vector algorithm. In fact, BGP is more usually classed as a path vector routing protocol.

BGP works over TCP on port 179.

However, as routing protocols use different methods to calculate the metric, it cannot be used to compare routes from different protocols in the overall IP routing table. Instead, an administrative distance (AD) value is used to express the relative trustworthiness of the protocol supplying the route. Default AD values are coded into the router but can be adjusted by the administrator if necessary.

allows a network designer to allocate ranges of IP addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet more closely. Without VLSM, you have to allocate subnetted ranges of addresses that are the same size and use the same subnet mask throughout the network. This typically means that some subnets have many wasted IP addresses or additional routing interfaces must be installed to connect several smaller subnets together within a single building or department.

VLSM allows different length netmasks to be used within the same IP network, allowing more flexibility in the design process.

Edge routers, placed at the network perimeter, are typified by distinguishing external (Internet-facing) and internal interfaces. These routers can perform framing to repackage data from the private LAN frame format to the WAN Internet access frame format. The customer's router is referred to as the customer edge (CE), while the service provider's router is referred to as the provider edge (PE).

They feature specialized processors to handle the routing and forwarding processes, and memory to buffer data. Most routers of this class will also support plug-in cards for WAN interfaces. Another important feature is support for different methods of configuring site-to-site virtual private networks (VPNs).

Layer 3 Capable Switches

Each Port is going to act as its own broadcast domain and its own collision domain. Makes routing decisions, just like a router. Makes Layer 3 routing decisions and then interconnects entire networks, not just network segments. 

Passing traffic between a router appliance and the switch over a trunk link is relatively inefficient and does not scale well to tens of VLANs. Consequently, enterprise networks usually deploy layer 3 switches at the core of their networks. A layer 3 capable switch is one that is optimized for routing between VLANs. It can use static and dynamic routing to identify which VLAN an IP address should be forwarded to. A layer 3 switch can maintain a mapping table of IP addresses to MAC addresses so that when a path is established, it can use low-latency hardware-based forwarding. However, layer 3 switches do not typically have WAN interfaces and so are not usually used for routing at the network edge.

ROUTER CONFIGURATION

§  Apply an IP configuration to each interface.

§  Configure one or more routing protocols and/or static routes so that the router can serve its function.

The show route, show ip route , show ipv6 route , or similar command will output the active routing table. As well as destination, gateway, AD/metric, and interface, the output will show the source of the route, identified as a letter code (C = connected, S = static, R = RIP, B = BGP, D = EIGRP, O = OSPF, and so on).

The route command is used to view and modify the routing table of end system Windows and Linux hosts.

In Windows, to show the routing table, run route print

In Windows, to show the routing table, run route print. Apart from loopback addresses and the local subnet, the routing table for an end system generally contains a single entry for the default route.

To add a route, the syntax for the Windows version of the tool is:

route [-f -p] add DestinationIP mask Netmask GatewayIP metric MetricValue if Interface

The variables in the syntax are defined as:

§  DestinationIP is a network or host address.

§  Netmask is the subnet mask for DestinationIP.

§  GatewayIP is the router to use to contact the network or host.

§  MetricValue is the cost of the route.

§  Interface is the adapter the host should use (used if the host is multihomed).

• route (no parameters) 
• A nonpersistent route can be added using the following general syntax:

• route add -net 192.168.3.0 netmask 255.255.255.0 metric 2 dev eth0
  
  
• The iproute2 suite of tools is designed to replace deprecated legacy command-line tools in Linux. You can use ip route show and ip route add to achieve the same ends.

• The traceroute tool allows you to test the whole path between two nodes with a view to isolating the node or link that is causing the problem.
• traceroute is supported on Linux and router OSes (such as Cisco)
• traceroute uses UDP probe messages by default. The command issues a UDP probe for port 32767 with a TTL of 1. 

 Linux and router OSes (such as Cisco IOS) support traceroute. The command traceroute uses User Datagram Protocol (UDP) probe messages by default.

The first hop should reduce this to zero and respond with an ICMP Time Exceeded message. The command then increments the TTL by one and sends a second probe, which should reach the second hop router. This process is repeated until the end node is reached, which should reply with an ICMP Port Unreachable response.

The output shows the number of hops, the IP address of the ingress interface of the router or host (that is, the interface from which the router receives the probe), and the time taken to respond to each probe in milliseconds (ms). If no acknowledgment is received within the timeout period, an asterisk is shown against the probe. Note that while this could indicate that the router interface is not responding, it could also be that the router is configured to drop packets with expired TTLs silently.

traceroute can be configured to send ICMP Echo Request probes rather than UDP by using traceroute -I . The traceroute -6 or traceroute6 commands are used for IPv6 networks.

tracert uses ICMP Echo Request probes by default. The command issues an Echo Request probe with a TTL of 1. The first hop should reduce this to zero and respond with a Time Exceeded response. tracert then increments the TTL by one each time to discover the full path.

On a Windows system, the tracert command performs the same function as traceroute. The command tracert uses Internet Control Message Protocol (ICMP) Echo Request probes by default.