PROJECT REPORT

SUMMER TRAINING
AT

IBM

BY:
SRM UNIVERSITY
B.Tech (EEE)
June, 2014

PREFACE
Income Tax department (DIT) has offices in more than 510 cities and towns across
India covering 751 buildings. DIT intends to implement All India Income Tax Network
(TAXNET) under phase III of computerization to augment its existing network and to
cover the additional cities and buildings in the country. DITs consultant IBM handles
all its computerised operations.
I am extremely grateful to get the opportunity to undergo my summer training here. I
got to work with the extremely efficient persons of IBM and gained immense
exposure and knowledge from this training.
In this particular project I have tried to cover the LAN, WAN, MPLS, IPSec, Layers,
Security Leading practices, IP for routers and Switches, as based on the requirement
and knowledge I captured through discussion with DITs consultant IBM.

I thank for giving me the opportunity to undergo the summer training at this
highly esteemed company. This project would not have been a success without the
able guidance of Sir. I am thankful to each and every person at IBM for their
cooperation and guidance which led to the completion of this project.

CONTENTS
Sl. No. Topic
1.

Overview TAXNET network

2.

LAN sites

3.

WAN topology

4.

LAN topology

5.

LAN security

6.

Leased Line

7.

MPLS

8.

DATA Security

9.

TAXNET IPSec design

10.

OSI Model

11.

IP : TCP/UDP

12.

Hardware Overview

OVERVIEW : TAXNET NETWORK

Income Tax department (ITD) has offices in more than 510 cities and towns across
India covering 751 buildings. ITD intends to implement All India Income Tax Network
(TAXNET) under phase III of computerization to augment its existing network and to
cover the additional cities and buildings in the country. ITD has set up Wide Area
Network and Local Area Networks (LAN) in majority of the buildings across 60 cities
covered in previous phases of the computerization program of ITD.
In the present phase of the project, it is proposed to augment existing network
infrastructure and also to set up new infrastructure wherever required, to support
communication requirement in terms of Data and Video.
ITD network solution is based on Cisco Routers and LAN switches at every location,
which are connecting to central site (PDC), Backup site (BCP) and a DR Site. The
connectivity between edge and central site will be provided through Bhartis MPLS IP
VPN cloud. Each ITD location will connect to nearest MPLS IP VPN PoP (point of
presence). From the various MPLS IP VPN PoPs, required bandwidth would be
provided by IP VPN service provider till central ITD site. However to achieve higher
security on IP VPN connection, IPSec tunnels will be established.
In this particular project I have tried to cover the LAN, WAN, MPLS, IPSec, Layers,
Security Leading practices, IP for routers and Switches, as based on the requirement
and knowledge I captured through discussion with DITs consultant IBM.

TAXNET LAN DESIGN

TAXNET LAN sites overview
The proposed TAXNET network consists of 751 locations spread across different
states in India. The LANs at different locations have multiple device configurations
depending on the size of the location and the criticality. Broadly all LANs at different
locations can be classified into 11 different types :
1. Primary data centre PDC
2. Back up data centre BDC
3. Disaster recovery centre DR
4. Network Operations Center (NOC)
5. VSAT Hub Location
6. C2 sites 2 to 6 users
7. A2/B2 sites 2 to 20 users
8. A1/B1 sites 20 to 36 users
9. A1/B1 sites 36 to 75 users
10. A1/b1 sites up to 240 users
11/ A1/B1 sites more than 240 users

Each of these LAN sites have different LAN device configuration depending on
the capacity requirements and also the redundancy and failover requirements.

WAN (Wide Area Network)

A wide area network WAN is a network that covers a broad area using leased
telecommunication lines. In essence, this mode of telecommunication allows a
business to effectively carry out its daily function regardless of location. The Internet
can be considered a WAN as well, and is used by businesses, governments,
organizations, and individuals for almost any purpose imaginable.

WAN TOPOLOGY:
The phrase WAN Topology refers to the arrangement or relative positioning of links and
nodes.

Point-to-Point
Point-to-point networks see WAN sites connected by high-capacity network cabling
known as backbone. The sites are connected as if in a line, with each site (other
than the ones at the ends of the line) only linked to the sites directly before and after
it. This is a simple topology to implement, and provides cost benefits in that it
requires minimal cabling. However, it leaves networks vulnerable to failure, as a
single fault on the backbone can bring whole sections of the network down.

MPLS

MPLS mechanism is a high performance telecommunication networks that directs

data from one network node to the next based on short path labels rather than long
network addresses, avoiding complex look ups in a routing table. The labels identify
virtual links (paths) between distant nodes rather than end points. MPLS can
encapsulate packets of various network protocols.

LAN(Local Area Network)

A local area network LAN, is a computer network that interconnects computers within
a limited area such as home, school, computer laboratory, or office building, using
metwork media. The defining characteristics od LANs, in contrast to Wide Area
Networkk WANs, include their smaller geographic area, and non-inclusion of leased
telecommunication lines.

LAN TOPOLOGY

Ring

The ring topology is the same as the point-to-point topology, except the sites at the
end of the backbone are connected to each other as well. This makes ring topology
WANs less vulnerable to failure, as traffic can be routed the opposite way around the
ring if a fault is detected on the network. However, adding new sites to ring topology
WANs requires additional work and cost when compared to point-to-point setups, as
each new site requires two connections instead of one.

Star

The star topology sees all sites connected to a central hub, a little like the spokes of
a wheel. WAN hubs use a technology known as a concentrator router to ensure data
is sent to the right destination. This topology allows for sites to be added to the
network easily an important consideration for business WANs and is not
vulnerable to a single cable failure bringing down the whole network. However, it is
entirely dependent on the concentrator router to be able to run.

Bus
In bus topologies, all computers are connected to a single cable or "trunk or
backbone", by a transceiver either directly or by using a short drop cable. All ends of
the cable must be terminated, that is plugged into a device such as a computer or
terminator. Most bus topologies use coax cables.
The number of computers on a bus network will affect network performance, since
only one computer at a time can send data, the more computers you have on the
network the more computers there will be waiting send data. A line break at any
point along the trunk cable will result in total network failure. Computers on a bus
only listen for data being sent they do not move data from one computer to the next,
this is called passive topology.

Mesh

A Mesh topology Provides each device with a point-to-point connection to every

other device in the network. These are most commonly used in WAN's, which
connect networks over telecommunication links. Mesh topologies use routers to
determine the best path. Mesh networks provide redundancy, in the event of a link
failure, meshed networks enable data to be routed through any other site connected
to the network. Because each device has a point-to-point connection to every other
device, mesh topologies are the most expensive and difficult to maintain.
Mesh networks differ from other networks in that the component parts can all
connect to each other via multiple hops, and they generally are not mobile. Mobile
ad-hoc networking (MANET), featured in many consumer devices, is a subsection of
mesh networking. Mesh networks are self-healing: the network can still operate even
when a node breaks down or a connection goes bad. As a result, a very reliable
network is formed.
.

LAN SECURITY
This section covers different security mechanisms available in LAN environments to
protect the LAN switch network from unauthorised access and resource protection.
DHCP SNOOPING
DHCP (dynamic host configuration protocol) snooping is a DHCP security feature
that provides network security by filtering untrusted DHCP messages and by
building and maintaining a DHCP snooping binding table. An untrusted message is
a message that is received from outside the network or firewall that can cause traffic
attacks within your network.
DIT is planning to use manual IP addressing for all the sites due to their requirement
to ensure a static IP address is available for all the hosts. This is to ensure that,
network or application access control can be achieved based on the IP address and
hence an individual user.
DYNAMIC ARP INSPECTION
Dynamic arp inspection is a security feature that validitates ARP packets in a
network. It intercepts, logs and discards ARP packets with invalid IP-to-MAC
address bindings. This protects the network from certain man in the middle attacks.
For TAXNET network, dynamic ARP inspection is not a scalable option because of
the non DHCP environments.
PORT SECURITY
PortSecurity helps to ensure that only valid sources are allowed to transmit traffic
into the LAN network. Port Security feature uses dynamically learned and static
MAC addresses to restrict ingress traffic to an interface by limiting the MAC
addresses that are allowed to send traffic into a port. Upon assigning secure MAC
addresses to a secure port, the port does not forward packets with source
addresses outside the group of defined addresses.
As security of LAN is a critical requirement for DIT, port security can be used to
protect the network from unauthorized workstations gaining access. This ensures
that only one allowed MAC address (i.e. Workstation) can send traffic into the
switch.

LEASED LINE:
A leased line is a service contract between a provider and a customer, whereby the
provider agrees to deliver a symmetric telecommunication line connecting two or
more locations in exchange for a monthly rent (hence the term lease). It is
sometimes known as a "private circuit" or "data line". Leased lines can be used for
telephone, data or internet services.
Typically, leased lines are used by businesses to connect geographically distant
offices. Unlike dial-up connections, a leased line is always active. The fee for the
connection is a fixed monthly rate. The primary factors affecting the monthly fee are
distance between end points and the speed of the circuit. Because the connection
does not carry anybody else's communications, the carrier can assure a given level
of quality.
An Internet leased line is a premium internet connectivity product, delivered over
fibre normally, which is dedicated and provides uncontended, symmetrical speeds,
full-duplex. It is also known as an Ethernet leased line, DIA line, data circuit or
private circuit.
Leased lines, as opposed to DSL, are being used by companies and individuals
for Internet access because they afford faster data transfer rates and are costeffective for heavy users of the Internet.

Applications:

Site to site data connectivity

Site to site PBX connectivity
Site to site network connectivity

MPLS (multiprotocol label switching)

MPLS mechanism is a high performance telecommunication networks that directs
data from one network node to the next based on short path labels rather than long
network addresses, avoiding complex look ups in a routing table. The labels identify
virtual links (paths) between distant nodes rather than end points. MPLS can
encapsulate packets of various network protocols.
MPLS is a data carrying mechanism. Data packets are assigned labels in an MPLS
network. Instead of examining the packet itself, packet forwarding decisions are
made purely on the contents of this label. At every point a new label is attached to
the packet to tell the router what has to be done with the packet until it reaches its
destination. By using any protocol it allows the creation of end-to-end circuits across
all types of transport medium.

It is a complex framework of functions. Dependence on a particular data link layer

technology such as Synchronous Optical Networking, Frame Relay, and
Asynchronous Transfer Mode is eliminated by using this mechanism and also the
need for multiple layer-2 networks to satisfy the different types of traffic is eliminated.
MPLS is often referred to as layer 2.5 protocol because of its operation on an OSI
model. It is designed to give an unified data carrying service for both packetswitching clients and circuit-based clients. Its uses are in many kinds of traffic such
as Ethernet frames, SONET, native ATM and IP packets.
MPLS is now replacing the older technologies at rapid pace.
MPLS supports a wide range of access technologies, including T1/E1, ATM, Frame
Relay and DSL.
MPLS works by prefixing packets with an MPLS header, containing one or more
labels. This is called a label stack. These MPLS-labelled packets are switched after a
label lookup/switch instead of a lookup into the IP table.

ADVANTAGES:

Improve Uptime by sending data over an alternative path in less than 50

milliseconds (if one exists). MPLS also reduces the amount of manual
intervention your network provider has to do to create a WAN, reducing the
likelihood of human error bringing down your circuit.
Create Scalable IP VPNs with MPLS its easy to add an additional site to
the VPN. There is no need to configure a complex mesh of tunnels, as is
common with some traditional approaches.

Improve User Experience by prioritising time-sensitive traffic such as VoIP.

Multi-Protocol Label Switching offers multiple Classes of Service, enabling
you to apply separate settings to different types of traffic.
Improve Bandwidth Utilisation by putting multiple types of traffic on the
same link, you can let high priority traffic borrow capacity from lower priority
traffic streams whenever required. Conversely, when the lower priority traffic
needs to burst beyond its usual amount of bandwidth, it can use any capacity
thats not being used by higher priority services.
Hide Network Complexity an MPLS connection between two sites can be
configured to act like a long Ethernet cable, with the hops involved hidden
from view. This is sometimes known as VPLS (Virtual Private LAN Service).
Reduce Network Congestion Sometimes the shortest path between two
locations isnt the best one to take, as congestion has made it less attractive
(at least for the time being). MPLS offers sophisticated traffic engineering
options that enable traffic to be sent over non-standard paths. This can
reduce latency (the delay in sending/receiving data). It also reduces
congestion on the paths that have just been avoided as a result of traffic
engineering.

Customer networks are connected via Customer Edge (CE) routers to the provider
MPLS network. In MPLS-VPN terminology, an Edge LSR that provides VPN services
over MPLS is referred to as a PE. The Customer Edge router runs ordinary IP
forwarding (static or dynamic) will not run MPLS. If the CE does run MPLS, it will
usually use it independently of the provider.

MPLS network structure:

ADVANTAGES of MPLS over LEASED LINE:

The main difference between the two is that leased line usually involves
interconnecting the different branches to one another, especially in the case of point
to point lines. On the other hand, MPLS means connecting the branches or nodes to
a single service provider MPLS network. This type of structure leads to a whole lot of
benefits.
More Organized Interconnection since the structure of MPLS is more tailored,
organizing the connection between and among business branches is much easier. For data
which need to be shared among branches it is easy to place them within a common storage.
At the same time, it is still possible to maintain high security for a particular branch because
lines do not criss-cross.

Efficient Traffic Management MPLS is a careful and effective way of fixing the paths
of various traffic classes. There will be MPLS packets that would be specified for the
MPLS routerers. That way, whether the bandwidth traffic is from video, voice or data, these
would not end up jammed within the network which results to slower connection and other
problems. With leased lines, such in-depth engineering for traffic management can not be
mimicked.

Improved QoS there is no doubt that when it comes to Quality of Service, MPLS
definitely wins over leased line. The streamlining of traffic flows also gives an opportunity to
specify which traffic is more important over the other. For example, data class traffic would
be automatically considered as a lower priority compared to video class traffic. Because of
such impressive QoS, various applications would function much more smoothly.

Allows Easy Expansion of BusinessWith MPLS, adding more branches which

would access the same network is much easier. This is because establishing the connection
is less complex compared to leased lines. In fact, the reason why entrepreneurs opt for this
one is because they can instantly add and delete sites, depending on their needs and the
performance of the business. Creating new connection is much cheaper too.

Bandwidth SpecificationsInterestingly, MPLS gives more provisions when it comes

to taking full control over the network. Even the amount of bandwidth used may be tailored
according to the needs of the business too. For example, a specific level of bandwidth can
be supplied according to demand to sustain a special project or a temporary application.

Shorter Response TimeThis is primarily because MPLS has lesser hops. Compared
to leased line, data needs to travel more before it reaches destination and before the
inbound data is received. With MPLS, less hops between network points make response
time almost instantaneous.

Compatibility with Different Types of PacketsSupporting the different kinds of

packet is also possible with MPLS. The only thing that is important is for MPLS labels to be
attached along with the packet. Hence, whether it is frame relay, IP or others, the protocol
would not matter much so long as the right packet is recognized.

DATA SECURITY OVER THE MPLS:

ENCRYPTION:
Encryption is the process of encoding messages or information in such a way that
only authorised parties can read it. In an encryption scheme, the message or
information is encrypted using an encryption algorithm, generating cipher text that
can only be read if decrypted. A pseudo-random encryption key is generated by an
algorithm.
In a world growing increasingly dependent on technology and the desire for privacy
in the virtual realm, data encryption techniques have become widely used to ensure
the protection of important information.
Data security includes the following four basic functions: Confidentiality that
guarantees data is not leaked to third parties. Integrity that prevents alteration of
prepared data. Authenticity that guarantees the ostensible preparer of the data is the
real preparer. Accountability is used for checking all processes in the past when
errors occur and clear assignment of responsibility.
In TAXNET 3DES is used as encryption method for securing of data.

IPsec: (Internet Protocol Security)

Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet of a
communication session. Internet Protocol security (IPsec) uses cryptographic
security services to protect communications over Internet Protocol (IP) networks.
IPsec supports network-level peer authentication, data origin authentication, data
integrity, data confidentiality (encryption), and replay protection.

TAXNET IPSec DESIGN

Security is a critical concern for any Enterprise these days. Especially in
environments like government where information transported is very sensitive.
Hence, for obvious reasons, one of the TAXNET network is to have a secure
network due to sensitiveness of the data that is transported over its network. DIT
requires high confidentiality of data during transport over Bharti transported MPLS
VPV transport. The requirement is to encrypt all user data between CE to CE. IPSec
with 3DES encryption provides excellent level encryption and hence confidentiality.
While IPSec provides complete confidentiality of data that is transported across the
IPSec tunnels, IPSec alone cannot provide transport of multicast traffic which is a
requirement for multicast applications and exchange of routing protocol updates.
This requires the use of GRE point to point tunnels which are encrypted using
IPSec. GRE over the available infrastructure provides an overlay HUB and Spoke
connectivity. In the case of DIT, the central PDC location in Delhi will host all the
data application services eventually when this project is completed. All the remote
locations of DIT access the core applications available at the PDC. DIT also planned
for a backup location in Mumbai which is called BCP. This location is an exact
replica of the PDC in terms of network equipment that is planned at this site. He goal
is to provide disaster recovery in case of PDC site is not available completely during
extreme cases of disaster.
In addition to PDC and BCP, DIT also has plans to implement another disaster
recovery centre in Chennai. The idea of this DR location is to provide basic services
in extreme emergencies. The complete details of the network equipment are not
known at this time and design for DR is out of the scope of this document.

OSI MODEL (Open System Interconnection)

The Open System Interconnection model is a conceptual model that
characterizes and standardizes the internal functions of a communication
system by partitioning it into abstract layers.
The model groups communication functions into seven logical layers. A layer
serves the layer above it and is served by the layer below it. For example, a
layer that provides error free communications across a network provides the
path needed by applications above it, while it calls the next lower layer to
send and receive packets that make up the contents of that path.

OSI Model

Data unit Layer

7. Application

Data

6. Presentation

Function

Network process to application

Data

representation,

encryption

and

decryption,

convert

machine dependent data to machine independent data

Host
layers
5. Session

Segments 4. Transport

Packet

3. Network

Interhost

communication,

managing

sessions

between

applications

Reliable delivery of packets between points on a network.

Addressing, routing and (not necessarily reliable) delivery of

datagrams between points on a network.

Media
layers Bit/Frame 2. Data Link

Bit

1. Physical

A reliable direct point-to-point data connection.

A (not necessarily reliable) direct point-to-point data connection.

Layer 1: physical layer

The physical layer has the following major functions:

it defines the electrical and physical specifications of the data connection. It

defines the relationship between a device and a physical transmission
medium (e.g., a copper or fiber optical cable). This includes the layout of pins,
voltages, signal timing,network adapters and more.
it defines the protocol to establish and terminate a connection between two
directly connected nodes over a communication medium.
it may define the protocol for flow control.
it defines a protocol for the provision of a (not necessarily reliable) connection
between two directly connected nodes, and the modulation or conversion
between the representation of digital data.

Layer 2: data link layer

The data link layer provides a reliable link between two directly connected nodes, by
detecting and possibly correcting errors that may occur in the physical layer. The
data link layer is divided into two sub-layers:

Media Access Control (MAC) layer - responsible for controlling how computers in
the network gain access to data and permission to transmit it.
Logical Link Control (LLC) layer - control error checking and packet
synchronization.

The Point-to-Point (PPP) is an example of a data link layer in the TCP/IP protocol
stack.

Layer 3: network layer

The network layer provides the functional and procedural means of transferring
variable length data sequences (called datagrams) from one node to another
connected to the same network. A network is a medium to which many nodes can be
connected, on which every node has an address and which permits nodes
connected to it to transfer messages to other nodes connected to it by merely
providing the content of a message and the address of the destination node and

letting the network find the way to deliver ("route") the message to the destination
node. In addition to message routing, the network may (or may not) implement
message delivery by splitting the message into several fragments, delivering each
fragment by a separate route and reassembling the fragments, report delivery errors,
etc.

Layer 4: transport layer

The transport layer provides the functional and procedural means of transferring
variable-length data sequences from a source to a destination host via one or more
networks, while maintaining the quality of service functions.
The transport layer controls the reliability of a given link through flow
control, segmentation/desegmentation and error control. Some protocols are stateand connection oriented. This means that the transport layer can keep track of the
segments and retransmit those that fail. The transport layer also provides the
acknowledgement of the successful data transmission and sends the next data if no
errors occurred. The transport layer creates packets out of the message received
from the application layer. Packetizing is a process of dividing the long message into
smaller messages.

Layer 5: session layer

The session layer controls the dialogues (connections) between computers. It
establishes, manages and terminates the connections between the local and remote
application. It provides for full-duplex, half-duplex or simplex operation, and
establishes checkpointing, adjournment, termination, and restart procedures. The
OSI model made this layer responsible for graceful close of sessions, which is a
property of the Transmission Control Protocol, and also for session check pointing
and recovery, which is not usually used in the Internet Protocol Suite.
The session layer is commonly implemented explicitly in application environments
that use remote procedure calls.

Layer 6: presentation layer

The presentation layer establishes context between application-layer entities, in
which the application-layer entities may use different syntax and semantics if the
presentation service provides a mapping between them.
This layer provides independence from data representation (e.g., encryption) by
translating between application and network formats. The presentation layer
transforms data into the form that the application accepts. This layer formats and
encrypts data to be sent across a network. It is sometimes called the syntax layer.

Layer 7: application layer

The application layer is the OSI layer closest to the end user, which means both the
OSI application layer and the user interact directly with the software application. This
layer interacts with software applications that implement a communicating
component. Such application programs fall outside the scope of the OSI model.
Application-layer functions typically include identifying communication partners,
determining resource availability, and synchronizing communication. When
identifying communication partners, the application layer determines the identity and
availability of communication partners for an application with data to transmit. When
determining resource availability, the application layer must decide whether sufficient
network or the requested communication exists. In synchronizing communication, all
communication between applications requires cooperation that is managed by the
application layer.

Internet Protocol (IP)

The Internet Protocol (IP) is the principle communications protocol in the Internet
protocol suite for relaying datagrams across network boundaries. Its routing
functions enable internetworking, and essentially establish the Internet.
IP has the task of delivering packets from the source host to the destination host
solely based on the IP address in the packet headers. For this purpose, IP defines
packet structures that encapsulate the data to be delivered. It also defines
addressing methods that are used to label the datagram with source and destination
information.

Functions:
The Internet Protocol is responsible for addressing hosts and for routing diagrams
(packets) from a source host to a destination host across one or more IP networks.
For this purpose the Internet Protocol defines the format of packets and provides an
addressing system that has two functions: identifying hosts and providing a logical
location service.

Range of IP used:
In the Internet addressing architecture, a private network is a network that uses
private IP address space, following the standards set by RFC 1918 for IPv4.
The Internet Assigned Numbers Authority (IANA) has reserved the following IPv4
address ranges for private network.

RFC1918 name

IP address range

Number of addresses

24-bit block

10.0.0 - 10.255.255.255

16,777,216

20-bit block

172.16.0.01722.31.255.255

1,048,576

16-bit block

192.168.0.0192.168.255.255

65,536

Transmission Control Protocol (TCP)

The Transmission Control Protocol TCP is one of the core protocols of the Internet
Protocol Suite (IP) and is so common that the entire suite is called TCP/IP. TCP
provides reliable, ordered and error-checked delivery of a stream of octets between
programs running on computers connected to a local area network, intranet or
the public Internet. It resides at the transport layer.
Web browsers use TCP when they connect to servers on the World Wide Web, and
it is used to deliver email and transfer files from one location to another. HTTP,
HTTPS, SMTP, Telnet and a variety of other protocols are typically encapsulated in
TCP.

Function:
The protocol corresponds to the transport layer of TCP/IP suite. TCP provides a
communication service at an intermediate level between an application program and
the Internet Protocol (IP).
IP works by exchanging pieces of information called packets. A packet is a sequence
of octets (bytes) and consists of a header followed by a body. The header describes
the packet's source, destination and control information.
Due to network congestion, traffic load balancing, or other unpredictable network
behavior, IP packets can be lost, duplicated, or delivered out of order. TCP detects
these problems, requests retransmission of lost data, rearranges out-of-order data,
and even helps minimize network congestion to reduce the occurrence of the other
problems. Once the TCP receiver has reassembled the sequence of octets originally
transmitted, it passes them to the receiving application. While IP handles actual
delivery of the data, TCP keeps track of the individual units of data transmission,
called segments that a message is divided into for efficient routing through the
network. Thus, TCP abstracts the application's communication from the underlying
networking details.

User Datagram Protocol (UDP)

The UDP is one of the core members of the internet protocol suite. With UDP,
computer applications can send messages (datagrams) to other hosts or an Internet
Protocol network without prior communications to set up data paths.
UDP is a minimal message-oriented Transport Layer protocol. UDP provides no
guarantees to the upper layer protocol for message delivery and the UDP protocol
layer retains no state of UDP messages once sent.
UDP is suitable for purposes where error checking and correction is either not
necessary or is performed in the application, avoiding the overhead of such
processing at the network interface level. Time-sensitive applications often use UDP
because dropping packets is preferable to waiting for delayed packets, which may
not be an option in a real-time system. Lacking reliability, UDP applications must
generally be willing to accept some loss, errors or duplication. If error correction
facilities are needed at the network interface level, an application may use
the Transmission Control Protocol (TCP).

HARDWARE OVERVIEW:

Cisco 2511 router

Cisco 3845 router

Cisco 4510 switch

Cisco 3750 switch

Cisco 2950 switch

Cisco 2560 switch