1.

NETWORK BASICS

1.1 What is a network?

A Computer network can be described as a system of interconnected devices that can

communicate using some common standard (called protocol). These devices communicate to
exchange resources (e.g. files and printers) and services.

Here is an example network consisting of two computers connected together:

In the example above, the two computers are directly connected using a cable. This small
network can be used to exchange data between just these two computers.
What if we want to expand our network? Then we can use a network device, either a
switch or a hub, to connect more than two computers together:

Now all of the devices on the network can communicate with each other.

We’ll talk more about hubs and switches in just a moment. For now, just remember that
these devices serve as a central point to which all of the computers connect to.network can be
described as a system of interconnected devices that can communicate using some common
standard (called protocol). These devices communicate to exchange resources (e.g. files and
printers) and services.

Here is an example network consisting of two computers connected together:

 In the example above, the two computers are directly connected using a cable. This small
network can be used to exchange data between just these two computers.
What if we want to expand our network? Then we can use a network device, either a
switch or a hub, to connect more than two computers together:

Now all of the devices on the network can communicate with each other.

We’ll talk more about hubs and switches in just a moment. For now, just remember that
these devices serve as a central point to which all of the computers connect to.

1.2 OSI & TCP/IP models

OSI model
OSI (Open Systems Interconnection) model was created by the International
Organization for Standardization (ISO), an international standard-setting body. It was designed to
be a reference model for describing the functions of a communication system. It has seven
layers, with each layer describing a different function of data traveling through a network.

Here is the graphical representation of these layers:

 The layers are usually numbered from the last one, meaning that the Physical layer is
considered to be the first layer. It is good to learn these layers, since there will certainly be a
couple of questions on the CCNA exam regarding them. Most people learn the mnemonic
„Please Do Not Throw Sausage Pizza Away“:

So, what is the purpose of these layers?

They are most commonly used by vendors. They enable them to implement some
functionality into a networking device, which then enables easier interoperability with devices
from other vendors.

Here is a brief description of each of these layers.

Physical – defines how to move bits from one device to another. It details how cables,
connectors and network interface cards are going to work and how to send and receive bits.

Data Link – encapsulates a packet in a frame. A frame contains a header and a trailer that enable
devices to communicate. A header, most commonly, contains a source and a destination MAC
address. A trailer contains the Frame Check Sequence field, which is used to detect transmission
errors.
The data link layer has two sub layers:

1. Logical Link Control – used for flow control and error detection
2. Media Access Control – used for hardware addressing and controlling the access method
Network – defines device addressing, routing, and path determination. Device (logical)
addressing is used to identify a host on a network (e.g. by its IP address).

Transport – segments great chunks of data received from the upper layer protocols. Establishes
and terminates connections between two computers. Used for flow control and data recovery.

Session – defines how to establish and terminate a session between the two systems.

Presentation – defines data formats. Compression and encryption are defined at this layer.

Application – this layer is the closest to the user. It enables network applications to
communicate with other network applications.
The following table shows which protocols reside on which layer:

TCP/IP model
The TCP/IP model was created in the 1970s by the Defense Advance Research Project
Agency (DARPA). Like the OSI model, it describes general guidelines for designing and
implementing computer protocols.
It consists of four layers: Network Access, Internet, Transport, and Application.

The following picture shows the comparison between the TCP/IP model and OSI model:
As you can see, the TCP/IP model has fewer layers than the OSI model. The Application,
Presentation, and Session layers of the OSI model are merged in only one layer,
Application layer, in the TCP/IP model. Also, Physical and Data Link layers are called Network
Access layer in the TCP/IP model.

Differences between OSI and TCP/IP model

There are some other differences between these two models, besides the obvious
difference in the number of layers. OSI model prescribes the steps needed to transfer data over a
network and it is very specific in it, defining which protocol is used at each layer and how. The
TCP/IP model is not that specific. It can be said that the OSI model prescribes and TCP/IP model
describes.

1.3 Encapsulation

The term “encapsulation” is used to describe a process of adding headers and trailers
around some data. For example, when you send an email using your favourite email program
(like Outlook or Thunderbird) that email is sent from the Application layer to the Transport layer.
The Transport layer encapsulates the data and adds its own header (with its own information,
such as which port will be used) and passes the data to the Internet layer, which again
encapsulates the received data and adds its own header, usually with information about the
source and destination IP addresses. The Internet layer than passes the data to the Network
Access layer. This layer is the only layer that adds both a header and a trailer. The data is then
sent through a physical network link.
Each layer adds its own information:

The term “decapsulation” refers to the process of removing headers and trailers as data
passes from lower to upper layers. This process happens on a computer that is receiving data.

Frame, packet, segment

Frame – the term “frame” refers to the encapsulated data defined by the Network Access layer.
A frame can have a header and a trailer that encapsulate a data section.

Packet – the term “packet” is used to describe the encapsulated data defined by the Internet
layer. A packet can have a header with the source and destination IP addresses.

Segment – the term “segment” describes encapsulated data defined by the Transport layer. A
segment can have a header with information’s such as source and destination port numbers,
sequence and acknowledgment numbers, etc.

1.4 Ethernet

Ethernet is the most used networking technology for LANs today. It defines wiring and
signaling for the Physical layer of the OSI model. For the Data Link layer, it defines frame
formats and protocols.

Ethernet is described as IEEE 802.3 standard. It uses Carrier Sense Multiple Access with
Collision Detection (CSMA/CD) access method and supports speeds up to 100 Gbps. It can use
coaxial, twisted pair and fiber optic cables. Ethernet uses frames to with source and destination
MAC addresses to deliver data.
1.6 MAC & IP addresses

MAC address
A Media Access Control (MAC) address is a 48-bit address that is used for
communication between two hosts in an Ethernet environment. It is a hardware address, which
means that it is stored in the firmware of the network card.

A MAC address is supposed to be globaly unique. Each network card vendor gets its
share of addresses (represented by the first 24 bits).
The address is written in the form of 12 hexadecimal digits. For example, consider the
following MAC address:
D8-D3-85-EB-12-E3
Every hexadecimal character represents 4 bits, so the first six hexadecimal characters
represent the vendor (in this case, Hewlett Packard).

How to find out your own MAC address?

If you are using Windows, enter the Command Prompt (Start – Programs – Accessories –
Command Prompt). Type the ipconfig/all command and you should see a field called Physical
address under the Ethernet adapter settings:
If you are using Linux, type the ifconfig command. You should see your MAC address referred
to as HW address.

IP address

An IP address is a 32-bit number that identifies a host on a network. It is usually written

in the form of four decimal numbers separated by periods (e.g. 10.0.50.1).

In contrast to MAC address, an IP address is a logical address. Any device that wants to
communicate with other device using TCP/IP needs to have an IP address. It can be configured
manually or it can be obtained from a DHCP server.

The term “IP address” is usually used for IPv4, which is the fourth version of the IP
protocol. A newer version exists, IPv6, and uses 128-bit addressing.

Private IP addresses

There are three ranges of addresses that can be used in a private network (e.g. your home
LAN). These addresses are not routable through the Internet.

Private addresses ranges:

 10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

How to find out your IP address

Windows users:

Enter the Command Promt (Start – Programs – Accessories – Command Prompt). Enter
ipconfig. You should see a field called IP address.

Linux users:

Enter ifconfig. You should see a field called inet addr:

1.7 Unicast, multicast, and broadcast addresses

There are three types of Ethernet addresses:

 Unicast addresses – represent a single LAN interface. A unicast frame will be sent to a
specific device, not to a group of devices on the LAN.
 Multicast addresses – represent a group of devices in a LAN. A frame sent to a multicast
address will be forwarded to a group of devices on the LAN.

 Broadcast addresses – represent all device on the LAN. Frames sent to a broadcast
address will be delivered to all devices on the LAN.

The broadcast address has the value of FFFF.FFFF.FFFF (all binary ones). The switch
will flood broadcast frames out all ports except the port that it was received on.

Multicast frames have a value of 1 in the least-significant bit of the first octet of the
destination address. This helps a network switch to distinguish between unicast and multicast
addresses. One example of an Ethernet multicast address would be 01:00:0C:CC:CC:CC,
which is an address used by CDP (Cisco Discovery Protocol).

1.8 Network devices

Hubs
 A hub serves as a central point to which all of the hosts in a network connect to. It is an
OSI layer 1 device. It receives a signal from one port and sends it out to all other ports.
Sometimes it is called a multiport repeater (photo credit: Wikipedia)

Today, these devices are considered obsolete and switches are commonly used instead.
Hubs have numerous disadvantages. They are not aware of the traffic that passes through them.
They create only one large collision domain. A hub typically operates in half duplex. There is
also a security issue with hubs since the traffic is forwarded to all ports (except the source port),
which makes it possible to capture all traffic on a network with a network sniffer!

Switches
Like hubs, a switch is used to connect multiple hosts together, but it has many advantages
over a hub. Switch is an OSI Layer 2 device, which means that it can inspect received traffic and
make forwarding decisions. Each port on a switch is a separate collision domain and can run in a
full duplex mode (photo credit: Wikipedia).

How switches work?

Let’s take a look at the following example:
 Host A is trying to communicate with Host B and sends a packet. A packet arrives at the
switch, which looks at the destination MAC address. The switch then searches that address in its
MAC address table. If the MAC address is found, the switch then forwards the packet only to the
port that connected to the frame’s destination. If the MAC address is not found, the switch will
flood the frame out all other ports. To learn which MAC address is associated with which port,
switches examine the source MAC addresses of the receiving packet and store that MAC
addresses in their MAC address table.

What is a MAC address table?

A MAC address table lists which MAC address is connected to which port. It is used by
switches to make forwarding decisions. The table is populated by examining the source MAC
address of the incoming packet. If the source MAC address of a packet is not present in the table,
the switch adds an entry to it’s MAC address table.

The picture below show how a MAC address table on a switch looks like:
Difference between a switch and a bridge

A switch is sometimes called a multiport bridge, but there are differences between these
two devices. A bridge usually has fewer ports than switch. A switch operates faster because it is
hardware-based, which means that it uses chips (ASICs) when making forwarding decisions. In
contrast, a bridge is software based. A switch can also have multiple spanning-tree instances
while a bridge can have only one. Switches can also have multiple broadcast domains, one per
VLAN.

Routers
A router is a device that routes packets from one network to another. A router is most
commonly an OSI Layer 3 device. Routers divide broadcast domains and have traffic filtering
capabilities.
The picture below shows a typical home router:

How routers work

A router uses IP addresses to figure out where to send packets. If two hosts from different
networks want to communicate, they will need a router between them to route packets

For example, check the following scenario:

Host A and host B are on different networks. If host A wants to communicate with host B, it will
have to send a packet to the router. The router receives the packet and checks the destination IP
address. If the destination IP address is in the routing table, the router will forward the packet out
the interface associated with that network.

What is a routing table?

A routing table lists a route for every network that a router can reach. It can be statically
configured (using IOS commands) or dynamically learned (using a routing protocol). It is used
by routers when deciding where to forward packets.
The picture below shows how a routing table looks like:

The command to display an IP routing table is show ip route. In the picture above, you
can see that this router has two directly connected subnets. Let’s take a closer look at the first
entry in the routing table:
“C“means that the route is a directly connected route. The network in question is 10.0.0.0/8, and
the router will forward each packet destined for that network out interface FastEthernet0/1.

NOTE – in Windows, you can use the netstat –r command to display the routing table of your
system.

1.9 Half duplex and full duplex

In telecommunication, a duplex communication system is a point-to-point system of two

devices that can communicate with each other in both direction. These two types of duplex
communication systems exist in Ethernet environments:

 half-duplex – a port can send data only when it is not receiving data. In other words, it
cannot send and receive data at the same time. Network hubs run in half-duplex mode in
order to prevent collisions. Since hubs are rare in modern LANs, the half-duplex system is
not widely used in Ethernet networks anymore.
 full-duplex – all nodes can send and receive on their port at the same time. There are no
collisions in full-duplex mode, but the host NIC and the switch port must support the full-
duplex mode. Full-duplex Ethernet uses two pairs of wires at the same time instead of a
single wire pair like half-duplex.

NOTE – each NIC and switch port has a duplex setting. For all links between hosts and
switches, or between switches, the full-duplex mode should be used. However, for all links
connected to a LAN hub, the half-duplex mode should be used in order to prevent a duplex
mismatch that could decrease network performance.

1.10 IEEE Ethernet standards

Ethernet is defined in a number of IEEE (Institute of Electrical and Electronics Engineers) 802.3
standards. These standards define the physical and data-link layer specifications for Ethernet.
The most important 802.3 standards are:
  10Base-T (IEEE 802.3) – 10 Mbps with category 3 unshielded twisted pair (UTP)
wiring, up to 100 meters long.
 100Base-TX (IEEE 802.3u) – known as Fast Ethernet, uses category 5, 5E, or 6 UTP
wiring, up to 100 meters long.

 100Base-FX (IEEE 802.3u) – a version of Fast Ethernet that uses multi-mode optical
fiber. Up to 412 meters long.

 1000Base-CX (IEEE 802.3z) – uses copper twisted-pair cabling. Up to 25 meters long.

 1000Base-T (IEEE 802.3ab) – Gigabit Ethernet that uses Category 5 UTP wiring. Up to
100 meters long.

 1000Base-SX (IEEE 802.3z) – 1 Gigabit Ethernet running over multimode fiber-optic

cable.

 1000Base-LX (IEEE 802.3z) – 1 Gigabit Ethernet running over single-mode fiber.

 10GBase-T (802.3.an) – 10 Gbps connections over category 5e, 6, and 7 UTP cables.

Notice how the first number in the name of the standard represents the speed of the
network in megabits per second. The word base refers to baseband, meaning that the signals are
transmitted without modulation. The last part of the standard name refers to the cabling used to
carry signals. For example, 1000Base-T means that the speed of the network is up to 1000 Mbps,
baseband signaling is used, and the twisted-pair cabling will be used (T stands for twisted-pair).

1.11 Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse
technologies, Cisco has developed a layered hierarchical model for designing a reliable network
infrastructure. This three-layer model helps you design, implement, and maintain a scalable,
reliable, and cost-effective network. Each of layers has its own features and functionality, which
reduces network complexity.

Here is an example of the Cisco hierarchical model:

Here is a description of each layer:

 Access – controls user and workgroup access to the resources on the network. This layer
usually incorporates Layer 2 switches and access points that provide connectivity between
workstations and servers. You can manage access control and policy, create separate
collision domains, and implement port security at this layer.
 Distribution – serves as the communication point between the access layer and the core.
Its primary functions is to provide routing, filtering, and WAN access and to determine how
packets can access the core. This layer determines the fastest way that network service
requests are accessed – for example, how a file request is forwarded to a server – and, if
necessary, forwards the request to the core layer. This layer usually consists of routers and
multilayer switches.

 Core – also referred to as the network backbone, this layer is responsible for transporting
large amounts of traffic quickly. The core layer provides interconnectivity between
distribution layer devices it usually consists of high speed devices, like high end routers and
switches with redundant links.

2. CABLING

2.1 Types of Ethernet cabling

 There are three cable types commonly used for Ethernet cabling: coaxial, twisted pair,
and fiber-optic cabling. In today’s LANs, the twisted pair cabling is the most popular type of
cabling, but the fiber-optic cabling usage is increasing, especially in high performance networks.
Coaxial cabling is generally used for cable Internet access. We will explain all three types of
cabling. We will also explain a difference between a straight-through and crossover cable.

Coaxial cabling
Coaxial cable has an inner conductor that runs down the middle of the cable. The
conductor is surrounded by a layer of insulation which is then surrounded by another conducting
shield, which makes this type of cabling resistant to the outside interference. This type of cabling
comes in two types, thinnet and thicknet. Both types have a maximum transmission speed of 10
Mbps. Coaxial cabling was used for computer networks, but today are largely replaced by
twisted-pair cabling

Twisted-pair cabling
A twisted-pair cable has four pair of wires. These wires are twisted around each other to
reduce crosstalk and outside interference. This type of cabling is common in most current LANs.
Twisted-pair cabling can be used for telephone and network cabling. It comes in two
versions, UTP (Unshielded Twisted-Pair) and STP (Shielded Twisted-Pair). The difference
between these two is that an STP cable has an additional layer of insulation that protects data
from outside interferences.

Here you can see how a twisted pair cable looks like
A twisted-pair cable uses 8P8C connector, sometimes wrongly referred to as RJ45 connector

Fiber-optic cabling
This type of cabling uses optical fibers to transmit data in the form of light signals. The
cables have strands of glass surrounded by a cladding material (Photo credit: Wikipedia).

This type of cabling can support greater cable lengths than any other cabling type (up to a
couple of miles). The cables are also immune to electromagnetic interference. As you can see,
this cabling method has many advantages over other methods but it’s drawback is that it is the
most expensive type of cabling.

There are two types of fiber-optic cables:

• Single-mode fiber (SMF) – uses only a single ray of light to carry data
• Multi-mode fiber (MMF) – uses multiple rays of light to carry data

Two types of connectors are commonly used:

• ST (Straight-tip connector)
• SC (Subscriber connector)

2.2 Types of Ethernet cables

Ethernet cables can come in two forms:

Straight-through cable – it has identical wiring on both ends (pin 1 on one end of the cable is
connected to pin 1 at the other end of the cable, pin 2 is connected to pin 2 etc.). This type of
cable is used to connect:
• computer to hub
• computer to switch
• router to hub
• router to switch

Computers and routers use wires 1 and 2 to transmit data and wires 3 and 6 to receive
data. Hubs and switches use wires 1 and 2 to receive data and wires 3 and 6 to send data. That is
why, if you want to connect two computers together, you will need a crossover cable.

Crossover cable – wire pairs are swapped, which means that different pins are connected
together – pin 1 on one end of the cable is connected to pin 3 on the other end, pin 2 on one end
is connected to pin 6 on the other end (Photo credit: Wikipedia).
 This type of cable is used when you need to connect two devices that use the same wires
to send and the same wires to receive data. For example, consider connecting two computers
together. If you use straight-through cable, with identical wiring in both ends, both computers
will use wires 1 and 2 to send data. If computer A sends some packets to computer B, computer
A will send that data using wires 1 and 2. That will cause a problem because computers expect
packets to be received on wires 3 and 6, and your network will not work properly.

TYPES OF NETWORK

3.1 Wide area network

The term “wide area network“ is used to describe a network that spans multiple
geographic locations. Consider an example. A company has two offices, one in London and one
in Berlin. Both offices have a LAN. If the company connects these two LANs together using
WAN technology, a WAN is created.

The key difference between LANs and WANs is that the company usually doesn’t own
WAN infrastructure. A company usually leases WAN services from a service provider.
Frame Relay, ATM and X.25 are different types of WAN technologies. The Internet can
also be considered a WAN.
3.2 Local area network & Metropolitan area network

Local area network (LAN)

 The term “local area network” is commonly used to describe a network of devices in a
limited area (a house, office, building…). This type of network is usually capable of achieving
high data transfer rate (up to 10 Gbps!) at low cost.

Some of the most popular LAN technologies are Ethernet, Token Ring and FDDI. Most LAN
networks use TCP/IP to communicate. Twisted-pair cabling is usually used in a LAN.

Examples of this type of network are a small office network inside a single building or your
home network.

Metropolitan area network (MAN)

The term „metropolitan area network“ is used to describe a network in a single
metropolitan area, hence the name. This type of network is usually bigger than a LAN and
smaller than a WAN. An example of this type of network would be a network that connects two
company offices inside the same city.

4. IP ADDRESSING

4.1 Types of IP Addresses

The IP addresses are divided into three different types, based on their operational characteristics:

1. unicast IP addresses – an address of a single interface. The IP addresses of this type are used
for one-to-one communication. Unicast IP addresses are used to direct packets to a specific host.
Here is an example:

In the picture above you can see that the host wants to communicate with the server. It uses the
IP address of the server (192.168.0.150) to do so.
2. multicast IP addresses – used for one-to-many communication. Multicast messages are sent
to IP multicast group addresses. Routers forward copies of the packet out to every interface that
has hosts subscribed to that group address. Only the hosts that need to receive the message will
process the packets. All other hosts on the LAN will discard them. Here is an example:

R1 has sent a multicast packet destined for 224.0.0.9. This is an RIPv2 packet, and only routers
on the network should read it. R2 will receive the packet and read it. All other hosts on the LAN
will discard the packet.

3. broadcast IP addresses – used to send data to all possible destinations in the broadcast
domain (the one-to-everybody communication). The broadcast address for a network has all host
bits on. For example, for the network 192.168.30.0 255.255.255.0 the broadcast address would
be 192.168.0.255. Also, the IP address of all 1’s (255.255.255.255) can be used for local
broadcast. Here’s an example:
R1 has sent a broadcast packet to the broadcast IP address 192.168.30.255. All hosts in the same
broadcast domain will receive and process the packet.

4.2 Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of
valid IP addresses. The value of the first octet determines the class. IP addresses from the first
three classes (A, B and C) can be used for host addresses. The other two classes are used for
other purposes (class D for multicast and class E for experimental purposes).

Classes of IP addresses:
Special IP address ranges:
0.0.0.0/8 – addresses used to communicate with the current network
127.0.0.0/8 – loopback addresses
169.254.0.0/16 – link-local addresses (APIPA)

4.3 Subnetting explained

Subnetting is the practice of dividing a network into two or more smaller networks. It increases
routing efficiency, enhances the security of the network and reduces the size of the broadcast
domain. Consider the following example:

In the picture above we have one huge network: 10.0.0.0/24. All hosts on the network are
in the same subnet, which has following disadvantages:

A single broadcast domain – all hosts are in the same broadcast domain. A broadcast sent by a
device on the network will be processed by all hosts.
Network security – each device can reach any other device on the subnet, which can present
security problems.
Organizational problems – in a large networks, different departments are usually grouped into
different subnets. For example, you can group all devices from the Accounting department in the
same subnet and then give access to sensitive financial data only to hosts from that subnet.

The network above could be sub netted like this:

 Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting and
10.1.0.0/24 for Marketing. Devices in each subnet are now in a different broadcast domain.

4.4 Subnet mask

An IP address is divided into two parts: network and host parts. For example, an IP class
A address consists of 8 bits identifying the network and 24 bits identifying the host. This is
because the default subnet mask for a class A IP address is 8 bits long. (or, written in dotted
decimal notation, 255.0.0.0). What does it mean? Well, like an IP address, a subnet mask also
consists of 32 bits. Computers use it to determine the network part and the host part of an
address. The 1s in the subnet mask represent a network part, the 0s a host part.
Computers works only with bits. The math used to determine a network range is binary AND.
Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8 bits
(255.0.0.0).
First, we need to convert the IP address to binary:

IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000

Computers then use the AND operation to determine the network number:

The computer can then determine the size of the network. Only IP addresses that begins
with 10 will be in the same network. So, in this case, the range of addresses in this network is
10.0.0.0 – 10.255.255.255.

NOTE – A subnet mask must always be a series of 1s followed by a series of 0s.

4.5 Create subnets

There are a couple of ways to create subnets. In this article we will subnet a class C
address 192.168.0.0 that, by default, has 24 subnet bits and 8 host bits.

Before we start subnetting, we have to ask ourselves these two questions:

1. How many subnets do we need?

2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit, we can have
21 or 2 subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets, etc.

2. How many hosts per subnet do we need?

2y – 2 = number of hosts per subnet. y is the number of 0s in the subnet mask.

 An example will help you understand the subnetting concept. Let’s say that we need to
subnet a class C address 192.168.0.0/24. We need two subnets with 50 hosts per subnet. Here is
our calculation:

1. Since we need only two subnets, we need 21 subnet bits. In our case, this means that we will
take one bit from the host part. Here is the calculation:

First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s convert them to
binary:

192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000

We need to take covert a single zero from the host part of the subnet mask. Here is our new
subnet mask:

255.255.255.128 = 11111111.11111111.11111111.10000000

Remember, the ones in the subnet mask represent the network.

2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left with seven
bits for the hosts. Is it enough for 50 hosts? The formula to calculate the number of hosts is 2y –
2, with y representing the number of host bits. Since 27 – 2 is 126, we have more than enough
bits for our hosts.

3. Our network will look like this:

192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range of IP
addresses in this subnet is 192.168.0.0 – 192.168.0.127.

192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128. The range of IP
addresses in this subnet is 192.168.0.128 – 192.168.0.255.
5. NETWORK TOOLS

5.1 Ping
A ping is perhaps the most commonly used tool when troubleshooting a network. Ping
(Packet Internet Groper) tool is included with most operating systems. It is invoked using a ping
command. Ping command uses ICMP (Internet Control Message Protocol). Ping works by
sending an ICMP echo request message to the specified IP address. If the computer with the
destination IP address is reachable, it responds with an ICMP echo reply message.
A ping command usually outputs some other information about a network performance,
e.g. a round-trip time, a time to send an ICMP request packet and receive an ICMP reply packet.

Here is an output of the ping command from Windows 7:

In the example above we have pinged the ip address 10.10.100.1. By default, ping on
Windows sends four ICMP request packets. As you can see from the output above, the host with
the IP address of 10.10.100.1 is reachable and has replied with four ICMP reply packets. You can
also see that the remote host has replied within 1 ms, which indicates that the network is not
congested.

5.2 Traceroute

Traceroute is a CLI (Command-line interface)-based tool used to identify the path used
by a packet to reach its target. This tool also uses ICMP messages, but unlike ping, identifies
every router in a path. Traceroute is useful when troubleshooting network problems because it
can help identify where exactly the problem is.

Traceroute sends a series of ICMP echo request packets to a destination. First series of
messages has a Time to Live (TTL) parameter set to 1, which means that the first router in a path
will discard the packet and send an ICMP Time Exceeded message. TTL is then increased by one
until the destination host is reached and an ICMP echo reply message is received. Originating
host can then use received ICMP messages to identify all routers in a path.

The traceroute command on Windows is named tracert. On Unix and Cisco IOS
traceroute it is invoked using the traceroute command.

Here is an example showing the tracert command in Windows:

Traceroute on Unix-like operating systems

Traceroute command on Unix works slighty different than the Windows version. It uses
UDP packets with a large destination port number (33434 to 33534) that is unlikely to be used by
any application at the destination host. Like the Windows version of the command, traceroute on
Unix uses TTL to get the IP addresses of the intermediary routers. When a destination host is
reached, it replies with an ICMP port unreachable message

6. NETWORK PROTOCOLS

6.1 TCP/IP suite of protocols

The TCP/IP suite is a set of protocols used on computer networks today (most notably on
the Internet). It provides an end-to-end connectivity by specifying how data should be
packetized, addressed, transmitted, routed and received on a TCP/IP network. This functionality
is organized into four abstraction layers and each protocol in the suite resides in a particular
layer.

The TCP/IP suite is named after its most important protocols, the Transmission Control Protocol
(TCP) and the Internet Protocol (IP). Some of the protocols included in the TCP/IP suite are:

 ARP (Address Resolution Protocol) – used to convert an IP address to a MAC address.

 IP (Internet Protocol) – used to deliver packets from the source host to the destination
host based on the IP addresses.

 ICMP (Internet Control Message Protocol) – used to detects and reports network error
conditions. Used in ping.

 TCP (Transmission Control Protocol) – a connection-oriented protocol that enables

reliable data transfer between two computers.

 UDP (User Datagram Protocol) – a connectionless protocol for data transfer. Since a
session is not created before the data transfer, there is no guarantee of data delivery.
  FTP (File Transfer Protocol) – used for file transfers from one host to another.

 Telnet (Telecommunications Network) – used to connect and issue commands on a

remote computer.

 DNS (Domain Name System) – used for host names to the IP address resolution.

 HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic images,
sound, video, and other multimedia files) on the World Wide Web.

The following table shows which protocols reside on which layer of the TCP/IP model:

6.2 TCP explained

One of the main protocols in the TCP/IP suite is Transmission Control Protocol (TCP).
TCP provides reliable and ordered delivery of data between applications running on hosts on a
TCP/IP network. Because of its reliable nature, TCP is used by applications that require high
reliability, such as FTP, SSH, SMTP, HTTP, etc.

TCP is connection-oriented, which means that, before data is sent, a connection between
two hosts must be established. The process used to establish a TCP connection is known as the
three-way handshake. After the connection has been established, the data transfer phase begins.
After the data is transmitted, the connection is terminated.

One other notable characteristic of TCP is its reliable delivery. TCP uses sequence
numbers to identify the order of the bytes sent from each computer so that the data can be
reconstructed in order. If any data is lost during the transmission, the sender can retransmit the
data.
 Because of all of its characteristics, TCP is considered to be complicated and costly in
terms of network usage. The TCP header is up to 24 bytes long and consists of the following
fields:

source port – the port number of the application on the host sending the data.
destination port – the port number of the application on the host receiving the data.
sequence number – used to identify each byte of data.
acknowledgment number – the next sequence number that the receiver is expecting.
header length – the size of the TCP header.
reserved – always set to 0.
flags – used to set up and terminate a session.
window – the window size the sender is willing to accept.
checksum – used for error-checking of the header and data.
urgent – indicates the offset from the current sequence number, where the segment of non-urgent
data begins.
options – various TCP options, such as Maximum Segment Size (MSS) or Window Scaling.

NOTE – TCP is a Transport layer protocol (Layer 4 of the OSI model).

6.3 UDP Explained

One other important protocol in the TCP/IP site is User Datagram Protocol (UDP). This
protocol is basically a scaled-down version of TCP. Just like TCP, this protocol provides delivery
of data between applications running on hosts on a TCP/IP network, but, unlike TCP, it does not
sequence the data and does not care about the order in which the segments arrive at the
destination. Because of this it is considered to be an unreliable protocol. UDP is also considered
to be a connectionless protocol, since no virtual circuit is established between two endpoints
before the data transfer takes place.

Because it does not provide many features that TCP does, UDP uses much less network
resources than TCP. UDP is commonly used with two types of applications:

 applications that are tolerant of the lost data – VoIP (Voice over IP) uses UDP because
if a voice packet is lost, by the time the packet would be retransmitted, too much delay
would have occurred, and the voice would be unintelligible.
 applications that have some application mechanism to recover lost data – Network
File System (NFS) performs recovery with application layer code, so UDP is used as a
transport-layer protocol.

The UDP header is 8 bytes long and consists of the following fields:

Here is a description of each field:

source port – the port number of the application on the host sending the data.
destination port – the port number of the application on the host receiving the data.
length – the length of the UDP header and data.
checksum – checksum of both the UDP header and UDP data fields.

NOTE – UDP is a Transport layer protocol (Layer 4 of the OSI model).

6.4 Ports Explained

A port is a 16-bit number used to identify specific applications and services. TCP and
UDP specify the source and destination port numbers in their packet headers and that
information, along with the source and destination IP addresses and the transport protocol (TCP
or UDP), enables applications running on hosts on a TCP/IP network to communicate.

Applications that provide a service (such as FTP or and HTTP servers) open a port on the
local computer and listen for connection requests. A client can request the service by pointing the
request to the application’s IP address and port. A client can use any locally unused port number
for communication. Consider the following example:

In the picture above you can see that a host with an IP address of 192.168.0.50 wants to
communicate with the FTP server. Because FTP servers use, by default, the well-known port 21,
the host generates the request and sends it to the FTP server’s IP address and port. The host use
the locally unused port of 1200 for communication. The FTP server receives the request,
generates the response and sends it to the host’s IP address and port.

Port numbers are from 0 to 65535. The first 1024 ports are reserved for use by certain
privileged services:
NOTE – The combination of an IP address and a port number is called a socket. In our example
the socket would be 192.168.0.50:1200.

6.5 ARP

ARP (Address Resolution Protocol) is a network protocol used to find out the hardware
(MAC) address of a device from an IP address. It is used when a device wants to communicate
with some other device on a local network (for example on an Ethernet network that requires
physical addresses to be known before sending packets). The sending device uses ARP to
translate IP addresses to MAC addresses. The device sends an ARP request message containing
the IP address of the receiving device. All devices on a local network segment see the message,
but only the device that has that IP address responds with the ARP reply message containing its
MAC address. The sending device now has enough information to send the packet to the
receiving device.
ARP request packets are sent to the broadcast addresses (FF:FF:FF:FF:FF:FF for the Ethernet
broadcasts and 255.255.255.255 for the IP broadcast).

ARP broadcast explained:

 Let’s say that Host A wants to communicate with host B. Host A knows the IP address of
host B, but it doesn’t know the host B’s MAC address. In order to find out the MAC address of
host B, host A sends an ARP request, listing the host B’s IP address as the destination IP address
and the MAC address of FF:FF:FF:FF:FF:FF (Ethernet broadcast). Switch will forward the
frame out all interfaces (except the incoming interface). Each device on the segment will receive
the packet, but because the destination IP address is host B’s IP address, only host B will reply
with the ARP reply packet, listing its MAC address. Host A now has enough information to send
the traffic to host B.
All operating systems maintain ARP caches that are checked before sending an ARP
request message. You can display ARP entries in Windows by using the arp -a command:

6.6 DHCP & DNS

DHCP (Dynamic Host Configuration Protocol)

DHCP is a network protocol that is used to assign various network parameters to a
device. This greatly simplifies administration, since there is no need to assign static network
parameters for each device separately. DHCP is a client-server protocol. A client is a device that
is configured to use DHCP to request network parameters from a DHCP server. DHCP server
maintains a pool of available IP addresses and assigns one of them to the host. A DHCP server
can also provide some other parameters, such as:
• subnet mask
• default gateway
• domain name
• DNS server

Cisco routers can be used as a DHCP server.

DHCP process explained:

DHCP client goes through the four step process:

1: A DHCP client sends a broadcast packet (DHCP Discover) to discover DHCP servers on the
LAN segment.
2: The DHCP servers receive the DHCP Discover packet and respond with DHCP Offer packets,
offering IP addressing information.
3: If the client receives the DHCP Offer packets from multiple DHCP servers,
the first DHCP Offer packet is accepted. The client responds by broadcasting a DHCP Request
packet, requesting network parameters from a single server.
4: The DHCP server approves the lease with a DHCP Acknowledgement packet. The packet
includes the lease duration and other configuration information.

DNS (Domain Name System)

DNS is a network protocol used to translate hostnames into IP addresses. DNS is not
required to establish a network connection, but it is much more user friendly for human users
than the numeric addressing scheme. Consider this example. You can access the Google
homepage by typing 74.125.227.99, but it’s much easier just to type www.google.com!

To use DNS, you must have a DNS server configured to handle the resolution process. A
DNS server have a special-purpose application installed. The application maintains a table of
dynamic or static hostname-to-IP address mappings. When a user request some network resource
using a hostname, (for example by typing www.google.com in a browser), a DNS request is sent
to the DNS server asking for the IP address of the hostname. The DNS server then replies with
the IP address. The user’s browser can now use that IP address to access www.google.com.

The figure below explains the concept:

Suppose that the DNS Client wants to communicate with the server named Server1. Since
the DNC Client doesn’t know the IP address of Server1, it sends a DNS Request to the DNS
Server, asking for Server1’s IP address. The DNS Server replies with the IP address of Server1
(DNS Reply).
The picture below shows a sample DNS record:

Here you can see that the host with the hostname APP1 is using the IP address of 10.0.0.3.

6.7 TELNET & SSH

Telnet
Telnet is a network protocol that allows a user to communicate with a remote device. It is
a virtual terminal protocol used mostly by network administrators to remotely access and manage
devices. Administrator can access the device by “telnetting” to the IP address or hostname of a
remote device.

To use telnet, you must have a software (Telnet client) installed. On a remote device, a
Telnet server must be installed and running. Telnet uses TCP port 23.

One of the greatest disadvantages of this protocol is that all data, including usernames
and passwords, is sent in clear text, which is a potential security risk. This is the main reason
why Telnet is rarely used today and is being replaced by a much secure protocol called SSH.
 The word “telnet” can also refer to the software that implements the telnet protocol.
On Windows, you can start a Telnet session by typing the telnet IP_ADDRESS or HOSTNAME
command:

SSH (Secure Shell)

SSH is a network protocol used to remotely access and manage a device. The key
difference between Telnet and SSH is that SSH uses encryption, which means that all data
transmitted over a network is secure from eavesdropping.

Like Telnet, a user accessing a remote device must have an SSH client installed. On a
remote device, an SSH server must be installed and running. SSH uses TCP port 22 by default.
SSH relies on public key cryptography for its encryption.

Here is an example of creating an SSH session using Putty, a free SSH client:
NOTE – SSH is the most common way to remotely access a Cisco device.

6.8 FTP & TFTP

FTP (File Transfer Protocol)

FTP is a network protocol used to transfer files from one computer to another over a TCP
network. Like Telnet, it uses a client-network architecture, which means that a user has to have
an FTP client installed to access an FTP server running on the remote machine. After establishing
an FTP connection, the user can download or upload files to and from the FTP server.
FTP uses two TCP ports: port 20 for sending data and port 21 for sending control
commands.FTP can use authentication, but like Telnet, all data is sent in clear text, including
usernames and passwords.
TFTP (Trivial File Protocol)
TFTP is a network protocol used to transfer files between remote machines. It is a simple
version of FTP, lacking some of the more advanced features FTP offers, but requiring less
resource than FTP.
Because of it’s simplicity TFTP can be used only to send and receive files. It uses UDP port 69
for communication.

Because of it’s disadvantages TFTP is not widely used today, but it’s used to save and restore a
router configuration or to backup an IOS image.
TFTP doesn’t support user authentication and sends all data in clear text.

6.9 SNMP (Simple Network Management Protocol)

Simple Network Management Protocol (SNMP) is an application layer protocol that is

used for network device management. This protocol can collects and manipulate valuable
network information from switches, routers, servers, printers, and other network-attached
devices.

An SNMP-managed network consists of two components:

 Network management station (NMS) – the software which runs on the administrative
computer. This software gathers SNMP data by requiring the devices on the network to
disclose certain information. Devices can also inform the NMS about problems they are
experiencing by sending an SNMP alert (called a trap).
 Agent – the software which runs on managed devices and reports information via SNMP
to the NMS.

Consider the following example:

The router R1 is configured to send SNMP traps to the NMS Station. If a problem occurs,
the router will send an SNMP trap to Host A. For example, if there is a port security violation on
R1, the router will send the SNMP trap, notifying that there has been a potential security breach
on the network.
NOTE – SNMP agents use a UDP port 161, while the manager uses a UDP port 162. The current
SNMP version is SNMPv3. The prior versions, SNMPv1 and SNMPv2 are considered obsolete
and should not be used.

6.10 HTTP & HTTPs

HTTP (Hypertext Transfer Protocol)

HTTP is an client-server protocol that allows clients to request web pages from web
servers. It is an application level protocol widely used on the Internet. Clients are usually web
browsers. When a user wants to access a web page, a browser sends an HTTP Request message
to the web server. The server responds with the requested web page. Web servers usually use
TCP port 80.

Clients and web servers use request-response method to communicate with each other,
with clients sending the HTTP Requests and servers responding with the HTTP Responses.
Clients usually send their requests using GET or POST methods, for example GET
/homepage.html. A web server responds with a status message (200 if the request was successful)
and sends the requested resource.

An example will clarify this process:

HTTPS (Hypertext Transfer Protocol Secure)

Hypertext Transfer Protocol Secure is a secure version of HTTP. This protocol enables
secure communication between a client (e.g. web browser) and a server (e.g. web server) by
using encryption. HTTPS uses SSL (Secure Socets Layer) protocol and for encryption and TCP
port 443 for communication.
 HTTPS is commonly used to create a secure channel over some insecure network, e.g.
Internet. By default, most traffic on the Internet is unencryped and susceptible to sniffing attacks.
HTTPS encrypts sensitive information, which makes a connection secure.

HTTPS is usually not used on the entire website because encryption slows down the site.
Instead, it is used only to protect sensitive information like usernames and passwords.

HTTPS URLs begin with https instead of http. In Internet Explorer, you can immediately
recognize that a web site is using HTTPS because a lock appears to the right of the address bar:

6.11 NTP (Network Time Protocol)

Network Time Protocol (NTP) is an application layer protocol used for clock
synchronization between hosts on a TCP/IP network. The goal of NTP is to ensure that all
computers on a network agree on the time, since even a small difference can create problems.
For example, if there is more than 5 minutes difference on your host and the Active Directory
domain controller, you will not be able to login into your AD domain.

NTP uses a hierarchical system of time sources. At the top of the structure are highly
accurate time sources – typically atomic or GPS clocks. These clocks are known as stratum 0
servers. Stratum 1 servers are directly linked to stratum 0 servers and computers run NTP servers
that deliver the time to stratum 2 servers, and so on (image source: Wikipedia):
 NTP uses a client-server architecture; one host is configured as the NTP server and all
other hosts on the network are configured as NTP clients. Consider the following example:

Host A is configured to use a public NTP server uk.pool.ntp.org. Host A will

periodically send an NTP request to the NTP server. The NTP server will provide the accurate
data and time, so Host A can synchronize its clock.

NOTE – NTP uses a well-known UDP port 123. The current version is NTPv4, and it is
backward compatible with NTPv3.
6.12 APIPA (Automatic Private IP Addressing)

Automatic Private IP Addressing (APIPA) is a feature in Windows operating systems that

enables computers to automatically self-configure an IP address and subnet mask when their
DHCP server isn’t reachable. The IP address range for APIPA is 169.254.0.1-169.254.255.254,
with the subnet mask of 255.255.0.0.

When a DHCP client boots up, it looks for a DHCP server in order to obtain network
parameters. If the client can’t communicate with the DHCP server, it uses APIPA to configure
itself with an IP address from the APIPA range. This way, the host will still be able to
communicate with other hosts on the local network segment that are also configured for APIPA.

NOTE – If your host is using an IP address from the APIPA range, there is usually a problem on
the network. Check the network connectivity of your host and the status of the DHCP server.

The APIPA service also checks regularly for the presence of a DHCP server (every three
minutes). If it detects a DHCP server on the network, the DHCP server replaces the APIPA
networking addresses with dynamically assigned addresses.

6.13 ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) is a network layer protocol that reports
errors and provides information related to IP packet processing. ICMP is used by network
devices to send error messages indicating, for example, that a requested service is not available
or that a host isn’t reachable.

ICMP is commonly used by network tools such as ping or traceroute. Consider the following
example that illustrates how ping can be used to test the reachability of a host:
 Host A wants to test whether it can reach Server over the network. Host A will start the
ping utility that will send ICMP Echo Request packets to Server. If Server is reachable, it will
respond with ICMP Echo Reply packets. If Host A receives no response from Server, there
might be a problem on the network.

NOTE – ICMP messages are encapsulated in IP datagrams.

One other common ICMP message is the Destination unreachable message. Here is an
example:

Host A sends a packet to Host B. Because the R1’s interface connected to Host B is
down, the router will send an ICMP Destination unreachable message to Host A, informing it
that the destination host is unreachable.

6.14 IP Header

An IP header is a prefix to an IP packet that contains information about the IP version,

length of the packet, source and destination IP addresses, etc. It consists of the following fields:

Version – the version of the IP protocol. For IPv4, this field has a value of 4.
Header length – the length of the header in 32-bit words. The minimum value is 20 bytes, and
the maximum value is 60 bytes.
Priority and Type of Service – specifies how the datagram should be handled. The first 3 bits
are the priority bits.
Total length – the length of the entire packet (header + data). The minimum length is 20 bytes,
and the maximum is 65,535 bytes.
Identification – used to differentiate fragmented packets from different datagrams.
Flags – used to control or identify fragments.
Fragmented offset – used for fragmentation and reassembly if the packet is too large to put in a
frame.
Time to live – limits a datagram’s lifetime. If the packet doesn’t get to its destination before the
TTL expires, it is discarded.
Protocol – defines the protocol used in the data portion of the IP datagram. For example, TCP is
represented by the number 6 and UDP by 17.
Header checksum – used for error-checking of the header. If a packet arrives at a router and the
router calculates a different checksum than the one specified in this field, the packet will be
discarded.
Source IP address – the IP address of the host that sent the packet.
Destination IP address – the IP address of the host that should receive the packet.
Options – used for network testing, debugging, security, and more. This field is usually empty.

Consider the following IP header, captured with Wireshark:

Notice the fields in the header: the IP version is IPv4, the header length is 20 bytes, the upper-
level protocol used is TCP, the TTL value is set tu 128, etc.
8. IP ROUTING

8.1 What is IP Routing?

IP routing is the process of sending packets from a host on one network to another host
on another, remote network. This process is done by routers. Routers examine the destination IP
address of a packet , determine the next-hop address, and forward the packet.

Routers use routing tables to determine a next hop address to which the packet should be
forwarded.
Consider the following example of IP routing:

Host A wants to communicate with host B, but host B is on another network. Host A is
configured to send all packets destined for remote networks to router R1. Router R1 receives the
packets, examines the destination IP address and forwards the packet to the outgoing interface
associated with the destination network.
Default gateway
A default gateway is a router that hosts use to communicate with other hosts on remote networks.
A default gateway is used when a host doesn’t have a route entry for the specific remote network
and doesn’t know how to reach that network. Hosts can be configured to send all packets
destined to remote networks to a default gateway, which has a route to reach that network.

The following example explains the concept of a default gateway more thoroughly.
Host A has an IP address of the router R1 configured as the default gateway address. Host A is
trying to communicate with host B, a host on another, remote network. Host A looks up in its
routing table to check if there is an entry for that destination network. If the entry is not found,
the host sends all data to the router R1. Router R1 receives the packets and forwards them to host
B.

Routing table
Each router maintains a routing table and stores it in RAM. A routing table is used by routers to
determine a path to a destination network. Each routing table consists of the following entries:

1. network destination and a network subnet mask – specifies a range of IP addresses

2. remote router – IP address of the router used to reach that network
3. outgoing interface – outgoing interface the packet should go out to reach the destination
network

There are three different methods for populating a routing table:

• directly connected subnets
• using static routing
• using dynamic routing
Each of this method is described in the following chapters.
Consider the following example. Host A wants to communicate with host B, but host B is
on another network. Host A is configured to send all packets destined for remote networks to the
router. The router receives the packets, checks the routing table to see if it has an entry for the
destination address. If it does, the router forwards the packet out the appropriate interface port. If
the router doesn’t find the entry, it discards the packet.

You can use the show ip route command from the enabled mode to display the router’s routing
table.

As you can see from the output above, this router has two directly connected routes to the
subnets 10.0.0.0/8 and 192.168.0.0/24. The character „C“ in the routing table indicates that a
route is a directly connected route. The router will be able to route packets received from host A
to host B.

8.2 Connected, Static and Dynamic Routes

Connected routes
Subnets directly connected to a router interface are added to the router’s routing table. Interface
has to have an IP address configured and both interface status codes must be in the “up and up”
state. A router will be able to route all packets destined for all hosts in subnets directly connected
to its active interfaces.
Consider the following example. The router has two active interfaces, Fe0/0 and Fe0/1. Each
interface has been configured with an IP address and is currently in the up-up state, so the router
adds these subnets to its routing table.

As you can see from the output above, the router has two directly connected routes to the subnets
10.0.0.0/8 and 192.168.0.0/24. The character „C“ in the routing table indicates that a route is a
directly connected route.

TIP – you can see only connected routes in a router’s routing table by typing the show ip route
connected command.

Static routes
By adding static routes, a router can learn a route to a remote network that is not directly
connected to one of its interfaces. Static routes are configured manually by typing the global
configuration mode command ip route DESTINATION_NETWORK SUBNET_MASK
NEXT_HOP_IP_ADDRESS. This type of configuration is usually used in smaller networks
because of scalability reasons (you have to configure each route on each router).

A simple example will help you understand the concept of static routes.

Router A is directly connected to router B. Router B is directly connected to the subnet

10.0.1.0/24. Since that subnet is not directly connected to Router A, the router doesn’t know how
to route packets destined for that subnet. You have to configure that route manually.

First, consider the router A’s routing table before adding the static route:

Now, we’ll use the static route command to configure router A to reach the subnet 10.0.0.0/24.
The router now has the route to reach the subnet.
TIP – another version of the ip route command exists. You don’t have to specify the next-hop IP
address. You can rather specify the exit interface of the local router. In the example above you
could have typed the ip route DEST_NETWORK NEXT_HOP_INTERFACE command to instruct
router A to send all traffic destined for the subnet out the right interface.

Dynamic routes
A router can learn dynamic routes if a routing protocol is enabled. A routing protocol is used by
routers to exchange routing information with each other. Every router in a network can then use
information to build its routing table. A routing protocol can dynamicaly choose a different route
if a link goes down, so this type of routing is fault-tolerant. Also, unlike with static routing, there
is no need to manually configure every route on every router, which greatly reduces the
administrative overhead. You only need to define which routes will be advertised on a router that
connect directly to the corresponding subnets, routing protocols take care of the rest.

One of the disadvantages of dynamic routing is that it increases memory and CPU usage on a
router, because every router has to process received routing information and calculate its routing
table.
To better understand the advantage that dynamic routing procotols bring, consider the following
example.

Both routers are running a routing protocol, namely EIGRP. There is no static routes on Router
A, so R1 doesn’t know how to reach the subnet 10.0.0.0/24 that is directly connected to Router
B. Router B then advertises the subnet to Router A using EIGRP. Now Router A has the route to
reach the subnet. This can be verified by typing the show ip route command:

You can see that Router A has learned the subnet from EIGRP. The letter „D“ in front of the route
indicates that the route has been learned through EIGRP.
If the subnet 10.0.0.0/24 fails, Router B can immediately inform Router A that the subnet is no
longer reachable.
8.3 Administrative Distance and Metric

Administrative distance
A network can use more than one routing protocol, and routers on the network can learn about a
route from multiple sources. Routers need to find a way to select a better path. Administrative
distance number is used by routers to find out which route is better (lower number is better). For
example, if the same route is learned from RIP and EIGRP, a Cisco router chooses EIGRP route
and stores the route in the routing table. This is because EIGRP routes have, by default, an
administrative distance of 90, while RIP route have a higher administrative distance of 120.

You can display the administrative distance of all routes on your router by typing the show ip
route command:

In the case above, the router has only one route in its routing table learned from a
dynamic routing protocols , an EIGRP route.
The following table lists the administrative distance default values:

Metric
If a router learns two different paths for the same network from the same routing protocol, it has
to decide which route is better and will be placed in the routing table. Metric is a measure used
to decide which route is better (lower number is better). Each routing protocol uses its own
metric. For example, RIP uses hop counts as a metric, while OSPF uses cost.
The following example explains the way RIP calculates its metric and why it chooses one path
over another.

RIP has been configured on all routers. Router 1 has two paths to reach the subnet 10.0.0.0/24.
One path is goes through Router 2, while the other path goes through Router 3 and then Router 4.
Because RIP uses the hop count as its metric, the path through Router 1 will be chosen, because
the subnet is only one router away. The other path will have a higher metric of 2, because the
subnet is two routers away.

TIP – the example above can be used to illustrate a disadvantage of using RIP as a routing
protocol. Imagine if the first path through R2 was the 56k modem link, while the other path is a
high speed WAN link. Router R1 would still chose the path through R2 as the best route, because
RIP uses only the hop count as its metric.

The following table lists what various routing protocols use as a metric:
8.4 Routing Protocols

Types of routing procols

There are two types of routing protocols:

1. Distance vector (RIP, IGRP)

2. Link state (OSPF, IS-IS)

Cisco has created its own routing protocol – EIGRP. EIGRP is considered to be an advanced
distance vector protocol, although some materials erroneously state that EIGRP is a hybrid
routing protocol, a combination of distance vector and link state.

All of the routing protocols mentioned above are interior routing protocols (IGP), which means
that they are used to exchange routing information within one autonomous system. BGP (Border
Gateway Protocol) is an example of an exterior routing protocol (EGP) which is used to
exchange routing information between autonomous systems on the Internet.

Distance vector protocols

As the name implies, distance vector routing protocols use distance to determine the best path to
a remote network. The distance is usually the number of hops (routers) to the destination
network.
Distance vector protocols send complete routing table to each neighbor (a neighbor is directly
connected router that runs the same routing protocol). They usually use some version of
Bellman-Ford algorithm to calculate the best routes. Compared with link state routing protocols,
distance vector protocols are simpler to configure and require little management, but are
susceptible to routing loops and converge slower than link state routing protocols. Distance
vector protocols also use more bandwidth because they send complete routing table, while link
state procotols sends specific updates only when topology changes occur.

RIP and EIGRP are examples of distance vector routing protocols.

Link state protocols

Link state routing protocols are the second type of routing protocols. They have the same basic
purpose as distance vector protocols, to find a best path to a destination, but use different
methods to do so. Unlike distance vector protocols, link state protocols don’t advertise the entire
routing table. Instead, they advertise information about a network toplogy (directly connected
links, neighboring routers…), so that in the end all routers running a link state protocol have the
same topology database. Link state routing protocols converge much faster than distance vector
routing protocols, support classless routing, send updates using multicast addresses and use
triggered routing updates. They also require more router CPU and memory usage than distance-
vector routing protocols and can be harder to configure.
Each router running a link state routing protocol creates three different tables:

1. neighbor table – the table of neighboring routers running the same link state routing protocol
2. topology table – the table that stores the topology of the entire network
3. routing table – the table that stores the best routes

Shortest Path First algorithm is used to calculate the best route. OSPF and IS-IS are examples of
link state routing protocols.

Difference between distance vector and link state routing protocols

The following table summarizes the difference:

9. RIP

9.1 Overview

RIP (Routing Information Protocol) is one of the oldest distance vector routing protocols. It is
usually used in small networks. RIP is very simple to configure and maintain, but lacks some
advanced features of routing protocols like OSPF or EIGRP. Two versions of the protocol exists:
version 1 and version 2. Both versions use hop count as a metric and have the administrative
distance of 120. RIP version 2 is capable of advertising subnet masks and uses multicast to send
routing updates, while version 1 doesn’t advertises subnet masks and uses broadcast for updates.
Version 2 is backwards compatible with version 1.

RIPv2 sends the entire routing table every 30 seconds, which can consume a lot of bandwidth.
RIPv2 uses multicast address of 224.0.0.9 to send routing updates, supports authentication and
triggered updates (updates that are sent when a change in the network occurs).

For example of how RIP works, consider the following figure.

Router R1 directly connects to the subnet 10.0.0.0/24. Network engineer has configured RIP on
R1 to advertise this route. R1 sends routing updates to R2 and R3. The routing updates list the
subnet, subnet mask and metric for this route. Each router, R2 and R3, receives this update and
adds the route to their respective routing tables. Both routers list the metric of 1 because the
network is only one hop away.

TIP – maximum hop count for a RIP route is 15. Any route with a higher hop count is considered
to be unreachable.

9.2 Configuring RIPv2

Configuring RIPv2 is a pretty straightforward process. Only three steps are required:
1. enabling RIP by using the router rip global configuration command
2. instructing the router to use RIPv2 by typing the version 2 command
3. telling RIP which networks to advertise by using one or more network commands

The first two commands are easy to comprehend, but the last command requires a little bit more
thought. With the network command you specify which interfaces will participate in the routing
process. This command takes a classful network as a parameter and enables RIP on the
corresponding interfaces.

Let’s configure our sample network to use RIP.

Router R1 and R2 have directly connected subnets. We want to include these subnets in the RIP
routing process. To do that, we first need to enable RIP on both routers and then advertise these
subnets using the network command. On router R1, in the global configuration mode, enter the
router rip command to enable RIP. In the RIP configuration mode, change the version of the
protocol to 2 by using the version 2 command. Next, use the network 10.0.0.0 command to
include the Fa0/1 interface on the router R1 in the routing process. Remember, the network
command takes a classful network number as a parameter, so in this case every interface that has
an IP address that begins with 10 will be included in the RIP process (IP addresses that begins
with 10 are, by default, the class A addresses and have the default subnet mask of 255.0.0.0). For
instance, if another interface on the router had the IP address of 10.1.0.1 it would also be
included in the routing process with the network command. You also need to include the link
between the two routers in the RIP routing process. This is done by adding another network
statement, network 172.16.0.0.

So, the configuration on R1 should look like this:

The configuration on R2 looks similar, but with different network number for the directly
connected subnet:

You can verify that router R1 have a route to the R2’s directly connected subnet by typing the
show ip route command:

NOTE – the legend lists “R” for all RIP routes in the routing table. Also note that the
administrative distance of 120 is shown, together with the metric of 1.

9.3 RIP loop prevention

Split Horizon
Distance vector protocols are susceptible to routing loops. Split horizon is one of the features of
distance vector routing protocols that prevents them. This feature prevents a router from
advertising a route back onto the interface from which it was learned.
For example, consider the following network topology.

Router R2 has a route to the subnet 10.0.1.0/24 that is advertised to router R1 by using RIP.
Router R1 receives the update and stores the route in its routing table. Router R1 knows that the
routing update for that route has come from R2, so it won’t advertise the route back to router R2.
Otherwise, if the network 10.0.1.0/24 goes down, router R1 could receive a route to the subnet
10.0.1.0/24 from R2. Router R1 now thinks that R2 has the route to reach the subnet, and uses
that route. R2 receives the packets from R1 and sends them back to R2, because R2 thinks that
R1 has a route to reach the subnet, thereby creating a routing loop.

Route poisoning
Route poisoning is another method for preventing routing loops employed by distance vector
routing protocols. When a router detects that one of its directly connected routes has failed, it
sends the advertisement for that route with an infinite metric (“poisoning the route”). A router
that receives the update knows that the route has failed and doesn’t use it anymore.

Consider the following example.

Router R1 is directly connected to the 10.0.1.0/24 subnet. Router R1 runs RIP and the subnet is
advertised to R2. When the R1’s Fa0/1 interface fails, an route advertisement is sent by R1 to R2,
indicating that the route has failed. The route has a metric of 16, which is more than the RIP’s
maximum hop count of 15, so R1 considers the route to be unreachable.
Hold-down
Hold-down is a loop-prevention mechanism employed by distance vector routing protocol. This
feature prevents a router from learning new information about a failed route. When a router
receives information about an unreachable route, a hold-down timer is started. The router ignores
all routing updates for that route until the timer expires (by default, 180 seconds in RIP). Only
updates allowed during that period are updates sent from the router that originally advertised the
route. If that router advertises the update, the hold-down timer is stopped and the routing
information is processed.

An example will help you understand the concept better. Consider the following network
topology.

Router R1 has advertised its directly connected subnet 10.0.1.0/24 through RIP. After
some period of time, the interface Fa0/1 on R1 fails and router R1 sends the poisoned route to
R2. R2 receives the routing update, marks the route as unreachable and starts the holddown
timer. During that time all updates from any other routers about that route are ignored to prevent
routing loops. If interface Fa0/1 on R1 comes back up, R1 again advertises the route. R2 process
that update even if the hold down timer is still running, because the update is sent by the same
router that originally advertised the route.

10. EIGRP
10.1 Overview
EIGRP (Enhanced Interior Gateway Routing Protocol) is an advanced distance vector
routing protocol. This protocol is an evolution of an earlier Cisco protocol called IGRP, which is
now considered obsolete. EIGRP supports classless routing and VLSM, route summarization,
incremental updates, load balancing and many other useful features. It is a Cisco proprietary
protocol, so all routers in a network that is running EIGRP must be Cisco routers.

Routers running EIGRP must become neighbors before exchanging routing information. To
dynamically discover neighbors, EIGRP routers use the multicast address of 224.0.0.10. Each
EIGRP router stores routing and topology information in three tables:

• Neighbor table – stores information about EIGRP neighbors

• Topology table – stores routing information learned from neighboring routers
• Routing table – stores the best routes

Administrative distance of EIGRP is 90, which is less than both the administrative distance of
RIP and the administrative distance of OSPF, so EIGRP routes will be preferred over these
routes. EIGRP uses Reliable Transport Protocol (RTP) for sending messages.

EIGRP calculates its metric by using bandwidth, delay, reliability and load. By default, only
bandwidth and delay are used when calculating metric, while reliability and load are set to zero.

EIGPR uses the concept of autonomous systems. An autonomous system is a set of EIGRP
enabled routers that should become EIGRP neighbors. Each router inside an autonomous system
must have the same autonomous system number configured, otherwise routers will not become
neighbors.

EIGRP Neighbors
EIGRP must establish neighbor relationships with other EIGRP neighboring routers before
exchanging routing information. To establish a neighbor relationships, routers send hello packets
every couple of seconds. Hello packets are sent to the multicast address of 224.0.0.10.
TIP – on LAN interfaces hellos are sent every 5 seconds. On WAN interfaces every 60 seconds.
The following fields in a hello packet must be the identical in order for routers to become
neighbors:
• ASN (autonomous system number)
• subnet number
• K values (components of metric)

Routers send hello packets every couple of seconds to ensure that the neighbor relationship is
still active. By default, routers considers the neighbor to be down after a hold-down timer has
expired. Hold-down timer is, by default, three times the hello interval. On LAN network the
hold-down timer is 15 seconds.

Feasible and reported distance

Two terms that you will often encounter when working with EIGRP are feasible and reported
distance. Let’s clarify these terms:
Feasible distance (FD) – the metric of the best route to reach a network. That route will be listed
in the routing table.
Reported distance (RD) – the metric advertised by a neighboring router for a specific route. It
other words, it is the metric of the route used by the neighboring router to reach the network.

To better understand the concept, consider the following example.

EIGRP has been configured on R1 and R2. R2 is directly connected to the subnet 10.0.1.0/24 and
advertises that subnet into EIGRP. Let’s say that R2’s metric to reach that subnet is 28160. When
the subnet is advertised to R1, R2 informs R1 that its metric to reach 10.0.1.0/24 is 10. From the
R1’s perspective that metric is considered to be the reported distance for that route. R1 receives
the update and adds the metric to the neighbor to the reported distance. That metric is called
feasible distance and is stored in R1’s routing table (30720 in our case).

The feasible and reported distance are displayed in R1’s EIGRP topology table:

Successor and feasible successor

Another two terms that appear often in the EIGRP world are “successor” and “feasible
successor”. A successor is the route with the best metric to reach a destination. That route is
stored in the routing table. A feasible successor is a backup path to reach that same destination
that can be used immediately if the successor route fails. These backup routes are stored in the
topology table.

For a route to be chosen as a feasible successor, one condition must be met:

a neighbor’s advertised distance (AD) for the route must be less than the successor’s
feasible distance (FD).

The following example explains the concept of a successor and a feasible successor.
R1 has two paths to reach the subnet 10.0.0.0/24. The path through R2 has the best metric (20)
and it is stored in the R1’s routing table. The other route, through R3, is a feasible successor
route, because the feasibility condition has been met (R3’s advertised distance of 15 is less than
R1’s feasible distance of 20). R1 stores that route in the topology table. This route can be
immediately used if the primary route fails.

EIGRP topology table

EIGRP topology table contains all learned routes to a destination. The table holds all routes
received from a neighbor, successors and feasible successors for every route, and interfaces on
which updates were received. The table also holds all localy connected subnets included in an
EIGRP process.

Best routes (the successors) from the topology table are stored in the routing table.
Feasible successors are only stored in the topology table and can be used immediately if the
primary route fails.

Consider the following network topology.

EIGRP is running on all three routers. Routers R2 and R3 both connect to the subnet 10.0.1.0/24
and advertise that subnet to R1. R1 receives both updates and calculates the best route. The best
path goes through R2, so R1 stores that route in the routing table. Router R1 also calculates the
metric of the route through R3. Let’s say that advertised distance of that route is less then
feasible distance of the best route. The feasibility condition is met and router R1 stores that route
in the topology table as a feasible successor route. The route can be used immediately if the
primary route fails.

10.2 EIGRP Configuration

Configuring EIGRP 1
EIGRP configuration closely resembles RIP configuration. Only two steps are required:
• enabling EIGRP by using the router eigrp ASN_NUMBER command
• telling EIGRP which networks to advertise by using one or more network statements

The first command, router eigrp ASN_NUMBER, enables EIGRP on a router. ASN_NUMBER
represents an autonomous system number and has to be the same on all routers running EIGRP,
otherwise routers won’t become neighbors. The second command, network SUBNET, enables
EIGRP on selected interfaces and specifies which networks will be advertised. By default, the
network command takes a classful network number as the parameter.
To illustrate a configuration of EIGRP, we will use the following figure:

The network depicted above consists of only two routers. Each router has a directly connected
subnet that needs to be advertised through EIGRP. The following figure show the EIGRP
configuration on R1 and R2:

You can verify that routers have become neighbors by using the show ip eigrp neighbors
command on either router:

The command above lists all EIGRP neighbors. The address field lists the neighboring router
RID (router ID). The interface field shows on which local interface the neighbor relationship has
been formed.

You can verify that routes are indeed being exchanged by using the show ip route command on
both routers:
NOTE – the “D” character at the beginning of a line in a routing table indicates that the route
has been learned via EIGRP.

Configuring EIGRP 2
By default, the network command uses a classful network as the parameter. All interfaces inside
that classful network will participate in an EIGRP process.To enable EIGRP only on specific
interfaces, a wildcard mask can be used. The syntax of the command is:
(router-eigrp) network WILDCARD_MASK

Consider the following example.

Router R1 has two directly connected subnets, 10.0.0.0/24 and 10.0.1.0/24. We want to enable
EIGRP only on the subnet connected to the interface Fa0/0. If we enter the network 10.0.0.0
command under the EIGRP configuration mode, both subnets will be included in EIGRP process
because we’ve used a classful network number in the network command. To configure EIGRP
only on interface Fa0/0, the network 10.0.0.0 0.0.0.255 command can be used. This will enable
EIGRP only on interfaces starting with 10.0.0.X.

By using the command show ip protocols, you can verify that only network 10.0.0.0/24 is
included in EIGRP:
10.3 EIGRP Automatic & Manual Summarization
By default, EIGRP has auto summary feature enabled. Because of this, routes are summarized to
classful address at network boundaries in the routing updates.
To better understand the concept of auto-summarization, consider the following example.

Router R1 and R2 are running EIGRP. Router R1 has the locally connected subnet 10.0.1.0/24
that is advertised to the router R2. Because of the auto summary feature, the router R1
summarizes the network 10.0.1.0/24 before sending the route to R2. With the auto summary
feature turned on, R1 sends the classful route 10.0.0.0/8 to R2 instead of the more specific
10.0.1.0/24 route.
On R1, we have configured the following network statement:

But R2 receives the route to the classful network 10.0.0.0/8:

The auto summary feature can cause problems with discontiguous networks. This is why this
feature is usually turned off. This is done by using the no auto-summary command:
Now R2 has the classless route to reach the subnet 10.0.1.0/24:

NOTE – after typing the no auto-summary command, a neighbor relationship has to be re-
established.
One of the advantages of EIGRP over other routing protocol (like OSPF) is that manual
summarization can be done on any router within a network. A single route can be used to
represent multiple routes, which reduces the size of routing tables in a network.
Manual summarization is configured on a per-interface basis. The syntax of the command
is:
(config-if) ip summary-address eigrp ASN SUMMARY_ADDRESS SUBNET_MASK

An example will help you to understand this.

Router R1 and R2 are running EIGRP. Router R1 has two directly connected subnets: 10.0.0.0/24
and 10.0.1.0/24. EIGRP advertises these subnets as two separate routes. R2 now has two routes
for two subnets, which can be confirmed by using the show ip route command on R2:

We could configure R1’s to advertise only one summary route for both subnets, which helps
reduce R2’s routing table. To do this, the following command could be used:

Now, R1 is sending only one route to reach both subnets to R2. We can verify that by using the
show ip route command on R2:
Now R2 has only one route to reach both subnets on R1.

NOTE – in the example above, the ip summary command included two subnets on R1, but also
some other addresses that are not in these subnets. The range of the summarized addresses is
10.0.0.0 – 10.0.255.255, so R2 thinks that R1 has the routes for all addresses inside that range.
That could cause some problems if these addresses exist somewhere else in the network.

10.4 EIGRP Authentication and Load Balancing

EIGRP authentication
EIGRP authentication is used to prevent an attacker from forming the EIGRP neighbor
relationship with your router and advertising incorrect routing information. By using the same
preshared key (PSK) on all routers you can force EIGRP to authenticate every EIGRP message.
That way you can ensure that your router accepts routing updates only from trusted sources. To
authenticate every message, the MD5 (Message Digest 5) algorithm is used.

Three steps are required to configure EIGRP authentication:

1. creating a keychain
2. specifying a key string for a key
3. configuring EIGRP to use authentication
EIGRP uses the concept of key chains. Each key chain can have many keys, just like in real life.
You can specify a different lifetime interval of each key. That way the second key in a key chain
can be used after the first one is expired, the third one after the second and so on. After you have
created a key chain with the corresponding keys, you need to enable EIGRP authentication for a
particular interface.

To configure a router to use EIGRP configuration the following commands are used:

1. (global-config) key chain NAME – creates a keychain

2. (config-keychain) key NUMBER – identifies the key number
3. (config-keychain-key) key-string STRING – specifies the key string for the key

Next, we need to enable EIGRP authentication on an interface. From the interface mode, the
following commands are used:

4. (config-if) ip authentication mode eigrp ASN md5 – enables EIGRP authentication on the
interface
5. (config-if) ip authentication key-chain eigrp ASN KEY_CHAIN_NAME – specifies the name
of the key chain that will be used for authentication

NOTE – for the authentication to work, the key number and the key string have to match on both
routers! The key chain name doesn’t have to be the same on both routers.

The following example shows how EIGRP authentication is configured.

To establish a time frame for the validity of a key, you need to configure the accept-lifetime and
the send-lifetime parameters. The syntax of the commands is:

(config-keychain-key) accept-lifetime start_time {infinite | end_time | duration seconds}

(config-keychain-key) send-lifetime start_time {infinite | end_time | duration seconds}

The first command specifies the time period during which the key will be accepted. The second
command specifies the time period during which the key will be sent.

For example, if we want to use a key only from January 1st, 2013 to December 1st, 2013, the
following commands are used:

EIGRP load balancing

By default, EIGRP supports equal-cost load balancing over four links. Equal-cost means that
multiple routes must have the same metric to reach a destination, so that router can choose to
load balance across equal cost links.

To better understand the equal-cost load balancing concept, consider the following example.
All three routers are running EIGRP. Routers R2 and R3 areconnected to the subnet 10.0.1.0/24.
Both routers advertise the route to reach that subnet to R1. Router R1 receives the two routing
updates for the subnet 10.0.1.0/24 with the same metric (the metric is the same because both
routers connect to the subnet 10.0.1.0/24 and R1 across the links with the same bandwidth and
delay values). Router R1 places both routes in the routing table and load balances across three
links.

You can verify that R1 is indeed using both paths by typing the show ip route command:

One of the advantages of EIGRP is that, unlike OSPF and many other routing protocols, EIGRP
also supports unequal-cost load balancing. You can set up your router to load balance over links
with different metric to reach a destination. To accomplish unequal-cost load balancing, the
variance command is used. The command takes one parameter, the multiplier, which tells the
router to load balance across each link with the metric for the destination less than the feasible
distance multiplied by the multiplier value.

NOTE – the multiplier value, by default, is 1. The maximum value is 128.

Consider the following example.

All three routers are running EIGRP. Routers R2 and R3 are connected to the subnet 10.0.1.0/24.
Both routers advertise the route to reach that subnet to R1. Router R1 chooses the route from R2
as the best route. Let’s say that R1 calculated the metric of 40 for the path through R2. That route
is placed in the R1’s routing table. But what if we want to load balance traffic across the other
link? The route through R3 has a feasible distance of 30, which is less than the metric of the
successor route, so the feasibility condition has been met and that route has been placed in the
R1’s topology table. Let’s say that R1 calculated the metric of 60 for the route through R3. To
enable load balancing across that link, you need to use the variance command:

(router-eigrp) variance MULTIPLIER

In this example, the variance 2 command can be used. This tells the router to load balance across
any links with the metric less then 80 (because 40 times 2 is 80). The route through R3 is added
to the routing table.

NOTE – a path has to be a feasible successor route to be used in unequal load balancing.
10.5 EIGRP Summary
Here is a list of the most important EIGRP features:

• advanced distance vector routing protocol

• classless routing protocol
• supports VLSM (Variable Length Subnet Mask)
• converges fast
• supports multiple Network layer protocols (IPv4, IPv6, IPX, AppleTalk…)
• uses multicast address of 224.0.0.10 for routing updates
• sends partial routing updates
• supports equal and unequal-cost load balancing
• supports manual summarization on any router within a network
• by default, uses bandwidth and delay to calculate its metric
• Cisco proprietary
• supports MD5 authentication

11. OSPF
11.1 Overview
OSPF (Open Shortest Path First) is a link state routing protocol. Because it is an open standard, it
is implemented by a variety of network vendors. OSPF will run on most routers that doesn’t
necessarily have to be Cisco routers (unlike EIGRP which can be run only on Cisco routers).

OSPF is a classless routing protocol that supports VLSM and CIDR, manual route
summarization, incremental updates, equal cost load balancing and many other useful features.
OSPF uses only one parameter as the metric, namely interface cost. The administrative distance
of OSPF routes is, by default, 110. OSPF uses multicast addresses 224.0.0.5 and 224.0.0.6 for
routing updates.

Routers running OSPF have to establish neighbor relationships before exchanging routes.
Because OSPF is a link state routing protocol, neighbors doesn’t exchange routing tables.
Instead, they exchange information about network topology. Each OSFP router then runs SFP
algorithm to calculate the best routes and adds those to the routing table. Because each router
knows the entire topology of a network, a chance for a routing loop to occur is minimal.

Each OSPF router stores routing and topology information in three tables:
• Neighbor table – stores information about OSPF neighbors
• Topology table – stores the topology structure of a network
• Routing table – stores the best routes

OSPF neighbors
OSPF routers need to establish a neighbor relationship before exchanging routing updates. OSPF
neighbors are dynamically discovered by sending Hello packets out each OSPF-enabled interface
on a router. Hello packets are sent to the multicast IP address of 224.0.0.5.

The process is explained in the following figure:

Routers R1 and R2 are directly connected. After OSFP is enabled both routers send Hellos to
each other to establish a neighbor relationship. You can verify that the neighbor relationship has
indeed been established by typing the show ip ospf neighbors command.

In the example above, you can see that the router-id of R2 is 2.2.2.2.
Each OSPF router is assigned a router ID. A router ID is determined by using one of the
following:
1. using the router-id command under the OSPF process
2. using the highest IP address of the router’s loopback interfaces
3. using the highest IP address of the router’s physical interfaces

The following fields in the Hello packets must be the same on both routers in order for routers to
become neighbors:
 subnet
 area id

 hello and dead interval timers

 authentication

 area stub flag

 MTU

By default, OSPF sends hello packets every 10 second on an Ethernet network (Hello interval). A
dead timer is four times the value of the hello interval, so if a routers on an Ethernet network
doesn’t receive at least one Hello packet from an OSFP neighbor for 40 seconds, the routers
declares that neighbor is “down“.

OSPF neighbor states

Before establishing a neighbor relationship, OSPF routers need to go through several state
changes. These states are explained below.

1. Init state – a router has received a Hello message from the other OSFP router
2. 2-way state – the neighbor has received the Hello message and replied with a Hello message
of his own
3. Exstart state – beginning of the LSDB exchange between both routers. Routers are starting to
exchange link state information.
4. Exchange state – DBD (Database Descriptor) packets are exchanged. DBDs contain LSAs
headers. Routers will use this information to see what LSAs need to be exchanged.
5. Loading state – one neighbor sends LSRs (Link State Requests) for every network it doesn’t
know about. The other neighbor replies with the LSUs (Link State Updates) which contain
information about requested networks. After all the requested information have been received,
other neighbor goes through the same process
6. Full state – both routers have the synchronized database and are fully adjacent with each other.

OSPF areas
OSPF uses the concept of areas. An area is a logical grouping of contiguous networks and
routers. All routers in the same area have the same topology table, but they don’t know about
routers in the other areas. The main benefits of creating areas is that the size of the topology and
the routing table on a router is reduced, less time is required to run the SFP algorithm and routing
updates are also reduced.

Each area in the OSPF network has to connect to the backbone area (area 0). All router inside an
area must have the same area ID to become OSPF neighbors. A router that has interfaces in more
than one area (area 0 and area 1, for example) is called Area Border Router (ABR). A router that
connects an OSPF network to other routing domains (EIGRP network, for example) is called
Autonomous System Border Routers (ASBR).

NOTE – in OSPF, manual route summarization is possible only on ABRs and ASBRs.

To better understand the concept of areas, consider the following example.

All routers are running OSPF. Routers R1 and R2 are inside the backbone area (area 0). Router
R3 is an ABR, because it has interfaces in two areas, namely area 0 and area 1. Router R4 and
R5 are inside area 1. Router R6 is an ASBR, because it connects OSFP network to another
routing domain (an EIGRP domain in this case). If the R1’s directly connected subnet fails,
router R1 sends the routing update only to R2 and R3, because all routing updates all localized
inside the area.

NOTE – the role of an ABR is to advertise address summaries to neighboring areas. The role of
an ASBR is to connect an OSPF routing domain to another external network (e.g. Internet,
EIGRP network…).

LSA, LSU and LSR

The LSAs (Link-State Advertisements) are used by OSPF routers to exchange topology
information. Each LSA contains routing and toplogy information to describe a part of an OSPF
network. When two neighbors decide to exchange routes, they send each other a list of all LSAa
in their respective topology database. Each router then checks its topology database and sends a
Link State Request (LSR) message requesting all LSAs not found in its topology table. Other
router responds with the Link State Update (LSU) that contains all LSAs requested by the other
neighbor.

The concept is explained in the following example:

After configuring OSPF on both routers, routers exchange LSAs to describe their respective
topology database. Router R1 sends an LSA header for its directly connected network
10.0.1.0/24. Router R2 check its topology database and determines that it doesn’t have
information about that network. Router R2 then sends Link State Request message requesting
further information about that network. Router R1 responds with Link State Update which
contains information about subnet 10.0.1.0/24 (next hop address, cost…).

11.2 OSPF Configuration

Configuring OSPF 1
OSPF basic configuration is very simple. Like with other routing protocols covered so far (RIP,
EIGRP) first you need to enable OSPF on a router. This is done by using the router ospf
PROCESS-ID global configuration command. Next, you need to define on which interfaces
OSPF will run and what networks will be advertised. This is done by using the network
IP_ADDRESS WILDCARD_MASK AREA_ID command from the ospf configuration mode.
NOTE – the OSPF process number doesn’t have to be the same on all routers in order to
establish a neighbor relationship, but the Area ID has to be the same on all neighboring routers
in order for routers to become neighbors.
Let’s get started with the basic OSPF configuration.

First, we need to enable OSPF on both routers. Then we need to define what network will be
advertised into OSPF. This can be done by using the following sequence of commands on both
routers:

The network commands entered on both routers include subnets directly connected to both
routers. We can verify that the routers have become neighbors by typing the show ip ospf
neighbors command on either router:

To verify if the routing updated were exchanged, we can use the show ip route command.
All routes marked with the character „O“ are OSPF routes. For example, here is the output of the
command on R1:

You can see that R1 has learned about the network 192.168.0.0/24 through OSPF.
Configuring OSPF 2
Although basic OSPF configuration can be very simple, OSPF provides many extra features that
can get really complex. In this example, we will configure multiarea OSPF network and some
other OSPF features.
Consider the following multiarea OSPF network.

In this example we have two OSPF areas, area 0 and area 1. As you can see from the network
topology depicted above, Routers R1 and R3 are in the area 0 and area 1, respectively. Router 2
connects to both areas, which makes him an ABR (Area Border Router). Our goal is to advertise
the subnets directly connected to R1 and R3. To do that, the following configuration on R1 will
be used:

NOTE – we have used the router-id 1.1.1.1 command to manually specify the router ID of this
router. OSPF process will use that RID (router-id) when communicating with other OSPF
neighbors.
Because R1 connects only to R2, we only need to establish a neighbor relationship with R2 and
advertise directly connected subnet into OSPF.
Configuration of R3 looks similar, but with one difference, namely area number. R3 is in the area
1.

What about R2? Well, because R2 is an ABR, we need to establish neighbor relationship with
both R1 and R3. To do that, we need to specify different area ID for each neighbor relationship, 0
for R1 and 1 for R2. We can do that using the following sequence of commands:
Now R2 should have neighbor relationship with both R1 and R3. We can verify that by using the
show ip ospf neighbor command:

To verify if directly connected subnets are really advertised into the different area, we can use the
show ip route ospf command on both R1 and R3:

Characters IA in front of the routes indicate that these routes reside in different areas.
NOTE – since they reside in different areas, R1 and R3 will never establish a neighbor
relationship.

11.3 Designated & Backup Designated Router

Based on the network type, OSPF router can elect one router to be a Designated Ruter (DR) and
one router to be a Backup Designated Router (BDR). For example, on multiaccess broadcast
networks (such as LANs) routers defaults to elect a DR and BDR. DR and BDR serve as the
central point for exchanging OSPF routing information. Each non-DR or non-BDR router will
exchange routing information only with the DR and BDR, instead of exchanging updates with
every router on the network segment. DR will then distribute topology information to every other
router inside the same area. This greatly reduces OSPF traffic.

To send routing information to a DR or BDR the multicast address of 224.0.0.6 is used. DR

sends routing updates to the multicast address of 224.0.0.5. If DR fails, BDR takes over its role
of redistributing routing information.
Every router on a network segment establish a full neighbor relationship with the DR and BDR.
Non-DR and non-BDR routers establish a two way neighbor relationship between themselves.

NOTE – on point-to-point links a DR and BDR are not elected since only two routers are directly
connected.

On LANs, DR and BDR have to be elected. Two rules are used to elect a DR and BDR:
1. router with the highest OSPF priority will become a DR. By default, all routers have a
priority of 1
2. if there is a tie, a router with the highest router ID wins the election

The router with the second highest OSPF priority or router ID will become a BDR.

To better understand the concept, consider the following example.

All routers depicted above are in the same area (area 0). All routers are running OSPF. Routers
R1 and R2 have been elected as DR and BDR because they have the highest and the second
highest router ID. If, for example, R3’s directly connected subnet fails, R3 informs R1 and R2
(the DR and BDR for the segment) of the network change (step 1). R1 then informs all other
non-DR and non-BDR routers of the change in topology (step 2).

We can verify that R1 and R2 are indeed the DR and BDR of the segment by typing the show ip
ospf neighbors command on R3:

Router R3 will be in the 2WAY state with every other non-DR or non-BDR router.

NOTE – you can influence the DR and BDR election process by manually configuring OSPF
priority. This is done by using the ip ospf priority VALUE command interface command.

11.4 OSPF Authentication

OSPF can authenticate every OSPF message. This is usually done to prevent a rogue router from
injecting false routing information and therefore causing a Denial-of-Service attack.

Two types of authentication can be used:

1. clear text authentication – clear text passwords are used
2. MD5 authentication – MD5 authentication is used. This type of authentication of more
secure.

NOTE – with OSPF authentication turned on, routers must pass the authentication process in
order to become OSPF neighbors
To configure clear text authentication, the following steps are required:
1. configure the OSPF password on the interface by using the ip ospf authentication-key
PASSWORD interface command
2. configure the interface to use OSPF clear-text authentication by using the ip ospf
authentication interface command
In the following example, we will configure OSPF clear-text authentication.

Both routers are running OSPF. On R1, we need to enter the following commands:

The same commands have to be entered on R2:

To verify that clear-text authentication is indeed turned on, we can use the show ip ospf interface
INTERFACE_NUMBER/INTERFACE_TYPE command on either router:

Configuring OSPF MD5 authentication is very similar to configuring clear-text authentication.

Two commands are also used:
1. First you need to configure the MD5 value on an interface by using the ip ospf message-
digest-key 1 md5 VALUE interface command
2. Next, you need to configure the interface to use MD5 authentication by using the ip ospf
authentication message-digest interface command

Here is an example configuration on R1:

You can verify that R1 is using OSPF MD5 authentication by typing the show ip ospf
INTERFACE/INTERFACE_TYPE command:

TIP – OSPF authentication type can also be enabled on an area basis, instead of configuring
OSPF authentication type per interface basis. This is done by using the area AREA_ID
authentication [message-digest] command under the OSPF configuration mode. If you omit the
message-digest keyword, a clear-text authentication will be used for that area. All interfaces
inside the area will use OSPF authentication.
11.5 OSPF Summarization

OSPF, unlike EIGRP, doesn’t support automatic summarization. Also, unlike EIGRP, where you
can summarize routes on every router in an EIGRP network, OSFP can summarize routes only
on ABRs and ASBRs. Route summarization helps reduce OSPF traffic and route computation.

The following command is used for OSPF summarization:

(config-router) area AREA_ID range IP_ADDRESS MASK

To better understand OSPF summarization, consider the following figure.

All three routers are running OSPF and exchanging routers. Before OSPF summarization is
configured, the router R1 inside the backbone area has two entries for the networks 11.0.0.0/24
and 11.0.1.0/24 in its routing table.
We could summarize these two subnets on R2, so that R1 receive only one routing update for
both subnets. To do that, the following command can be used on R2:

Now, R1 has only one entry in its routing table for R3’s directly connected subnets:
NOTE – be careful with summarization. In this case, router R1 thinks that R2 has routes for all
subnets in the range 11.0.0.0 – 11.0.255.255. When summarizing, try to be as specific as
possible.

11.6 OSPF Summary

Here is a list of the most important OSPF features:

• link state routing protocol
• classless routing protocol
• supports VLSM (Variable Length Subnet Mask)
• converges fast
• uses the concept of areas
• uses multicast address for routing updates (224.0.0.5 and 224.0.0.6)
• sends partial routing updates
• supports only equal cost load balancing
• manual summarization can be done only on ABRs and ASBRs
• uses interface cost as a metric
• uses SPF algorithm to calculate the best paths
• open standard
• each router inside an area has the same topology table
• supports clear-text and MD5 authentication

11.7 OSPF vs EIGRP

The following table lists the differences between OSPF and EIGRP:
12. LAN SWITCHING

12.1 Layer2 Switching

Layer 2 switching (or Data Link layer switching) is the process of using devices’ MAC addresses
on a LAN to segment a network. Switches and bridges are used for Layer 2 switching. They
break up one large collision domain into multiple smaller ones.

In a typical LAN, all hosts are connected to one central device. In the past, the device was
usually a hub. But hubs had many disadvantages, such as not being aware of traffic that passes
through them, creating one large collision domain, etc. To overcome some of the problems with
hubs, bridges were created. They were better than hubs because they created multiple collision
domains, but they had limited number of ports. Finally, switch were created and are still widely
used today. Switches have more ports than bridges, can inspect incoming traffic and make
forwarding decisions accordingly. Each port on a switch is a separate collision domain.

Here is an example of the typical LAN network used today:

NOTE – switches are sometimes called multiport bridges.

Differences between hubs and switches
To better understand the concept of packet switching based on the hardware address of a device,
you need to understand how switches differ from hubs.
First, consider the example of a LAN, with all hosts connecting to a hub:

As mentioned previously, hubs create only one collision domain, so the chance for a collision to
occur is high. The hub depicted above simply repeats the signal it receives out all ports, except
the from which the signal was received, so no packet filtering takes place. Imagine if you had 20
hosts connected to a hub, a packet will be sent to 19 hosts, instead of just one! This can also
cause security problems, because an attacker can capture all traffic on the network.

Now consider the way the switches work. We have the same topology as above, only this we are
using a switch instead of a hub.
Switches increase the number of collision domains. Each port is one collision domain, which
means that the chances for collisions to occur are minimal. A switch learns which device is
connected to which port and forwards a frame based on the destination MAC address included in
the frame. This reduces traffic on a LAN and enhances security.

How switches work

Each network card has a unique identifier called Media Access Control (MAC) address. This
address is used in LANs for communication between devices on the same network segment.
Devices that want to communicate need to know each other MAC address before sending out
packets. They use a process called ARP (Address Resolution Protocol) to find out the MAC
address of another device. When the hardware address of the destination host is known, the
sending host has all the required information to communicate with the remote host.
To better understand the concept, here is an example of how a switch works.
Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP
address of host B, but since this is the first time the two hosts communicate, hardware (MAC)
addresses are not known. Host A uses an ARP process to find out the MAC address of host B.
Switch forwards the ARP request out all ports except the port the host A is connected to. Host B
receives the ARP request and responds with its MAC address. Host B also learns the MAC
address of host A ( because host A sends its MAC address in the ARP request). The switch learns
which MAC addresses are associated with which port. For example, because host B responded
with the ARP request that included its MAC address, the switch knows the MAC address of host
B and stores that address in its MAC address table. The same is with host A, the switch knows
the MAC address of the host A because of the ARP request. Now, when host A sends a packet to
host B, the switch looks up in its MAC address table and forwards the frame only out Fa0/1 port,
the port on which host B is connected.

You can display the MAC address table of the switch by using the show mac-address-table
command:

12.2 Collision and Broadcast Domain

Collision domain
A collision domain is, as the name implies, a part of a network where packet collisions can occur.
A collision occurs when two devices send a packet at the same time on the shared network
segment. The packets collide and both devices must send the packets again, which reduces
network efficiency. Collisions are often in a hub environment, because each port on a hub is in
the same collision domain. By contrast, each port on a bridge, a switch or a router is in a separate
collision domain.
The following example illustrates collision domains.

As you can see, we have 6 collision domains.

TIP – remember, each port on a hub is in the same collision domain. Each port on a bridge, a
switch or router is in a seperate collision domain.
Broadcast domain

A broadcast domain is a domain in which a broadcast is forwarded. A broadcast domain contains

all devices that can reach each other at the data link layer (OSI layer 2) by using broadcast. All
ports on a hub or a switch are by default in the same broadcast domain. All ports on a router are
in the different broadcast domains and routers don’t forward broadcasts from one broadcast
domain to another.
The following example clarifies the concept.
In the picture above we have three broadcast domains, since all ports on a hub or a switch are in
the same broadcast domain, and all ports on a router are in a different broadcast domain.

12.3 CSMA/CD

CSMA/CD (Carrier sense multiple access with collision detection) helps hosts do decide when to
send packets on a shared network segment and to detect collisions. For example, in a hub
network, two devices can send packets at the same time. This can cause a collision. CSMA/CD
enables devices to “sense” the wire to ensure that no other device is currently transmitting
packets. But, if two devices “sense” that the wire is clear and send packets at the same time, a
collision can occur. If the collision occur, packets have to be resend after a random period of
time.

In the topology above we have a hub network. Host A is trying to communicate with host B. Host
A “senses” the wire and decides to send packets. But, in the same time, host C sends its packets
to host D and the collision occurs. The sending devices (host A and host C) detect the collision
and resend the packet after a random period of time.
NOTE – since switches are now commonly used in networks instead of hubs, CSMA/CD is not
really used anymore. Each port on a swich usually operate in a full duplex mode and there are
no packet collisions in a full duplex mode.

13. VLAN

13.1 What is VLAN?

VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain. VLANs
are usually configured on switches by placing some interfaces into one broadcast domain and
some interfaces into another. VLANs can be spread across multiple switches.
A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same
broadcast domain even if they are not connected to the same switch.

The following topology shows a network with all hosts inside the same VLAN:

Without VLANs, a broadcast sent from host A would reach all devices on the network. By
placing interfaces Fa0/0 and Fa0/1 on both switches in a separate VLAN, a broadcast from host
A would reach only host B, since each VLAN is a separate broadcast domain and only host B is
inside the same VLAN as host A. This is shown in the picture below:
Creating VLANs offers many advantages. Broadcast traffic will be received and processed only
by devices inside the same VLAN. Users can be grouped by a department, and not by a physical
location. VLANs provides also some security benefits, since the sensitive traffic can be isolated
in a separate VLAN.

NOTE – to reach hosts in another VLAN, a router is needed.

Access & trunk ports

Each port on a switch can be configured as either an access or a trunk port. An access port is a
port that can be assigned to a single VLAN. This type of interface is configured on switch ports
that are connected to devices with a normal network card, for example a host on a network. A
trunk interface is an interface that is connected to another switch. This type of interface can carry
traffic of multiple VLANs.

14. ACLs

14.1 What are ACLs?

ACLs are a set of rules used most commonly to filter network traffic. They are used on network
devices with packet filtering capabilities like routers or firewalls. ACLs are applied on the
interface basis to packets leaving or entering an interface.

For example on how ACLs are used, consider the following network topology:

Let’s say that server S1 holds some important documents that need to be available only to
company’s management. We could configure an access list on R1 to enable access to S1 only to
users from the management network. All other traffic going to S1 will be blocked. This way, we
can ensure that only authorized user can access sensitive files on S1.

14.2 Types of ACLs

There are two types of access lists:

1. standard access lists – with standard access lists, you can filter only on the source IP address
of a packet. These types of access list are not as powerful as extended access lists, but they are
less processor intensive for the router.
The following example describes the way in which standard access lists can be used.
Let’s say that server S1 holds some important documents that need to be available only to
company’s management. We could configure an access list on R1 to enable access to S1 only to
users from the management network. All other traffic going to S1 will be blocked. This way, we
can ensure that only authorized user can access sensitive files on S1.

2. extended access lists – with extended access lists, you can be more precise in your filtering.
You can evaluate source and destination IP addresses, type of layer 3 protocol, source and
destination port… Extended access lists are harder to configure and require more processor time
than the standard access lists, but they allow a much more granular level of control.
To demonstrate the concept, we will use the following example.

We have used the standard access list to prevent all users to access server S1. But, with that
configuration, we have also disable access to S2! To be more specific, we can use extended
access lists. Let’s say that we need to prevent users from accessing server S1. We could place an
extended access list on R1 to prevent users from accessing S1. That way, no other traffic is
forbidden, and users can still access the other server, S2:
15. NAT

15.1 What is NAT?

NAT (Network Address Translation) is a process of changing the source and destination IP
addresses and ports. Address translation reduces the need for IPv4 public addresses and hides
private network address ranges. The process is usually done by routers or firewalls.
There are three types of address translation:

1. Static NAT – translates one private IP address to a public one. The public IP address is always
the same.
2. Dynamic NAT – private IP addresses are mapped to the pool of public IP addresses.
3. Port Address Translation (PAT) – one public IP address is used for all internal devices, but a
different port is assigned to each private IP address. Also known as NAT Overload.

An example will help you understand the concept.

Computer A request a web page from an Internet server. Because Computer A uses private IP
addressing, the source address of the request has to be changed by the router because private IP
addresses are not routable through Internet. Router R1 receives the request, changes the source
IP address to its public IP address and sends the packet to server S1. Server S1 receives the
packet and replies to router R1. Router R1 receives the packet, changes the destination IP
addresses to the private IP address of Computer A and sends the packet to Computer A.

15.2 Static NAT

With static NAT, routers or firewalls translate one private IP address to one public IP address.
Each private IP address has been mapped to a single public IP address. Static NAT is not often
used because it requires one public IP address for each private IP address.

15.3 Dynamic NAT

With dynamic NAT, you specify two sets of addresses on your Cisco router:

1. inside addresses that will be translated

2. a pool of global addresses

Unlike with static NAT, where you had to manually define a static mapping between a private
and a public address, with dynamic NAT the mapping of a local address to a global address
happens dynamically. This means that the router dynamically picks an address from the global
address pool that is not currently assigned. It can be any address from the pool of global
addresses. The dynamic entry stays in the NAT translations table as long as the traffic is
exchanged. The entry times out after a period of inactivity and the global IP address can be used
for new translations.

16. IPV6
16.1 What is IPV6?

IPv6 is the newest version of the IP protocol. IPv6 was developed to overcome many
deficiencies of IPv4, most notably the problem of IPv4 address exhaustion. Unlike IPv4, which
has only about 4.3 billion (2 raised to power 32) available addresses, IPv6 allows for 3.4 × 10
raised to power 38 addresses.
IPv6 features
Here is a list of the most important features of IPv6:
Large address space: IPv6 uses 128-bit addresses, which means that for each person on the
Earth there are 48,000,000,000,000,000,000,000,000,000 addresses!
Enhanced security: IPSec (Internet Protocol Security) is built into IPv6 as part of the protocol .
This means that two devices can dynamically create a secure tunnel without user intervention.
Header improvements: the packed header used in IPv6 is simpler than the one used in IPv4.
The IPv6 header is not protected by a checksum so routers do not need to calculate a checksum
for every packet.
No need for NAT: since every device has a globally unique IPv6 address, there is no need for
NAT.
Stateless address auto configuration: IPv6 devices can automatically configure themselves
with an IPv6 address.

16.2 IPV6 Address Format

Unlike IPv4, which uses a dotted-decimal format with each byte ranges from 0 to 255, IPv6 uses
eight groups of four hexadecimal digits separated by colons. For example, this is a valid IPv6
address:

2340:0023:AABA:0A01:0055:5054:9ABC:ABB0

If you don’t know how to convert hexadecimal number to binary here is a table that will help
you:
IPv6 address shortening
The IPv6 address given above looks daunting, right? Well, there are two conventions that can
help you shorten what must be typed for an IP address:

1. a leading zero can be omitted

For example, the address mentioned above (2340:0023:AABA:0A01:0055:5054:9ABC:ABB0)
could be shorten to 2340:23:AABA:A01:55:5054:9ABC:ABB0

2. successive fields of zeroes can be represented as two colons (::)

For example, 2340:0000:0000:0000:0455:0000:AAAB:1121 can be written as
2340::0455:0000:AAAB:1121

NOTE – you can shorten an address this way only for one such occurrence. The reason is
obvious – if you had more than occurence of double colon you wouldn’t know how many sets of
zeroes were being omitted from each part.

Here is a couple of more examples that can help you grasp the concept:

Long version: 1454:0045:0000:0000:4140:0141:0055:ABBB

Shortened version: 1454:45::4140:141:55:ABBB

Long version: 0000:0000:0001:AAAA:BBBC:A222:BBBA:0001

Shortened version: ::1:AAAA:BBBC:A222:BBBA:1
16.3 Types

Three categories of IPv6 addresses exist:

Unicast – represents a single interface. Packets addressed to a unicast address are delivered to a
single interface.

Anycast – identifies one or more interfaces. For example, servers that support the same function
can use the same unicast IP address. Packets sent to that IP address are forwarded to the nearest
server. Anycast addresses are used for load-balancing. Known as “one-to-nearest” address.

Multicast – represent a dynamic group of hosts. Packets sent to this address are delivered to
many interfaces. Multicast addresses in IPv6 have a similar purpose as their counterparts in IPv4.

NOTE – IPv6 doesn’t use the broadcast method. It has been replaced with anycast and multicast
addresses.

16.4 IPV6 Unicast Address

There are three types of IPv6 unicast addresses:

global unicast – similar to IPv4 public IP addresses. These addresses are assigned by the IANA
and used on public networks. They have a prefix of 2000::/3, meaning all the addresses that
begin with binary 001.

unique local – similar to IPv4 private addresses. They are used in private networks and aren’t
routable on the Internet. These addresses have a prefix of FD00::/8.

link local – these addresses are used for sending packets over the local subnet. Routers do not
forward packets with this addresses to other subnets. IPv6 requires a link-local address to be
assigned to every network interface on which the IPv6 protocol is enabled. These addresses have
a prefix of FE80::/10.

16.11 IPV6 Routing Protocols

Like IPv4, IPv6 also supports routing protocols that enable routers to exchange information
about connected networks. IPv6 routing protocols can be internal (RIPng, EIGRP for IPv6…)
and external (BGP).

As with IPv4, IPv6 routing protocols can be distance vector and link-state. An example of a
distance vector protocol is RIPng with hop count as the metric. An example of a link-state
routing protocol is OSPF with cost as the metric.
IPv6 supports the following routing protocols:

RIPng (RIP New Generation)

OSPFv3
EIGRP for IPv6
IS-IS for IPv6
MP-BGP4 (Multiprotocol BGP-4)

16.12 How to Configure IPV6

Cisco routers do not have IPv6 routing enabled by default. To configure IPv6 on a Cisco routers
you need to do two things:

1. enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global configuration
command. This command globally enables IPv6 and must be the first command executed on the
router
2. configure an IPv6 global unicast address on an interface using the ipv6 address address/prefix-
length [eui-64] command. If you omit omit the eui-64 parameter you must configure the entire
address manually.
Here is an IPv6 Configuration Example:

We can verify that the IPv6 address has been configured by using the show ipv6 interface fa0/1
command:

From the output above we can verify two things:

1. the link local IPv6 address has been automatically configured

2. the global IPv6 address has been created using the modified EUI-64 method

16.13 RIPng

RIPng is an extension of RIP for support of IPv6. The configuration of RIPng is requires at least
two steps:

16.4 IPV4 vs IPv6

The following table summarizes the major differences between IPv4 and IPv6: