Networking Basics

The Network Layer

Network layer protocols are responsible for end-to-end communications, whereas data-link
layer protocols function only on the local LAN. To say that network layer protocols are
responsible for end-to-end communications means that the network layer protocol is responsible
for a packet's complete journey from the system that created it to its final destination.

The data-link layer protocol may change many times to accommodate all of networks during
its journey, but the network layer protocol remains intact throughout the trip.

The Internet Protocol (IP) is the cornerstone of the Transmission Control Protocol/Internet
Protocol (TCP/IP) suite, and the most commonly used network layer protocol.

Addressing
The network layer protocol header contains source address and destination address fields,
just as the data-link layer protocol does. However, in this case, the destination address is the
packet's final destination, which may be different from the data-link layer protocol header's
destination address.

IP has its own addressing system that is completely separate from the data-link layer
addresses. Each computer on an IP network is assigned a 32-bit IP address by an administrator
or an automated service. This address identifies both the network on which the computer is
located and the computer itself, so that one address can uniquely identify any computer.

Fragmenting
Network layer datagrams may have to pass through many different networks on the way to
their destinations, and the data-link layer protocols that the datagrams encounter can have
different properties and limitations. One of these limitations is the maximum packet size
permitted by the protocol. For example, Token Ring frames can be as large as 4500 bytes, but
Ethernet frames are limited to 1500 bytes. When a large datagram that originated on a Token
Ring network is routed to an Ethernet network, the network layer protocol must split it into
pieces no larger than 1500 bytes each. This process is called fragmentation.

During the fragmentation process, the network layer protocol splits the datagram into as
many pieces as necessary to make them small enough for transmission using the data-link layer
protocol.

Is the fragmenting one of the data link layer protocol activities? (Because it’s depend on the
network specifications that is one of the data link protocols duties to deal with.)

Routing
Routing is the process of directing a datagram from its source, through an internetwork, and
to its ultimate destination using the most efficient path possible.
 Routers connect the individual LANs that make up an internetwork. The function of a router is
to receive incoming traffic from one network and transmit it to a particular destination on another
network. There are two types of systems involved in internetwork communications, end systems
and intermediate systems. End systems are the source of individual packets and also their
ultimate destination. Routers are the intermediate systems. End systems utilize all seven layers
of the OSI model, whereas packets arriving at intermediate systems rise only as high as the
network layer.

To properly direct a packet to its destination, routers maintain information (supplied manually
by an administrator or gathered automatically from other routers using specialized routing
protocols) about the network in tables that they store in memory. A typical routing table entry
specifies the address of another network and the router that packets should use to get to that
network. Routing table entries also contain a metric that indicates the comparative efficiency of
that particular route.

Identifying the Transport Layer Protocol

Just as the data-link layer header specifies the network layer protocol that generates the data
that it transports, the network layer header identifies the transport layer protocol from which it
receives the data that it carries.

The Transport Layer

The transport layer protocols provide services that complement those provided by the
network layer. The transport and network layer protocols used to transmit data are often thought
of as a matched pair, as seen in the case of TCP/IP. These protocols include TCP, which runs
at the transport layer, plus IP, which runs at the network layer.

Transport layer protocol suites are divided to these two kinds; connection-oriented and
connectionless. A connection-oriented protocol is one in which the two communicating systems
exchange messages to establish a connection before they transmit any application data. TCP,
for example, is a connection-oriented protocol.

Connection-oriented protocols also provide additional services such as packet

acknowledgment, data segmentation, flow control, and end-to-end error detection and
correction which is greatly increases the amount of control data exchanged by the two systems.
In the case of the TCP/IP transport layer protocols, TCP uses a 20-byte header and UDP
(connectionless) uses only an 8-byte one.

A connectionless protocol is one in which there is no preliminary communication between the

two systems before the transmission of application data.

The Session Layer

There are no separate session layer protocols as there are at the lower layers. The protocols
at the session layer and above are not involved in transmission of data across the network. The
session layer provides 22 services, many of which are concerned with the ways in which
networked systems exchange information. The most important of these services are dialog
control and dialog separation.

The exchange of information between two systems on the network is called a dialog, and
dialog control is the selection of a mode that the systems will use to exchange messages. There
are two modes for message exchange, two-way alternate (TWA) mode and two-way
simultaneous (TWS) mode.

In TWA mode, the two systems exchange a data token, and only the computer in possession
of the token is permitted to transmit data. In TWS both systems can transmit at any time, even
simultaneously.

Dialog separation is the process of creating checkpoints in a data stream that enable
communicating systems to synchronize their functions.

The Presentation Layer

The presentation layer function is translation of syntax between different systems. When the
communicating systems establish a connection at the presentation layer, they exchange
messages containing information about the syntaxes they have in common, and together they
choose the syntax they will use during the session.

Both of the systems involved in the connection have an abstract syntax, which is their native
form of communication. Computers running on different platforms can have different abstract
syntaxes. During the negotiation process, the systems choose transfer syntax, which is an
alternative syntax that the two have in common. The transmitting system converts its abstract
syntax to the transfer syntax, and after the transmission, the receiving system converts the
transfer syntax to its own abstract syntax. When called for, the systems can select a transfer
syntax that provides additional services, such as data compression or encryption.

The Application Layer

The application layer is the entrance point that programs use to access the OSI model and
utilize network resources. Most application layer protocols provide services that programs use to
access the network, such as the Simple Mail Transfer Protocol (SMTP). In some cases, as with
File Transfer Protocol (FTP), the application layer protocol is a program in itself.

Application layer protocols often include the session and presentation layer functions. As a
result, a typical protocol stack consists of four separate protocols that run at the application,
transport, network, and data-link layers.

Network Hardware
Network topology: the topology of a network is the pattern used to connect the computers
and other devices with the cable or other network medium. When choosing the components with
which to build a LAN, the topology should be one of the most important criteria you use to select
a cable type. The three primary topologies used to build LANs are as follows:

 Bus
 Star
  Ring

You should also be familiar with the following additional topologies:

 Hierarchical star
 Mesh
 Wireless

The Bus Topology

A network that uses the bus topology is one in which the computers are connected in a single
line, with each system cabled to the next system. The cabling of a bus network can take two
forms: thick and thin.

Thick Ethernet networks use a single length of coaxial cable with computers connected to it
using smaller individual cables called Attachment Unit Interface (AUI) cables (sometimes called
transceiver cables). Thin Ethernet networks use separate lengths of a narrower type of coaxial
cable, and each length of cable connects one computer to the next.

The main problem with the bus topology is that a single faulty connector, faulty terminator, or
break in the cable affects the functionality of the entire network.

The Star Topology

The star topology uses a central cabling nexus called a hub or concentrator. In a star
network, each computer is connected to the hub using a separate cable. Most of the Ethernet
LANs installed today, and many LANs using other protocols as well, use the star topology. Star
LANs can use several different cable types, including various types of twisted-pair and fiber
optic cable.

Functionally, a star network uses a shared network medium, just as a bus network does.
Despite the fact that each computer connects to the hub with its own cable, the hub propagates
all signals entering through its ports out through all of its other ports. Signals transmitted by one
computer are therefore received by all other computers on the LAN.

The main advantage of the star topology is that each computer has its own dedicated
connection to the hub, providing the network with a measure of fault tolerance. The
disadvantage of the star topology is that an additional piece of hardware, the hub, is required to
implement it. If the hub should fail, the entire network goes down.

The Hierarchical Star Topology

If the network grows until all of the hub ports are filled, it can be still expanded by adding a
second hub, and in some cases, a third and a fourth. The second hub should be connect to the
star network, by using a standard cable and a special port in one of the hubs called an uplink
port. It’s known as a hierarchical star topology (sometimes known as a branching tree network).

The Ring Topology

A ring network is like a bus in that each computer is logically connected to the next. However,
in a ring network, the two ends are connected instead of being terminated, thus forming an
endless loop. Networks such as Token Ring, which use token passing for their Media Access
Control (MAC) mechanism, are wired using a ring topology.

In fact, the cables for a ring network connect to a hub and take the form of a star. The ring
topology is actually implemented logically, using the wiring inside the cables. Ring networks use
a special type of hub, called a multistation access unit (MAU), which receives data through one
port and transmits it out through each of the others in turn (not simultaneously, as with an
Ethernet hub).

The Mesh Topology

The mesh topology, in the context of local area networking, is more of a theoretical concept
than an actual real-world solution. On a mesh LAN, each computer has a dedicated connection
to every other computer. In reality, this topology only exists on a two-node network.

In internetworking, the mesh topology is a cabling arrangement that you can actually use. A
mesh internetwork has multiple paths between two destinations, made possible by the use of
redundant routers. This topology is very common on large enterprise networks because it
enables the network to tolerate numerous possible malfunctions.

Wireless Topologies
Wireless networks use what are called unbounded media to connect computers in the
network to each other. The computers still have specific patterns they use to communicate with
each other. Wireless LANs have two basic topologies, the ad hoc topology and the
infrastructure topology. In the ad hoc topology, a group of computers are all equipped with
wireless network interface adapters and are able to communicate freely with each other.

An infrastructure network consists of wireless-equipped computers that communicate with a

network using wireless transceivers connected to the LAN by standard cables. These
transceivers are called network access points. In this arrangement, the wireless computers do
not communicate directly with each other. Instead, they communicate only with the cabled
network via the network access points.

Cable Types
There are three primary types of cable used to build LANs: coaxial, twisted-pair, and fiber
optic.

Coaxial Cable
Coaxial cable is so named because it contains two conductors within the sheath. Unlike other
two-conductor cables, however, coaxial cable has one conductor inside the other. At the center
of the cable is the copper core that actually carries the electrical signals. Surrounding the core is
a layer of insulation, and surrounding that is the second conductor, which is typically made of
braided copper mesh. This second conductor functions as the cable's ground.

There are two types of coaxial cable that have been used in local area networking: RG-8,
also known as thick Ethernet, and RG-58, which is known as thin Ethernet. These two cables
are similar in construction but differ primarily in thickness (0.405 inches for RG-8 versus 0.195
inches for RG-58) and in the types of connectors they use (N connectors for RG-8 and bayonet-
Neill-Concelman [BNC] connectors for RG-58).

Because of their differences in size and flexibility, thick and thin Ethernet cables are installed
differently. On a thick Ethernet network, the RG-8 cable usually runs along a floor, and separate
AUI cables run from the RG-8 trunk to the network interface adapter in the computer. The RG-
58 cable used for thin Ethernet networks is thinner and much more flexible, so it's possible to
run it right up to the computer's network interface, where it attaches using a T fitting with a BNC
connector to preserve the bus topology.

Twisted-Pair Cable
Twisted-pair cable wired in a star topology is the most common type of network medium used
in LANs today. Most new LANs use UTP cable, but there is also a shielded twisted pair (STP)
variety for use in environments more prone to electromagnetic interference. The connectors
used for twisted-pair cables are called RJ45s; they are the same as the RJ11 connectors used
on standard telephone cables, except that they have eight electrical contacts instead of four or
six.

UTP Cable Grades

Unshielded twisted pair cable comes in a variety of different grades, called categories by the
Electronics Industry Association (EIA) and the Telecommunications Industry Association (TIA),
the combination being referred to as EIA/TIA. These categories are listed in the Table below.
The two most significant UTP grades for LAN use are Category 3 and Category 5. Category 3
cable was designed for voice-grade telephone networks and eventually came to be used for
Ethernet but virtually all new UTP cable installations today use at least Category 5 cable.
Category 5 UTP is suitable for 100Base-TX Fast Ethernet networks running at 100 Mbps, as
well as for slower protocols.

Categor Use
y
1 Voice-grade telephone networks only; not for data transmissions
2 Voice-grade telephone networks, as well as IBM dumb-terminal connections to
mainframe computers
3 Voice-grade telephone networks, 10-Mbps Ethernet, 4-Mbps Token Ring, 100Base-
T4 Fast Ethernet, and 100Base-VG-AnyLAN
4 16-Mbps Token Ring networks
5 100Base-TX Fast Ethernet, Synchronous Optical Network (SONET), and Optical
Carrier (OC3) Asynchronous Transfer Mode (ATM)
5e 1000Base-T (Gigabit Ethernet) networks

STP Cable Grades

Shielded twisted pair cable is similar in construction to UTP, except that it has only two pairs
of wires and it also has additional foil or mesh shielding around each pair. The additional
shielding in STP cable makes it preferable to UTP in installations where electromagnetic
interference is a problem, often due to the proximity of electrical equipment.

Fiber Optic Cable

Fiber optic cable is a completely different type of network medium than twisted-pair or coaxial
cable. Fiber optic cable is the medium of choice for installations that span long distances or
connect buildings on a campus. Fiber optic cable is also inherently more secure than copper
because it is impossible to tap into a fiber optic link without affecting normal communication over
that link.

There are two primary types of fiber optic cable, single mode and multimode, with the
thickness of the core and the cladding being the main difference between them. Single mode
fiber typically has a core diameter of 8.3 microns, and the thickness of the core and cladding
together is 125 microns. This is generally referred to as 8.3/125 single mode fiber. Most of the
multimode fiber used in data networking is rated as 62.5/125.

Single mode fiber uses a single-wavelength laser as a light source, and as a result, it can
carry signals for extremely long distances. Multimode fiber, by contrast, uses a light-emitting
diode (LED) as a light source instead of a laser and carries multiple wavelengths. Multimode
fiber cannot span distances as long as single mode, but it bends around corners better and is
much cheaper. Fiber optic cables use one of two connectors, the straight tip (ST) connector or
the subscriber connector (SC).

Network Interface Adapters

The network interface adapter (called the NIC when installed in a computer's expansion slot)
is the component that provides the link between a computer and the network of which it is a
part. The network interface itself is, in most cases, a cable jack such as an RJ45 for UTP cables
or a BNC or AUI connector for a coaxial cable connection, but it can also be a wireless
transmitter of some sort.

The network interface adapter, in cooperation with its device driver, is responsible for
performing most of the functions of the data-link layer protocol and the physical layer.

Understanding Network Interface Adapter Functions

Network interface adapters perform a variety of functions that are crucial to getting data to
and from the computer over the network. These functions are as follows:

 Data encapsulation:  The network interface adapter and its driver are responsible for
building the frame around the data generated by the network layer protocol in preparation
for transmission. The network interface adapter also reads the contents of incoming frames
and passes the data to the appropriate network layer protocol.
 Signal encoding and decoding.  The network interface adapter implements the physical
layer encoding scheme that converts the binary data generated by the network layer—now
encapsulated in the frame—into electrical voltages, light pulses, or whatever other signal
type the network medium uses, and converts received signals to binary data for use by the
upper layer protocols.
 Data transmission and reception.  The primary function of the network interface adapter
is to generate and transmit signals of the appropriate type over the network and to receive
incoming signals.
 Data buffering.  Network interface adapters transmit and receive data one frame at a time,
so they have built-in buffers that enable them to store data arriving either from the computer
or from the network until a frame is complete and ready for processing.
 Serial/parallel conversion.  The communication between the computer and the network
interface adapter usually runs in parallel. Network communications, are serial (running one
bit at a time), so the network interface adapter is responsible for performing the conversion
between the two types of transmissions.
 Media Access Control (MAC).  The network interface adapter also implements the MAC
mechanism that the data-link layer protocol uses to regulate access to the network medium.
The nature of the MAC mechanism depends on the protocol used.

Installing a NIC
The process of installing a NIC consists of physically inserting the card in to the computer,
configuring the card to use appropriate hardware resources, and installing the card's device
driver.

Configuring a Network Interface Adapter

Configuring a network interface adapter is a matter of configuring it to use certain hardware
resources, such as the following:

 Interrupt requests (IRQs).  These are hardware lines that peripheral devices use to send
signals to the system processor, requesting its attention.
 Input/output (I/O) port addresses.  These locations in memory are assigned for use by
particular devices to exchange information with the rest of the computer.
 Memory addresses.  These areas of upper memory are used by particular devices, usually
for installation of a special-purpose basic input/output system (BIOS).
 Direct memory access (DMA) channels.  These are system pathways used by devices to
transfer information to and from system memory.

Network interface adapters do not usually use memory addresses or DMA channels, but this
is not impossible.

The computer detects the adapter, identifies it, locates free resources, and configures the
adapter to use them. Improper network interface adapter configuration is one of the main
reasons a computer fails to communicate with the network.

Installing Network Interface Adapter Drivers

The device driver is an integral part of the network interface adapter, as it enables the
computer to communicate with the adapter and implements many of the required functions.

Troubleshooting a Network Interface Adapter

When a computer fails to communicate with the network, the network interface adapter can
conceivably be at fault, but it's far more likely that some other component is causing the
problem. Before addressing the network interface adapter itself, check for the following
alternative problems first:

 Make sure the network cable is firmly seated into the connector on the network interface
adapter.
 Try using a different cable that you know works.
 Make sure that you have the proper driver installed on the computer.
 Check to see that all of the other software components required for network
communications, such as clients and protocols, are properly installed on the computer.
 If you can find no problem with the driver, the cable, or the network configuration
parameters, it's time to start looking at the NIC itself.

Network Hubs
A hub or concentrator is a device used to connect all of the computers on a star or ring
network.

Like network interface adapters, hubs are associated with specific data-link layer protocols.
Ethernet hubs are the most common because Ethernet is the most popular data-link layer
protocol, but Token Ring MAUs are hubs also, and other protocols, such as FDDI, can also use
hubs.

Understanding Ethernet Hubs

An Ethernet hub is also called a multiport repeater. A repeater is a device that amplifies a
signal as it passes through it to counteract the effects of attenuation.

When data enters the hub through any of its ports, the hub amplifies the signal and transmits
it out through all of the other ports.

Using Smart Hubs

The hubs used on most Ethernet networks are purely physical-layer devices. This means
they works with the signals native to the network medium, such as electrical voltages, but does
not interpret the signals. However, there are Ethernet hubs with more intelligence that can
process the data they receive in more elaborate ways.

Some hubs with greater data processing capabilities provide a service called store and
forward, which means that the hub contains buffers in which it can retain packets to retransmit
them out through specific ports as needed.

Connecting Hubs
A simple Ethernet LAN can be built by plugging a number of computers into a single hub.
Large networks can have many interconnected hubs forming large LANs, which are in turn
connected by routers. Almost every Ethernet hub on the market has an extra port called an
uplink port, which is used to connect to another hub instead of to a computer.
 Another function of a hub is to provide the crossover circuit that connects the transmit pins to
the receive pins for each connection between two computers. The uplink port is the one port in
the hub that does not have the crossover circuit.

Understanding Token Ring MAUs

The MAUs used on Token Ring networks may look similar to Ethernet hubs, but they could
not be more different. Unlike Ethernet hubs, Token Ring MAUs are passive devices, meaning
that they are not repeaters. They perform certain data-link layer functions that are crucial to
network operation. The primary difference in the operation of an MAU is that it does not
retransmit all incoming traffic out through the other ports simultaneously. Instead, the MAU
transmits a packet arriving through transmitter port, out through port after, and then waits for the
packet to return to the MAU through that port, this function is done to all ports in turn. After the
MAU has transmitted the packet to each of the computers on the network and has received it
back, it sends the packet to the system that originated it, and that system removes it from the
network. This process enables the computers in a physical star topology to communicate as
though they are cabled in a ring topology.

Bridging
Bridging is a technique used to connect networks at the data-link layer. A bridge, on the other
hand, provides packet filtering at the data-link layer, meaning that it only propagates the packets
that are destined for the other side of the network.

Connecting LANs with a Bridge

A bridge is a a box with two ports in it that you use to connect network segments. You can
use a bridge to join two existing LANs or to split one LAN into two segments. Bridges operate in
what is called promiscuous mode, meaning that they read and process all of the packets
transmitted over the network segments.

Data packets enter the bridge through either one of the ports, and the bridge then reads the
destination address in each packet header and decides how to process that packet. This is
called packet filtering. If the destination address of a packet arriving from one network segment
is that of a computer on the other segment, the bridge transmits it out through the other port. If
the destination address is that of a computer on the same network segment as the computer
that generated it, the bridge discards the packet.

Bridges and Collisions

A collision domain is a network (or part of a network) that is constructed so that when two
computers transmit packets at precisely the same time, a collision occurs.

Bridges do not relay signals to the other network until they have received the entire packet.
For this reason, two computers on different sides of a bridge that transmit at the same time do
not cause a conflict. The two network segments connected by the bridge are thus said to be in
different collision domains.
 Bridges and Broadcasts
A broadcast message is a packet with a special destination address that causes it to be read
and processed by every computer that receives it. By contrast, a unicast message is a packet
addressed to a single computer on the network, and a multicast message is addressed to a
group of computers on the network (but not necessarily all of them). A broadcast domain is a
group of computers that all receive a broadcast message transmitted by any one of the
computers in the group.

Adding a bridge separates a network into two different collision domains, but the segments
on either side of the bridge remain part of the same broadcast domain because the bridge
always relays all broadcast messages from both sides..

Transparent Bridging
Bridges maintain an internal address table that lists the hardware addresses of the
computers on both segments. When the bridge receives a packet and reads the destination
address in the data-link layer protocol header, it checks that address against its lists. If the
address is associated with a segment other than that from which the packet arrived, the bridge
relays it to that segment.

Originally, network administrators had to manually create the lists of hardware addresses for
each segment connected to the bridge. Today, bridges use a technique called transparent
bridging to automatically compile their own address lists. When you activate a transparent
bridge for the first time, it begins processing packets. For each incoming packet, the bridge
reads the source address in the data-link layer protocol header and adds it to the address list for
the network segment over which the packet arrived. At first, the bridge relays all the packet to
the other network segment. When a sufficient number of packets pass through the bridge to
enable the compilation of the address tables, the bridge begins using them to selectively
forward packets.

Bridge Types
There are 3 different kind of bridges available based on usage:

 Local bridge: This is the simplest type of bridge because it doesn't modify the data in
the packets; it simply reads the addresses in the data-link layer protocol header and
passes the packet on or discards it.
 Translation bridge: connects network segments using different network media or
different protocols.
 Remote bridge: is designed to connect two network segments at distant locations
using some form of wide area network (WAN) link.

Switching
A switch forwards each incoming packet only to the port that provides access to the
destination system. Because they forward data to a single port only, switches essentially
convert the LAN from a shared network medium to a dedicated one. In a small network that
uses a switch, each packet takes a dedicated path from the source computer to the destination,
forming a separate collision domain for those two computers. Thus, a switch practically
eliminates unnecessary traffic congestion on the network.

Another advantage of switching is that each pair of computers has the full bandwidth of the
network dedicated to it. Some switches provide ports that operate in full-duplex mode, which
means that two computers can send traffic in both directions at the same time using separate
wire pairs within the network cable.

Installing Switches
Switches are more often found on larger networks, where they're used instead of bridges or
routers. On a switched network, computers are connected to individual workgroup switches,
which are in turn connected to a high-performance backbone switch. As a result, any computer
on the network can open a dedicated channel to any other computer, even when the data path
runs through several switches.

The problem with replacing all of the routers on a large internetwork with switches is that you
create one huge broadcast domain instead of several small ones. Switches relay every
broadcast generated by a computer anywhere on the network to every other computer, which
increases the number of unnecessary packets processed by each system. There are several
technologies that address this problem, such as the following:

 Virtual LANs (VLANs).  With a virtual LAN you can create subnets on a switched
network that exist only in the switches themselves. When a computer on a particular
subnet transmits a broadcast message, the packet goes only to the computers in that
subnet, rather than being propagated throughout the entire network.
 Layer 3 switching.  Layer 3 switching is a variation on the VLAN concept that
minimizes the amount of routing needed between the VLANs. When communication
between systems on different VLANs is required, a router establishes a connection
between the systems and then the switches take over. Routing occurs only when
absolutely necessary.

Switch Types
There are two basic types of switches: cut-through and store-and-forward. Cut-through
switch forwards packets immediately by reading the destination address from their data-link
layer protocol headers as soon as they're received and relaying the packets out through the
appropriate port with no additional processing. This is called matrix switching or crossbar
switching.

A store-and-forward switch waits until an entire packet arrives before forwarding it to its
destination. While the packet is stored in the switch's memory buffers, the switch takes the
opportunity to verify the data by performing a cyclical redundancy check (CRC). The switch also
checks for other problems peculiar to the data-link layer protocol involved, which may result in
malformed frames—commonly known as runts, giants, and a condition called jabber.
Routing
A router connects two networks together, forming an internetwork. This means that a router
can connect LANs that run completely different data-link layer protocols (such as Ethernet and
Token Ring). When a computer on a LAN wants to transmit data to a computer on another LAN,
the system sends its packets to a router on the local network and the router forwards them to
the destination network.

Routers and Gateways

The term router always refers to a hardware or software device that connects two LANs at
the network layer. In TCP/IP parlance, however, routers are often referred to using the term
gateway. Because routers operate at the network layer, packets arriving at the router travel
upward through the protocol stack to the network layer and once the router determines where to
send the packet, it passes the data down to a different network interface, which encapsulates it
within a new frame for transmission.

Packet Routing
A router forwards a packet based on the destination address in the network layer protocol
header, which specifies the packet's ultimate destination. A router has an internal table (called a
routing table) that contains information about the networks around it, and it uses this table to
determine where to send each packet.

When the packet has to pass through multiple networks on the way to its final destination,
each router that processes it is referred to as a hop. Routers often measure the efficiency of a
given path through the network by the number of hops required to reach the destination. One of
the primary functions of a router is to select the most efficient path to a destination based on the
data in its routing tables.

Routing to the Internet

In the Internet, thousands of LANs are connected together using many different kinds of
routers. To connect a LAN to the Internet, must install a router that can connect to an ISP using
any type of link, from a dial-up modem to Integrated Services Digital Network (ISDN) to a leased
line. The router is configured to forward all traffic not destined for the local network to the ISP,
which relays it to the Internet.

Understanding Routing Tables

The routing table is the heart of a router; without it, there's no way for the router to know
where to send the packets it receives.

The process of building the routing table can still be either manual or automatic. Static
routing is the process of creating routing table entries manually. A network administrator
decides what the router should do when it receives packets addressed to systems on a
particular network and adds entries to the routing table that reflect these decisions.
 The alternative to static routing is dynamic routing, in which routers use specialized protocols
to exchange information about themselves and the networks around them. Routers have direct
information about the LANs to which they are connected, and they use routing protocols to send
that information to other routers.

Routing Metrics
Part of a router's function is to select the most efficient route to each packet's destination.
When multiple routes to a particular destination exist, routers include all of them in their routing
tables, along with a value called a metric that specifies the relative efficiency of each route. The
nature of the metric depends on the routing protocol used to generate it.