Networking Today

Common Types of Networks

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Common Types of Networks
Networks of Many Sizes
• Small Home Networks – connect a few
computers to each other and the Internet
• Small Office/Home Office – enables
computer within a home or remote office
to connect to a corporate network
Small Home SOHO • Medium to Large Networks – many
locations with hundreds or thousands of
interconnected computers
• World Wide Networks – connects
hundreds of millions of computers world-
wide – such as the internet

Medium/Large World Wide

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Common Types of Networks
LANs and WANs
Network infrastructures vary greatly in
terms of:
• Size of the area covered
• Number of users connected
• Number and types of services
available
• Area of responsibility

Two most common types of networks:

• Local Area Network (LAN)
• Wide Area Network (WAN).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Common Types of Networks
LANs and WANs (cont.)
A LAN is a network infrastructure that spans
a small geographical area.
LAN
Interconnect end devices in a limited area.
Administered by a single organization or
individual.
Provide high-speed bandwidth to internal
devices.
A WAN is a network infrastructure that spans
a wide geographical area.
WAN
Interconnect LANs over wide geographical areas.
Typically administered by one or more service
providers.
Typically provide slower speed links between LANs.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Common Types of Networks
The Internet
The internet is a worldwide collection of
interconnected LANs and WANs.
• LANs are connected to each other using
WANs.
• WANs may use copper wires, fiber optic
cables, and wireless transmissions.
The internet is not owned by any individual
or group. The following groups were
developed to help maintain structure on
the internet:
• IETF
• ICANN
• IAB
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Common Types of Networks
Intranets and Extranets

An intranet is a private collection of LANs

and WANs internal to an organization that
is meant to be accessible only to the
organizations members or others with
authorization.
An organization might use an extranet to
provide secure access to their network for
individuals who work for a different
organization that need access to their
data on their network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Internet Connections

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Internet Connections
Home and Small Office Internet Connections
Connection Description

Cable high bandwidth, always on, internet

offered by cable television service
providers.

DSL high bandwidth, always on, internet

connection that runs over a
telephone line.
Cellular uses a cell phone network to connect
to the internet.

Satellite major benefit to rural areas without

Internet Service Providers.
Dial-up an inexpensive, low bandwidth
telephone option using a modem.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Internet Connections
Businesses Internet Connections
Corporate business connections may Type of Description
require: Connection
Dedicated These are reserved circuits within
• higher bandwidth Leased Line the service provider’s network that
• dedicated connections connect distant offices with private
voice and/or data networking.
• managed services
Ethernet This extends LAN access technology
WAN into the WAN.

DSL Business DSL is available in various

formats including Symmetric Digital
Subscriber Lines (SDSL).

Satellite This can provide a connection when

a wired solution is not available.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Protocols

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Protocols
Network Protocol Overview
Network protocols define a
Protocol Type Description
common set of rules.
• Can be implemented on
devices in: Network enable two or more devices to communicate over
Communications one or more networks
• Software
• Hardware Network Security secure data to provide authentication, data
integrity, and data encryption
• Both
• Protocols have their own: Routing enable routers to exchange route information,
compare path information, and select best path
• Function
• Format Service used for the automatic detection of devices or
• Rules Discovery services

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Reference Models

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Reference Models
The Benefits of Using a Layered Model
Complex concepts such as how a
network operates can be difficult to
explain and understand. For this
reason, a layered model is used.
Two layered models describe network
operations:
• Open System Interconnection (OSI)
Reference Model
• TCP/IP Reference Model

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Reference Models
The OSI Reference Model
OSI Model Layer Description
7 - Application Contains protocols used for process-to-process communications.
Provides for common representation of the data transferred between application
6 - Presentation
layer services.

5 - Session Provides services to the presentation layer and to manage data exchange.

Defines services to segment, transfer, and reassemble the data for individual
4 - Transport
communications.

3 - Network Provides services to exchange the individual pieces of data over the network.

2 - Data Link Describes methods for exchanging data frames over a common media.

1 - Physical Describes the means to activate, maintain, and de-activate physical connections.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Reference Models
The TCP/IP Reference Model
TCP/IP Model
Description
Layer
Application Represents data to the user, plus encoding and dialog control.

Transport Supports communication between various devices across diverse networks.

Internet Determines the best path through the network.

Network Access Controls the hardware devices and media that make up the network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Reference Models
OSI and TCP/IP Model Comparison

• The OSI model divides the network

access layer and the application
layer of the TCP/IP model into
multiple layers.
• The TCP/IP protocol suite does not
specify which protocols to use when
transmitting over a physical medium.
• OSI Layers 1 and 2 discuss the
necessary procedures to access the
media and the physical means to
send data over a network.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Data Encapsulation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Data Encapsulation
Encapsulation is the process where protocols
Protocol Data Units add their information to the data.
• At each stage of the process, a PDU has a
different name to reflect its new functions.
• There is no universal naming convention for
PDUs, in this course, the PDUs are named
according to the protocols of the TCP/IP
suite.
• PDUs passing down the stack are as
follows:
1. Data (Data Stream)
2. Segment
3. Packet
4. Frame
5. Bits (Bit Stream)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Data Encapsulation
Encapsulation Example
• Encapsulation is a top down
process.
• The level above does its
process and then passes it
down to the next level of the
model. This process is
repeated by each layer until
it is sent out as a bit stream.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Data Encapsulation
De-encapsulation Example
• Data is de-encapsulated as it moves up
the stack.
• When a layer completes its process,
that layer strips off its header and
passes it up to the next level to be
processed. This is repeated at each
layer until it is a data stream that the
application can process.
1. Received as Bits (Bit Stream)
2. Frame
3. Packet
4. Segment
5. Data (Data Stream)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Application, Presentation, and
Session Layers

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Application, Presentation, and Session
Application Layer
• The upper three layers of the OSI model
(application, presentation, and session)
define functions of the TCP/IP application
layer.
• The application layer provides the
interface between the applications used
to communicate, and the underlying
network over which messages are
transmitted.
• Some of the most widely known
application layer protocols include HTTP,
FTP, TFTP, IMAP and DNS.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Application, Presentation, and Session
Presentation and Session Layer
The presentation layer has three primary functions:
• Formatting, or presenting, data at the source
device into a compatible format for receipt by
the destination device
• Compressing data in a way that can be
decompressed by the destination device
• Encrypting data for transmission and
decrypting data upon receipt
The session layer functions:
• It creates and maintains dialogs between
source and destination applications.
• It handles the exchange of information to
initiate dialogs, keep them active, and to
restart sessions that are disrupted or idle for
a long period of time.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Protocol Suites
TCP/IP Protocol Suite
• TCP/IP is the protocol suite used by
the internet and includes many
protocols.

• TCP/IP is:

• An open standard protocol suite

that is freely available to the public
and can be used by any vendor
• A standards-based protocol suite
that is endorsed by the networking
industry and approved by a
standards organization to ensure
interoperability

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Application, Presentation, and Session
TCP/IP Application Layer Protocols
• The TCP/IP application protocols specify the format and control information necessary for
many common internet communication functions.
• Application layer protocols are used by both the source and destination devices during a
communication session.
• For the communications to be successful, the application layer protocols that are implemented
on the source and destination host must be compatible.

Name System Host Config Web

DNS - Domain Name System
(or Service)
• TCP, UDP client 53
• Translates domain names,
such as cisco.com, into IP
addresses.
DHCP - Dynamic Host HTTP - Hypertext Transfer
Configuration Protocol Protocol
• UDP client 68, server 67 • TCP 80, 8080
• Dynamically assigns IP • A set of rules for exchanging
addresses to be re-used text, graphic images, sound,
when no longer needed video, and other multimedia
files on the World Wide Web
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Transport Layer

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Transportation of Data
Role of the Transport Layer
The transport layer is:
• responsible for logical
communications between
applications running on
different hosts.
• The link between the
application layer and the
lower layers that are
responsible for network
transmission.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Transportation of Data
Transport Layer Responsibilities
The transport layer has the following
responsibilities:
• Tracking individual conversations
• Segmenting data and reassembling
segments
• Adds header information
• Identify, separate, and manage
multiple conversations
• Uses segmentation and
multiplexing to enable different
communication conversations to be
interleaved on the same network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Transportation of Data
Transport Layer Protocols

• IP does not specify how the

delivery or transportation of the
packets takes place.
• Transport layer protocols
specify how to transfer
messages between hosts, and
are responsible for managing
reliability requirements of a
conversation.
• The transport layer includes the
TCP and UDP protocols.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Transportation of Data
Transmission Control Protocol

TCP provides reliability and flow

control. TCP basic operations:
• Number and track data segments
transmitted to a specific host from
a specific application
• Acknowledge received data
• Retransmit any unacknowledged
data after a certain amount of
time
• Sequence data that might arrive
in wrong order
• Send data at an efficient rate that
is acceptable by the receiver

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Transportation of Data
User Datagram Protocol (UDP)

UDP provides the basic functions

for delivering datagrams between
the appropriate applications, with
very little overhead and data
checking.
• UDP is a connectionless
protocol.
• UDP is known as a best-effort
delivery protocol because
there is no acknowledgment
that the data is received at the
destination.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Transportation of Data
The Right Transport Layer Protocol for the Right Application

UDP is also used by request-and-

reply applications where the data is
minimal, and retransmission can be
done quickly.

If it is important that all the data

arrives and that it can be processed
in its proper sequence, TCP is used
as the transport protocol.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
TCP Overview

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
TCP Overview
TCP Features
▪ Establishes a Session - TCP is a connection-oriented protocol that negotiates and
establishes a permanent connection (or session) between source and destination devices
prior to forwarding any traffic.
▪ Ensures Reliable Delivery - For many reasons, it is possible for a segment to become
corrupted or lost completely, as it is transmitted over the network. TCP ensures that each
segment that is sent by the source arrives at the destination.
▪ Provides Same-Order Delivery - Because networks may provide multiple routes that can
have different transmission rates, data can arrive in the wrong order.
▪ Supports Flow Control - Network hosts have limited resources (i.e., memory and
processing power). When TCP is aware that these resources are overtaxed, it can request
that the sending application reduce the rate of data flow.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
TCP Overview
TCP Header
TCP is a stateful protocol which
means it keeps track of the state
of the communication session.

TCP records which information it

has sent, and which information
has been acknowledged.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
TCP Overview
TCP Header Fields
TCP Header Field Description
Source Port A 16-bit field used to identify the source application by port number.
Destination Port A 16-bit field used to identify the destination application by port number.
Sequence Number A 32-bit field used for data reassembly purposes.
A 32-bit field used to indicate that data has been received and the next byte expected from
Acknowledgment Number
the source.

Header Length A 4-bit field known as ʺdata offsetʺ that indicates the length of the TCP segment header.

Reserved A 6-bit field that is reserved for future use.

A 6-bit field used that includes bit codes, or flags, which indicate the purpose and function
Control bits
of the TCP segment.
Window size A 16-bit field used to indicate the number of bytes that can be accepted at one time.
Checksum A 16-bit field used for error checking of the segment header and data.
Urgent A 16-bit field used to indicate if the contained data is urgent.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
TCP Overview
Applications that use TCP

TCP handles all tasks associated

with dividing the data stream into
segments, providing reliability,
controlling data flow, and reordering
segments.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
UDP Overview

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
UDP Overview
UDP Features
UDP features include the following:
• Data is reconstructed in the order that it is received.
• Any segments that are lost are not resent.
• There is no session establishment.
• The sending is not informed about resource availability.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
UDP Overview
UDP Header
The UDP header is far simpler than the TCP header because it only has
four fields and requires 8 bytes (i.e. 64 bits).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
UDP Overview
UDP Header Fields
The table identifies and describes the four fields in a UDP header.

UDP Header Field Description

Source Port A 16-bit field used to identify the source application by port number.

Destination Port A 16-bit field used to identify the destination application by port number.

Length A 16-bit field that indicates the length of the UDP datagram header.

Checksum A 16-bit field used for error checking of the datagram header and data.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
UDP Overview
Applications that use UDP
▪ Live video and multimedia applications - These
applications can tolerate some data loss but
require little or no delay. Examples include VoIP
and live streaming video.
▪ Simple request and reply applications -
Applications with simple transactions where a
host sends a request and may or may not receive
a reply. Examples include DNS and DHCP.
▪ Applications that handle reliability themselves -
Unidirectional communications where flow
control, error detection, acknowledgments, and
error recovery is not required, or can be handled
by the application. Examples include SNMP and
TFTP.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Port Numbers

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Port Numbers
Multiple Separate Communications
TCP and UDP transport layer protocols use port numbers to manage multiple, simultaneous
conversations.

The source port number is associated with the originating application on the local host
whereas the destination port number is associated with the destination application on the
remote host.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Port Numbers
Port Number Groups
Port Group Number Range Description

•These port numbers are reserved for common or popular services and
applications such as web browsers, email clients, and remote access
Well-known
0 to 1,023 clients.
Ports
•Defined well-known ports for common server applications enables clients
to easily identify the associated service required.
•These port numbers are assigned by IANA to a requesting entity to use
with specific processes or applications.
•These processes are primarily individual applications that a user has
Registered
1,024 to 49,151 chosen to install, rather than common applications that would receive a
Ports
well-known port number.
•For example, Cisco has registered port 1812 for its RADIUS server
authentication process.
•These ports are also known as ephemeral ports.
Private and/or •The client’s OS usually assign port numbers dynamically when a
Dynamic 49,152 to 65,535 connection to a service is initiated.
Ports •The dynamic port is then used to identify the client application during
communication.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Port Numbers
Port Number Groups (Cont.)
Well-Known Port Numbers
Port Number Protocol Application
20 TCP File Transfer Protocol (FTP) - Data
21 TCP File Transfer Protocol (FTP) - Control
22 TCP Secure Shell (SSH)
23 TCP Telnet
25 TCP Simple Mail Transfer Protocol (SMTP)
53 UDP, TCP Domain Name Service (DNS)
67 UDP Dynamic Host Configuration Protocol (DHCP) - Server
68 UDP Dynamic Host Configuration Protocol - Client
69 UDP Trivial File Transfer Protocol (TFTP)
80 TCP Hypertext Transfer Protocol (HTTP)
110 TCP Post Office Protocol version 3 (POP3)
143 TCP Internet Message Access Protocol (IMAP)
161 UDP Simple Network Management Protocol (SNMP)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
443 TCP Hypertext Transfer Protocol Secure (HTTPS)
Port Numbers
The netstat Command
Unexplained TCP connections can pose a major security threat. Netstat is
an important tool to verify connections.

C:\> netstat
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.124:3126 192.168.0.2:netbios-ssn ESTABLISHED
TCP 192.168.1.124:3158 207.138.126.152:http ESTABLISHED
TCP 192.168.1.124:3159 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3160 207.138.126.169:http ESTABLISHED
TCP 192.168.1.124:3161 sc.msn.com:http ESTABLISHED
TCP 192.168.1.124:3166 www.cisco.com:http ESTABLISHED

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
TCP Communication Process

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
TCP Communication Process
TCP Server Processes
Each application process running on a server is
configured to use a port number.
• An individual server cannot have two
services assigned to the same port number
within the same transport layer services.
• An active server application assigned to a
specific port is considered open, which
means that the transport layer accepts, and
processes segments addressed to that
port.
• Any incoming client request addressed to
the correct socket is accepted, and the data
is passed to the server application.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
TCP Communication Process
TCP Connection Establishment
Step 1: The initiating client requests a client-
to-server communication session with the
server.

Step 2: The server acknowledges the client-

to-server communication session and
requests a server-to-client communication
session.

Step 3: The initiating client acknowledges

the server-to-client communication session.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
TCP Communication Process
Session Termination

Step 1: When the client has no more data

to send in the stream, it sends a segment
with the FIN flag set.
Step 2: The server sends an ACK to
acknowledge the receipt of the FIN to
terminate the session from client to server.
Step 3: The server sends a FIN to the client
to terminate the server-to-client session.
Step 4: The client responds with an ACK to
acknowledge the FIN from the server.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Reliability and Flow Control
TCP Reliability- Guaranteed and Ordered Delivery

• TCP can also help maintain the flow

of packets so that devices do not
become overloaded.
• There may be times when TCP
segments do not arrive at their
destination or arrive out of order.
• All the data must be received and the
data in these segments must be
reassembled into the original order.
• Sequence numbers are assigned in
the header of each packet to achieve
this goal.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
UDP Communication

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
UDP Communication
UDP Datagram Reassembly

• UDP does not track

sequence numbers the way
TCP does.
• UDP has no way to reorder
the datagrams into their
transmission order.
• UDP simply reassembles the
data in the order that it was
received and forwards it to
the application.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
UDP Communication
UDP Client Processes

• The UDP client process

dynamically selects a port number
from the range of port numbers
and uses this as the source port
for the conversation.
• The destination port is usually the
well-known or registered port
number assigned to the server
process.
• After a client has selected the
source and destination ports, the
same pair of ports are used in the
header of all datagrams in the
transaction.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Network Layer

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
Network Layer Characteristics
The Network Layer
• Provides services to allow end devices to exchange
data
• IP version 4 (IPv4) and IP version 6 (IPv6) are the
principle network layer communication protocols.
• The network layer performs four basic operations:
• Addressing end devices
• Encapsulation
• Routing
• De-encapsulation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Network Layer Characteristics
IP Encapsulation
• IP encapsulates the transport layer
segment.
• IP can use either an IPv4 or IPv6
packet and not impact the layer 4
segment.
• IP packet will be examined by all
layer 3 devices as it traverses the
network.
• The IP addressing does not change
from source to destination.
Note: NAT will change addressing,
but will be discussed in a later
module.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
Network Layer Characteristics
Characteristics of IP
IP is meant to have low overhead and may be described as:
• Connectionless
• Best Effort
• Media Independent

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
IPv4 Packet

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
IPv4 Packet
IPv4 Packet Header Fields
The IPv4 network header characteristics:
• It is in binary.
• Contains several fields of information
• Diagram is read from left to right, 4 bytes per
line
• The two most important fields are the source
and destination.

Protocols may have may have one or more

functions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
IPv4 Packet
IPv4 Packet Header Fields
Significant fields in the IPv4 header:

Function Description
Version This will be for v4, as opposed to v6, a 4 bit field= 0100

Differentiated Services Used for QoS: DiffServ – DS field or the older IntServ – ToS or Type of Service

Header Checksum Detect corruption in the IPv4 header

Time to Live (TTL) Layer 3 hop count. When it becomes zero the router will discard the packet.
Protocol I.D.s next level protocol: ICMP, TCP, UDP, etc.

Source IPv4 Address 32 bit source address

Destination IPV4 Address 32 bit destination address

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
IPv6 Packets

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
IPv6 Packets
Limitations of IPv4
IPv4 has three major limitations:
• IPv4 address depletion – We have basically run out of IPv4 addressing.
• Lack of end-to-end connectivity – To make IPv4 survive this long, private addressing and
NAT were created. This ended direct communications with public addressing.
• Increased network complexity – NAT was meant as temporary solution and creates
issues on the network as a side effect of manipulating the network headers addressing.
NAT causes latency and troubleshooting issues.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
IPv6 Packets
IPv6 Overview
• IPv6 was developed by Internet
Engineering Task Force (IETF).

• IPv6 overcomes the limitations of IPv4.

• Improvements that IPv6 provides:

• Increased address space – based on
128 bit address, not 32 bits
• Improved packet handling –
simplified header with fewer fields
• Eliminates the need for NAT – since
there is a huge amount of addressing,
there is no need to use private
addressing internally and be mapped to
a shared public address

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
IPv6 Packets
IPv4 Packet Header Fields in the IPv6 Packet Header
• The IPv6 header is simplified,
but not smaller.
• The header is fixed at 40 Bytes
or octets long.
• Several IPv4 fields were
removed to improve
performance.
• Some IPv4 fields were removed
to improve performance:
• Flag
• Fragment Offset
• Header Checksum
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
IPv6 Packets
IPv6 Packet Header
Significant fields in the IPv4 header:

Function Description
Version This will be for v6, as opposed to v4, a 4 bit field= 0110

Traffic Class Used for QoS: Equivalent to DiffServ – DS field

Flow Label Informs device to handle identical flow labels the same way, 20 bit field

Payload Length This 16-bit field indicates the length of the data portion or payload of the IPv6
packet
Next Header I.D.s next level protocol: ICMP, TCP, UDP, etc.

Hop Limit Replaces TTL field Layer 3 hop count

Source IPv4 Address 128 bit source address

Destination IPV4 Address 128 bit destination address
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
IPv6 Packets
IPv6 Packet Header (Cont.)
IPv6 packet may also contain extension headers (EH).
EH headers characteristics:
• provide optional network layer information

• are optional

• are placed between IPv6 header and the payload

• may be used for fragmentation, security, mobility support, etc.

Note: Unlike IPv4, routers do not fragment IPv6 packets.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
IPv4 Addressing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
Types of IPv4 Addresses
Legacy Classful Addressing
RFC 790 (1981) allocated IPv4 addresses
in classes
• Class A (0.0.0.0/8 to 127.0.0.0/8)
• Class B (128.0.0.0 /16 – 191.255.0.0 /16)
• Class C (192.0.0.0 /24 – 223.255.255.0 /24)
• Class D (224.0.0.0 to 239.0.0.0)
• Class E (240.0.0.0 – 255.0.0.0)

• Classful addressing wasted many IPv4

addresses.

Classful address allocation was replaced with

classless addressing which ignores the rules of
classes (A, B, C).
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
IPv4 Address Structure
Network and Host Portions
• An IPv4 address is a 32-bit hierarchical address that is made up of a network portion
and a host portion.

• When determining the network portion versus the host portion, you must look at the
32-bit stream.
• A subnet mask is used to determine the network and host portions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
IPv4 Address Structure
The Subnet Mask
• To identify the network and host portions of an IPv4 address, the subnet mask is
compared to the IPv4 address bit for bit, from left to right.

• The actual process used to

identify the network and
host portions is called
ANDing.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 73
IPv4 Address Structure
Determining the Network: Logical AND
• A logical AND Boolean operation is used in determining the network address.
• Logical AND is the comparison of two bits where only a 1 AND 1 produces a 1 and any other
combination results in a 0.
• 1 AND 1 = 1, 0 AND 1 = 0, 1 AND 0 = 0, 0 AND 0 = 0
• 1 = True and 0 = False

• To identify the network address, the

host IPv4 address is logically
ANDed, bit by bit, with the subnet
mask to identify the network
address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
IPv4 Unicast, Broadcast, and Multicast
Unicast
• Unicast transmission is sending a packet to one destination IP address.

• For example, the PC at 172.16.4.1 sends a unicast packet to the printer at

172.16.4.253.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
IPv4 Unicast, Broadcast, and Multicast
Broadcast
• Broadcast transmission is sending a packet to all other destination IP addresses.

• For example, the PC at 172.16.4.1 sends a broadcast packet to all IPv4 hosts.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76
IPv4 Unicast, Broadcast, and Multicast
Multicast
• Multicast transmission is sending a packet to a multicast address group.

• For example, the PC at 172.16.4.1 sends a multicast packet to the multicast group
address 224.10.10.5.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 77
Types of IPv4 Addresses

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 78
Types of IPv4 Addresses
Public and Private IPv4 Addresses
• As defined in in RFC 1918, public IPv4 addresses are globally routed between
internet service provider (ISP) routers.

• Private addresses are common blocks of Network Address

RFC 1918 Private Address Range
addresses used by most organizations to and Prefix
assign IPv4 addresses to internal hosts. 10.0.0.0/8 10.0.0.0 - 10.255.255.255

172.16.0.0/12 172.16.0.0 - 172.31.255.255

• Private IPv4 addresses are not unique
and can be used internally within any 192.168.0.0/16 192.168.0.0 - 192.168.255.255

network.

• However, private addresses are not globally routable.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 79
Types of IPv4 Addresses
Special Use IPv4 Addresses
Loopback addresses
• 127.0.0.0 /8 (127.0.0.1 to 127.255.255.254)
• Commonly identified as only 127.0.0.1
• Used on a host to test if TCP/IP is operational.

Link-Local addresses
• 169.254.0.0 /16 (169.254.0.1 to 169.254.255.254)
• Commonly known as the Automatic Private IP Addressing (APIPA) addresses or self-
assigned addresses.
• Used by Windows DHCP clients to self-configure when no DHCP servers are
available.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 80
Network Segmentation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 81
Network Segmentation
Problems with Large Broadcast Domains
• A problem with a large broadcast domain is
that these hosts can generate excessive
broadcasts and negatively affect the network.

• The solution is to reduce the size of the

network to create smaller broadcast domains in
a process called subnetting.

• Dividing the network address 172.16.0.0 /16

into two subnets of 200 users each: 172.16.0.0
/24 and 172.16.1.0 /24.
• Broadcasts are only propagated within the
smaller broadcast domains.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 82
Network Segmentation
Reasons for Segmenting Networks
• Subnetting reduces overall network traffic and improves network performance.
• It can be used to implement security policies between subnets.
• Subnetting reduces the number of devices affected by abnormal broadcast traffic.

• Subnets are used for a variety of reasons including by:

Location Group or Function Device Type

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 83
VLSM

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 84
VLSM
IPv4 Address Conservation
Given the topology, 7 subnets are required (i.e, four LANs and three WAN links) and the
largest number of host is in Building D with 28 hosts.

• A /27 mask would provide 8 subnets of 30 host IP addresses and therefore support
this topology.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 85
VLSM
IPv4 Address Conservation (Cont.)
However, the point-to-point WAN links only require two addresses
and therefore waste 28 addresses each for a total of 84 unused
addresses.

• Applying a traditional subnetting scheme to this scenario is not very efficient and is
wasteful.

• VLSM was developed to avoid wasting addresses by enabling us to subnet a subnet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 86
VLSM
VLSM
• The left side displays the traditional subnetting scheme
(i.e., the same subnet mask) while the right side
illustrates how VLSM can be used to subnet a subnet
and divided the last subnet into eight /30 subnets.

• When using VLSM, always begin by satisfying the host

requirements of the largest subnet and continue
subnetting until the host requirements of the smallest
subnet are satisfied.

• The resulting topology with VLSM applied.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 87
VLSM
VLSM Topology Address Assignment
• Using VLSM subnets, the LAN and inter-router networks can be addressed without
unnecessary waste as shown in the logical topology diagram.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 88
IPv6 Addressing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 89
IPv6 Address Representation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 90
IPv6 Address Representation
IPv6 Addressing Formats
• IPv6 addresses are 128 bits in length and written in hexadecimal.
• IPv6 addresses are not case-sensitive and can be written in either lowercase or
uppercase.
• The preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x”
consisting of four hexadecimal values.
• In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or four
hexadecimal values.
• Examples of IPv6 addresses in the preferred format:
2001:0db8:0000:1111:0000:0000:0000:0200
2001:0db8:0000:00a3:abcd:0000:0000:1234

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 91
IPv6 Address Representation
Rule 1 – Omit Leading Zero
The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s
(zeros).
Examples:
• 01ab can be represented as 1ab
• 09f0 can be represented as 9f0
• 0a00 can be represented as a00
• 00ab can be represented as ab

Note: This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address
would be ambiguous.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
No leading zeros 2001 : db8 : 0 : 1111 : 0 : 0 : 0 : 200

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 92
IPv6 Address Representation
Rule 2 – Double Colon
A double colon (::) can replace any single, contiguous string of one or more
16-bit hextets consisting of all zeros.
Example:
• 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1

Note: The double colon (::) can only be used once within an address, otherwise there would be
more than one possible resulting address.

Type Format
Preferred 2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
Compressed 2001:db8:0:1111::200

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 93
IPv6 Address Types

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 94
IPv6 Address Types
Unicast, Multicast, Anycast

There are three broad categories of IPv6 addresses:

• Unicast – Unicast uniquely identifies an interface on an IPv6-enabled device.
• Multicast – Multicast is used to send a single IPv6 packet to multiple destinations.
• Anycast – This is any IPv6 unicast address that can be assigned to multiple devices.
A packet sent to an anycast address is routed to the nearest device having that
address.

Note: Unlike IPv4, IPv6 does not have a broadcast address. However, there is an IPv6
all-nodes multicast address that essentially gives the same result.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 95
IPv6 Address Types
IPv6 Prefix Length

Prefix length is represented in slash notation and is used to indicate the network portion of
an IPv6 address.
The IPv6 prefix length can range from 0 to 128. The recommended IPv6 prefix length for
LANs and most other types of networks is /64.

Note: It is strongly recommended to use a 64-bit Interface ID for most networks. This is because
stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes
subnetting easier to create and manage.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 96
IPv6 Address Types
Types of IPv6 Unicast Addresses

Unlike IPv4 devices that have only a single

address, IPv6 addresses typically have two
unicast addresses:

• Global Unicast Address (GUA) – This is

similar to a public IPv4 address. These are
globally unique, internet-routable addresses.
• Link-local Address (LLA) - Required for
every IPv6-enabled device and used to
communicate with other devices on the same
local link. LLAs are not routable and are
confined to a single link.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 97
IPv6 Address Types
A Note About the Unique Local Address
The IPv6 unique local addresses (range fc00::/7 to fdff::/7) have some
similarity to RFC 1918 private addresses for IPv4, but there are significant
differences:
• Unique local addresses are used for local addressing within a site or between a
limited number of sites.
• Unique local addresses can be used for devices that will never need to access
another network.
• Unique local addresses are not globally routed or translated to a global IPv6
address.

Note: Many sites use the private nature of RFC 1918 addresses to attempt to
secure or hide their network from potential security risks. This was never the
intended use of ULAs.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 98
IPv6 Address Types
IPv6 GUA

IPv6 global unicast addresses (GUAs) are globally unique and routable on the IPv6
internet.
• Currently, only GUAs with the first three bits of 001 or 2000::/3 are being assigned.

• Currently available GUAs begins with a decimal 2 or a 3 (This is only 1/8th of the total
available IPv6 address space).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 99
IPv6 Address Types
IPv6 GUA Structure
Global Routing Prefix:
• The global routing prefix is the prefix, or network, portion of the address that is
assigned by the provider, such as an ISP, to a customer or site. The global routing
prefix will vary depending on ISP policies.
Subnet ID:
• The Subnet ID field is the area between the Global Routing Prefix and the
Interface ID. The Subnet ID is used by an organization to identify subnets within
its site.
Interface ID:
• The IPv6 interface ID is equivalent to the host portion of an IPv4 address. It is
strongly recommended that in most cases /64 subnets should be used, which
creates a 64-bit interface ID.
Note: IPv6 allows the all-0s and all-1s host addresses can be assigned to a device. The all-0s address is
reserved as a Subnet-Router anycast address, and should be assigned only to routers.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 100
IPv6 Address Types
IPv6 LLA
An IPv6 link-local address (LLA) enables a device to communicate with other IPv6-
enabled devices on the same link and only on that link (subnet).
• Packets with a source or destination LLA cannot be routed.

• Every IPv6-enabled network interface must have an LLA.

• If an LLA is not configured manually on an interface, the device will automatically create one.

• IPv6 LLAs are in the fe80::/10 range.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 101
Data Link Layer

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 102
Purpose of the Data Link Layer
The Data Link Layer
• The Data Link layer is responsible for
communications between end-device
network interface cards.
• It allows upper layer protocols to access
the physical layer media and
encapsulates Layer 3 packets (IPv4
and IPv6) into Layer 2 Frames.
• It also performs error detection and
rejects corrupts frames.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 103
Purpose of the Data Link Layer
Providing Access to Media
Packets exchanged between nodes may experience numerous data
link layers and media transitions.

At each hop along the path, a router performs four basic Layer 2
functions:
• Accepts a frame from the network medium.
• De-encapsulates the frame to expose the encapsulated packet.
• Re-encapsulates the packet into a new frame.
• Forwards the new frame on the medium of the next network segment.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 104
Data Link Frame

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 105
Data Link Frame
The Frame
Data is encapsulated by the data link layer with a header and a trailer to form a frame.
A data link frame has three parts:
• Header
• Data
• Trailer
The fields of the header and trailer vary according to data link layer protocol.

The amount of control information carried with in the frame varies according to access
control information and logical topology.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 106
Data Link Frame
Frame Fields

Field Description
Frame Start and Stop Identifies beginning and end of frame
Addressing Indicates source and destination nodes
Type Identifies encapsulated Layer 3 protocol
Control Identifies flow control services
Data Contains the frame payload
Error Detection Used for determine transmission errors

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 107
Ethernet Frames

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 108
Ethernet Frames
Ethernet Frame Fields
• The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes. The
preamble field is not included when describing the size of the frame.
• Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame”
and is automatically discarded. Frames with more than 1500 bytes of data are considered
“jumbo” or “baby giant frames”.
• If the size of a transmitted frame is less than the minimum, or greater than the maximum,
the receiving device drops the frame. Dropped frames are likely to be the result of
collisions or other unwanted signals. They are considered invalid. Jumbo frames are
usually supported by most Fast Ethernet and Gigabit Ethernet switches and NICs.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 109
Ethernet MAC Address

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 110
Ethernet MAC Addresses
Ethernet MAC Address
• In an Ethernet LAN, every network device is connected to the same, shared media. MAC
addressing provides a method for device identification at the data link layer of the OSI
model.
• An Ethernet MAC address is a 48-bit address expressed using 12 hexadecimal digits.
Because a byte equals 8 bits, we can also say that a MAC address is 6 bytes in length.
• All MAC addresses must be unique to the Ethernet device or Ethernet interface. To ensure
this, all vendors that sell Ethernet devices must register with the IEEE to obtain a unique 6
hexadecimal (i.e., 24-bit or 3-byte) code called the organizationally unique identifier (OUI).
• An Ethernet MAC address consists of a 6 hexadecimal vendor OUI code followed by a 6
hexadecimal vendor-assigned value.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 111
Ethernet MAC Addresses
Frame Processing
• When a device is forwarding a message to an Ethernet
network, the Ethernet header include a Source MAC
address and a Destination MAC address.
• When a NIC receives an Ethernet frame, it examines the
destination MAC address to see if it matches the physical
MAC address that is stored in RAM. If there is no match, the
device discards the frame. If there is a match, it passes the
frame up the OSI layers, where the de-encapsulation
process takes place.
Note: Ethernet NICs will also accept frames if the destination MAC
address is a broadcast or a multicast group of which the host is a
member.
• Any device that is the source or destination of an Ethernet
frame, will have an Ethernet NIC and therefore, a MAC
address. This includes workstations, servers, printers,
mobile devices, and routers.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 112
Ethernet MAC Addresses
Unicast MAC Address
In Ethernet, different MAC addresses are
used for Layer 2 unicast, broadcast, and
multicast communications.
• A unicast MAC address is the unique
address that is used when a frame is sent
from a single transmitting device to a
single destination device.
• The process that a source host uses to
determine the destination MAC address
associated with an IPv4 address is known
as Address Resolution Protocol (ARP).
The process that a source host uses to
determine the destination MAC address
associated with an IPv6 address is known
as Neighbor Discovery (ND).
Note: The source MAC address must always
be a unicast.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 113
Ethernet MAC Addresses
Broadcast MAC Address
An Ethernet broadcast frame is received and
processed by every device on the Ethernet LAN.
The features of an Ethernet broadcast are as
follows:
• It has a destination MAC address of FF-FF-FF-
FF-FF-FF in hexadecimal (48 ones in binary).
• It is flooded out all Ethernet switch ports except
the incoming port. It is not forwarded by a
router.
• If the encapsulated data is an IPv4 broadcast
packet, this means the packet contains a
destination IPv4 address that has all ones (1s)
in the host portion. This numbering in the
address means that all hosts on that local
network (broadcast domain) will receive and
process the packet.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 114
Ethernet MAC Addresses
Multicast MAC Address
An Ethernet multicast frame is received and processed by a group of
devices that belong to the same multicast group.
• There is a destination MAC address of 01-00-5E when the
encapsulated data is an IPv4 multicast packet and a
destination MAC address of 33-33 when the encapsulated
data is an IPv6 multicast packet.
• There are other reserved multicast destination MAC
addresses for when the encapsulated data is not IP, such as
Spanning Tree Protocol (STP).
• It is flooded out all Ethernet switch ports except the incoming
port, unless the switch is configured for multicast snooping. It
is not forwarded by a router, unless the router is configured to
route multicast packets.
• Because multicast addresses represent a group of addresses
(sometimes called a host group), they can only be used as the
destination of a packet. The source will always be a unicast
address.
• As with the unicast and broadcast addresses, the multicast IP
address requires a corresponding multicast MAC address.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 115
Address Resolution

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 116
ARP
ARP Overview
A device uses ARP to determine the
destination MAC address of a local
device when it knows its IPv4 address.

ARP provides two basic functions:

• Resolving IPv4 addresses to MAC
addresses
• Maintaining an ARP table of IPv4
to MAC address mappings

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 117
ARP
ARP Functions
To send a frame, a device will search its ARP table for a destination IPv4 address and a
corresponding MAC address.
• If the packet’s destination IPv4 address is on the same network, the device will
search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network, the device will search the
ARP table for the IPv4 address of the default gateway.
• If the device locates the IPv4 address, its corresponding MAC address is used as the
destination MAC address in the frame.
• If there is no ARP table entry is found, then the device sends an ARP request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 118
ICMP

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 119
ICMP Messages

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 120
ICMP Messages
ICMPv4 and ICMPv6 Messages
• Internet Control Message Protocol (ICMP) provides feedback about issues related to the
processing of IP packets under certain conditions.
• ICMPv4 is the messaging protocol for IPv4. ICMPv6 is the messaging protocol for IPv6 and
includes additional functionality.
• The ICMP messages common to both ICMPv4 and ICMPv6 include:
• Host reachability
• Destination or Service Unreachable
• Time exceeded

Note: ICMPv4 messages are not required and are often not allowed within a network for
security reasons.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 121
ICMP Messages
Host Reachability
ICMP Echo Message can be used to
test the reachability of a host on an IP
network.
In the example:
• The local host sends an ICMP Echo
Request to a host.
• If the host is available, the
destination host responds with an
Echo Reply.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 122
ICMP Messages
Destination or Service Unreachable
• An ICMP Destination Unreachable message can be used to notify the source that a
destination or service is unreachable.
• The ICMP message will include a code indicating why the packet could not be delivered.

A few Destination Unreachable A few Destination Unreachable codes for

codes for ICMPv4 are as follows: ICMPv6 are as follows:
• 0 - Net unreachable • 0 - No route to destination
• 1 - Host unreachable • 1 - Communication with the destination is
administratively prohibited (e.g., firewall)
• 2 - Protocol unreachable
• 2 – Beyond scope of the source address
• 3 - Port unreachable
• 3 - Address unreachable
• 4 - Port unreachable

Note: ICMPv6 has similar but slightly different codes for Destination Unreachable messages.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 123
ICMP Messages
Time Exceeded
• When the Time to Live (TTL) field in a packet is decremented to 0, an ICMPv4 Time
Exceeded message will be sent to the source host.
• ICMPv6 also sends a Time Exceeded message. Instead of the IPv4 TTL field, ICMPv6 uses
the IPv6 Hop Limit field to determine if the packet has expired.

Note: Time Exceeded messages are used by the traceroute tool.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 124
ICMP Messages
ICMPv6 Messages
ICMPv6 has new features and improved functionality not found in ICMPv4, including four new
protocols as part of the Neighbor Discovery Protocol (ND or NDP).

Messaging between an IPv6 router and an
IPv6 device, including dynamic address
allocation are as follows:
• Router Solicitation (RS) message
• Router Advertisement (RA) message
Messaging between IPv6 devices, including
duplicate address detection and address
resolution are as follows:
• Neighbor Solicitation (NS) message
• Neighbor Advertisement (NA) message

Note: ICMPv6 ND also includes the redirect message, which has a similar function to the redirect
message used in ICMPv4.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 125
ICMP Messages
ICMPv6 Messages (Cont.)
• RA messages are sent by IPv6-enabled
routers every 200 seconds to provide
addressing information to IPv6-enabled
hosts.
• RA message can include addressing
information for the host such as the prefix,
prefix length, DNS address, and domain
name.

• A host using Stateless Address

Autoconfiguration (SLAAC) will set its
default gateway to the link-local address of
the router that sent the RA.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 126
ICMP Messages
ICMPv6 Messages (Cont.)
• An IPv6-enabled router will also send out
an RA message in response to an RS
message.
• In the figure, PC1 sends a RS message to
determine how to receive its IPv6 address
information dynamically.
• R1 replies to the RS with an RA message.
• PC1 sends an RS message, “Hi, I just booted up.
Is there an IPv6 router on the network? I need to
know how to get my IPv6 address information
dynamically.”
• R1 replies with an RA message. “Hi all IPv6-
enabled devices. I’m R1 and you can use SLAAC
to create an IPv6 global unicast address. The
prefix is 2001:db8:acad:1::/64. By the way, use my
link-local address fe80::1 as your default gateway."

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 127
ICMP Messages
ICMPv6 Messages (Cont.)
• A device assigned a global IPv6 unicast or
link-local unicast address, may perform
duplicate address detection (DAD) to
ensure that the IPv6 address is unique.
• To check the uniqueness of an address, the
device will send an NS message with its
own IPv6 address as the targeted IPv6
address.

• If another device on the network has this

address, it will respond with an NA
message notifying to the sending device Note: DAD is not required, but RFC 4861
that the address is in use. recommends that DAD is performed on
unicast addresses.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 128
ICMP Messages
ICMPv6 Messages (Cont.)
• To determine the MAC address for the
destination, the device will send an NS
message to the solicited node address.
• The message will include the known
(targeted) IPv6 address. The device that
has the targeted IPv6 address will
respond with an NA message containing
its Ethernet MAC address.
• In the figure, R1 sends a NS message to
2001:db8:acad:1::10 asking for its MAC
address.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 129
Ping and Traceroute Tests

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 130
Ping and Traceroute Tests
Ping – Test Connectivity
• The ping command is an IPv4 and IPv6 testing
utility that uses ICMP echo request and echo
reply messages to test connectivity between
hosts and provides a summary that includes the
success rate and average round-trip time to the
destination.

• If a reply is not received within the timeout, ping

provides a message indicating that a response
was not received.

• It is common for the first ping to timeout if address

resolution (ARP or ND) needs to be performed
before sending the ICMP Echo Request.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 131
Ping and Traceroute Tests
Ping the Loopback
Ping can be used to test the internal
configuration of IPv4 or IPv6 on the local
host. To do this, ping the local loopback
address of 127.0.0.1 for IPv4 (::1 for
IPv6).
• A response from 127.0.0.1 for IPv4, or
::1 for IPv6, indicates that IP is properly
installed on the host.
• An error message indicates that TCP/IP
is not operational on the host.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 132
Ping and Traceroute Tests
Ping the Default Gateway
The ping command can be used to test the
ability of a host to communicate on the local
network.

The default gateway address is most often used

because the router is normally always
operational.
• A successful ping to the default gateway
indicates that the host and the router
interface serving as the default gateway
are both operational on the local network.
• If the default gateway address does not
respond, a ping can be sent to the IP
address of another host on the local
network that is known to be operational.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 133
Ping and Traceroute Tests
Ping a Remote Host
Ping can also be used to test the ability of a
local host to communicate across an
internetwork.
A local host can ping a host on a remote
network. A successful ping across the
internetwork confirms communication on
the local network.

Note: Many network administrators limit or

prohibit the entry of ICMP messages therefore,
the lack of a ping response could be due to
security restrictions.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 134
Ping and Traceroute Tests
Traceroute – Test the Path
• Traceroute (tracert) is a utility that is used
to test the path between two hosts and
provide a list of hops that were
successfully reached along that path.
• Traceroute provides round-trip time for
each hop along the path and indicates if a
hop fails to respond. An asterisk (*) is
used to indicate a lost or unreplied
packet. Note: Traceroute makes use of a function of the
• This information can be used to locate a TTL field in IPv4 and the Hop Limit field in IPv6
problematic router in the path or may in the Layer 3 headers, along with the ICMP
indicate that the router is configured not to Time Exceeded message.
reply.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 135
Ping and Traceroute Tests
Traceroute – Test the Path (Cont.)
• The first message sent from traceroute will
have a TTL field value of 1. This causes the
TTL to time out at the first router. This router
then responds with a ICMPv4 Time
Exceeded message.
• Traceroute then progressively increments
the TTL field (2, 3, 4...) for each sequence
of messages. This provides the trace with
the address of each hop as the packets time
out further down the path.
• The TTL field continues to be increased until
the destination is reached, or it is
incremented to a predefined maximum.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 136