Chapter-3

3.1 Local Area Network Overview

LAN Applications (1)
 personal computer LANs
 low cost
 limited data rate
 back end networks
 interconnecting large systems (mainframes and large
storage devices)
• high data rate
• high speed interface
• distributed access
• limited distance
• limited number of devices 1
 LAN Applications (2)
 storage area networks (SANs)
 separate network handling storage needs
 detaches storage tasks from specific servers
 shared storage facility
• eg. hard disks, tape libraries, CD arrays
 accessed using a high-speed network
• eg. Fibre Channel
 improved client-server storage access
 direct storage to storage communication for backup

2
Storage Area Networks

3
 LAN Applications (3)
 high speed office networks
 desktop image processing
 high capacity local storage
 backbone LANs
 interconnect low speed local LANs
 reliability
 capacity
 cost

4
 LAN Architecture
 topologies
 transmission medium
 layout
 medium access control

5
LAN Topologies

6
 Bus and Tree
 used with multipoint medium
 transmission propagates throughout medium
 heard by all stations
 full duplex connection between station and tap
 allows for transmission and reception
 need to regulate transmission
 to avoid collisions and hogging
 terminator absorbs frames at end of medium
 tree a generalization of bus
 headend connected to branching cables
7
 Frame
Transmission
on Bus LAN

8
 Ring Topology
 a closed loop of repeaters joined by point to
point links
 receive data on one link & retransmit on another
 links unidirectional
 stations attach to repeaters
 data in frames
 circulate past all stations
 destination recognizes address and copies frame
 frame circulates back to source where it is removed
 media access control determines when a station
can insert frame
9
 Frame
Transmission
Ring LAN

10
 Star Topology
 each station connects to central node
 usually via two point to point links , one for
transmission and one for reception
 either central node can broadcast
 physical star, logical bus
 only one station can transmit at a time
 or central node can act as frame switch

11
 Choice of Topology
 reliability
 expandability
 performance
 needs considering in context of:
 medium
 wiring layout
 access control

12
 Bus LAN
Transmission Media (1)
 twisted pair
 early LANs used voice grade cable
 didn’t scale for fast LANs
 not used in bus LANs now
 baseband coaxial cable
 uses digital signalling
 original Ethernet

13
 Bus LAN
Transmission Media (2)
 broadband coaxial cable
 as in cable TV systems
 analog signals at radio frequencies
 expensive, hard to install and maintain
 no longer used in LANs
 optical fiber
 expensive taps
 better alternatives available
 not used in bus LANs
 less convenient compared to star topology
twisted pair
 coaxial baseband still used but not often in
new installations 14
 Ring and Star Usage
 ring
 very high speed links over long distances
 single link or repeater failure disables network
 star
 uses natural layout of wiring in building
 best for short distances
 high data rates for small number of devices

15
 Choice of Medium
 constrained by LAN topology
 capacity
 reliability
 types of data supported
 environmental scope

16
 Media Available
 Voice grade unshielded twisted pair (UTP)
 Cat 3 phone, cheap, low data rates
 Shielded twisted pair / baseband coaxial
 more expensive, higher data rates
 Broadband cable
 even more expensive, higher data rate
 High performance UTP
 Cat 5+, very high data rates, switched star topology
 Optical fibre
 security, high capacity, small size, high cost
17
LAN Protocol Architecture

18
 IEEE 802 Layers (1)
 Physical
 encoding/decoding of signals
 preamble generation/removal (for
synchronization)
 bit transmission/reception
 transmission medium and topology

19
 IEEE 802 Layers (2)
 Logical Link Control
 interface to higher levels
 flow and error control
 Media Access Control
 on transmit assemble data into frame
 on receive disassemble frame
 govern access to transmission medium
 for same LLC, may have several MAC options

20
LAN Protocols in Context

21
 Logical Link Control
 transmission of link level PDUs between
stations
 must support multiaccess, shared medium
 but MAC layer handles link access details
 addressing involves specifying source and
destination LLC users
 referred to as service access points (SAP)
 typically higher level protocol

22
 LLC Services
 based on HDLC
 unacknowledged connectionless service
 connection mode service
 acknowledged connectionless service

23
 LLC Protocol
 modeled after HDLC
 asynchronous balanced mode
 connection mode (type 2) LLC service
 unacknowledged connectionless service
 using unnumbered information PDUs (type 1)
 acknowledged connectionless service
 using 2 new unnumbered PDUs (type 3)
 permits multiplexing using LSAPs
24
MAC Frame Format

25
 Media Access Control
 where
 central
• greater control, single point of failure
 distributed
• more complex, but more redundant
 how
 synchronous
• capacity dedicated to connection, not optimal
 asynchronous
• in response to demand 26
 Asynchronous Systems
 round robin
 each station given turn to transmit data
 reservation
 divide medium into slots
 good for stream traffic
 contention
 all stations contend for time
 good for bursty traffic
 simple to implement
 tends to collapse under heavy load
27
 MAC Frame Handling
 MAC layer receives data from LLC layer
 fields
 MAC control
 destination MAC address
 source MAC address
 LLC
 CRC
 MAC layer detects errors and discards frames
 LLC optionally retransmits unsuccessful frames

28
 Bridges
 connects similar LANs
 identical physical / link layer protocols
 minimal processing
 can map between MAC formats
 reasons for use
 reliability
 performance
 security
 geography
29
 Functions of a Bridge
 Read all frames transmitted on one LAN and
accept those address to any station on the other
LAN
 Using MAC protocol for second LAN, retransmit
each frame
 Do the same the other way round

30
Bridge Function

31
 Bridge Design Aspects
 No modification to content or format of frame
 No encapsulation
 Exact bitwise copy of frame
 Minimal buffering to meet peak demand
 Contains routing and address intelligence
 Must be able to tell which frames to pass

 May be more than one bridge to cross

 May connect more than two LANs

 Bridging is transparent to stations
 Appears to all stations on multiple LANs as if

they are on one single LAN 32

 Bridge Protocol Architecture
 IEEE 802.1D
 MAC level
 bridge does not need LLC layer
 can pass frame over external comms system
 capture frame
 forward it across link
 forward over LAN link
 e.g. WAN link

33
Connection of Two LANs

34
Bridges and
LANs with
Alternative
Routes

35
 Fixed Routing
 complex large LANs need alternative routes
 for load balancing and fault tolerance
 bridge must decide whether to forward frame
 bridge must decide LAN to forward frame to
 can use fixed routing for each source-destination
pair of LANs
 done in configuration
 usually least hop route
 only changed when topology changes
 widely used but limited flexibility
36
 Spanning Tree
 bridge automatically develops routing table
 automatically updates routing table in
response to changes
 three mechanisms:
 frame forwarding
 address learning
 loop resolution

37
 Frame Forwarding
 maintain forwarding database for each port
 lists station addresses reached through each port
 for a frame arriving on port X:
 search forwarding database to see if MAC address is
listed for any port except X
 if address not found, forward to all ports except X
 if address listed for port Y, check port Y for blocking
or forwarding state
 if not blocked, transmit frame through port Y

38
 Address Learning
 can preload forwarding database
 when frame arrives at port X, it has come form
the LAN attached to port X
 use source address to update forwarding
database for port X to include that address
 have a timer on each entry in database
 if timer expires, entry is removed
 each time frame arrives, source address
checked against forwarding database
 if present timer is reset and direction recorded
 if not present entry is created and timer set
39
 Spanning Tree Algorithm
 address learning works for tree layout
 in general graph have loops
 for any connected graph there is a spanning tree
maintaining connectivity with no closed loops
 IEEE 802.1 Spanning Tree Algorithm finds this
 each bridge assigned unique identifier
 exchange info between bridges to find spanning tree
 automatically updated whenever topology changes

40
Loop of Bridges

41
 Spanning Tree Algorithm
 Address learning mechanism is effective if
the topology of the internet is a tree
 Terminology
 Root bridge: Lowest value of bridge identifier
 Path cost: Associated with each port
 Root port: Port to the root bridge
 Root path cost: Cost of the path to root bridge
 Designated bridge/port
 Any active port that is not a root port or a
designated port is a blocked port
42
Spanning Tree Algorithm (cont)
 Determine the root bridge
 All bridges consider themselves to be the root
bridge, Each bridge will broadcast a BPDU on
each of its LAN the asserts this fact
 Only the bridge with the lowest-valued identifier
will maintain its belief
 Over time, as BPDU propagate, the identity of the
lowest-valued bridge identifier will be known to
all bridges

43
Spanning Tree Algorithm (cont)
 Determine the root port on all other bridges
 The root bridge will regularly broadcast the fact that it is
the root bridge on all of the LANs; It allows the bridges on
those LANs to determine their root port and the fact that
they are directly connected to the root bridge
 Each of these bridges turn broadcasts a BPDU on the
other LANs to which it attached, indicating that it is one
hop away from the root bridge

 Determine the designated port on each LAN

 On any LAN, the bridge claiming to be the one that is
closest (minimum cost path) to the root bridge becomes
the designated bridge
44
Spanning Tree Algorithm (e.g.)
LAN 2

C = 10 C=5
Bridge 3 Bridge 4
C = 10 C = 10 C=5
Bridge 1 LAN 5
C = 10
C=5
Bridge 5
C=5

LAN 1

C = 10
C=5

Bridge 2 C=5

LAN 3 LAN 4
45
Spanning Tree Algorithm (e.g.)
Bridge 1
Root Path Cost = 0
C = 10 C = 10
D D
LAN 1 LAN 2
R R
C=5 C=5
Bridge 5 Bridge 4
RPC = 5 RPC = 5
C=5 R C=5
C = 10 D
R
Bridge 3
C = 10 RPC = 10 LAN 5
Bridge 2
Root Path Cost = 10 C = 10

C=5 C=5
D D
R = root port
D = designated port
LAN 3 LAN 4
46
 Hubs
 Active central element of star layout
 Each station connected to hub by two lines
 Transmit and receive

 Hub acts as a repeater

 When single station transmits, hub repeats signal on outgoing
line to each station
 Line consists of two unshielded twisted pairs
 Limited to about 100 m
 High data rate and poor transmission qualities of UTP

 Optical fiber may be used

 Max about 500 m

 Physically star, logically bus

 Transmission from any station received by all other stations
 If two stations transmit at the same time, collision 47
Two Level Hub Topology
header hub (HHUB)

intermediate
hubs (IHUB)

48
 Buses, Hubs and Switches
 bus configuration
 all stations share capacity of bus (e.g. 10Mbps)
 only one station transmitting at a time
 hub uses star wiring to attach stations
 transmission from any station received by hub and
retransmitted on all outgoing lines
 only one station can transmit at a time
 total capacity of LAN is 10 Mbps
 can improve performance using a layer 2 switch
 can switch multiple frames between separate ports
 multiplying capacity of LAN 49
Shared
Medium
Bus and
Hub

50
 Layer 2 Switch Benefits
 no change to attached devices to convert bus
LAN or hub LAN to switched LAN
 e.g. Ethernet LANs use Ethernet MAC protocol
 have dedicated capacity equal to original LAN
 assuming switch has sufficient capacity to keep up
with all devices
 scales easily
 additional devices attached to switch by increasing
capacity of layer 2

51
 Types of Layer 2 Switch
 store-and-forward switch
 accepts frame on input line, buffers briefly,
routes to destination port
 see delay between sender and receiver
 better integrity
 cut-through switch
 use destination address at beginning of frame
 switch begins repeating frame onto output line
as soon as destination address recognized
 highest possible throughput
 risk of propagating bad frames not able to 52

check the CRC prior to retransmission.

 Layer 2 Switch vs Bridge
 Layer 2 switch can be viewed as full-duplex hub
 incorporates logic to function as multiport bridge
 differences between switches & bridges:
 bridge frame handling done in software
 switch performs frame forwarding in hardware
 bridge analyzes and forwards one frame at a time
 switch can handle multiple frames at a time
 bridge uses store-and-forward operation
 switch can have cut-through operation
 hence bridge have suffered commercially
53
 Layer 2 Switch Problems
 broadcast overload
 users share common MAC broadcast address
 broadcast frames are delivered to all devices
connected by layer 2 switches and/or bridges
 broadcast frames can create big overhead
 broadcast storm from malfunctioning devices
 lack of multiple links
 limits performance & reliability

54
 Router Problems
 typically use subnetworks connected by routers
 limits broadcasts to single subnet
 supports multiple paths between subnet

 routers do all IP-level processing in software

 high-speed LANs and high-performance layer 2
switches pump millions of packets per second
 software-based router only able to handle well
under a million packets per second
55
 Layer 3 Switches
 Solution: layer 3 switches
 implement packet-forwarding logic of router in
hardware

 two categories
 packet by packet
 flow based

56
 Packet by Packet or
Flow Based
 packet by packet
 operates like a traditional router
 order of magnitude increase in performance
compared to software-based router
 flow-based switch
 enhances performance by identifying flows of
IP packets with same source and destination
 by observing ongoing traffic or using a special
flow label in packet header (IPv6)
 a predefined route is used for identified flows
57
 Typical
Large
LAN
Organization
Diagram

58
 Summary
 LAN topologies and media
 LAN protocol architecture
 bridges, hubs, layer 2 & 3 switches

59
Chapter 4
Internetworking

1
Internetworking Terms (1)
Communications Network
Facility that provides data transfer service
An internet
Collection of communications networks interconnected
by bridges, switches and/or routers
The Internet - note upper case I
The global collection of thousands of individual machines
and networks
Intranet
Corporate internet operating within the organization
Uses Internet (TCP/IP and http)technology to deliver
documents and resources 2
Internetworking Terms (2)
End System (ES)
Device attached to one of the networks of an internet
Supports end-user applications or services
Intermediate System (IS)
Device used to connect two networks
Permits communication between end systems
attached to different networks

3
Internetworking Terms (3)
Bridge
IS used to connect two LANs using similar LAN
protocols
Address filter passing on packets to the required
network only
OSI layer 2 (Data Link)
Router
Connects two (possibly dissimilar) networks
Uses internet protocol present in each router and end
system
OSI Layer 3 (Network)
4
Internetworking Protocols

5
Internet Protocol (IP)
The Internet Protocol (IP) is a network-layer
protocol (Layer 3 of the OSI model)
responsible for identifying devices across
networks and delivering packets of data from a
source to a destination.
Part of TCP/IP
Used by the Internet
Main Functions:
Addressing, Packetization, Routing, Encapsulation,
Fragmentation and Reassembly
Specifies interface with higher layer
Specifies protocol format and mechanisms 6
IP datagram
An IP datagram is the basic unit of data that is
transmitted across IP networks.
It is essentially the same as an IP packet — the
terms are often used interchangeably.
a self-contained package that contains:
➢ Header information (for delivery and control)
➢ Payload (the actual data from upper layers)
➢ In short: IP Datagram = IP Header + Payload (data)
An IPv4 datagram has a variable-length header
(20-60 bytes) followed by the payload.
7
IPv4 Header

8
Header Fields (1)
Version
Currently 4
IP v6 - see later
Internet header length
In 32 bit words
Including options
Type of service
Total length
Of datagram, in octets

9
Header Fields (2)
Identification
Sequence number
Used with addresses and user protocol to identify
datagram uniquely
Flags
More bit
Don’t fragment
Fragmentation offset
Time to live
Protocol
Next higher layer to receive data field at destination
10
Header Fields (3)
Header checksum
Reverified and recomputed at each router
16 bit ones complement sum of all 16 bit words in
header
Set to zero during calculation
Source address
Destination address
Options
Padding
To fill to multiple of 32 bits long

11
Data Field
Carries user data from next layer up
Integer multiple of 8 bits long (octet)
Max length of datagram (header plus data)
65,535 octets

12
What is an IP Address?
An IP address is a unique global address for a
network interface
An IP address:
- is a 32 bit long identifier
- encodes a network number (network prefix)
and a host number

13
Network prefix and host
number
The network prefix identifies a network and the
host number identifies a specific host (actually,
interface on the network).

network prefix host number

14
Classful IP Adresses
IPv4 addresses were traditionally divided into 5
classes (A to E), based on the leading bits of the
first octet.
This is known as classful addressing.
Each class had a fixed default subnet mask,
determining how many bits were allocated to
the network portion vs. the host portion.

15
Classful IP Adresses
When Internet addresses were standardized
(early 1980s), the Internet address space was
divided up into classes:
Class A: Network prefix is 8 bits long
Class B: Network prefix is 16 bits long
Class C: Network prefix is 24 bits long

16
Classful IP Adresses

Each IP address contained a key which identifies

the class:
Class A: IP address starts with “0”
Class B: IP address starts with “10”
Class C: IP address starts with “110”
Class D: IP address starts with “1110”
Class E: IP address starts with “11110”

17
Internet Address Classes

bit # 0 1 7 8 31

Class A 0
Network Prefix Host Number
8 bits 24 bits

bit # 0 1 2 15 16 31

Class B 10 network id host

Network Prefix Host Number

16 bits 16 bits

bit # 0 1 2 3 23 24 31

Class C 110 network id host

Network Prefix Host Number

24 bits 8 bits

18
Internet Address Classes
bit # 0 1 2 3 4 31

Class D 1110 multicast group id

bit # 0 1 2 3 4 5 31

Class E 11110 (reserved for future use)

19
IP Addresses - Class A
32 bit global internet address
Network part and host part
Class A
Start with binary 0
First Octet of 0 (binary 00000000) reserved
First Octet of 127 (binary 01111111) reserved for
loopback
Range 1.x.x.x to 126.x.x.x (2^7 - 2* =126 usable
network address)
224 - 2* = 16,777,214 maximum hosts per
Default Mask : 255.0.0.0 (/8)
Ex. 9.0.0.1 20
IP Addresses - Class B

Start 10
Range 128.x.x.x to 191.x.x.x
Second Octet also included in network address
214 = 16,384 class B addresses
216 - 2 = 65,534 hosts per network
Default Mask : 255.255.0.0 (/16)
Ex. 130.207.244.244

21
IP Addresses - Class C
Start 110
Range 192.x.x.x to 223.x.x.x
Second and third octet also part of network
address
221 = 2,097,152 addresses
28- 2 = 254 host addresses
Default Mask : 255.255.255.0 (/24)
Ex. 198.51.100.5

22
IP Addresses - Class D
A Class D address begins with binary 1110 in
the first octet.
First octet range 224 to 239.
Class D address can be used to represent a
group of hosts called a host group, or multicast
group.
Ex. 224.0.0.1
This address is used to send a packet to all IP hosts
(computers, routers, devices) on the local network
segment.

23
IP Addresses - Class E
First octet of an IP address begins with 1111
First octet range 240 to 255.
Class E addresses are reserved for experimental
purposes and should not be used for addressing
hosts or multicast groups.
Ex. 240.0.0.1

24
Private Addresses
Private IP address is an address reserved for use within
private networks and is not routable on the public internet.

Why Use Private IPs?

➢ Security: Devices are hidden from the internet.
➢ Address Conservation: Millions of devices can use the same
private IP range in different networks.
➢ Simplicity: Easier network setup without needing public IPs for
each device.
Since private IPs can’t route on the internet, Network Address
Translation (NAT) is used.
25
Subnetting
FLSM divides a network into equal-sized
subnets, regardless of actual host requirements.
All subnets use the same subnet mask.
Given the Class C network of 192.168.5.0/24,
subnet the network to create the network in
Figure below with the host requirements shown.

26
Chapter 4 Internetworking
Internet Protocols
Protocol Functions
 have a small set of functions that form basis of
all protocols
– encapsulation
– fragmentation and reassembly
– connection control
– ordered delivery
– flow control
– error control
– addressing
– multiplexing
– transmission services
Encapsulation
 For virtually all protocols, data usually transferred in
blocks called Protocol Data Units (PDUs)
 Each PDU contains not only data but also control
information
 have three categories of control
– Address
– error-detecting code
– protocol control
 Addition of control information to data is encapsulation
 Typically, the control information is contained in a PDU
header; some data link layer PDUs include a trailer as
well.
Fragmentation and
Reassembly
 protocol exchanges data between two entities
 lower-level protocols may need to break data up into smaller
blocks, called fragmentation
 for various reasons
– network only accepts blocks of a certain size
E.g.. ATM 53 octets, Ethernet 1526 octets
– more efficient error control & smaller retransmission units
– fairer access to shared facilities
– smaller buffers
 disadvantages
– Smaller block, larger overhead
– more interrupts & processing time
 Segmented data must be reassembled into messages
PDUS and Fragmentation
Connection Control
 Connectionless data transfer
– where each PDU treated independently
– E.g., datagram
 Connection-oriented data transfer
– E.g. virtual circuit
– involves a logical association, or connection, established
between entities
– preferred (even required) for lengthy data exchange
– or if protocol details are worked out dynamically
 three phases occur for connection-oriented
– connection establishment
– data transfer
– connection termination
Phases of Connection Oriented
Transfer
Connection Establishment
 entities agree to exchange data
 typically, one station issues connection request
 may involve central authority
 receiving entity accepts or rejects (simple)
 may include negotiation
 syntax, semantics, and timing
 both entities must use same protocol
 may allow optional features
 must be agreed
Data Transfer and Termination
 both data and control information
exchanged
 data flow and acknowledgements may be
in one or both directions
 one side may send termination request
 or central authority might terminate
Sequencing
 A key characteristic of many connection-oriented
data transfer protocols
 used by many, but not all, connection-oriented
protocols
 connection-oriented protocols include some way of
identifying connection
 have PDUs numbered sequentially
 each side tracks seq numbers in and out
 Sequencing supports three main functions
– ordered delivery
– flow control
– error control
Ordered Delivery
 risk PDUs may arrive out of order
 require PDU order must be maintained
 hence number PDUs sequentially
 easy to reorder received PDUs
 use finite sequence number field
– numbers repeat modulo maximum number
– max sequence number greater than max
number of PDUs that could be outstanding
TCP/IP Concepts
Flow Control
 receiving entity limits amount / rate of data sent
 simplest form of flow control is stop-and-wait
procedure
 more efficient protocols use concept of credit
– amount of data sent without acknowledgment
– E.g. High-level Data Link Control (HDLC) sliding-
window
 must be implemented in several protocols
Error Control
 Error control techniques are needed to guard against
loss or damage of data
 error control is implemented as two separate functions:
error detection and retransmission
– sender inserts error-detecting code in PDU
– receiver checks code on incoming PDU
– if error, discard
– if transmitter doesn’t get acknowledgment in reasonable time,
retransmit
 Some protocols also employ an error-correction code
– enables receiver to detect and possibly correct errors
 performed at various protocol layers
Addressing
 addressing level
 addressing scope
 connection identifiers
 addressing mode
Addressing Level
 level in architecture where entity is named
 have a unique address for each intermediate and
end system
 usually a network-level address to route PDU
– e.g. IP address or internet address
– e.g. OSI - network service access point (NSAP)
 at destination data must routed to some process
– e.g. TCP/IP port
– e.g. OSI service access point (SAP)
Addressing Scope
 global address which identifies unique system
– unambiguous
– synonyms permitted
– system may have more than one global address
– global applicability
– enables internet to route data between any two systems
 need unique address for each interface on network
– MAC address on IEEE 802 network and ATM host address
– enables network to route data units through network
 only relevant for network-level addresses
 port or SAP above network level is unique within system
Connection Identifiers
 is used by both entities for future transmissions
 advantages:
– reduced overhead since smaller
– routing using a fixed route tagged by connection ID
– multiplexing of multiple connections
– use of state information
Addressing Mode
 address usually refers to single system
– individual or unicast address
 can refer to more than one system for
– multiple simultaneous recipients for data
– broadcast for all entities within domain
– multicast for specific subset of entities
Multiplexing
 multiple connections into single system
– e.g. frame relay, can have multiple data link
connections terminating in single end system
– e.g. multiple TCP connections to given system
 upward multiplexing
– have multiple higher level connections over a
single lower level connection
 downward multiplexing
– have single higher level connection built on
multiple lower level connections
Transmission Services
 A protocol may provide a variety of
additional services to the entities
 three common examples
– priority on connection basis or message basis
– quality of service
 e.g. minimum throughput or maximum delay threshold
– security Security mechanisms, restricting access
 these depend on underlying transmission
system and lower-level entities
Internetworking Terms (1)
 Communications Network
– Facility that provides data transfer service
 An internet
– Collection of communications networks interconnected by
bridges and/or routers
 The Internet - note upper case I
– The global collection of thousands of individual machines and
networks
 Intranet
– Corporate internet operating within the organization
– Uses Internet (TCP/IP and http)technology to deliver documents
and resources
Internetworking Terms (2)
 End System (ES)
– Device attached to one of the networks of an
internet
– Supports end-user applications or services
 Intermediate System (IS)
– Device used to connect two networks
– Permits communication between end systems
attached to different networks
Internetworking Terms (3)
 Bridge
– IS used to connect two LANs using similar
LAN protocols
– Address filter passing on packets to the
required network only
– OSI layer 2 (Data Link)
 Router
– Connects two (possibly dissimilar) networks
– Uses internet protocol present in each router
and end system
– OSI Layer 3 (Network)
Requirements of
Internetworking
 link between networks
 routing and delivery of data between
processes on different networks
 accounting services and status info
 independent of network architectures
Network Architecture Features
 addressing
 packet size
 access mechanism
 timeouts
 error recovery
 status reporting
 routing
 user access control
 connection based or connectionless
Architectural Approaches
 connection oriented
– virtual circuit
 connectionless
– datagram
– PDU’s routed independently from source ES to
dest ES through routers and networks
– share common network layer protocol, e.g. IP
– below have network access on each node
Connectionless
Internetworking
 advantages
– flexibility
– robust
– no unnecessary overhead
 unreliable
– not guaranteed delivery
– not guaranteed order of delivery
 packets can take different routes
– reliability is responsibility of next layer up (e.g.
TCP)
IP
Operation
Design Issues
 routing
 datagram lifetime
 fragmentation and re-assembly
 error control
 flow control
The
Internet
as a
Network
Routing
 ES / routers maintain routing tables
– indicate next router to which datagram is sent
– static
– dynamic
 source routing
– source specifies route to be followed
– can be useful for security & priority
 route recording
Datagram Lifetime
 datagrams could loop indefinitely
– consumes resources
– transport protocol may need upper bound on
lifetime of a datagram
 can mark datagram with lifetime
– Time To Live field in IP
– when lifetime expires, datagram discarded
– simplest is hop count
– or time count
Fragmentation and
Re-assembly
 may have different packet sizes
– on networks along path used by datagram
 issue of when to re-assemble
– at destination
 packets get smaller as data traverses internet
– intermediate re-assembly
 need large buffers at routers
 buffers may fill with fragments

 all fragments must go through same router

IP Fragmentation
 IP re-assembles at destination only
 uses fields in header
– Data Unit Identifier (ID)
 identifies end system originated datagram
– Data length
 length of user data in octets
– Offset
 position of fragment of user data in original datagram
 in multiples of 64 bits (8 octets)

– More flag
 indicates that this is not the last fragment
Fragmentation Example
Dealing with Failure
 re-assembly may fail if some fragments get
lost
 need to detect failure
 re-assembly time out
– assigned to first fragment to arrive
– if timeout expires before all fragments arrive,
discard partial data
 use packet lifetime (time to live in IP)
– if time to live runs out, kill partial data
Error Control
 no guaranteed delivery
 router should attempt to inform source if
packet discarded
 source may modify transmission strategy
 may inform high layer protocol
 need datagram identification
 see ICMP in next section
Flow Control
 allows routers and/or stations to limit rate
of incoming data
 limited in connectionless systems
 send flow control packets to request
reduced flow
 see ICMP in next section
Internet Protocol (IP) v4
 IP version 4
 defined in RFC 791
 part of TCP/IP suite
 two parts
– specification of interface with a higher layer
 e.g. TCP
– specification of actual protocol format and
mechanisms
 will (eventually) be replaced by IPv6
IP Services
 Primitives
– functions to be performed
– form of primitive implementation dependent
– Send - request transmission of data unit
– Deliver - notify user of arrival of data unit
 Parameters
– used to pass data and control info
IP Parameters
 source & destination addresses
 protocol
 type of Service
 identification
 don’t fragment indicator
 time to live
 data length
 option data
 user data
IP Options
 security
 source routing
 route recording
 stream identification
 timestamping
IPv4 Header
Header Fields (1)
 Version
– currently 4
– IP v6 - see later
 Internet header length
– in 32 bit words
– including options
 DS/ECN (was type of service)
 total length
– of datagram, in octets
Header Fields (2)
 Identification
– sequence number
– identify datagram uniquely with addresses / protocol
 Flags
– More bit
– Don’t fragment
 Fragmentation offset
 Time to live
 Protocol
– Next higher layer to receive data field at destination
 Header Fields (3)
 Header checksum
– reverified and recomputed at each router
– 16 bit ones complement sum of all 16 bit words
in header
– set to zero during calculation
 Source address
 Destination address
 Options
 Padding
– to fill to multiple of 32 bits long
Data Field
 carries user data from next layer up
 integer multiple of 8 bits long (octet)
 max length of datagram (header plus data)
is 65,535 octets
IPv4 Address Formats
IP Addresses - Class A
 start with binary 0
 all 0 reserved
 01111111 (127) reserved for loopback
 range 1.x.x.x to 126.x.x.x
 all allocated
IP Addresses - Class B
 start with binary 10
 range 128.x.x.x to 191.x.x.x
 second octet also included in network
address
 214 = 16,384 class B addresses
 all allocated
IP Addresses - Class C
 start with binary 110
 range 192.x.x.x to 223.x.x.x
 second and third octet also part of network
address
 221 = 2,097,152 addresses
 nearly all allocated
– see IPv6
Subnets and Subnet Masks
 allows arbitrary complexity of internetworked LANs
within organization
 insulate overall internet from growth of network
numbers and routing complexity
 site looks to rest of internet like single network
 each LAN assigned subnet number
 host portion of address partitioned into subnet
number and host number
 local routers route within subnetted network
 subnet mask indicates which bits are subnet number
and which are host number
 Subnet Mask Calculation
Binary Representation Dotted Decimal
IP address 11000000.11100100.00010001 .00111001 192.228.17.57
Subnet mask 11111111.11111111.11111111 .11100000 255.255.255.224
Bitwise AND o f 11000000.11100100.00010001 .00100000 192.228.17.32
address and mask
(resultant
network/subnet
number)

Subnet number 11000000.11100100.00010001 .001 1

Host number 00000000.00000000.00000000 .00011001 25
Routing Using Subnets
… 00100000

… 01000000

… 01100000
ICMP
 Internet Control Message Protocol
 RFC 792 (get it and study it)
 transfer of (control) messages from routers
and hosts to hosts
 feedback about problems
– e.g. time to live expired
 encapsulated in IP datagram
– hence not reliable
ICMP Message Formats
Common ICMP Messages
 destination unreachable
 time exceeded
 parameter problem
 source quench
 redirect
 echo & echo reply
 timestamp & timestamp reply
 address mask request & reply
Address Resolution Protocol
(ARP)
 need MAC address to send to LAN host
– manual
– included in network address
– use central directory
– use address resolution protocol
 ARP (RFC 826) provides dynamic IP to
ethernet address mapping
– source broadcasts ARP request
– destination replies with ARP response
IP Versions
 IP v 1-3 defined and replaced
 IP v4 - current version
 IP v5 - streams protocol
 IP v6 - replacement for IP v4
– during development it was called IPng (IP
Next Generation)
Why Change IP?
 Address space exhaustion
– two level addressing (network and host) wastes
space
– network addresses used even if not connected
– growth of networks and the Internet
– extended use of TCP/IP
– single address per host
 requirements for new types of service
IPv6 RFCs
 RFC 1752 - Recommendations for the IP Next
Generation Protocol
– requirements
– PDU formats
– addressing, routing security issues
 RFC 2460 - overall specification
 RFC 2373 - addressing structure
 many others
IPv6 Enhancements
 expanded 128 bit address space
 improved option mechanism
– most not examined by intermediate routes
 dynamic address assignment
 increased addressing flexibility
– anycast & multicast
 support for resource allocation
– labeled packet flows
IPv6
PDU
(Packet)
Structure
IPv6 Header
IPv6 Flow Label
 related sequence of packets
 needing special handling
 identified by src & dest addr + flow label
 router treats flow as sharing attributes
– e.g. path, resource allocation, discard requirements,
accounting, security
 may treat flows differently
– buffer sizes, different forwarding precedence, different
quality of service
 alternative to including all info in every header
 have requirements on flow label processing
IPv6 Addresses
 128 bits long
 assigned to interface
 single interface may have multiple unicast
addresses
 three types of addresses:
– unicast - single interface address
– anycast - one of a set of interface addresses
– multicast - all of a set of interfaces
IPv6 Extension Headers
Hop-by-Hop Options
 must be examined by every router
– if unknown discard/forward handling is specified
 next header
 header extension length
 options
– Pad1
– PadN
– Jumbo payload
– Router alert
Fragmentation Header
 fragmentation only allowed at source
 no fragmentation at intermediate routers
 node must perform path discovery to find smallest
MTU of intermediate networks
 set source fragments to match MTU
 otherwise limit to 1280 octets
 header includes
– fragment offset
– more fragments bit
– identification
Routing Header
 list of one or more intermediate nodes to visit
 header includes
– Next Header
– Header extension length
– Routing type
– Segments left
 Type 0 routing provides a list of addresses
– initial destination address is first on list
– current destination address is next on list
– final destination address will be last in list
Destination Options Header
 carries optional info for destination node
 format same as hop-by-hop header
Virtual Private Networks
 set of computers interconnected using an
insecure network
– e.g. linking corporate LANs over Internet
 using encryption & special protocols to
provide security
– to stop eavesdropping & unauthorized users
 proprietary solutions are problematical
 hence development of IPSec standard
IPSec
 RFC 1636 (1994) identified security need
 encryption & authentication to be IPv6
 but designed also for use with current IPv4
 applications needing security include:
– branch office connectivity
– remote access over Internet
– extranet & intranet connectivity for partners
– electronic commerce security
IPSec Scenario
IPSec Benefits
 provides strong security for external traffic
 resistant to bypass
 below transport layer hence transparent to
applications
 can be transparent to end users
 can provide security for individual users if
needed
IPSec Functions
 Authentication Header
– for authentication only
 Encapsulating Security Payload (ESP)
– for combined authentication/encryption
 a key exchange function
– manual or automated
 VPNs usually need combined function
 see chapter 21
Summary
 basic protocol functions
 internetworking principles
 connectionless internetworking
 IP
 IPv6
 IPSec
 TCP/IP

Ch-4
Internetworking
 Ch-4
Internet Protocol (IP) v4
 IPversion 4
 defined in RFC 791
 part of TCP/IP suite
 two parts
 specification of interface with a higher layer
• e.g. TCP
 specification of actual protocol format and
mechanisms
 will (eventually) be replaced by IPv6
IP Address classes
IPv4 Address Formats
 IP Addresses - Class A
 start with binary 0
 all 0 reserved
 01111111 (127) reserved for loopback
 range 1.x.x.x to 126.x.x.x
 28 = 256 network address
 224 -2= 16,777,214 host addresses
 all allocated
 IP Addresses - Class B
 start with binary 10
 range 128.x.x.x to 191.x.x.x
 second octet also included in network
address
 216 = 65,536 class B addresses
 216 -2= 65,534 host address
 all allocated
 IP Addresses - Class C
 startwith binary 110
 range 192.x.x.x to 223.x.x.x
 second and third octet also part of network
address
 224 = 16,777,216 addresses for network.
 nearly all allocated
 28 -2 =254 host address
 Subnets and Subnet Masks
 allows arbitrary complexity of internetworked
LANs within organization
 insulate overall internet from growth of network
numbers and routing complexity
 site looks to rest of internet like single network
 each LAN assigned subnet number
 host portion of address partitioned into subnet
number and host number
 local routers route within subnetted network
 subnet mask indicates which bits are subnet
number and which are host number
 Subnet Mask Calculation
Binary Representation Dotted Decimal
IP address 11000000.11100100.00010001 .00111001 192.228.17.57
Subnet mask 11111111.11111111.11111111 .11100000 255.255.255.224
Bitwise AND of 11000000.11100100.00010001 .00100000 192.228.17.32
address and mask
(resultant
network/subnet
number)

Subnet number 11000000.11100100.00010001 .001 1

Host number 00000000.00000000.00000000 .00011001 25
 IP Versions
 IP v 1-3 defined and replaced
 IP v4 - current version
 IP v5 - streams protocol
 IP v6 - replacement for IP v4
 during development it was called IPng (IP
Next Generation)
 Why Change IP?
 Address space exhaustion
 two level addressing (network and host)
wastes space
 network addresses used even if not
connected
 growth of networks and the Internet
 extended use of TCP/IP
 single address per host
 requirements for new types of service
 IPv6 RFCs
 RFC 1752 - Recommendations for the IP Next
Generation Protocol
 requirements
 PDU formats
 addressing, routing security issues
 RFC 2460 - overall specification
 RFC 2373 - addressing structure
 many others
 IPv6 Enhancements
 expanded 128 bit address space
 improved option mechanism
 must not examined by intermediate routes
 dynamic address assignment
 increased addressing flexibility
 any cast & multicast
 support for resource allocation
 labeled packet flows
 Virtual Private Networks
 setof computers interconnected using an
insecure network
 e.g. linking corporate LANs over Internet
 usingencryption & special protocols to
provide security
 to stop eavesdropping & unauthorized users
 proprietary
solutions are problematical
 hence development of IPSec standard
 IPSec
 RFC 1636 (1994) identified security need
 encryption & authentication to be IPv6
 but designed also for use with current IPv4
 applications needing security include:
 branch office connectivity
 remote access over Internet
 extranet & intranet connectivity for partners
 electronic commerce security
IPSec Scenario
 IPSec Benefits
 provides strong security for external traffic
 resistant to bypass
 below transport layer hence transparent to
applications
 can be transparent to end users
 can provide security for individual users if
needed
 IPSec Functions
 Authentication Header
 for authentication only
 Encapsulating Security Payload (ESP)
 for combined authentication/encryption
a key exchange function
 manual or automated
 VPNs usually need combined function
 Now that the hardest part is over, the remaining
four tasks are easy. At this point, you know the
number of subnet bits you need. However, when
dealing with networking and subnet masks, a
subnet mask’s network portion contains both
network and subnet bits. Remember the default
number of networking bits for a class address: A
is 8, B is 16, and C is 24.
 In step 4, you need to figure out the
networks that you created with your new
subnet mask. Since IP addressing is done
in binary, network addresses will always
increment in a multiple of something.

 All host bits become 0

 After figuring out all of your subnets, you
next need to determine the directed
broadcast address for each subnet. This is
very simple.
 The directed broadcast of a subnet is one
number less than the next network
number.
 Also, the broadcast address has all of its
hosts bits (in the subnet) set to binary 1s.
 Step 6 is the easiest step. Recall that any

address between the network and directed

broadcast address is a host address for a

given network.
 Example
No Se14gment No- of user (hosts)
1 Employee 14
2 Guest 1 8
3 Guest 2 8
4 Guest 3 8
5 Guest 4 8
6 Guest 5 8
7 Management 1 4
8 Management 2 4
9 Management 3 4
10 Management 4 4
11 ICT 1 2
12 ICT2 2
13 R1 2
14 ISPN 2
Step-2
 Step 3
 Determine the subnet mask (S=4)
 4bits in 4th octane 128 + 64 + 32 + 16 =
240.
 Step-4 Determine network address
 Step -5
 Determine broadcast address
 When you are given a particular address
and subnet mask, and asked whether
the address is a network, host, or directed
broadcast address, you should use the
following six steps:
 1. You need an IP address and a subnet
mask (this is the easy part).
 2. Examine the subnet mask and find the
interesting octet. The interesting octet in
the mask is the one in which the network
and host boundary are found.
 3. Subtract the interesting octet in the
subnet mask from 256. This will give you
the increment by which network numbers
are increasing in the interesting octet.
 4. On a piece of paper, start writing down the
network numbers, starting with the first
subnet (0), and working your way up to a
network number that is higher than the
address in question.
 5. After you have written down the network
numbers, beside each of these, write down
their corresponding broadcast addresses.
 6. Between the network and broadcast
addresses, write down the host addresses.
Host addresses are any number between the
network and directed broadcast addresses.
 Example #1
 172.16.5.0 255.255.254.0 or 172.16.5.0/23
 network and host boundary resides: 3rd
 256 – 254 = 2
 Network numbers are incrementing by 2 in
the third octet
 172.16.0.0,172.16.2.0, 172.16.4.0,
172.16.6.0, 172.16.8.0, and so on and so
forth

Class B
Chapter Four: Internetworking
4.1. Communication Network
A facility that provides a data transfer service among devices attached to the network.
Internet: - A collection of communication networks interconnected by bridges and/or routers.
Intranet: - An internet used by a single organization that provides the key Internet applications,
especially the World Wide Web. An intranet operates within the organization for internal purposes
and can exist as an isolated, self-contained internet, or may have links to the Internet.
Sub-network:- Refers to a constituent network of an internet. This avoids ambiguity because the
entire internet, from a user’s point of view, is a single network.
End System (ES):- A device attached to one of the networks of an internet that is used to support
end-user applications or services.
Intermediate System (IS):- A device used to connect two networks and permit communication
between end systems attached to different networks.
Bridge: - An IS used to connect two LANs that use similar LAN protocols. The bridge acts as an
address filter, picking up packets from one LAN that are intended for a destination on another
LAN and passing those packets on. The bridge does not modify the contents of the packets and
does not add anything to the packet. The bridge operates at layer 2 of the OSI model.
Router: - An IS used to connect two networks that may or may not be similar. The router employs
an internet protocol present in each router and each end system of the network. The router operates
at layer 3 of the OSI model

IP datagram format (IPv4)

Version (4 bits): Indicates version number, to allow evolution of the protocol; the value is 4.
Internet Header Length (IHL) (4 bits): Length of header in 32-bit words. The minimum value
is five, for a minimum header length of 20 octets.
DS(Differentiated Services)/ECN(Explicit Congestion Notification) 8 bits: Prior to the
introduction of differentiated services, this field was referred to as the Type of Service field and
specified reliability, precedence, delay, and throughput parameters

Page | 1
 Figure 4.1 IP datagram format
Total Length (16 bits): Total datagram length, including header plus data, in octets.
Identification (16 bits): A sequence number that, together with the source address, destination
address, and user protocol, is intended to identify a datagram uniquely. Thus, this number should
be unique for the datagram’s source address, destination address, and user protocol for the time
during which the datagram will remain in the internet.
Flags (3 bits): Only two of the bits are currently defined. The More bit is used for fragmentation
and reassembly, as previously explained. The Don’t Fragment bit prohibits fragmentation when
set. This bit may be useful if it is known that the destination does not have the capability to
reassemble fragments. However, if this bit is set, the datagram will be discarded if it exceeds the
maximum size of an en route network. Therefore, if the bit is set, it may be advisable to use source
routing to avoid networks with small maximum packet size.
Fragment Offset (13 bits): Indicates where in the original datagram this fragment belongs,
measured in 64-bit units. This implies that fragments other Version DS ECN IHL Total Length
Identification Flags Fragment Offset
Time to Live (8 bits): Specifies how long, in seconds, a datagram is allowed to remain in the
internet. Every router that processes a datagram must decrease the TTL by at least one, so the TTL
is similar to a hop count.
Protocol (8 bits): Indicates the next higher level protocol that is to receive the data field at the
destination; thus, this field identifies the type of the next header in the packet after the IP header.

Page | 2
Header Checksum (16 bits): An error-detecting code applied to the header only. Because some
header fields may change during transit (e.g. Time to Live, fragmentation-related fields), this is
re-verified and recomputed at each router. The checksum is formed by taking the ones complement
of the 16-bit ones complement addition of all 16-bit words in the header. For purposes of
computation, the checksum field is itself initialized to a value of zero.
Source Address (32 bits): Coded to allow a variable allocation of bits to specify the network and
the end system attached to the specified network, as discussed subsequently.
Destination Address (32 bits): Same characteristics as source address.
Options (variable): Encodes the options requested by the sending user.
Padding (variable): Used to ensure that the datagram header is a multiple of 32 bits in length.
Data (variable): The data field must be an integer multiple of 8 bits in length. The maximum
length of the datagram (data field plus header) is 65,535 octets.
4.2. IP Addressing
The source and destination address fields in the IP header each contain a 32-bit global internet address,
generally consisting of a network identifier and a host identifier
Network Classes: - The address is coded to allow a variable allocation of bits to specify network and host
this encoding provides flexibility in assigning addresses to hosts and allows a mix of network sizes on an
internet. The three principal network classes are best suited to the following conditions:
 Class A:Few networks, each with many hosts
 Class B:Medium number of networks, each with a medium number of hosts
 Class C:Many networks, each with a few hosts

Page | 3
IP Versions
The Internet Protocol (IP) has been the foundation of the Internet and virtually all multivendor
private internetworks. This protocol is reaching the end of its useful life and a new protocol, known
as IPv6 (IP version 6), has been defined to ultimately replace IP. The currently deployed version
of IP is IP version 4; previous versions of IP (1 through 3) were successively defined and replaced
to reach IPv4. Version 5 is the number assigned to the Stream Protocol, a connection-oriented
internet-layer protocol. Hence the use of the label version 6.

In response to these needs, the Internet Engineering Task Force (IETF) issued a call for proposals
for a next generation IP (IPng) in July of 1992. A number of proposals were received, and by 1994,
the final design for IPng emerged.

 IP v 1-3 defined and replaced

 IP v4 - current version
 IP v5 - streams protocol
 IP v6 - replacement for IP v4
 during development it was called IPng (IP Next Generation)

The driving motivation for the adoption of a new version of IP was the limitation imposed by the
32
32-bit address field in IPv4. With a 32-bit address field, it is possible in principle to assign 2
different addresses, which is over 4 billion possible addresses. In the late 1980s, it was perceived
that there would be a problem, and this problem began to manifest itself in the early 1990s. Reasons
for the inadequacy of 32-bit addresses include the following:
The two-level structure of the IP address (network number, host number) is convenient but
wasteful of the address space. Once a network number is assigned to a network, all of the host-
number addresses for that network number are assigned to that network. The address space for that
network may be sparsely used, but as far as the effective IP address space is concerned, if a network
number is used, then all addresses within the network are used.
The IP addressing model requires a unique network number be assigned to each IP network
whether or not it is actually connected to the Internet.
Networks are proliferating rapidly.
Growth of TCP/IP usage into new areas will result in a rapid growth in the demand for unique IP
addresses.

Page | 4
Typically, a single IP address is assigned to each host. A more flexible arrangement is to allow
multiple IP addresses per host. This of course increases the demand for IP addresses.

Why Change IP?

 Address space exhaustion

 two level addressing (network and host) wastes space

 network addresses used even if not connected

 growth of networks and the Internet

 extended use of TCP/IP

 single address per host

 requirements for new types of service

IPv6 includes the following enhancements over IPv4:

 Expanded address space: IPv6 uses 128-bit addresses instead of the 32-bit addresses of IPv4.
This is an increase of address space by a factor of 296. This allows approximately 6 *1023
unique addresses per square meter of the surface of the earth, which seems inexhaustible.
 Improved option mechanism: IPv6 options are placed in separate optional headers that are
located between the IPv6 header and the transport-layer header. Most of these optional
headers are not examined or processed by any router on the packet's path. This simplifies and
speeds up router processing of IPv6 packets compared to IPv4 datagrams. It also makes it
easier to add additional options.
 Address auto configuration: This capability provides for dynamic assignment of IPv6
addresses.
 Increased addressing flexibility: IPv6 includes the concept of an any cast address, for which
a packet is delivered to just one of a set of nodes. The scalability of multicast routing is
improved by adding a scope field to multicast addresses.
 Support for resource allocation: IPv6 enables the labeling of packets belonging to a particular
traffic flow for which the sender requests special handling. This aids in the support of
specialized traffic such as real-time video.

Page | 5
 In short, IPv6 has improvements

 expanded 128 bit address space

 improved option mechanism
 most not examined by intermediate routes
 dynamic address assignment
 increased addressing flexibility
 anycast & multicast
 support for resource allocation
 labeled packet flows

4.3. Virtual Private Networks

A virtual private network (VPN) consists of a set of computers that interconnect by means of a
relatively unsecure network and that make use of encryption and special protocols to provide
security. At each corporate site, workstations, servers, and databases are linked by one or more
local area networks (LANs). The LANs are under the control of the network manager and can be
configured and tuned for cost-effective performance. The Internet or some other public network
can be used to interconnect sites, providing a cost savings over the use of a private network and
offloading the wide area network management task to the public network provider. That same
public network provides an access path for telecommuters and other mobile employees to log on
to corporate systems from remote sites.

Have a fundamental requirement: security. Use of a public network exposes corporate traffic to
eavesdropping and provides an entry point for unauthorized users. To counter this problem, the
manager may choose from a variety of encryption and authentication packages and products.
Proprietary solutions raise a number of problems. First, how secure is the solution? If proprietary
encryption or authentication schemes are used, there may be little reassurance in the technical
literature as to the level of security provided. Second is the question of compatibility. No manager
wants to be limited in the choice of workstations, servers, routers, firewalls, and so on by a need
for compatibility with the security facility. This is the motivation for the IP Security (IPSec) set of
Internet standards.

Page | 6
 To summarize

 set of computers interconnected using an insecure network

e.g. linking corporate LANs over Internet
 using encryption & special protocols to provide security
to stop eavesdropping & unauthorized users
 proprietary solutions are problematical
 hence development of IPSec standard

IPsec
In 1994, the Internet Architecture Board (IAB) issued a report titled "Security in the Internet
Architecture" (RFC 1636). The report stated the general consensus that the Internet needs more
and better security, and identified key areas for security mechanisms. To provide security, the IAB
included authentication and encryption as necessary security features in the next-generation IP,
which has been issued as IPv6. These security capabilities were designed to be usable both with
the current IPv4 and the future IPv6. IPSec provides the capability to secure communications
across a LAN, across private and public WANs, and across the Internet. Examples of its use
include:

• Secure branch office connectivity over the Internet: A company can build a secure virtual
private network over the Internet or over a public WAN.

• Secure remote access over the Internet: An end user whose system is equipped with IP security
protocols can make a local call to an Internet service provider (ISP) and gain secure access to a
company network.

• Establishing extranet and intranet connectivity with partners: IPSec can be used to secure
communication with other organizations, ensuring authentication and confidentiality and
providing a key exchange mechanism.

• Enhancing electronic commerce security: Even though some Web and electronic commerce
applications have built-in security protocols, the use of IPSec enhances that security. IPSec
guarantees that all traffic designated by the network administrator is both encrypted and
authenticated, adding an additional layer of security to whatever is provided at the application
layer.

Page | 7
The principal feature of IPSec that enables it to support these varied applications is that it can
encrypt and/or authenticate all traffic at the IP level. Thus, all distributed applications, including
remote logon, client/server, e-mail, file transfer, Web access, and so on, can be secured.

Stallings DCC8e Figure 18.13 is a typical scenario of IPSec usage. An organization maintains
LANs at dispersed locations. Nonsecure IP traffic is conducted on each LAN. For traffic offsite,
through some sort of private or public WAN, IPSec protocols are used. These protocols operate in
networking devices, such as a router or firewall, that connect each LAN to the outside world. The
IPSec networking device will typically encrypt and compress all traffic going into the WAN, and
decrypt and decompress traffic coming from the WAN; these operations are transparent to
workstations and servers on the LAN. Secure transmission is also possible with individual users
who dial into the WAN. Such user workstations must implement the IPSec protocols to provide
security.

Page | 8
 To summarize IPsec

 RFC 1636 (1994) identified security need

 encryption & authentication to be IPv6
 but designed also for use with current IPv4
 applications needing security include:
 branch office connectivity
 remote access over Internet
 extranet & intranet connectivity for partners
 electronic commerce security

Some of the benefits of IPSec:

 When IPSec is implemented in a firewall or router, it provides strong security that can be applied
to all traffic crossing the perimeter. Traffic within a company or workgroup does not incur the
overhead of security-related processing.

 IPSec in a firewall is resistant to bypass if all traffic from the outside must use IP and the
firewall is the only means of entrance from the Internet into the organization.
 IPSec is below the transport layer (TCP, UDP) and so is transparent to applications. There
is no need to change software on a user or server system when IPSec is implemented in the
firewall or router. Even if IPSec is implemented in end systems, upper-layer software,
including applications, is not affected.
 IPSec can be transparent to end users. There is no need to train users on security
mechanisms, issue keying material on a per-user basis, or revoke keying material when
users leave the organization.
 IPSec can provide security for individual users if needed. This is useful for offsite workers
and for setting up a secure virtual subnetwork within an organization for sensitive
applications.

Page | 9
 To summarize IP sec benefits
 provides strong security for external traffic
 resistant to bypass
 below transport layer hence transparent to applications
 can be transparent to end users
 can provide security for individual users if needed

IPSec Functions
IPSec provides three main facilities: an authentication-only function referred to as Authentication
Header (AH), a combined authentication/encryption function called Encapsulating Security
Payload (ESP), and a key exchange function.
For VPNs, both authentication and encryption are generally desired, because it is important both
to:
(1) Assure that unauthorized users do not penetrate the virtual private network and
(2) Assure that eavesdroppers on the Internet cannot read messages sent over the virtual private
network. Because both features are generally desirable, most implementations are likely to use
ESP rather than AH. The key exchange function allows for manual exchange of keys as well as an
automated scheme.
Summary of IPsec functions

 Authentication Header
 for authentication only
 Encapsulating Security Payload (ESP)
 for combined authentication/encryption
 a key exchange function
 manual or automated
 VPNs usually need combined function

Page | 10
4.4. IP Address planning

Page | 11
 Now that the hardest part is over, the remaining four tasks are easy. At this
point, you know the number of subnet bits you need. However, when dealing
with networking and subnet masks, a subnet mask’s network portion contains
both network and subnet bits. Remember the default number of networking
bits for a class address: A is 8, B is 16, and C is 24.

 In step 4, you need to figure out the networks that you created with your new subnet mask.
Since IP addressing is done in binary, network addresses will always increment in a
multiple of something.

 After figuring out all of your subnets, you next need to determine the directed broadcast
address for each subnet. This is very simple.

 The directed broadcast of a subnet is one number less than the next network number.

 Also, the broadcast address has all of its hosts bits (in the subnet) set to binary 1s.

 Step 6 is the easiest step. Recall that any address between the network and directed
broadcast address is a host address for a given network.

Page | 12
4.5. Subnets and Subnet Masks

The concept of subnet was introduced to address the following requirement. Consider an internet
that includes one or more WANs and a number of sites, each of which has a number of LANs. We
would like to allow arbitrary complexity of interconnected LAN structures within an organization,
while insulating the overall internet against explosive growth in network numbers and routing
complexity. One approach to this problem is to assign a single network number to all of the LANs
at a site. From the point of view of the rest of the internet, there is a single network at that site,
which simplifies addressing and routing. To allow the routers within the site to function properly,
each LAN is assigned a subnet number. The host portion of the internet address is partitioned into
a subnet number and a host number to accommodate this new level of addressing.
Within the subnetted network, the local routers must route on the basis of an extended network
number consisting of the network portion of the IP address and the subnet number. The bit positions
containing this extended network number are indicated by the address mask. The use of the address
mask allows the host to determine whether an outgoing datagram is destined for a host on the same
LAN (send directly) or another LAN (send datagram to router). It is assumed that some other
means (e.g., manual configuration) are used to create address masks and make them known to the
local routers.
Subnet masking:

 allows arbitrary complexity of internetworked LANs within organization

 insulate overall internet from growth of network numbers and routing complexity
 site looks to rest of internet like single network
 each LAN assigned subnet number
 host portion of address partitioned into subnet number and host number
 local routers route within subnetted network
 subnet mask indicates which bits are subnet number and which are host number

Page | 13
Subnet Mask Calculation
Note that the effect of the subnet mask is to erase the portion of the host field that refers to an
actual host on a subnet. What remains is the network number and the subnet number.

Binary Representation Dotted Decimal

IP address 11000000.11100100.00010001.00111001 192.228.17.57
Subnet mask 11111111.11111111.11111111.11100000 255.255.255.224
Bitwise AND of 11000000.11100100.00010001.00100000 192.228.17.32
address and mask
(resultant
network/subnet
number)

Subnet number 11000000.11100100.00010001.001 1

Host number 00000000.00000000.00000000.00011001 25

For sub netting an IP address for a network, one of two approaches can be used: VLSM or Fixed Length
Subnet Mask (FLSM). These methods differ in three key ways: FLSM creates subnets of the same size
and an equal number of host identifiers, while VLSM creates subnets with varying sizes with a variable
number of hosts.

Page | 14
 1. Fixed Length Subnet Mask (FLSM) example
Step-1 determine network requirement
No Se14gment No- of user (hosts)

1 Employee 14

2 Guest 1 8
3 Guest 2 8

4 Guest 3 8

5 Guest 4 8

6 Guest 5 8

7 Management 1 4
8 Management 2 4
9 Management 3 4
10 Management 4 4

11 ICT 1 2
12 ICT2 2
13 R1 2
14 ISPN 2

Step-: satisfy network requirement

Step-3
 Determine the subnet mask (S=4)
 4bits in 4th octane 128 + 64 + 32 + 16 = 240.

Page | 15
Step-4 Determine network address

Step-5
 Determine broadcast address

Page | 16
Step-6
 Determine Host address

2. Variable Length Subnet Mask

Variable Length Subnet Mask (VLSM) extends classic sub-netting. VLSM is a process of breaking
down subnets into the smaller subnets, according to the need of individual networks. In above
Example Company have requirement of 6 subnets and 160 host addresses. With VSLM you can
fulfill this requirement with single class C address space.

VLSM Sub-netting
In VLSM Sub-netting, we do sub-netting of subnets according the network requirement.
Steps for VLSM Sub-netting

 Find the largest segment. Segment which need largest number of hosts address.
 Do sub-netting to fulfill the requirement of largest segment.
 Assign the appropriate subnet mask for the largest segment.
 For second largest segments, take one of these newly created subnets and apply a
different, more appropriate, subnet mask to it.
 Assign the appropriate subnet mask for the second largest segment.
 Repeat this process until the last network.

Page | 17
VLSM Example
Now you know the steps of VLSM Subnetting. Let's understand it with above example. Our
company requires 6 subnets and 160 hosts.

Step 1:- Oder all segments according the hosts requirement (Largest to smallest).

Subnet Segment Hosts

1 Development 74
2 Production 52
3 `Administrative 28
4 Wan link 1 2
5 Wan link 2 2
`6 Wan link 3 2

Step 2:- Do sub-netting for largest segment. Our largest segment needs 74 host addresses. /25
provide us two subnets with 126 hosts in each subnet.

Subnet Subnet 1 Subnet 2

Network ID 192.168.1.0 192.168.1.128
First host address 192.168.1.1 192.168.1.129
Last host address 192.168.1.126 192.168.1.254
Broadcast ID 192.168.1.127 192.168.1.255

Step 3:- Assign subnet mask to the largest segment. As you can see in above table, sub-net 1
fulfills our largest segment requirement. Assign it to our segment.

Segment Development
Requirement 74
CIDR /25
Subnet mask 255.255.255.128
Network ID 192.168.1.0
First hosts 192.168.1.1
Last hosts 192.168.1.126
Broadcast ID 192.168.1.127

Step 4:- Do sub-netting for second largest segment from next available subnet. Next segment
requires 52 host addresses. Sub-netting of /25 has given us two subnets with 126 hosts in each,
from that we have assigned first subnet to development segment. Second segment is available;
we would do sub-netting of this.

/26 provide us 4 subnets with 62 hosts in each subnet.

Page | 18
192.168.1.0/26

Subnet Subnet 1 Subnet 2 Subnet 3 Subnet 4

Network ID 0 64 128 192
First address 1 65 129 193
Last address 62 126 190 254
Broadcast ID 63 127 191 255

We cannot use subnet 1 and subnet 2 ( address from 0 to 127 ) as they are already assigned to
development department. We can assign subnet 3 to our production department.
Segment Production
Requirement 52
CIDR /26
Subnet mask 255.255.255.192
Network ID 192.168.1.128
First hosts 192.168.1.129
Last hosts 192.168.1.190
Broadcast ID 192.168.1.191

Step 5 :- Our next segment requires 28 hosts. From above subnetting we have subnet 3 and
subnet 4 available. Do subnetting for the requirement of 28 hosts.

192.168.1.0/27

Subnet Sub 1 Sub 2 Sub 3 Sub 4 Sub 5 Sub 6 Sub 7 Sub 8

Net ID 0 32 64 96 128 160 192 224
First Host 1 33 65 95 129 161 193 225
Last Host 30 62 94 126 158 190 222 254
Broadcast ID 31 63 95 127 159 191 223 255

Subnets 1 to 6 [ address from 0 to 191] are already occupied by previous segments. We can
assign subnet 7 to this segment.

Segment Administrative
Requirement 28
CIDR /27
Subnet mask 255.255.255.224
Network ID 192.168.1.192
First hosts 192.168.1.193
Last hosts 192.168.1.222
Broadcast ID 192.168.1.223

Page | 19
Step 6 :- Our last three segments require 2 hosts per subnet. Do subnetting for these.

192.168.1.0/30

Valid subnets are:-

0,4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,
108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,
184,188,192,196,200,204,208,212,216,220, 224,228,232,236,240,244,248,252,256

From these subnets, subnet 1 to subnet 56 ( Address from 0 - 220) are already assigned to
previous segments. We can use 224,228, and 232 for wan links.

Subnet Subnet 57 Subnet 58 Subnet 59

Network ID 224 228 232
First host 225 229 233
Last host 226 230 234
Broadcast ID 227 231 235

Assign these subnets to wan links.

Wan Link 1 Wan Link 2

Segments Wan Link 1

Requirement 2 Segments Wan Link 2
CIDR /30 Requirement 2
Subnet mask 255.255.255.252 CIDR /30
Network ID 192.168.1.224 Subnet mask 255.255.255.252
First hosts 192.168.1.225 Network ID 192.168.1.228
Last hosts 192.168.1.226 First hosts 192.168.1.229
Broadcast ID 192.168.1.227 Last hosts 192.168.1.230
Broadcast ID 192.168.1.231
Wan link 3
Segments Wan Link 3
Requirement 2
CIDR /30
Subnet mask 255.255.255.252
Network ID 192.168.1.232
First hosts 192.168.1.233
Last hosts 192.168.1.234
Broadcast ID 192.168.1.235
We have assigned IP addresses to all segments; still we have 20 addresses available. This is the
magic of VLSM.

Page | 20
 Subnetting

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Subnetting - Why?

• Problem: Organizations
have multiple networks University Network
which are independently
managed Engineering Medical
School School
– Solution 1: Allocate one or more
addresses for each network
• Difficult to manage Library
• From the outside of the
organization, each network
must be addressable.
– Solution 2: Addanother
level of hierarchy to the Subnetting
IP addressing structure
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
 Basic Idea of Subnetting
• Split the host number portion of an IP address into a subnet number
and a (smaller) host number.
• Result is a 3-layer hierarchy

• Subnets can be freely assigned within the organization

• Internally, subnets are treated as separate networks
• Subnet structure is not visible outside the organization

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Network mask and subnetwork mask

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Advantages of Subnetting
• With subnetting, IP addresses use a 3-layer hierarchy:
» Network
» Subnet
» Host
• Improves efficiency of IP addresses by not consuming an entire address
space for each physical network.
• Reduces router complexity. Since external routers do not know about
subnetting, the complexity of routing tables at external routers is reduced.

• Note: Length of the subnet mask need not be identical at all subnetworks.

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Example 1

What is the subnetwork address if the

destination address is 200.45.34.56 and the
subnet mask is 255.255.240.0?

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Solution

11001000 00101101 00100010 00111000

11111111 11111111 11110000 00000000
11001000 00101101 00100000 00000000

The subnetwork address is 200.45.32.0.

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Example 3

A company is granted the site address

201.70.64.0 (class C). The company needs
six subnets. Design the subnets.
Solution

The number of 1s in the default

mask is 24 (class C).

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Solution (Continued)

The company needs six subnets. This number

6 is not a power of 2. The next number that is
a power of 2 is 8 (23). We need 3 more 1s in
the subnet mask. The total number of 1s in
the subnet mask is 27 (24 + 3).
The total number of 0s is 5 (32 − 27). The
mask is

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Solution (Continued)

11111111 11111111 11111111 11100000

or
255.255.255.224
The number of subnets is 8.
The number of addresses in each subnet
is 25 (5 is the number of 0s) or 32.

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
 CLASSLESS ADDRESSING
Subnetting and supernetting in classful addressing
did not really solve the address depletion
problem. With the growth of the Internet, it was
clear that a larger address space was needed as
a long-term solution. Although the long-range
solution has already been devised and is called
IPv6, a short-term solution was also devised to
use the same address space but to change the
distribution of addresses to provide a fair share
to each organization. The short-term solution still
uses IPv4 addresses, but it is called classless
addressing.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
 Note

• In classless addressing, the prefix defines

the network and the suffix
• defines the host.

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Slash notation

McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000

 Example
• The following addresses are defined using slash
notations.
• a. In the address 12.23.24.78/8, the network mask is
255.0.0.0. The mask has eight 1s and twenty-four 0s.
The prefix length is 8; the suffix length is 24.

• b. In the address 130.11.232.156/16, the network

mask is 255.255.0.0. The mask has sixteen 1s and
sixteen 0s.The prefix length is 16; the suffix length
is 16.
• c. In the address 167.199.170.82/27, the network
mask is 255.255.255.224. The mask has twenty-
seven 1s and five 0s. The prefix length is 27; the
suffix length is 5.
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2000
 Chapter 6
Routing in Switched Networks
6.1. Routing in Packet Switched Network
A key design issue in switched networks, including packet-switching, frame relay, and ATM
networks, and with internets, is that of routing. In general terms, the routing function seeks to
design routes through the network for individual pairs of communicating end nodes such that the
network is used efficiently. The primary function of a packet-switching network is to accept
packets from a source station and deliver them to a destination station. To accomplish this, a path
or route through the network must be determined; generally, more than one route is possible.
Thus, a routing function must be performed.

The first two items on the list, correctness and simplicity, are self-explanatory. Robustness has to
do with the ability of the network to deliver packets via some route in the face of localized
failures and overloads. The designer who seeks robustness must cope with the competing
requirement for stability. Techniques that react to changing conditions have an unfortunate
tendency to either react too slowly to events or to experience unstable swings from one extreme
to another.

A tradeoff also exists between fairness and optimality. Some performance criteria may give
higher priority to the exchange of packets between nearby stations compared to an exchange
between distant stations. This policy may maximize average throughput but will appear unfair to
the station that primarily needs to communicate with distant stations. Finally, any routing
technique involves some processing overhead at each node and often a transmission overhead as
well, both of which impair network efficiency. The penalty of such overhead needs to be less
than the benefit accrued based on some reasonable metric, such as increased robustness or
fairness.

The selection of a route is generally based on some performance criterion. The simplest criterion
is to choose the minimum-hop route (one that passes through the least number of nodes) through

Page | 1
the network. This is an easily measured criterion and should minimize the consumption of
network resources. A generalization of the minimum-hop criterion is least-cost routing. In this
case, a cost is associated with each link, and, for any pair of attached stations, the route through
the network that accumulates the least cost is sought.

In either the minimum-hop or least-cost approach, the algorithm for determining the optimum
route for any pair of stations is relatively straightforward, and the processing time would be
about the same for either computation. Because the least-cost criterion is more flexible, this is
more common than the minimum-hop criterion. Several least-cost routing algorithms are in
common use.

6.2. Decision Time and Place

Routing decisions are made on the basis of some performance criterion. Two key characteristics
of the decision are the time and place that the decision is made.

Decision time is determined by whether the routing decision is made on a packet or virtual
circuit basis. When the internal operation of the network is datagram, a routing decision is made
individually for each packet. For internal virtual circuit operation, a routing decision is made at
the time the virtual circuit is established. In the simplest case, all subsequent packets using that
virtual circuit follow the same route. In more sophisticated network designs, the network may
dynamically change the route assigned to a particular virtual circuit in response to changing
conditions (e.g., overload or failure of a portion of the network).

The term decision place refers to which node or nodes in the network are responsible for the
routing decision. Most common is distributed routing, in which each node has the responsibility
of selecting an output link for routing packets as they arrive. For centralized routing, the decision
is made by some designated node, such as a network control center. The danger of this latter
approach is that the loss of the network control center may block operation of the network. The
distributed approach is perhaps more complex but is also more robust. A third alternative, used
in some networks, is source routing. In this case, the routing decision is actually made by the
source station rather than by a network node and is then communicated to the network. This
allows the user to dictate a route through the network that meets criteria local to that user.

Page | 2
6.3. Network Information Source and Update Timing
Most routing strategies require that decisions be based on knowledge of the topology of the
network, traffic load, and link cost. With distributed routing, in which the routing decision is
made by each node, the individual node may make use of only local information, such as the cost
of each outgoing link. Each node might also collect information from adjacent (directly
connected) nodes, such as the amount of congestion experienced at that node. Finally, there are
algorithms in common use that allow the node to gain information from all nodes on any
potential route of interest. In the case of centralized routing, the central node typically makes use
of information obtained from all nodes.

A related concept is that of information update timing, which is a function of both the
information source and the routing strategy. Clearly, if no information is used (as in flooding),
there is no information to update. If only local information is used, the update is essentially
continuous. For all other information source categories (adjacent nodes, all nodes), update timing
depends on the routing strategy. For a fixed strategy, the information is never updated. For an
adaptive strategy, information is updated from time to time to enable the routing decision to
adapt to changing conditions.

As you might expect, the more information available, and the more frequently it is updated, the
more likely the network is to make good routing decisions. On the other hand, the transmission
of that information consumes network resources.

Routing Strategies - Fixed Routing

A large number of routing strategies have evolved for dealing with the routing requirements of
packet-switching networks, we survey four key strategies: fixed, flooding, random, and adaptive.

For fixed routing, a single, permanent route is configured for each source-destination pair of
nodes in the network. The routes are fixed, or at least only change when there is a change in the
topology of the network. Thus, the link costs used in designing routes cannot be based on any
dynamic variable such as traffic. They could, however, be based on expected traffic or capacity.

With fixed routing, there is no difference between routing for datagrams and virtual circuits. All
packets from a given source to a given destination follow the same route. The advantage of fixed
routing is its simplicity, and it should work well in a reliable network with a stable load. Its
disadvantage is its lack of flexibility. It does not react to network congestion or failures.

Routing Strategies - Flooding

Page | 3
Another simple routing technique is flooding. This technique requires no network information
whatsoever and works as follows. A packet is sent by a source node to every one of its
neighbors. At each node, an incoming packet is retransmitted on all outgoing links except for the
link on which it arrived. Eventually, a number of copies of the packet will arrive at the
destination. The packet must have some unique identifier (e.g., source node and sequence
number, or virtual circuit number and sequence number) so that the destination knows to discard
all but the first copy.

Unless something is done to stop the incessant retransmission of packets, the number of packets
in circulation just from a single source packet grows without bound. One way to prevent this is
for each node to remember the identity of those packets it has already retransmitted. When
duplicate copies of the packet arrive, they are discarded. A simpler technique is to include a hop
count field with each packet. The count can originally be set to some maximum value, such as
the diameter (length of the longest minimum-hop path through the network) of the network. Each
time a node passes on a packet, it decrements the count by one. When the count reaches zero, the
packet is discarded.

The flooding technique has three remarkable properties:

 All possible routes between source and destination are tried. Thus, no matter what link or
node outages have occurred, a packet will always get through if at least one path between
source and destination exists.
 Because all routes are tried, at least one copy of the packet to arrive at the destination will
have used a minimum-hop route.
 All nodes that are directly or indirectly connected to the source node are visited.

Because of the first property, the flooding technique is highly robust and could be used to send
emergency messages. An example application is a military network that is subject to extensive
damage. Because of the second property, flooding might be used initially to set up the route for a
virtual circuit. The third property suggests that flooding can be useful for the dissemination of
important information to all nodes; we will see that it is used in some schemes to disseminate
routing information. The principal disadvantage of flooding is the high traffic load that it
generates, which is directly proportional to the connectivity of the network.

Page | 4
Routing Strategies - Random Routing

Random routing has the simplicity and robustness of flooding with far less traffic load. With
random routing, a node selects only one outgoing path for retransmission of an incoming packet.
The outgoing link is chosen at random, excluding the link on which the packet arrived. If all
links are equally likely to be chosen, then a node may simply utilize outgoing links in a round-
robin fashion.

A refinement of this technique is to assign a probability to each outgoing link and to select the
link based on that probability. The probability could be based on data rate, or on fixed link costs.

Like flooding, random routing requires the use of no network information. Because the route
taken is random, the actual route will typically not be the least-cost route or the minimum-hop
route. Thus, the network must carry a higher than optimum traffic load, although not nearly as
high as for flooding.

Routing Strategies - Adaptive Routing

In virtually all packet-switching networks, some sort of adaptive routing technique is used. That
is, the routing decisions that are made change as conditions on the network change. The principal
conditions that influence routing decisions are:

 Failure: When a node or link fails, it can no longer be used as part of a route.
 Congestion: When a particular portion of the network is heavily congested, it is
desirable to route packets around rather than through the area of congestion.

For adaptive routing to be possible, information about the state of the network must be
exchanged among the nodes. There are several drawbacks associated with the use of adaptive
routing, compared to fixed routing:

 The routing decision is more complex; therefore, the processing burden on

network nodes increases.
 In most cases, adaptive strategies depend on status information that is collected at
one place but used at another. There is a tradeoff here between the quality of the
information and the amount of overhead. The more information that is exchanged,
and the more frequently it is exchanged, the better will be the routing decisions

Page | 5
 that each node makes. On the other hand, this information is itself a load on the
constituent networks, causing performance degradation.
 An adaptive strategy may react too quickly, causing congestion-producing
oscillation, or too slowly, being irrelevant.

Adaptive Routing – Advantages

Despite these real dangers, adaptive routing strategies are by far the most prevalent, for two
reasons:
 An adaptive routing strategy can improve performance, as seen by the network
user.
 An adaptive routing strategy can aid in congestion control, which is discussed in
Chapter 13. Because an adaptive routing strategy tends to balance loads, it can
delay the onset of severe congestion.
These benefits may or may not be realized, depending on the soundness of the design and the
nature of the load. By and large, adaptive routing is an extraordinarily complex task to perform
properly. As demonstration of this, most major packet-switching networks, such as ARPANET
and its successors, and many commercial networks, have endured at least one major overhaul of
their routing strategy.

Classification of Adaptive Routing Startegies

 based on information sources

 local (isolated)
route to outgoing link with shortest queue
can include bias for each destination
Rarely used - does not make use of available info
 adjacent nodes
takes advantage on delay / outage info
distributed or centralized
 all nodes
like adjacent

Least Cost Algorithms

Page | 6
  basis for routing decisions
can minimize hop with each link cost 1

or have link value inversely proportional to capacity

 defines cost of path between two nodes as sum of costs of links traversed

in network of nodes connected by bi-directional links

where each link has a cost in each direction

 for each pair of nodes, find path with least cost

link costs in different directions may be different

 alternatives: Dijkstra or Bellman-Ford algorithms

Dijkstra’s Algorithm

Dijkstra's algorithm [DIJK59] can be stated as: Find the shortest paths from a given source node
to all other nodes by developing the paths in order of increasing path length. The algorithm
proceeds in stages. By the kth stage, the shortest paths to the k nodes closest to (least cost away
from) the source node have been determined; these nodes are in a set T. At stage (k + 1), the
node not in T that has the shortest path from the source node is added to T. As each node is
added to T, its path from the source is defined.

Dijkstra’s Algorithm Method

 Step 1 [Initialization]
 T = {s} Set of nodes so far incorporated
 L(n) = w(s, n) for n ≠ s
 initial path costs to neighboring nodes are simply link costs
 Step 2 [Get Next Node]
 find neighboring node not in T with least-cost path from s
 incorporate node into T
 also incorporate the edge that is incident on that node and a node in T that
contributes to the path
 Step 3 [Update Least-Cost Paths]
 L(n) = min[L(n), L(x) + w(x, n)] for all n Ï T

Page | 7
  if latter term is minimum, path from s to n is path from s to x concatenated with
edge from x to n

Dijkstra's Algorithm has three steps; steps 2 and 3 are repeated until T = N. That is, steps 2 and
3 are repeated until final paths have been assigned to all nodes in the network. It can be formally
described as shown above, given the following definitions:
N = set of nodes in the network
s = source node
T = set of nodes so far incorporated by the algorithm
w(i, j) = link cost from node i to node j; w(i, i) = 0; w(i, j) = ∞ if two nodes not directly
connected; w(i, j) ≥ 0 if two nodes are directly connected
L(n) = cost of the least-cost path from node s to node n that is currently known to the algorithm;
at termination, this is the cost of the least-cost path in the graph from s to n.
The algorithm terminates when all nodes have been added to T. At termination, the value L(x)
associated with each node x is the cost (length) of the least-cost path from s to x. In addition, T
defines the least-cost path from s to each other node.

One iteration of steps 2 and 3 adds one new node to T and defines the least-cost path from s to
that node. That path passes only through nodes that are in T. To see this, consider the following
line of reasoning. After k iterations, there are k nodes in T, and the least-cost path from s to each
of these nodes has been defined. Now consider all possible paths from s to nodes not in T.
Among those paths, there is one of least cost that passes exclusively through nodes in T (see
Problem 12.4), ending with a direct link from some node in T to a node not in T. This node is
added to T and the associated path is defined as the least-cost path for that node.

Bellman-Ford Algorithm

The Bellman-Ford algorithm can be stated as: Find the shortest paths from a given source node
subject to the constraint that the paths contain at most one link, then find the shortest paths with a
constraint of paths of at most two links, and so on. This algorithm also proceeds in stages. The
algorithm can be formally described as shown on the next slide, given the following definitions:

Page | 8
 s = source node
w(i, j) = link cost from node i to node j
w(i, i) = 0
w(i, j) =  if the two nodes are not directly connected
w(i, j)  0 if the two nodes are directly connected
h = maximum number of links in path at current stage of the algorithm
Lh(n) = cost of least-cost path from s to n under constraint of no more than h links
Bellman-Ford Algorithm
 step 1 [Initialization]

L0(n) = , for all n  s

Lh(s) = 0, for all h

 step 2 [Update]

for each successive h  0

• for each n ≠ s, compute: Lh+1(n)=minj[Lh(j)+w(j,n)]

connect n with predecessor node j that gives min

eliminate any connection of n with different predecessor node formed during an

earlier iteration

path from s to n terminates with link from j to n

Page | 9
Chapter 5 – Switching
Switched Network
 Nodes
➢ a collection of nodes and connections is a
communications network
➢ nodes may connect to other nodes only, or to
stations and other nodes
➢ network is usually partially connected
⚫ some redundant connections are desirable
➢ have two different switching technologies
⚫ circuit switching

⚫ packet switching
 Circuit Switching
➢ uses a dedicated path between two stations
➢ has three phases
⚫ establish
⚫ transfer
⚫ disconnect
➢ inefficient
⚫ channel capacity dedicated for duration of connection
⚫ if no data, capacity wasted
➢ set up (connection) takes time
➢ once connected, transfer is transparent
Public Circuit Switched
Network
Circuit Establishment
 Circuit
Switch
Elements
 Blocking or Non-blocking
➢ blocking network
⚫ may be unable to connect stations because
all paths are in use
⚫ used on voice systems
➢ non-blocking network
⚫ permits all stations to connect at once
⚫ used for some data connections
Space Division Switch
3 Stage Space Division Switch
E.g. Banyan Switch (ATM)
0 0
1 1
100 2 2
3 3

4 4
011 5 5
6 6
7 7

0 1 0 1
 Time Division Switching
➢ modern digital systems use intelligent
control of space & time division elements
➢ use digital time division techniques to set
up and maintain virtual circuits
➢ partition low speed bit stream into pieces
that share higher speed stream
➢ individual pieces manipulated by control
logic to flow from input to output
Time-division Switching
 Time-division Switching (cont)
➢ Control of a TDM bus switch
1 X
2 X
3 X
4 X
5 X
6 X
1→3
2→5
Control 4→6 Control
memory logic
3→1
5→2
6→4
Traditional Circuit Switching
Softswitch
 Packet Switching
➢ circuit switching was designed for voice
➢ packet switching was designed for data
➢ transmitted in small packets
➢ packets contains user data and control info
⚫ user data may be part of a larger message
⚫ control info includes routing (addressing) info
➢ packets are received, stored briefly (buffered)
and past on to the next node
Packet Switching
 Advantages
➢ line efficiency
⚫ single link shared by many packets over time
⚫ packets queued and transmitted as fast as possible
➢ data rate conversion
⚫ stations connects to local node at own speed
⚫ nodes buffer data if required to equalize rates
➢ packets accepted even when network is busy
➢ priorities can be used
 Switching Techniques
➢ stationbreaks long message into packets
➢ packets sent one at a time to the network
➢ packets can be handled in two ways
⚫ datagram
⚫ virtual circuit
Datagram
Diagram
 Virtual
Circuit
Diagram
 Virtual Circuits vs. Datagram
➢ virtual circuits
⚫ network can provide sequencing and error
control
⚫ packets are forwarded more quickly
⚫ less reliable
➢ datagram
⚫ no call setup phase
⚫ more flexible
⚫ more reliable
Packet
Size
 Circuit vs. Packet Switching
➢ performance depends on various delays
⚫ propagation delay
⚫ transmission time
⚫ node delay
➢ range of other characteristics, including:
⚫ transparency
⚫ amount of overhead
Event Timing