• A complete data communication system should be composed of five parts:

message, sender, receiver, medium and protocol.

• Message：

▫ A packet is a data block in communication. Information such as texts,

numbers, pictures, audio, and videos is encoded and then transmitted in
packets.

• Sender：

▫ The sender refers to the device that sends data packets. It can be a
computer, workstation, server, mobile phone, etc.

• Receiver：

▫ The receiver refers to the device that receives packets. It can be a computer,
workstation, server, mobile phone, TV, etc.

• Medium：

▫ Transmission media：It refers to the carrier for signal transmission.

Common transmission media in LANs include optical fibers, coaxial cables,
and twisted pairs.

• Protocol：

▫ A protocol is a set of rules that govern data communications. It represents a

set of conventions between communication devices. Without a protocol,
even if the two devices are physically connected, they cannot communicate.
For example, a person who can only speak Chinese cannot be understood
by a person who can only speak English.
• Connectionless packet switching uses packet switching to encapsulate user
information into packets for switching. Each packet has a packet header, which is
used for routing, error control, and flow control. The length and interval of each
packet can be changed. Therefore, packet switching supports multiple rates.

• In connectionless packet switching, routing information is carried in each packet

header. A switching device checks the address information in each packet header,
selects a route based on the network status, and sends packets to the next-level
network device. Therefore, different packets of the same service pass through
different paths on the network.

• In connectionless packet switching, packets occupy network resources only when

they are transmitted. Network resources can be shared by services.

• Transmission Mode：

▫ simplex：

▪ In simplex mode, the communication is unidirectional. Only one of

the two devices can send packets, and the other can only receive
packets.

▪ Keyboards and displays are simplex communication devices. The

keyboard can only be used for input, and the monitor can only receive
output.
▫ Half-duplex：

▪ In half-duplex mode, each device can send and receive packets, but
cannot send and receive packets at the same time. When one device
sends packets, the other device can only receive packets, and vice
versa.

▪ The walkie-talkie is a typical example of a half-duplex system.

▫ Full-duplex：

▪ In full-duplex mode, both communication parties can receive and

transmit data simultaneously.

▪ The telephone network is a typical example of full duplex.

• Since the 1960s, computer networks have grown by leaps and bounds. To
dominate the data communications network field, major vendors have launched
their own network architecture systems and standards, such as SNA of IBM,
Novell IPX/SPX, AppleTalk, DECnet of DEC, and popular TCP/IP protocols. At the
same time, the major manufacturers for their own protocols produced a different
hardware and software. The joint efforts of all vendors promote the rapid
development of network technologies and the rapid growth of network device
types. However, due to the coexistence of multiple protocols, the network
becomes more and more complex. In addition, most network devices of different
vendors are incompatible, which makes communication difficult.
• In 1984, the International Organization for Standardization (ISO) put forward the
Open System Interconnection Reference Model (OSI RM) to solve the
compatibility problem between networks and help vendors produce compatible
network devices. The OSI reference model is quickly becoming the basic model of
computer network communication. In designing the OSI reference model, the
following principles are followed: each layer has a clear boundary to implement
specific functions; The division of layers is beneficial to the establishment of
international standard protocols. The number of layers should be large enough to
avoid duplication of functions across layers.
• The OSI reference model has the following advantages: It simplifies the related
network operations; Provides plug-and-play compatibility and standard interfaces
between different vendors. Enables vendors to design interoperable network
devices to promote standardization. Prevents the network change in one area
from affecting the network in another area. The networks in different areas are
separated. Therefore, the network in each area can be upgraded quickly.
Decomposes complex network problems into small simple problems, which is
easy to learn and operate.
• Different layers of the TCP/IP model correspond to different protocols. The
TCP/IP protocol stack is a collection of data communication protocols, including
many protocols. Its protocol stack name derives from the two main protocols,
TCP (Transmission Control Protocol) and IP (Internet Protocol). The TCP/IP
protocol stack ensures that network devices can communicate with each other. It
is a set of rules that govern how information is transmitted over the network.
• Each layer of TCP/IP allows data to be transmitted over the network. These layers
use protocol data units (PDUs) to exchange information with each other to
ensure that network devices can communicate with each other. PDUs at different
layers contain different information. Therefore, PDUs at different layers have
different names. For example, the PDU obtained after the transport layer adds
the TCP header to the upper-layer data is called a segment. The data segment is
transmitted to the network layer, and the PDU obtained after the network layer
adds the IP header is called a packet. The data packet is transmitted to the data
link layer, and the PDU obtained after the data link layer encapsulates the data
header is called a frame, frames are converted to bits and transmitted over
network media. This process of passing data down the stack and adding headers
and trailers is called encapsulation.

• After the data is encapsulated and transmitted over the network, the receiving
device deletes the added information and determines how to upload the data to
the appropriate application along the protocol stack based on the information in
the header. This process is called de-encapsulation. The peer layers of different
devices communicate with each other through encapsulation and de-
encapsulation.
• As shown in the figure, host A communicates with host B. Host A converts the
upper-layer data of an application through the upper-layer protocol and sends
the converted data to the transport layer. The transport layer uses the upper-
layer data as its own data part, encapsulates the transport-layer header, and
then sends the data to the network layer. The network layer uses the data
received from the transport layer as its own data, adds a network layer header to
the data, and sends the data to the data link layer. The data link layer
encapsulates the header of the data link layer and then sends the encapsulated
header to the physical layer. The physical layer converts the data into a bit
stream and sends the bit stream to host B over a physical link.

• After receiving the bit stream at the physical layer, host B sends the bit stream to
the data link layer for processing. After receiving the packet, the data link layer
removes the header of the data link layer packet and transmits the packet to the
network layer. After receiving the packet, the network layer removes the IP
packet header from the packet and sends the packet to the transport layer for
processing. The transport layer removes the IP packet header from the packet
and sends the packet to the application layer.

• Data encapsulation and de-encapsulation are performed layer by layer. Each

layer processes the data of the upper layer or lower layer and adds or removes
the header of the encapsulated packet.
• The physical layer standard specifies the physical medium and the connector
used to connect the device to the physical medium.

▫ Common physical layer standards for LANs include the IEEE-defined

Ethernet standard 802.3, token bus standard 802.4, token ring network
standard 802.5, and FDDI (fiber distributed data interface) defined by ANSI
(the American National Standards Institute) X3T9.5 committee.

▫ Common physical layer standards for WANs include the EIA/TIA-232 (RS-
232), V.24 and V.35, and physical and electrical specifications of various
digital interfaces. G.703, etc.
• The data link layer is the first logical layer at the physical layer. The data link
layer performs physical addressing on the terminal to help the network device
determine whether to transfer the message upwards along the protocol stack. In
addition, some fields are used to tell the device which protocol stack (such as IP
and IPX) the data should be transmitted to, and the sorting and traffic control
functions are provided.

• The data link layer is divided into two sublayers.：LLC，Logic Link Control
sublayer，MAC，Media Access Control sublayer.

• The LLC sublayer is located between the network layer and the MAC sublayer. It
identifies the protocol type and encapsulates data for transmission over the
network. The LLC sublayer performs most functions of the data link layer and
some functions of the network layer. For example, a frame consists of the data to
be transmitted, address, and CRC check. When the frame is received, the frame is
splitted, and the address identification and CRC check are performed. In addition,
the frame sequence control, error control, and flow control functions are
provided. In addition, it performs some network layer functions such as datagram,
virtual circuit, and multiplexing.

• The MAC sublayer specifies how data is transmitted over physical lines and
communicates with the physical layer. It defines physical addressing, network
topology, line specifications, error notification, in-order delivery, and traffic
control.
• As if everyone has a name, each network device is identified by a physical
address, which is a MAC address. The MAC address of a network device is
globally unique. A MAC address consists of 48 binary bits, which are usually
represented by hexadecimal digits. The first six hexadecimal digits are allocated
by the IEEE to device manufacturers, and the last six hexadecimal digits are
allocated by each manufacturer. For example, the first six hexadecimal digits of
the MAC address of Huawei network products are 0x00e0fc.
• NIC，Network Interface Card，also called network adapter, which has a fixed
MAC address. Most NIC vendors burn MAC addresses into the ROM. When the
network adapter is initialized, the MAC physical address in the ROM is read into
the RAM. If a new network card is inserted into the computer, the physical
address of the computer becomes the physical address of the new network card.
• It‘s worth noting that if your computer has two network adapters, it has two
MAC addresses. Therefore, some network devices may have multiple MAC
addresses.
• IEEE 802.2 LLC is a common data link layer protocol for LANs. Common data link
layer protocols used in WANs include：HDLC（High-level Data Link Control), PPP
（Point-to-Point Protocol), FR（Frame Relay) and so on.
▫ HDLC is a bit-synchronous-oriented data link layer protocol developed by
ISO. It specifies the data encapsulation method of synchronous serial links
using frame characters and checksum.
▫ PPP is defined in RFC 1661. It consists of the Link Control Protocol (LCP),
Network Control Protocol (NCP), and PPP extended protocol suite. PPP
supports synchronous and asynchronous serial links and multiple network
layer protocols. PPP is the default encapsulation protocol of the data link
layer of the serial interface on a VRP router.
▫ FR is an industry standard switched data link protocol that uses error-free
check to speed up data forwarding.
• The network layer is responsible for forwarding data packets between different
networks from the source to the destination. The data link layer ensures that
packets can be forwarded between devices on the same network (the same link),
and the network layer ensures that packets can be forwarded from the source to
the destination across the network (cross-link). There are two network layer
functions:

▫ Provide logical addresses: If data is transmitted across networks (cross-link),

logical addresses are used for addressing.

▫ Routing: forwards data packets from one network to another network.

• Routers are commonly used at the network layer to forward packets between
different networks. As shown in the figure, Host A and Host B on different
networks (different links) communicate with each other. The router interface on
the same network (the same link) as Host A receives the data frame sent by Host
A. The link layer of the router analyzes the frame header and determines the
frame to be sent to itself. Then, the router sends the frame to the network layer.
The network layer determines the network segment where the destination
address resides according to the network layer packet header. Then, the network
layer forwards the frame to the next hop through the corresponding interface
according to the table until the packet reaches the destination Host B.
• Common network layer protocols: Internet Protocol (IP), ICMP (Internet Control
Message Protocol), ARP (Address Resolution Protocol), RARP (Reverse Address
Resolution Protocol).

• IP is the most important protocol at the network layer. It provides logical

addressing, routing, and packet encapsulation and de-encapsulation functions.
ICMP, ARP, and RARP assist IP.

• ICMP is a management protocol and provides information services for IP. ICMP
messages are carried in IP packets.

• ARP implements dynamic mapping between IP addresses and hardware

addresses, that is, hardware addresses are obtained based on known IP addresses.

• RARP implements dynamic mapping between hardware addresses and IP

addresses. That is, RARP obtains IP addresses based on known hardware
addresses.
• The network layer address mentioned in this document is the IP address. The IP
address is a logical address instead of a hardware address. The hardware address
is fixed in the network interface card (NIC), such as the MAC address mentioned
above, and is used for communication between devices on the same link. IP
addresses are used for communication between devices on different networks
(different links).

• An IP address consists of a network address and a host address. The IP address

consists of 4 bytes and is usually represented in dotted decimal notation, for
example, 10.8.2.48. The following sections will describe the IP addresses in detail.
• Although both TCP and UDP use IP as their network layer protocol, they provide
distinct services for the application layer.

• TCP provides connection-oriented and reliable byte stream services. Connection-

oriented means that a TCP connection must be established between two
applications that use TCP as the transport layer protocol before they exchange
data. TCP provides reliable transmission services for upper-layer applications
through mechanisms such as confirmation, verification, and reassembly. However,
the establishment, validation, and verification of TCP connections consume a
large amount of work and bring a large amount of overhead.

• UDP provides simple and datagram-oriented services. UDP does not guarantee
reliability, that is, packets cannot reach the destination. UDP is applicable to
applications that focus more on transmission efficiency, such as SNMP and
RADIUS. SNMP monitors networks and intermittently sends alarms. If a TCP
connection needs to be set up each time a small amount of information is sent,
the transmission efficiency will be reduced. Therefore, applications that focus
more on transmission efficiency, such as SNMP and RADIUS, select UDP as the
transport layer protocol. In addition, UDP is also applicable to application-layer
protocols that have reliability mechanisms.
• The transport layer shields network complexity for upper-layer applications and
defines end-to-end connectivity between host applications to implement the
following basic functions:

▫ Encapsulates and decapsulates data segments sent from the application

layer to the network layer or combines data segments sent from the
network layer to the application layer.

▫ Establishing end-to-end connections, mainly logical connections for

transmitting data streams.

▫ Send data segments from one host to another host. Send data segments
from one host to another host. During the transmission, the data
correctness is ensured by calculating the checksum and performing flow
control to avoid buffer overflow.

• Some transport layer protocols ensure data transmission correctness. This

mechanism ensures that the same data is not transmitted multiple times or lost
and that the sequence of receiving data packets is the same as the sequence of
sending data packets.
• There are many protocols at the application layer. The following protocols help
you use and manage the TCP/IP network：
▫ FTP (File Transfer Protocol): Used to transfer independent files, usually for
interactive user sessions.
▫ HTTP (Hypertext Transfer Protocol): Used to transfer the files that make up
the pages on the World Wide Web.
▫ TELNET : Transfers data with Telnet control information. It provides a
standard method for interacting with terminal devices or terminal processes,
and supports terminal-to-terminal connections and process-to-process
distributed computing.
▫ SMTP (Simple Message Transfer Protocol) & POP3(Post Office Protocol).
▫ DNS (Domain Name Server): Domain names can be converted to IP
addresses, and domain name resources can be managed in a distributed
manner.
▫ TFTP (Trivial File Transfer Protocol): File transfer design for general purpose,
high throughput.
▫ RIP (Routing Information Protocol): A protocol used by a router to
exchange routing information on an IP network.
▫ SNMP (Simple Network Management Protocol): Collects network
management information and exchanges network management
information between the network management console and network
devices (such as routers, bridges, and servers).
▫ Radius (Remote Authentication Dial In User Service): Remote authentication
protocol for dial-up access, which implements authentication, authorization,
and accounting for access users.
• The preceding figure shows the encapsulation process of TCP/IP packets when
TCP is used at the transport layer, IP is used at the network layer, and Ethernet is
used at the link layer. The user data is encapsulated by the application layer
protocol and then transmitted to the transport layer. The transport layer
encapsulates the TCP header and sends the data to the network layer. The
network layer encapsulates the IP header and then sends the data to the data
link layer. The data link layer encapsulates the Ethernet frame header and frame
trailer and sends the data to the physical layer. The physical layer sends the data
in the form of bit streams to the physical line. The figure shows the length of
each field in the Ethernet data encapsulation. The following describes the
encapsulation of each layer from top to bottom.
• The TCP data segment is encapsulated in the IP data packet. A TCP data packet
consists of a TCP header and a TCP data packet. The TCP header contains a
maximum of 60 bytes. If the Option field is unavailable, the normal length is 20
bytes.

• The following figure shows the TCP header. For details about the functions of the
TCP header, see the transport layer protocol.

▫ Source Port：Indicates the source port number. TCP assigns a source port
number to the application.

▫ Destination Port：Destination port number.

▫ Sequence Number：Identifies the data byte stream sent from the TCP
sender to the TCP receiver.

▫ Ack Num：The acknowledgment sequence number contains the next

sequence number expected by the sending end. Ensure that the sequence
number is the sequence number of the data successfully received last time
plus 1.

▫ Option：Option field
• After receiving the TCP data segment from the transport layer, the network layer
adds the network layer IP header information to the segment. The fixed length of
a common IP header is 20 bytes (excluding the IP option field). An IP packet
header consists of the following fields:

▫ Version indicates the IP protocol version. Currently, the IP protocol version is

4. The version number of the next-generation IP protocol is 6.

▫ The packet length refers to the number of 32-bit words occupied by the
header, including any options. It is a 4-bit field, 24=16. There are 15 valid
value fields except all-0 items. The maximum value is 15, indicating that
the header occupies 15 32-bit bits. Therefore, 32 x 15/8 = 60 bytes, and the
maximum length of the header is 60 bytes.

▫ The 8-bit Type of Service (TOS) field includes a 3-bit Class of Service (COS)
field, a 4-bit TOS field, and a 1-bit unused bit. The 4-bit ToS represents the
minimum delay, maximum throughput, maximum reliability, and minimum
cost.

▫ Total length is the length of the entire IP datagram, including the data part.
This field is 16 bits long. Therefore, the maximum length of an IP datagram
can reach 65535 bytes. Although an IP datagram of up to 65,535 bytes can
be transmitted, it is fragmented at most link layers. In addition, the host
cannot receive data packets larger than 576 bytes. UDP restricts the length
of a user data packet to 512 bytes, which is less than 576 bytes. In fact,
most implementations today, especially those that support NFS, allow IP
datagrams larger than 8192 bytes.
▫ The Identification field uniquely identifies each packet sent by the host.
Generally, the value increases by 1 each time a packet is sent.

▫ The Time to Live (TTL) field sets the number of routers that a packet can
pass through. Once a packet passes through a router, the TTL value
decreases by 1. When the TTL value is 0, the packet is discarded.

▫ The Protocol field identifies the upper-layer protocol carried in the data
packet. Similar to the port number, the IP protocol uses the protocol
number to identify the upper-layer protocol. The protocol number of TCP is
6, and that of UDP is 17.

▫ The IP header checksum field is used to calculate the checksum of the IP

header and check the integrity of the packet header.

▫ The source IP address and destination IP address fields identify the IP

addresses of the source and destination devices in a data packet.
• At the physical network layer, the maximum length of frames to be sent each
time is limited. When the IP layer receives an IP packet to be sent, it needs to
determine the local interface to which the packet is to be sent (route selection)
and query the interface to obtain the MTU. The IP compares the MTU with the
data packet length and fragments the data packet if necessary.

• fragment can occur either on the original sender host or on an intermediate

router.

• After an IP datagram is fragmented, it is reassembled only when it reaches the

destination. Reassembling is performed by the IP layer of the destination end.
Fragmented datagrams may be re-fragmented (may be more than once). The
data contained in the IP header provides enough information for fragment and
reassembly.

• Flag bit: 3 bits

• Multiple control bits：

▫ 0 Bit: reserved. It must be set to 0.

▫ 1 bit: (DF) 0 = fragmentable; 1 = not fragmentable .

▫ 2 bits: (MF) 0 = last fragment, 1 = more fragments.

▫ The DF and MF cannot be 1 at the same time. Otherwise, a conflict occurs.

• Fragment offset: indicates where the fragment belongs to the data flow.

• After an IP packet is fragmented, each fragment becomes a data packet. Has its
own IP header and is independent of other packets during route selection.
• After an IP datagram is fragmented, it is reassembled only when it reaches the
destination. (Reassembly here is different from other network protocols, which
require reassembly at the next station, not at the final destination). Reassembling
is done by the destination IP layer, which aims to make the fragment and
reassembling process transparent to the transport layer (TCP and UDP), except
for some possible leapfrogging. Fragmented datagrams may be re-fragmented
(may be more than once). The data contained in the IP header provides enough
information for fragment and reassembly.

• The following fields in the IP header are used for fragment: Each IP datagram
sent by the sender has a unique value in the Identifier field. This value is copied
to each fragment when the datagram is fragmented (we now see what this field
is for). The Flags field uses one of the bits to indicate “more slices”. Except for the
last fragment, this bit is set to 1 for each fragment that forms a datagram. The
Fragment Offset field indicates the offset of the fragment from the beginning of
the original datagram. In addition, after a datagram is fragmented, the total
length of each fragment must be changed to the length of the fragment. Finally,
there is a bit in the flag field called the “non-fragment” bit. If this bit is set to 1,
the IP does not fragment the datagram. Instead, it discards the packet and sends
an ICMP error packet to the source end. The error packet indicates that fragment
is required but the non-fragment bit is set.
• After an IP datagram is fragmented, each fragment has its own IP header and is
independent of other fragments during route selection. In this case, the
fragments may be out of order when they arrive at the destination, but the IP
header contains enough information for the receiver to correctly assemble the
fragments.

• Although the IP fragment process seems transparent, there is one thing you don‘t
want to use: it retransmits the entire datagram even if only one piece of data is
lost. Why did this happen? The IP layer does not have a timeout retransmission
mechanism. The upper layer is responsible for timeout and retransmission (TCP
has timeout and retransmission mechanisms, but UDP does not. Some UDP
applications also perform timeouts and retransmissions themselves）. When a
fragment from a TCP packet segment is lost, the TCP retransmits the entire TCP
packet segment after timeout. This packet segment corresponds to an IP packet.
There is no way to retransmit only one fragment of a datagram. In fact, if the
packet is fragmented by an intermediate router, rather than the originating
system, the originating system cannot know how the packet is fragmented. For
this reason, fragment is often avoided.
• The Ethernet header consists of three fields：

▫ DMAC：indicates the MAC address of the destination terminal.

▫ SMAC：indicates the source MAC address.

▫ LENGTH/TYPE field: the meaning varies according to the value：

▪ When LENGHT/TYPE > 1500, the data frame type (such as the upper-
layer protocol type) is represented by the following protocol types:

− 0X0800 IP packet

− 0X0806 ARP request/response packet

− 0X8035 RARP request/response packet

▪ When LENGTH/TYPE < 1500, it indicates the length of the data frame.

▫ DATA/PAD：Indicates specific data. According to the Ethernet, the

minimum length of the data part is 46 bytes, but the length is less than 46
bytes. Pad bytes need to be added to the data part.

▫ FCS field: frame check sequence field, which is used to determine whether
an error occurs in a data frame.
• The network layer receives data from the transport layer and adds the source
and destination addresses to the data.

• MAC addresses are usually stored in the address space of a plane and have no
clear address hierarchy. Therefore, MAC addresses are applicable only to the
communication of hosts on the local network segment. In addition, MAC
addresses are fixed in hardware and have poor flexibility. For the communication
between different networks, the IP address, which is a network layer address, is
usually used to provide more flexibility.

• An IP address is also called a logical address. Like a MAC address, an IP address is

unique. Each network device is uniquely identified by an IP address.

• An IP address consists of 32 binary bits. These binary bits are divided into four
octets. The oc network layer receives data from the transport layer and adds the
source and destination addresses to the tets in the data. The IP address can be
expressed as follows:

▫ In dotted decimal notation：10.110.128.111

▫ Twinned binary：00001010.01101110.10000000.01101111

▫ Hexadecimal：0a.6e.80.6f

▫ Generally, an IP address is expressed in dotted decimal notation. It is

seldom expressed in hexadecimal notation.
• The layered IP address solution is similar to the common telephone number
solution. The phone number is unique around the world. For example, for a
phone number 010-82882484, the field 010 indicates the area code of Beijing,
and the field 82882484 indicates a phone number in Beijing. The same is true for
IP addresses. The first part indicates a network segment, and the second part
indicates a device in the network segment.

• IP addresses are designed in a hierarchical manner. In this way, each layer-3

network device does not need to store the IP address of each host, but stores the
network address of each network segment (the network address represents all
hosts in the network segment). This greatly reduces the number of routing
entries and improves routing flexibility.

• IP address: uniquely identifies a host on the network.

• The network part of an IP address is called a network address. A network address
uniquely identifies a network segment or an aggregation of several network
segments. Network devices in the same network segment have the same network
address. The host part of an IP address is called a host address, which uniquely
identifies a network device on the same network segment. For example, the class
A IP address is 10.110.192.111, the network address is 10, and the host address is
110.192.111.

• How to distinguish the network address and host address of an IP address?

Initially, the designers of interconnection networks define address classes based
on the network scale. IP addresses are classified into five classes: A, B, C, D, and E.

• The network address of a class A IP address is the first octet, and the first byte
starts with 0. Therefore, the number of valid bits of a class A network address is 7
(8 – 1), and the first byte of the class A network address ranges from 1 to 126
(127 is reserved). For example, 10.1.1.1 and 126.2.4.78 are class A addresses. The
length of the host address of a class A address is the last three bytes (24 bits).
Class A IP addresses range from 1.0.0.0 to 126.255.255.255. Each class A network
has 224 class A IP addresses.

• The network address of a class B IP address is the first two octets, and the first
byte starts with 10. Therefore, the number of valid bits of a class B network
address is 14 (16 – 2), and the first byte of the class B network address ranges
from 128 to 191. For example, 128.1.1.1 and 168.2.4.78 are class B addresses. The
length of the host address of a class B address is the last two bytes (16 bits).
Class B IP addresses range from 128.0.0.0 to 191.255.255.255. Each class B
network has 216 class B IP addresses.
• The network address of a class C IP address is the first three octets, and the first
byte starts with 110. Therefore, the number of valid bits of a class C IP address is
21 (24 – 3), and the first byte of the class C IP address ranges from 192 to 223.
For example, 192.1.1.1 and 120.2.4.78 are class C addresses. The host address in a
class C address is the last octet (8 bits). Class C IP addresses range from 192.0.0.0
to 223.255.255.255. Each class C network has 28 = 256 class C IP addresses.

• The first octet of a class D address starts with 1110. Therefore, the first byte of a
class D address ranges from 224 to 239. Class D addresses are usually used as
multicast addresses.

• The first byte of a class E address ranges from 240 to 255 and is reserved for
scientific research.
• An IP address is used to uniquely identify a network device, but not every IP
address is available. Some special IP addresses are used for various purposes and
cannot be used to identify network devices.

• An IP address whose host part is all 0s is called a network address. A network

address identifies a network segment. For example, class A address 1.0.0.0,
private address 10.0.0.0, and 192.168.1.0.

• An IP address whose host part is all 1s is called a network segment broadcast

address. A broadcast address identifies all hosts on a network. For example, a
router can forward broadcast packets on network segments such as 10.0.0.0 or
192.168.1.0, for example, 10.255.255.255 and 192.168.1.255. A broadcast address
is used to send data packets to all nodes on the local network segment.

• An IP address whose network segment is 127, such as 127.0.0.1, is usually used

for loop tests.

• The IP address 0.0.0.0 with all 0s represents all hosts. Huawei VRP series routers
use the IP address 0.0.0.0 to specify the default route.

• The all-1 IP address 255.255.255.255 is also a broadcast address. 255.255.255.255

represents all hosts and is used to send data packets to all nodes on the network.
Such broadcast packets cannot be forwarded by routers.

• As mentioned above, each network segment has some IP addresses that cannot
be used as host IP addresses. The following describes how to calculate available
IP addresses.
• For example, a class B network segment 172.16.0.0 has 16 host bits, so it has 216
IP addresses. After 172.16.0.0 is removed, a broadcast address 172.16.255.255
cannot be used to identify a host. Therefore, there are 216-2 available addresses
in total.

• Class C network segment 192.168.1.0 has 8 host bits and a total of 28 = 256 IP
addresses. After the network address 192.168.1.0 and broadcast address
192.168.1.255 are excluded, there are 254 available host addresses.

• The number of available host addresses on each network segment can be

calculated using the following formula: If the number of bits in the host part of
the network segment is n, the number of available host addresses is 2n-2.

• Network-layer devices, such as routers, use network addresses to represent hosts

on the local network segment. This greatly reduces the number of routing entries
on routers.
• During IP address planning, private IP addresses are usually used on the internal
network of a company.

• Private IP addresses are reserved by the InterNIC and allocated by the intranets
of enterprises. A user cannot directly access the Internet using a private IP
address. The reason is simple. The private IP address cannot be used on the
public network. There is no route for the private IP address on the public network.
Therefore, the address conflict problem occurs. When users access the Internet,
the network address translation (NAT) technology is used to translate private IP
addresses into public IP addresses that can be identified by the Internet. The
following network segments are reserved as private IP addresses for the InterNIC:

▫ Class A 10.0.0.0~10.255.255.255;

▫ Class B 172.16.0.0~ 172.31.255.255;

▫ Class C 192.168.0.0~192.168.255.255

• Using private IP addresses not only reduces the investment in purchasing public
IP addresses, but also saves IP address resources.
• For an IP address organization that does not have a subnet, the external network
considers the organization as a single network and does not need to know the
internal structure. For example, all routes to address 172.16.X.X are considered to
be in the same direction, regardless of the third and fourth 8-bit packets of the
address. This solution has the advantage of reducing the number of entries in the
routing table.

• However, this solution cannot distinguish different subnet segments on a large

network. As a result, all hosts on the network can receive broadcast packets on
the large network, which degrades network performance and hinders network
management.

• For example, a Class B network can contain 65,000 hosts. If a user who applies
for a class B address needs only 100 IP addresses, the remaining IP addresses
cannot be used by other users, which causes a great waste. Therefore, a method
is required to divide the network into different network segments. Manages
subnets by subnet.
• From the perspective of address assignment, a subnet is an extension of a
network segment address. The network administrator determines the size of the
subnet based on the organization‘s growth needs.

• Network devices use subnet masks to determine which part of an IP address is

the network part and which part is the host part.

• The subnet mask is in the same format as the IP address. The network and
subnet parts of the subnet mask are all 1 , and the host part is all 0. By default,
the subnet mask of class A network is 255.0.0.0, the subnet mask of class B
network is 255.255.0.0, and the subnet mask of class C network is 255.255.255.0.
Using subnets, the use of network addresses is more efficient. Externally, the
network is still a network. Internally, the network is divided into different subnets.

• As shown in the preceding figure, 172.16.0.0 is divided into two network

segments: 172.16.4.0 and 172.16.8.0.

• Assume that the finance department of a company uses the 172.16.4.0 subnet
segment. 172.16.8.0 is used by the Engineering Department. In this way, the
router can perform routing according to the destination subnet address, and
broadcast packets of a subnet are restricted from being sent to other network
segments, without affecting the network efficiency.
• With a good command of binary-to-decimal conversions, the correspondence
between IP addresses and subnet masks in binary and decimal systems is easy to
understand. The number of bits in the subnet mask is 28 (8 + 8 + 8 + 4 = 28),
indicating that the number of consecutive 1s in the subnet mask is 28 (1,
indicating that there are 28 network bits).

• Another representation of the subnet mask is /28=255.255.255.240, which is

called backslash notation.

• IP addresses are hierarchical；

• The IP address is different from the phone number, which cannot reflect the
geographical location of the host；

• A host that belongs to multiple networks and has multiple IP addresses (such as
a router). The networks and subnets of these IP addresses are different.
• Each IP address is a 32-bit value written in four 8-bit bytes. This means that there
are four groups, each of which contains eight binary bits, as shown in the figure
above.
• Routers are used to connect different networks. Data can be forwarded on the
Internet.

• Data forwarding: Routers must be able to forward data packets based on their
destination network addresses.

• Routing: To forward data, a router must be able to establish and refresh the
routing table and forward data packets based on the routing table.

• Backup and traffic control: To ensure reliable network operation, routers provide
the functions of switching between active and standby links and controlling
traffic.

• Rate adaptation: Different interfaces have different rates. Routers can use their
own caches and flow control protocols for rate adaptation.

• Isolated network: Routers can isolate broadcast networks to prevent broadcast

storms. In addition, routers can implement flexible packet filtering policies
(firewalls) to ensure network security.

• Interconnection of the heterogeneous networks: The original intention of the

Internet is to implement heterogeneous network interconnection. Modern routers
generally implement more than two network protocols to implement
heterogeneous network interconnection.
• As shown in the figure, the working process of a router is as follows：

▫ The physical layer receives a packet from a router port and sends the
packet to the data link layer.

▫ The data link layer removes the link layer encapsulation and sends the
packet to the network layer based on the protocol field of the packet.

▫ The network layer checks whether the packet is sent to the local device. If
the packet is sent to the local device, the network layer is removed and the
packet is sent to the upper layer. If the destination IP address of the packet
is not in the routing table, the router searches the routing table for a route
based on the destination IP address of the packet. If a route is found, the
router sends the packet to the data link layer of the corresponding port.
After the packet is encapsulated at the data link layer, the router sends the
packet. If no route is found, the packet is discarded and error information is
sent as required.

• Routing Table Is the Key for Routers to Forward Data Packets. Each router stores
a routing table. Each routing entry in the table specifies the physical port of the
router through which the data packet is sent to a subnet or a host. Then, the
data packet can be sent to the next router along the path or sent to the
destination host in the directly connected network without passing through other
routers.
• The routing table contains the following key entries:

▫ Destination Address：Identifies the destination address or network of an IP

packet.

▫ Mask：This parameter and the destination address identify the address of

the network segment where the destination host or router is located. The
network segment address of the destination host or router can be obtained
after the logical AND operation is performed on the destination address
and network mask.

▫ Output interface：Indicates the interface of the router from which the IP

packet is forwarded.

▫ Next hop : indicates the interface address of the next router that the IP
packet passes through.
• IEEE802.3 Ethernet standard

• IEEE802.3u 100BASE-T fast Ethernet standard

• IEEE802.3z/ab 1000 Mbit/s Gigabit Ethernet standard

• IEEE802.3ae 10GE Ethernet standard

• Ethernet is the dominant technology in today‘s LANs. Most of the traffic on the
Internet starts and ends over an Ethernet connection. Since the 1970s, Ethernet
has evolved to meet the growing demand for high-speed LANs. When the new
medium, optical fiber, is manufactured, Ethernet is adopted, taking full
advantage of the huge bandwidth and low error rate of optical fiber. Using the
same basic protocol, the data transmission rate can reach 100 Gbit/s in 1973.

• The success of Ethernet lies in its simplicity and ease of maintenance, its ability to
incorporate new technologies, its reliability, and its low installation and upgrade
costs.

• IEEE802.3 cables: In addition to coaxial cables and twisted pairs, IEEE802.3 cables
also include 10BASE-F fibers. 10BASE-F has been used in the early stage and its
transmission distance can reach about 2 km.

• Fast Ethernet (FE): The FE technology is a high-speed local area network (LAN)
technology that provides high network bandwidth for desktop users and servers
or server clusters. IEEE802.3u is the standard defined by IEEE for fast Ethernet.：
twisted pair and optical fiber

• Gigabit Ethernet is an extension of IEEE802.3 Ethernet. Based on the Ethernet

protocol, Gigabit Ethernet increases the transmission rate of Fast Ethernet by 10
times to 1 Gbit/s. Two standards：

▫ IEEE802.3z (fiber and copper cable)

▫ IEEE802.3ab (twisted pair)

• The Ethernet protocol is a set of LAN protocols defined by IEEE 802.3.
• Maximum transmission distance: It is determined by factors such as line quality
and signal attenuation.

• Minimum frame length (64 bytes): determined by the maximum transmission

distance and the collision detection mechanism.
• From the preceding contents, we can know that the Ethernet constructed by hubs
is a shared Ethernet in essence. Therefore, the shared Ethernet has the following
disadvantages：

▫ Severe conflict

▫ Broadcast flooding

▫ No security

• A hub is an Ethernet device that works based on the CSMA/CD mechanism. The
working principle of a hub is as follows: A hub forwards the data frames (unicast
or broadcast) received from any interface to any other interface (except the
interface that receives the data frames) without selecting any interface.

• Therefore, it can be said that a hub only changes a physical topology of an

Ethernet, and a logical structure of the Ethernet is still a bus topology.

• The hub does not use the MAC address. It only duplicates and forwards data and
does not filter data.
• Switch works at the data link layer. Two basic functions of a bridge on an
Ethernet switch are as follows：

▫ MAC address learning；

▫ Forwarding and filtering decisions.

• Let's look at MAC address learning first.

• A bridge forwards data frames based on the MAC address table. The MAC
address table is learned by the bridge based on the source MAC address.
Generally, the MAC address table of a Layer 2 switch is created based on the
mapping between MAC addresses and switch ports.

• The bridge listens to the source address of the data frame, and each port of the
switch listens to the source address of the received data frame.

• During the initialization, the MAC address table of the switch is empty.

• For example：When the switch receives the frame from port 1, it first checks the
destination MAC address and then the MAC address table in the switch cache.
However, the MAC address table is empty. Why does the switch do this? Forward
the frame to any port (except port 1 that receives the frame). Check the source
MAC address of the frame and establish a mapping between port 1 and the MAC
address of site A. The source MAC address of the frame is the physical address of
site A. By analogy, each site establishes a mapping relationship with a directly
connected port, thereby forming a MAC address table.

• If a port is connected to a hub, one port may correspond to multiple MAC

addresses. A port on a switch corresponds to a collision domain.

• Note: In multicast, address entries are not learned but obtained through
protocols such as IGMP snooping.
• The second basic function of switches: destination address-based forwarding.

▫ Searches the MAC forwarding table for the addresses that are not included
in the table and broadcasts the packets.

▫ The automatic address learning and aging mechanisms are used to

maintain the address table.

▫ Generally, the frame format is not modified. (The frame format of the
VLAN needs to be modified and the tag needs to be added.).

• Principles of Layer 2 Switches：

▫ Receives all data frames on the network segment.

▫ The source MAC address in the received data frame is used to establish the
MAC address table (source address self-learning). The address aging
mechanism is used to maintain the MAC address table.

▫ The S9300 searches the MAC address table for the destination MAC address
of the data frame. If the destination MAC address is found, the S9300 sends
the data frame to the corresponding port (excluding the source port). If the
destination MAC address is not found, the S9300 sends the data frame to
all ports (excluding the source port).

▫ Forwards broadcast frames and multicast frames (excluding the source port)
to all ports.
• Switches support three switching modes: Cut-Through, Store-and-Forward, and
Fragment-Free. The features of each switching mode are as follows：

▫ Cut-Through

▪ After receiving the destination address, the switch starts the

forwarding process.

▪ Low delay

▪ The switch does not detect errors and directly forwards data frames.

▫ Store-and-Forward

▪ The switch starts to forward the frame only after receiving the
complete frame.

▪ The delay is large. The delay depends on the length of the data frame.

▪ The switch detects errors and discards error packets.

 ▫ Fragment-free

▪ After receiving the first 64 bytes (a minimum frame length) of the

data packet, the switch searches the forwarding table based on the
frame header information.

▪ This switching mode combines the advantages of the Cut-Through

mode and Store-and-Forward mode. Similar to the Cut-Through
mode, the frame can be forwarded after 64 bytes are received,
without waiting for the complete data frame to be received. In
addition. Like the Store-and-Forward mode，it can detect the errors
of the first 64 bytes and discard the error frames.

• L2 brings a great leap forward to the Ethernet technology, solves the conflict
problem of the Ethernet, and greatly improves the Ethernet performance.
Ethernet security is also improved. However, broadcast flooding exists on the
Ethernet, and security cannot be ensured.
• C

• What are the functions of each layer of the TCP/IP protocol stack?

▫ The TCP/IP protocol stack consists of five layers: physical layer, data link
layer, network layer, transport layer, and application layer. The physical
layer defines the mechanical, electrical, and functional features and
processes required for data transmission. The data link layer controls the
physical layer, detects and corrects possible errors, and adjusts traffic
(optional). The network layer checks the network topology to determine
the optimal route for transmitting packets. The basic function of the
transport layer is to segment the data sent from the application layer to the
network layer or combine the data segments sent from the network layer
to the application layer. End-to-end connections are established to send
data segments from one host to another, ensuring data transmission
correctness. The application layer provides network services for applications.

• What are the packet encapsulation and de-encapsulation processes in the TCP/IP
protocol stack?

▫ Packet encapsulation and de-encapsulation are opposite processes. In

encapsulation, the header of each layer is added from top to bottom. In de-
encapsulation , the header of each layer is removed from bottom to top.