Saturday, November 6, 2010

Hour 4 - Chapter 1 - Transport and Network Layers

Today we continue with our overview of the OSI reference model. We'll have a look at two very important layers:

  • Layer 4 - Transport Layer
  • Layer 3 - Network Layer

The Transport Layer

The Transport Layer is responsible for both segmenting as well as reassembling data into a data stream. It provides two important end-to-end data transport protocols, these are:

  • Transport Control Protocol (TCP): Provides reliable delivery of data (connection-oriented).
  • User Datagram Protocol (UDP): Provides unreliable delivery of data (connectionless).

The reason why these two protocols exist is to give network application developers a choice. They can choose to use the TCP protocol which will guarantee reliable transportation of data, or they may elect to use the UDP protocol and then add their own reliability functions to handle data loss and retransmission if they wish to.

Now we'll look at three concepts that are used by TCP to ensure reliability. These are flow control, sequencing, windowing and acknowledgments.

Flow Control

Flow control is a technique used to maintain data integrity by preventing the sending host from sending data faster than the receiving host can handle it. Without a proper flow control mechanism, the receiving host's buffer could overflow, causing congestion, overloading, and potential data loss. Additionally, because segments may travel through different paths to reach the destination, they will commonly arrive at the receiving host in the wrong order. Therefore flow control is also responsible for re-ordering segments in the correct order.


TCP always ensure that all segments received are acknowledged back to the sender to confirm that they have been received. This means that the sending host will retransmit a segment if it has not been acknowledged by the receiver within a certain timeframe. This simple process ensures that segments are not lost or needlessly duplicated. The way that TCP will set up a reliable connection between two devices is by establishing something called a session. This is accomplished using a function called the "three-way handshake". Similarly, to close a session, TCP will perform a "call termination" to gracefully end the session. We won't look at these low level processes in much detail for now, but if you want to learn more just google those terms and you'll find plenty of nitty-gritty details.


Windowing is a concept that was introduced to improve the efficiency of TCP. Without windowing, a sender would be forced to wait until receiving an acknowledgment from the receiver after each segment was sent before being able to send out another segment. Although this ensure reliability, it is slow and inefficient. So what exactly is windowing then? A window represents the amount of data segments in bytes that the transmitting machine can send without receiving an acknowledgment for them. The following examples should make this clearer:

Let's assume a window size of 1 (i.e. no windowing):

Byte #1 ---------->
        <---------- Acknowledge #2
Byte #2 ---------->
        <---------- Acknowledge #3

Assuming a window size of 4:

Byte #1 ---------->
Byte #2 ---------->
Byte #3 ---------->
Byte #4 ---------->
        <---------- Acknowledge #5

A quick note that this is simplified and that the numbers here are the "sequence" numbers. There is typically another number known as the "acknowledgment" number but we won't cover that here. Keep in mind that the sequence number in the acknowledgment segment is always 1 higher than the sequence number of segment that is acknowledged. So if we were to translate "Acknowledge 2" to English, it would be "I've received segment 1, you can send me the next segment which is segment 2 now".

Anyway, back to the example now. As you can see, with a window size of 1 byte, each byte has to be acknowledged before the next byte can be sent. With a window size of 4 bytes however, 4 bytes can be sent before having to be acknowledged. There are mechanisms in place within the TCP protocol for the two hosts to negotiate an appropriate window size however this is beyond the scope of this post. You should keep in mind however that if a host if failing to receive all of the bytes that it is supposed to acknowledge, then the window size may simply be too high. The transmission may therefore be improved in this case by decreasing the window size.

The Network Layer

The Network Layer is a particularly important layer as it handles critical tasks including device addressing and routing of data. Layer 3 devices such as routers provide a number of services at the network layer in order to route data within an internetwork. This is achieved by firstly checking the destination IP address of a packet that enters through one of the router's interfaces, then looking up that IP address in the router's routing table, and finally choosing an exit interface to forward the packet out of. If there are no entries in the routing table for that destination network, then the router must drop the packet. There are two main types of packets used at this layer:

  • Data packets: Contain user data. Routed protocols such as IP and IPv6 are used at layer 3 to handle data traffic.
  • Route update packets: These are used by routers to update the routing table of their neighboring routers and inform them about the networks that they're connected to within the internetwork. These packets are generated by what are known as Routing protocols. Common routing protocols are RIP, RIPv2, EIGRP, and OSPF.

Routers use a routing table to store routes which store the following information:
  • Network Address: This is an address specific to the protocol in use and therefore the router is obliged to have a separate table for each individual protocol (i.e. IP, IPv6, IPX).
  • Interface: The exit interface through which a packet will pass on its way to the destination network.
  • Metric: The route metric represents the distance to the remote network. The way that the metric is computer differs depending on the routing protocol that is used. Certain routing protocol, such as RIP, use a hop count as the routing metric. The hop count is simply the number of routers that a packet has to pass through to reach a remote network. Other routing protocols use metrics based on bandwidth, delay, and even tick count.

Let's briefly recapitulate what we have previously learnt about some of the behaviors exhibited by routers. Routers break up broadcast domains, which prevents broadcast and multicast traffic from being forwarded from one interface to another. Additionally, like switches, they break up collision domains. Because of this first behavior, each router interface represents a different network. It must therefore be assigned a unique network address.

In the next hour, we will look at the final two layers, the data link layer (layer 2) and the physical layer (layer 1). Then we'll be able to have a look at Ethernet Networking. I hope that this has been informative and I look forward to reading your comments.

Wednesday, October 27, 2010

Hour 3 - Chapter 1 - Top three layers

Firstly, I would like to apologize for not posting yesterday, I am rarely sick however I had a pretty bad cold and am just now getting better. I did do quite a bit of study but simply could not find the time or energy to blog my notes - I'll make sure to blog them as soon as I get them down from now on. Now that's out of the way let's get on with it! Today we have a look at the three highest layers of the OSI Reference Model (see previous post). These are the Application, Presentation and Session Layers. As I've mentioned in my previous post, these top three layers pertain mainly to the way that the network applications running on networked device communicate with each other.

The Application Layer

The Application Layer is the seventh and top layer of the OSI Reference Model. It is responsible for interfacing with end-user application programs and it provides a way for these applications to transmit information down the protocol stack using application layer protocols. A common misconception is that programs such as web browsers reside on this layer, however this is not quite true. Web browsers do not reside on the Application Layer, rather they interface with Application Layer protocols such as HTTP and HTTPS. Additional functions at this layer include ensuring that the communicating partners are both available and that that there are enough resources to enable the transmission.

Here is a short list containing just some of the more popular protocols operating at this layer (there are literally hundreds of Application Layer protocols in use today):

  • FTP: File Transfer Protocol
  • TFTP: Trivial File Transfer Protocol
  • HTTP: Hypertext Transfer Protocol
  • HTTPS: Hypertext Transfer Protocol Secure
  • DNS: Domain Name System
  • SSH: Secure Shell

The Presentation Layer

The role of the Presentation Layer is not quite as easy to grasp as the Application Layer. According to the OSI Reference Model, the Presentation Layer presents data to the Application Layer and is responsible for functions such as data translation and code formatting/conversion. Let me explain these concepts as I understand them. When data is transmitted, it is generally encoded with a particular encoding standard (i.e. a character encoding standard) and must be decoded when it is received. According to this Wikipedia article, "a character encoding system consists of a code that pairs each character from a given repertoire with something else, such as a sequence of natural numbers, octets or electrical pulses, in order to facilitate the transmission of data (generally numbers and/or text) through telecommunication networks or storage of text in computers." Examples of common character encoding standards include:

  • Unicode

Therefore when communicating, network applications have to agree on which coding standards they're going to use to encode data so that they are both able to process and interpret it. Some of the additional functions that may occur at this layer include data compression/decompression, encryption/decryption, and sometimes even multimedia operations.

The Session Layer

The Session Layer has a fairly simple role and we will not go into it in too much detail. In simple terms it is responsible for making sure that each application's communications are kept separate, as well as opening, managing, and eventually closing sessions between these network applications. The Session Layer typically offers three different communication modes:

  • Simplex: One direction only.
  • Half duplex: Both directions but not simultaneously.
  • Full duplex: Both directions simultaneously.

I hope that this brief look at the top three layers of the OSI Reference Model was informative. Feel free to leave any questions you may have in your comments and I'll try my best to answer them. In the next few blog posts we will look at the bottom 4 layers and then delve into Ethernet in a quite a bit of depth.

Monday, October 25, 2010

Hour 2 - Chapter 1 - The OSI Reference Model

In this second hour, we take a look at an internetworking model known as the OSI Reference Model. The Open Systems Interconnection (OSI) Reference Model was created in the late 1970s by the International Organization for Standardization (ISO) in order to have a common networking standard that various vendors could use so that the devices that they manufactured could be interoperable (i.e. so that devices from different vendors could communicate with each other).

The OSI reference model is known as a layered architectural model. It defines the 7 layers that data passes through as it is transmitted from one device to another. These 7 layers will be described very shortly.

Each layer consists of different networking protocols that perform specific functions in order to enable network communication. Apart from the obvious advantage of providing standardization and therefore interoperability between network devices, advantages of using this layered approach include:

  • The simplification of troubleshooting, design and development by breaking down the communication process into smaller components or stages.
  • Provides compartmentalization, that is, because the network functions that occur at each layer are standardized, protocols for each layer can be developed almost independently.

You should remember that the OSI Reference Model is only a logical model, not a physical one. It is really only a framework used by developers of network applications , protocols and devices.

The 7 layers of the OSI Reference Model are:

  • 7 Application: Interfaces with the user.
  • 6 Presentation: Presents the data and may handle functions like encryption and compression.
  • 5 Session: Ensures that different application's data is kept separate from each other.
  • 4 Transport: Offers reliable or unreliable delivery of data and performs error-correcting functions before retransmission.
  • 3 Network: Provide logical addressing, this is used for path determination.
  • 2 Data Link: Provides access to the media, uses hardware (MAC) addressing, performs error detection.
  • 1 Physical: Responsible for moving bits between devices.

These 7 layers can be furthered categorized into 2 groups. The top three layers pertain to the way that network applications on the actual devices (i.e. routers, switches, computers) communicate with each other and with their users. The bottom four layers on the other hand pertain to the way that data is transmitted from one device to another.

In the next hour we will describe each of these 7 layers individually in a lot more detail, looking in particular at their role within the overall end-to-end transmission and examining the various protocols that exist at each of these layers.

Sunday, October 24, 2010

Hour 1 - Chapter 1 - Internetworking

Ok so here we go, let's jump straight into it and start with the first chapter! The first chapter is basically an introduction to Internetworking. The section that I studied today covered the following topics:

  • Internetworking basics which discussed the meaning of the term and provided a basic example of two hosts communicating with each other.
  • Network segmentation which covered the different types of network devices (hubs, switches, bridges and routers); and how they can be employed to physically segment a network.

The chapter began with a brief look at the exponential growth of networks and the networking field over the last 15 years or so. Essentially today's networks have evolved in order to keep up with the substantial increases in basic mission-critical user needs, including data sharing and networked printers as well as more complex requirements such as videoconferencing.

The term internetwork was introduced to describe the connection of two or more LANs or WANs via a router. These networks must be configured using a logical network addressing scheme. An example containing two computers is then depicted to show several networking concepts working in unison. One of these concepts is the use of Media Access Control (MAC) addresses, also known as hardware addresses, which are essentially "burned" into the host's Network Interface Controller (NIC) when it is manufactured. The Address Resolution Protocol (ARP) is used to translate IP addresses into MAC addresses and receives a brief mention. ARP is a fairly simple protocol that relies on the use of broadcast addresses (MAC broadcast is "ff:ff:ff:ff:ff:ff") to broadcast ARP requests in the form:

Who has Tell

The host configured with that IP address will receive the broadcast and send an ARP request directly to the requestee's IP address with a message such as: is at 00:0b:db:94:d2:e4

The book delves a bit deeper and talks about name resolution to translate names to their corresponding IP addresses, describing domain name resolution using the Domain Name System (DNS) and also, locally, NetBIOS name resolution using NetBIOS Name Service (NBNS) in Microsoft Windows LANs. The later is fairly similar to ARP in that it uses the broadcasting method to translate a hostname such as "alpha_XP" to its corresponding IP address, for example "".

Four types of network devices are outlined. These are hubs, switches, bridges and routers. Switches and routers are really the only ones still in use today, however it is still important to know how hubs and bridges actually work so that we can understand the distinctions between all of the different devices. This is where the concept of network segmentation comes in. There are two kinds of segmentation:

  • Collision domains: A collision domain is a term that's used to describe a situation where it is possible for frames sent by two or more hosts at the same time to collide with one another which then neccesitates retransmission after a certain backoff period. It is important to break up collision domains in order to improve performance
  • Broadcast domains: A broadcast domain is a term that's used to describe a network segment where broadcast traffic reaches all devices in the segment.

The four network devices described are:

  • Hubs (also known as multiport repeaters): Hubs just forward the frames that they receive out of all ports except for the port from which the frame originated. This means that all ports operate within a single collision and broadcast domain. This can sometimes cause congestion as the number of network hosts increases.
  • Switches (also known as multiport bridges): Switches forward and filter packets from one port to another within a network, however they cannot forward or filter packets between different networks like routers can. Switches break up collision domains as each and every port on a switch represents its own collision domain but they do not segment the broadcast domain (broadcast traffic is passed through all ports).
  • Bridges: Bridges work just like switches, however they generally only consist of a few ports, whereas switches often consist of dozens of ports. Bridges have been mostly replaced by switches which provide more ports and some additional functionality (i.e. greatly enhanced management ability). Like switches, bridges segment each port into its own collision domain but they do not segment the broadcast domain (broadcast traffic is passed through all ports).
  • Routers (also known as layer 3 switches): Routers interconnect different networks and enable internetwork communication by providing a number of routing functions including packet switching, filtering, and path selection. They use a routing table in oder to make routing decisions and forward packets to the correct remote network. Routers can also provide connections to WAN services through serial interfaces (v.35 physical interfaces). Routers break up collision domains as well as broadcast domain by default, that is, they provide a separate broadcast and collision domain for each interface.

As you can see, switches and bridges can be used to segment networks but they do not isolate broadcast traffic.

Why is is the ability of routers to break up broadcast domains so important?

When a host sends a network broadcast, every device in that broadcast domain receives the broadcast packet and processes it to determine what to do with it (i.e. formulate an ARP reply if it has the IP address in the ARP query). The larger the broadcast domain, the more broadcast traffic overhead you will have on the network resulting in higher latency and lower bandwidth. Thankfully, by default, a router will not forward broadcast packets from one port to another.

A possible exam question related to what we've just learnt would give you a network diagram and then proceed to ask you to count the number of broadcast domains and collision domains. These sorts of questions should be very straight forward if you can remember the following rules:

  • Hubs: One collision domain and one broadcast domain.
  • Switches: Separate collision domain for each interface, one broadcast domain.
  • Bridge: Separate collision domain for each interface, one broadcast domain.
  • Routers: Separate collision domain and broadcast domain for each interface.

This beginning section of the first chapter finishes with one piece of wisdom, "The best network is one that's correctly configured to meet the business requirements of the company it serves" - something to keep in mind when designing networks and internetworks.

Saturday, October 23, 2010

Study plan

Here is the table of contents for Todd Lammlee "CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802 (6th Edition)", the book which I have selected as my primary source of study material:

As mentioned in a previous post, I've given myself a time frame of 100 hours to prepare for the exam. As you can see from the table of contents above, the book consists of 14 chapters. Assuming that I can get through one chapter per week and that I manage to get 7 hours of study each week (1 hour per day), that gives us 7 hours x 14 chapters = 98 hours total. Pretty damn close to 100 hours! Even though I've already studied a lot of this material, I will try to avoid the temptation of jumping from chapter to chapter and instead I'll try to progress through the book sequentially. Hopefully the time frame will be enough to cover all the material, however it is not set in stone. I won't attempt the exam until I feel completely confident in my abilities to excel and until I have covered all of the required material.

Gathering study material

I am lucky to have access to a substantial amount of Cisco study material, from ebooks to online resources and even CBT Nuggets Cisco CCNA videos. In this post, I'll try to further refine my study plan by selecting the books which I will focus on for my study as unfortunately, I do not have the time to read them all (most are very large volumes). Here are the ebooks that I currently have in my possession along with their rating on Amazon:

  • CCENT Cisco Certified Entry Networking Technician Study Guide (Exam 640-822)
     3½ stars 
  • Cisco Networking Academy Program CCNA 1 and 2 Companion Guide, Third Edition
     2½ stars 
  • CCNA INTRO Exam Certification Guide (CCNA Self-Study, 640-821, 640-801)
      4 stars 
  • CCNA Practical Studies
      4½ stars  
  • CCNA Exam Cram (Exam 640-802)
     2½ stars 
  • CCNA: Cisco Certified Network Associate: Fast Pass
     3 stars 
  • CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802
     4½ stars 
Based on these ratings and after reading numerous reviews on all the books mentioned, it would seem that Todd Lammlee "CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802 (6th Edition)" stands out as one of the best CCNA study guides on the market. Todd Lammlee is a Certified Cisco Systems Instructor (CCSI) and according to his website, he has written over 25 books on Cisco certification subjects. Therefore I will be primarily relying on this book in my future studies. I may supplement my studies with additional resources where necessary and I'm thinking about using "CCNA Practical Studies" by Gary Heap and Lynn Maynes to get some hands-on practice.

Friday, October 22, 2010

Setting goals

Without a clear direction and study plan I know that I will never reach my goals of becoming a Cisco Professional. Therefore setting goals before I undertake any study is crucial to my success in this endeavor. Let's quickly have a look at the Cisco certifications as outlined on the official Cisco website.

The entry level base Cisco qualification is called the Cisco Certified Entry Networking Technician (CCENT). According to the description on the Cisco website, the curriculum for this certification covers networking fundamentals, WAN technologies, basic security and wireless concepts, routing and switching fundamentals, and configuring simple networks. To obtain this certification, one must undertake an exam known as 640-822 ICND1.

The next level of Cisco qualification is called the Cisco Certified Network Associate (CCNA). As per the description on the Cisco website, this qualification validates the ability to install, configure, operate, and troubleshoot medium-size route and switched networks, including implementation and verification of connections to remote sites in a WAN. The curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. Furthermore, this also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2),VLANs, Ethernet, access control lists (ACLs). To obtain this certification, you may either take two exams, the CCENT exam which is 640-822 ICND1 and the 640-816 ICND2, or you can take a single combined exam known as 640-802 CCNA.

My immediate goal is to obtain the Cisco Certified Network Associate (CCNA) certification as it seems to be the base requirement for most junior network engineering roles that I have seen advertised. As we've seen there are two ways to get this certification. You can take the two exams or take a single combined exam. Taking two exams is slightly more expensive, and it means that you spend more time in the exam room. The upside however is that you probably don't need to cram as much into your head as you would have to by taking the combined exam. At the moment I'm still unsure about whether I should do the two exams or take the single exam path. I'm leaning towards the single exam path though because a single exam sounds better than two. I figure that the less exams the better!

I'm giving myself a time frame of about 100 hours of study to reach this goal. With an hour of study per day, that means that I should reach my goal in a little less than 3 and a half months. I'm hopping that I can stay consistent with my study and that I will know enough after 100 hours to pass the exam with flying colors. My first hour of study will officially start on Sunday the 24th of October! Wish me luck :).