Embed Size (px)
Citation preview
Training
Ethernet and IP Basics
Overview
– OSI Layer Model – Ethernet– IP– ARP– IP Routing– Higher Layer Protocols– VRRP– ATM Vision Network Setup– Practice
Section
OSI Layer Model
OSI Layer Model
Application
Application
Presentation
Session
Transport
Network
Data Link
Physical
Data Transport
Physical interface (cable, transceiver etc.)
Transmission, framing and error control
Data transport
Reliability and multiplexing of data transport
Adding control mechanism to data transport
Structuring of data units
Managing of communications
OSI: Open Systems Interconnection
LAN Layer and the OSI Reference Model
Data LinkLayer
MACSublayer
PhysicalLayer
Eth
ern
et
IEE
E 8
02.3
100B
aseT
To
ken
Rin
g/IE
EE
802
.5
FD
DI
LLCSublayer
IEEE 802.2
OSI Layers LAN Specifiaction
Section
Ethernet
OSI Layer Model
Ethernet Frame
PreambleSource
AddressFCS
DestinationAddress
Type Data
8 6 6 2 46-1500 4
Field Length,In Bytes
FCS = Frame Check Sequence
MAC Address: IP Data: 00 : a3 : 25
Vendorspecific
VendorID
00 : 50 : 66 IP Header
Section
IP (Internet Protocol)
OSI Layer Model
Ethernet
IP Packet
Version IHL Type of Service Total Length
Identification Flags Fragment offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options
Data (1 Bytes – 64 kBytes)
Padding
IHL: Internet Header Length
32 Bit
IP Header
IP Data
IP Addressing
IP address comprises 32 Bits, grouped into four octets
32 Bit
8Bit 8Bit 8Bit 8Bit
C0 A8
192 168 151 44
97 2CHex:
Dec.: . . .
. . .
11000000 10101000 10010111 00101100Bin.: . ..
Network Example
192.168.151.44192.168.151.45
192.168.151.215
Section
ARP (Address Resolution Protocol)
OSI Layer Model
Ethernet
IP
ARP
• ARP: Address resolution protocol
• Communication between two Ethernet interfaces on a local network based on MAC addresses
• The address resolution protocol (ARP) provides mapping of an IP address to the unique MAC address
ARP
ARP
ARP
ARP ARP ARP ARP ARP
ARP
ARP
ARP
ARP ARP ARP ARP
ARP
ARPMAC
address
MACaddress
MACaddress
MACaddress
MACaddress
MACaddress
MACaddress
MACaddress
MACaddress
MACaddress
IP: 192.168.151.45MAC: 00:25:12:34:F2:A3
IP: 192.168.151.16MAC: 00:25:12:11:BB:C1
IP: 192.168.151.163MAC: 01:A1:23:8A:45:01
MACaddress
MACaddress
Section
IP Routing
OSI Layer Model
Ethernet
IP
ARP
Subnetting With Netmask
IP address „ANDED“ with netmask splits net into network and subnet portion
192 168 151 44IP Address: . . .255 255 255 0 Logical AND with Netmask: . . .
Network Network Network Subnet
192 168 151 0. . .Results in Subnet number:
11000000 10101000 10010111 00101100. ..11111111 11111111 11111111 00000000. ..„AND“
11000000 10101000 10010111. .. 00000000
Network Example
192.168.172.44255.255.128.0
192.168.196.63255.255.128.0
192.168.151.1255.255.128.0
192.168.13.1255.255.255.0
Router
192.168.13.234255.255.255.0
192.168.13.19255.255.255.0
Special IP Addresses
Network: 192.168.151.xNetmask: 255.255.255.0
Subnet number: 192.168.151.0Subnet broadcast: 192.168.151.255
Example:
Local host: 127.0.0.1Multicast groups: 224.0.0.0 ... 239.255.255.255
Experimental: 240.0.0.0 ... 254.255.255.255
IP Routing
Static routing
- Static entries in routing table
- Setting up Network Interface creates routing entry for local Network
- Entries made by administrator
- No dynamic changing of entries
Dynamic routing- Internet devices investigate their neighbourhood and store the information in the routing table
- These information will be collected by special protocols (OSPF, RIP, BGP)
Routing maintained by routing tableRouting table entries consist of:
- Destination IP address- Mask- Gateway- Metric (optional)- Interface (optional)
Routing decisions made on “best fit”
Section
Higher Layer Protocols
OSI Layer Model
Ethernet
IP
ARP
IP Routing
TCP / UDP
• Connection oriented• Connection status available• Order guaranteed• Assured data transport by the use of:
- Flow control- Data verification (checksum)- Data re-transmission in case of lost packets
The Transmission Control Protocol (TCP) and the User DatagramProtocol (UDP) work on top of IP.
UDP:
• Connectionless• Order guaranteed• Duplications removed• Unassured data transport (no acknowledge, no re-transmission)
TCP:
Firewall
Devides privat and public Network or two Networks
Protects privat Network from unauthorized access
Restricts access to or from local machines
Firewalling based on rules
• accept
• deny
• reject
Rules consists of source and destination IP address and Port (TELNET, FTP, HTTP ...)
EXTREMLY HARD TO CONFIGURE
Firewall
Firewall
HTTP
TELNET
NETWORK A NETWORK B
Masquerading
Is located on the same position as the Firewall Only one public IP address needed for whole
private Network Often works together with Firewalls on the same
machine Exchanges local IP address with the public address
192.168.1.x
PublicNetwork
Masquerading
192.168.1.x
212.21.117.3
Section
VRRP
OSI Layer Model
Ethernet
IP
ARP
IP Routing
Higher Layer Protocols
VRRP
Provides Router Redundancy transparent to hosts
All Router must reside on the same Network
The machine with the highest priority becomes VRRP mastership
Machines with lower priority are VRRP slaves
Up to 254 machines for redundancy
The master broadcasts VRRP packets
If no VRRP packet is received within a defined time, the Slave with the highest priority takes mastership and starts to send VRRP packets and listens on the specified IP address
Virtual Router Redundancy Protocol (VRRP)
VRRP
Simple 1+1 redundancy
MasterSlave
GW: Master GW: Master
VRRP: MasterVRRP: Master
Section
ATM Vision Network Setup
OSI Layer Model
Ethernet
IP
ARP
IP Routing
Higher Layer Protocols
VRRP
IP Network Settings
Enable networking:
sysconf net enable
Startup Ethernet Interface:
sysconf net <Interface> <IP address> netmask <Mask> up
<Interface>: eth0 = Ethernet 1 eth1 = Ethernet 2
IP Network Settings
Set route to other local networks:sysconf route add –net <IP address> netmask <Mask> gw <Gateway>
Inband Management
Enable Classical IP (CLIP):
sysconf clip enable
Enable IP forwarding to other interfaces:sysconf net ipforward enable
Inband Management
Add CLIP destination to routing table:
sysconf atmarp add <Dest. IP address> <VPI>.<VCI>
Configure CLIP interface:sysconf net <Interface> <IP address> netmask <Mask> up
Create CLIP interface:sysconf clip interface <Index> enable
<Interface>: clip<Index>
Inband Management
CLIP QoS parameter:
sysconf clip interface <Index> qos <QOS|default>
<QOS> = <class>,<type>:<common list>,tx:<list>,rx:<list> <class> = ubr | cbr <type> = aal0 | aal5 <common list> = <list> valid for tx and rx <list> = pcr=rate | max_pcr=rate | min_pcr=rate |
sdu=size | max_sdu=size
VRRP
root@Karlsruhe:/> sysconf vrrp ?usage: sysconf vrrp sysconf vrrp show sysconf vrrp <VRID> disable sysconf vrrp <VRID> priority <priority> sysconf vrrp <VRID> advertise <advertise interval> sysconf vrrp <VRID> preempt enable|disable sysconf vrrp <VRID> auth none|<password> sysconf vrrp <VRID> IP <IP-Address> { <IP-Address> } sysconf vrrp <VRID> monitor disable|<IP-Address> <TTL> <icmp|eth0|eth1>root@Karlsruhe:/>
VRRP Parameter:
<VRID> = VRRP ID (identifies the VRRP Network)priority = Router priority on the VRRP ID <0..255>. Default: 255 = VRRP masteradvertise = Time interval (in sec.) between two VRRP protocol packets. Timeout after
3 * advertise interval preempt = Allows slave to take over VRRP mastership from slaves with lower priority.
VRRP master with priority = 255 always takes mastershipauth = Authentication necessary (with password) or notIP = IP-Address(es) to protectmonitor = Allows additional monitoring on further connections (ETH0, ETH1 or ATM).
Monitoring on ETH0 and ETH1 is only supported on ATM Vision.
Checking Connectivity
Check IP (Ethernet) connection:
ping <IP address>
Tracing route to destination:
traceroute <IP address>
Check ATM connection:
oam <Interface> <VPI> [VCI] <seg|end>-<loopback|ais|rdi>
Checking Connectivity
The last ressort:
tcpdump -i <Interface> -n [-vv]
Establish remote connection:
telnet <IP address>
Section
Practice
OSI Layer Model
Ethernet
IP
ARP
IP Routing
Higher Layer Protocols
VRRP
ATM Vision Network Setup
Hands On: IP Network
Name:
IP address:
Netmask:
Name:
IP address:
Netmask:
Name:
IP address:
Netmask:
Hub
Name:
IP address:
Netmask:
EthernetATM
IP Range: 192.168.x.x
Hands on: IP, ATM and VRRP
ATM
IP Range: 192.168.x.x
Ethernet
Hands on: IP and CLIP over SVC
Name:
IP address:
Netmask:
Name:
IP address:
Netmask:
Name:
IP address:
Netmask:
Name:
IP address:
Netmask:
EthernetATM
IP Range: 192.168.x.x
SD
Catalyst8500
Power Supply 0CISCO YSTEMSS Power Supply 1
SwitchProcessor
SERIES
