Smaller Segments

Segments can be divided to reduce the number of
users and increase the bandwidth available to each
user in the segment. Each new segment created
results in a new collision domain. Traffic from one
segment or collision domain does not interfere with
other segments, thereby increasing the available
bandwidth of each segment. In the following figure,
each segment has greater bandwidth, but all segments
are still on a common backbone and must
share the available bandwidth. This approach works
best when care is taken to make sure that the largest
users of bandwidth are placed in separate segments.
There are a few basic methods for segmenting an
Ethernet LAN into more collision domains:
• Use bridges to split collision domains.
• Use switches to provide dedicated domains to
each host.
• Use routers to route traffic between domains
(and to not route traffic that does not matter to
the other domain).
This sheet discusses segmenting using bridges and
routers (switching is covered in the next chapter). 53

Ethernet Collisions

In a traditional LAN, several users would all share
the same port on a network device and would
compete for resources (bandwidth). The main limitation
of such a setup is that only one device can
transmit at a time. Segments that share resources
in this manner are called collision domains,
because if two or more devices transmit at the
same time, the information “collides,” and both
end points must resend their information (at different
times). Typically the devices both wait a random
amount of time before attempting to retransmit.
This method works well for a small number of
users on a segment, each having relatively low
bandwidth requirements. As the number of users
increases, the efficiency of collision domains
decreases sharply, to the point where overhead traffic
(management and control) clogs the network.

What Problems Need to Be Solved?

Ethernet is a shared resource in which end stations
(computers, servers, and so on) all have access to the
transmission medium at the same time. The result is
that only one device can send information at a time.
Given this limitation, two viable solutions exist:
• Use a sharing mechanism: If all end stations are
forced to share a common wire, rules must exist
to ensure that each end station waits its turn
before transmitting. In the event of simultaneous
transmissions, rules must exist for retransmitting.

• Divide the shared segments, and insulate them:
Another solution to the limitations of shared
resources is to use devices that reduce the number
of end stations sharing a resource at any given time.

Why Should I Care About Ethernet?

Ethernet was developed in 1972 as a way to connect
newly invented computers to newly invented
laser printers. It was recognized even at that time
as a remarkable technology breakthrough.
However, very few people would have wagered
that the ability to connect computers and devices
would change human communication on the same
scale as the invention of the telephone and change
business on the scale of the Industrial Revolution.
Several competing protocols have emerged since
1972, but Ethernet remains the dominant standard
for connecting computers into local-area networks
(LAN). For many years Ethernet was dominant in
home networks as well. Ethernet has been mostly
replaced by wireless technologies in the home networking
market. Wireless or Wi-Fi is covered in
Part VIII, “Mobility.”

Evolution of Ethernet

When Metcalfe originally developed Ethernet, computers were connected to a
single copper cable. The physical limitations of a piece of copper cable carrying
electrical signals restricted how far computers could be from each other on
an Ethernet. Repeaters helped alleviate the distance limitations. Repeaters are
small devices that regenerate an electrical signal at the original signal strength.
This process allows an Ethernet to extend across an office floor that might
exceed the Ethernet distance limitations.
The addition or removal of a device on the Ethernet cable disrupts the network
for all other connected devices. A device called an Ethernet hub solves
this problem. First, each port on a hub is actually a repeater. Second, hubs let
computers insert or remove themselves nondisruptively from the network.
Finally, hubs simplify Ethernet troubleshooting and administration. As networks
grow larger, companies need to fit more and more computers onto an
Ethernet. As the number of computers increases, the number of collisions on
the network increases. As collisions increase, useful network traffic decreases
(administrative traffic actually increases because of all the error messages getting
passed around). Networks come to a grinding halt when too many collisions
occur.
Ethernet bridges resolve this problem by physically breaking an Ethernet into
two or more segments. This arrangement means that devices communicating
on one side of the bridge do not collide with devices communicating on the
other side of the bridge. Bridges also learn which devices are on each side and
only transfer traffic to the network containing the destination device. A twoport
bridge also doubles the bandwidth previously available, because each port
is a separate Ethernet.
Ethernet bridges evolved to solve the problem of connecting Ethernet networks
to Token Ring networks. This process of translating a packet from one LAN
technology to another is called translational bridging.
As Ethernet networks continue to grow in a corporation, they become more
complex, connecting hundreds and thousands of devices. Ethernet switches
allow network administrators to dynamically break their networks into multiple
Ethernet segments.
Initially, switches operated as multiport Ethernet bridges. But eventually, as the
cost per port decreased significantly, Ethernet switches replaced hubs, in which
each connected device receives its own dedicated Ethernet bandwidth. With
switches, collisions are no longer an issue, because connections between computer
and switch can be point-to-point, and the Ethernet can both send and
receive traffic at the same time. This ability to send and receive simultaneously
is called full duplex, as opposed to traditional Ethernet, which operated at half
duplex. Half duplex means that a device can receive or transmit traffic on the
network, but not at the same time. If both happen at the same time, a collision
occurs.
This is different from subnetting in a couple of distinct ways. First, Ethernet is
a Layer 2 protocol, and subnetting has to do with IP addressing (which is a
Layer 3 function). Second, IP addressing is a logical segmentation scheme, and
switching is a physical separation, because each end station has a dedicated
physical port on the switch.

What Is Ethernet?

Ethernet describes a system that links the computers in a building or within a
local area. It consists of hardware (a network interface card), software, and
cabling used to connect the computers. All computers on an Ethernet are
attached to a shared data link, as opposed to traditional point-to-point networks,
in which a single device connects to another single device.
Because all computers share the same data link on an Ethernet network, the
network needs a protocol to handle contention if multiple computers want to
transmit data at the same time, because only one can talk at a time without
causing interference. Metcalfe’s invention introduced the carrier sense multiple
access collision detect (CSMA/CD) protocol. CSMA/CD defines how a computer
should listen to the network before transmitting. If the network is quiet,
the computer can transmit its data. However, a problem arises if more than
one computer listens, hears silence, and transmits at the same time: The data
collides. The collision-detect part of CSMA/CD defines a method in which
transmitting computers back off when collisions occur and randomly attempt
to restart transmission. Ethernet originally operated at 3 Mbps, but today it
operates at speeds ranging from 10 Mbps (that’s 10 million bits per second) to
10 Gbps (that’s 10 billion bits per second). 51

History of Ethernet

Robert Metcalfe developed Ethernet at the famous Xerox Palo Alto Research
Center (PARC) in 1972. The folks at Xerox PARC had developed a personal
workstation with a graphical user interface. They needed a technology to network
these workstations with their newly developed laser printers. (Remember,
the first PC, the MITS altair, was not introduced to the public until 1975.)
Metcalfe originally called this network the Alto Aloha Network. He changed
the name to Ethernet in 1973 to make it clear that any type of device could
connect to his network. He chose the name “ether” because the network carried
bits to every workstation in the same manner that scientists once thought
waves were propagated through space by the “luminiferous ether.”
Metcalfe’s first external publication concerning Ethernet was available to the
public in 1976. Metcalfe left Xerox, and in 1979 he got Digital Equipment
Corporation (DEC), Intel, and Xerox to agree on a common Ethernet standard
called DIX. In 1982, the Institute of Electrical and Electronic Engineers (IEEE)
adopted a standard based on Metcalfe’s Ethernet.
Ethernet took off in academic networks and some corporate networks. It was
cheap, and public domain protocols such as Internet Protocol (IP) ran natively
on it. However, another company (IBM) wanted the world to adopt its protocol
instead, called Token Ring. Before switching was introduced, Ethernet was
more difficult to troubleshoot than Token Ring. Although Ethernet was less
expensive to implement, larger corporations chose Token Ring because of their
relationship with IBM and the ability to more easily troubleshoot problems.
Early Ethernet used media such as coaxial cable, and a network could literally
be a single long, continuous segment of coax cable tied into many computers.
(This cable was known as Thinnet or Thicknet, depending on the thickness of
the coax used.) When someone accidentally kicked the cable under his or her
desk, this often produced a slight break in the network. A break meant that
no one on the network could communicate, not just the poor schmuck who
kicked the cable. Debugging usually entailed crawling under desks and
following the cable until the break was found.

In contrast, Token Ring had more sophisticated tools (than crawling on your
knees) for finding the breaks. It was usually pretty obvious where the token
stopped being passed and, voilà, you had your culprit.
The battle for the LAN continued for more than ten years, until eventually
Ethernet became the predominant technology. Arguably, it was the widespread
adoption of Ethernet switching that drove the final nail in Token Ring’s coffin.
Other LAN technologies, such as AppleTalk and Novell IPX, have been and
continue to be introduced, but Ethernet prevails as the predominant technology
for local high-speed connectivity.
Thankfully, we have left behind early media such as coax for more sophisticated
technologies.

Networking Infrastructure

With the fundamentals of networking under our belt, we can now take a closer look at the infrastructure
that makes up the networks we all use. This section focuses on the switches and routers that make up networks,
along with the protocols that drive them.
We start this section with a discussion of the Ethernet protocol, which defines the rules and processes by
which computers in a local area communicate. Long before the Internet was in use, computers communicated
locally using the Ethernet protocol, and it is still widely used.
We then move on to local-area network (LAN) switching, an extension of the Ethernet protocol required
when there are more computers in a local segment than can communicate efficiently. Switching is one of
the core technologies in networking.
One of the necessities in networking is link redundancy, something that makes it more likely that data
reaches its intended target. Sometimes, however, link redundancy can create loops in the network, which
causes an explosion of administrative traffic that can take down a network in a matter of minutes.
Spanning Tree is one of the mechanisms that keeps these “broadcast storms” from wiping out your local
network, so we look at how this important protocol works.
We end this section with routing, which provides the basis for network communication over long distances.
The advent of routing allowed the growth of the Internet and corporate networking as we know it
today. This section explores how routing works and how routers communicate.

What Are HTTP and HTML, and What Do They Do?

You might have noticed that many Internet sites include the letters HTTP in
the site address that appears in the address line of your web browser. HTTP
(another OSI Layer 7 protocol) defines the rules for transferring information,
files, and multimedia on web pages. Hypertext Markup Language (HTML) is
the language used within HTTP. HTML is actually a fairly simple, easy-tolearn
computer language that embeds symbols into a text file to specify visual
or functional characteristics such as font size, page boundaries, and application
usages (such as launching an e-mail tool when a user clicks certain links).
When the developer of an HTTP file (or web page) wants to allow for a jump
to a different place on the page, or even a jump to a new page, he or she simply
places the appropriate symbols into the file. People viewing the page just
see the link, which is most commonly specified with blue, underlined text. The
ease of jumping from site to site (called web surfing) is one of the reasons for
the proliferation of websites on, and growth of, the Internet.
Several free and commercial tools allow you to create a web page using
HTML without having to know all the rules.
One of the issues with HTML is that it is fairly limited as far as what it can do
given that it works only on text and still pictures. To achieve some of the really
cool moving graphics and web page features, other tools such as Flash,
XML, JavaScript, or other scripting languages are needed. 48

Web Browsing

Browsing web pages on the Internet is another common network application.
Browsers run on a computer and allow a viewer to see website content.
Website content resides on a server, a powerful computer with a lot of disk
space and lots of computing cycles. The protocol that allows browsers and
servers to communicate is HTTP.

Receiving E-Mails

E-mail is often received via a different server than the one that sends e-mail.
The type of server depends on which type of e-mail tool you use. For those
using an e-mail client, your e-mail is probably delivered to you via the most
common method, Post Office Protocol 3 (POP3) server. (We have no idea what
happened to the first two.) The POP3 server receives all its e-mails from SMTP
servers and sorts them into file spaces dedicated to each user (much the same
way mail is put into post office boxes at a local post office—thus the name).
When you open your e-mail client, it contacts the POP3 server to request all
the new e-mails. The e-mails are then transferred to your PC, and in most
cases the e-mails are erased from the POP3 server.
Another common method (or protocol) for mail retrieval is an Internet Mail
Access Protocol (IMAP) server. This is the protocol normally used by webbased
e-mail clients, and corporate e-mail systems such as Microsoft
Exchange. The IMAP server receives and sorts e-mail in much the same way as
a POP3 server. Unlike POP3, however, IMAP does not transfer the e-mails to
the machine of the account holder; instead, it keeps e-mail on the server. This
allows users to connect to use their e-mail account from multiple machines.
IMAP also allows for server-side filtering, a method of presorting e-mail based
on rules before it even gets to your PC. It’s kind of like having a friendly
postal worker who sorts all your bills to the top and magazines to the bottom.
Two main issues with IMAP servers are storage space and working offline.
Most Internet e-mail services put a limit on the amount of storage each subscriber
gets (some charge extra for additional storage space). In addition, these
services often limit the file size of attachments (such as photos). The other
issue is the ability to work offline or when not connected to the Internet. One
solution is called caching, which temporarily places the subscriber’s e-mail
information on whatever PC he or she wants to work offline with. When the
user reconnects, any e-mails created while offline are sent, and any new incoming
e-mails can be viewed.

Sending E-Mails

E-mails are distributed using a (OSI Layer 7) protocol called Simple Mail
Transfer Protocol (SMTP). SMTP normally operates on powerful computers
dedicated to e-mail distribution, called SMTP servers. When you create and
send an e-mail, your e-mail client sends the file to the SMTP server. The server
pulls out the addresses from the message. (You can send e-mails to multiple
recipients.) For each domain name, the SMTP server must send a message to a
DNS to get the IP address of each recipient’s e-mail server. If the recipient is on
the same server as you (that is, if you send an e-mail to someone with the
same domain name), this step is unnecessary.
After your SMTP server knows the IP address of the recipient’s server, your
SMTP server transfers the e-mail message to the recipient’s SMTP server. If
there are multiple recipients in different e-mail domains, a separate copy of the
e-mail is transferred to each recipient’s SMTP server. According to the name of
the protocol, this is all pretty simple.

What’s Up with the @ Sign?

All e-mail addresses are made up of two parts: a recipient part and a domain
name. An @ symbol separates the two parts to denote that a recipient is
unique within a domain name. The domain name is usually the name of your
ISP (or your company if you have e-mail there), and, like a website, an e-mail
domain has an associated IP address. This allows (actually, requires) the use of
a DNS server to translate the domain name portion of an e-mail address to the
IP address of the server where the e-mail account resides.
The recipient part is the chosen identifier that you are known by within the email
domain. There are a lot of possibilities for choosing the recipient. Here
are a few popular styles:
Firstname.Lastname John.Brown
FirstinitialLastname JBrown
Nickname DowntownJohnnyBrown
Personalized license plate L8RG8R
Other obscure reference GrassyKnoll63
When picking an e-mail address, remember that sometimes you’ll have to verbally
tell someone your e-mail address, so “X3UT67B” is inadvisable.

E-Mail Tools

There are two basic ways to create, send, and receive e-mails: with an e-mail
client and with a web-based e-mail tool:
• E-mail clients that are installed on individual machines are in wide use today.
The most popular are Microsoft Outlook/Outlook Express. E-mail clients
allow for the creation, distribution, retrieval, and storage of e-mails (as well as
some other useful features). These types of clients were originally designed so
that e-mails to and from an account could be accessed from a single machine.
E-mail clients physically move the e-mail from the e-mail server to your PC’s
hard drive. After the e-mail is downloaded, it no longer exists in the e-mail
provider’s network. The e-mail exists in your e-mail client program (on the
PC’s hard drive) until you delete it.
• Web-based e-mail tools, such as Google Mail, allow users to access their
e-mail from any machine connected to the Internet. Users log in to the website
with their registered name and password. Then they are given access to
a web-based e-mail client that has all the basic abilities of e-mail clients,
such as the ability to create, send, and receive e-mails. Many have more
advanced features, such as the ability to send and receive file attachments
and create and use address books.
Web-based e-mail tools differ from e-mail clients in that the e-mail is not
downloaded to your PC’s hard drive. It exists only on the e-mail provider’s
network until you delete it. Some people use a combination of web-based email
and e-mail clients. For example, you may use the web-based e-mail tool
to access your e-mail when you are away from home and not using your
home PC. When you are at home, you could then use your e-mail client.

E-Mail

E-mail is one of the most common network applications in use today.
Although it might seem relatively new, e-mail was invented in the early 1970s.
Back then, of course, there was no Internet as we know it today, so having email
was a bit like owning a car before there was a highway system.
Today, e-mail is so widespread that ISPs just assume that you want an e-mail
address and automatically assign you one (or even several) when you begin
your service agreement.

The Internet and Its Applications

What makes the Internet useful and interesting to the average person is not the
network, but rather the applications that operate on the network. The two
most common Internet applications in use today are e-mail and web browsers.

IPv6 Transition

There have been many predictions over the years
about IPv6 migration, but the fact is that the IPv4
workarounds that have been developed in the
meantime have been pretty good. It could be that
despite being a superior solution to the address
scarcity issue, IPv6 may never displace IPv4 and its
work-arounds. To underscore this point, look back
at the chart at the beginning of this section. Here
we are in 2007, with only limited deployments of
IPv6, and with many more devices on the Internet
than anticipated back in the late 1990s, but IPv4
keeps chugging along.
Several factors may finally cause the transition—
first as IPv6 “islands” connected with IPv4 networks,
and then finally into end-to-end IPv6 networks.
These factors include the U.S. federal government
mandating that its networks must be IPv6-capable
by a certain date, Microsoft adopting IPv6 into
Windows starting with Vista, and Japan adopting
IPv6 as its country network addressing standard.
At a minimum, it is important for network administrators
and companies to understand IPv6 and its
potential impacts so that they are prepared if and
when the transition occurs. 40

IPv6 Mobility

IPv6 supports a greater array of features for the
mobile user, whether the mobile device is a cell
phone, PDA, laptop computer, or moving vehicle.
Mobile IPv6 (MIPv6) supports a more streamlined
approach to routing packets to and from the
mobile device. It also supports IPsec between the
mobile device and other network devices and hosts.

IPv6 Security

IPv6 has embedded support for IPsec (a common
protocol for encryption). Currently the host operating
system (OS) can configure an IPsec tunnel
between the host and any other host that has IPv6
support. With IPv4 the vast majority of IPsec
deployments are network-based and unknown to
host devices. With IPv6 IPsec, the host could create
an encrypted data connection between itself and
another device on the network. This means that
network administrators do not need to set up the
encryption, because hosts can do it themselves on
demand.

IPv6 Autoconfiguration

IPv4 deployments use one of two methods to
assign IP addresses to a host: static assignment
(which is management-intensive) or DHCP/
BOOTP, which automatically assigns IP addresses
to hosts upon booting onto the network.
IPv6 provides a feature called stateless autoconfiguration,
which is similar to DHCP. Unlike DHCP,
however, stateless autoconfiguration does not
require the use of a special DHCP application or
server when providing addresses to simple network
devices that do not support DHCP (such as robotic
arms used in manufacturing).
Using DHCP, any router interface that has an IPv6
address assigned to it becomes the “provider” of IP
addresses on the network to which it is attached.
Safeguards are built into IPv6 that prevent duplicate
addresses. This feature is called Duplicate
Address Detection. With the IPv4 protocol, nothing
prevents two hosts from joining the network
with identical IP addresses. The operating system
or application may be able to detect the problem,
but often unpredictable results occur.

IPv6 Notation

The first figure demonstrates the notation and
shortcuts for IPv6 addresses.
An IPv6 address uses the first 64 bits in the
address for the network ID and the second 64 bits
for the host ID. The network ID is separated into
prefix chunks. The next figure shows the address
hierarchy.

IPv6 Addresses

The 128-bit address used in IPv6 allows for a
greater number of addresses and subnets (enough
space for 1015 endpoints—340,282,366,920,938,
463,463,374,607,431,768,211,456 total!).
IPv6 was designed to give every user on Earth multiple
global addresses that can be used for a wide
variety of devices, including cell phones, PDAs, IPenabled
vehicles, consumer electronics, and many
more. In addition to providing more address space,
IPv6 has the following advantages over IPv4:
• Easier address management and delegation
• Easy address autoconfiguration
• Embedded IPsec (short for IP Security—
encrypted IP)
• Optimized routing
• Duplicate Address Detection (DAD)

What Problems Need to Be Solved?

Network Address Translation (NAT) and Port
Address Translation (PAT) were developed as
solutions to the diminishing availability of IP
addresses. NAT and PAT, as implemented today in
many network routers, allow a company or user to
share a single or a few assigned public IP addresses
among many private addresses (which are not
bound by an address authority).
Although these schemes preserve address space
and provide anonymity, the benefits come at the
cost of individuality. This eliminates the very reason
for networking (and the Internet): allowing peer-topeer
collaboration through shared applications.
IP version 6 (IPv6) provides an answer to the
problem of running out of address space. It also
allows for the restoration of a true end-to-end
model in which hosts can connect to each other
unobstructed and with greater flexibility. Some of
the key elements of IPv6 include allowing each
host to have a unique global IP address, the ability
to maintain connectivity even when in motion and
roaming, and the ability to natively secure host
communications.

Why Should I Care About IPv6?

The addressing scheme used for the TCP/IP protocols
is IP version 4 (IPv4). This scheme uses a 32-
bit binary number to identify networks and end
stations. The 32-bit scheme yields about 4 billion
addresses, but because of the dotted-decimal system
(which breaks the number into four sections of
8 bits each) and other considerations, there are
really only about 250 million usable addresses.
When the scheme was originally developed in the
1980s, no one ever thought that running out of
addresses would be a possibility. However, the
explosion of the Internet, along with the increased
number of Internet-capable devices, such as cell
phones and PDAs (which need an IP address), has
made running out of IPv4 addresses a serious concern.
The chart shows the trend of address space,
starting in 1980. It shows the address space running
out sometime before 2010.

Identifying Subnet Addresses

Given an IP address and subnet mask, you can
identify the subnet address, broadcast address, and
first and last usable addresses within a subnet as
follows:
1. Write down the 32-bit address and the subnet
mask below that (174.24.4.176/26 is shown
in the following figure).
2. Draw a vertical line just after the last 1 bit in
the subnet mask.
3. Copy the portion of the IP address to the left
of the line. Place all 1s for the remaining free
spaces to the right. This is the broadcast
address for the subnet.
4. The first and last address can also be found
by placing ...0001 and ...1110, respectively, in
the remaining free spaces.
5. Copy the portion of the IP address to the left
of the line. Place all 0s for the remaining free
spaces to the right. This is the subnet number.
174.24.4.176 1010111000110000000100 10110000 Host
255.255.255.192 1111111111111111111111 11000000 Mask
174.24.4.128 1010111000110000000100 10000000 Subnet
174.24.4.191 1010111000110000000100 10111111 Broadcast

Subnet Masks

Routers use a subnet mask to determine which
parts of the IP address correspond to the network,
the subnet, and the host. The mask is a 32-bit
number in the same format as the IP address. The
mask is a string of consecutive 1s starting from the
most-significant bits, representing the network ID,
followed by a string of consecutive 0s, representing
the host ID portion of the address bits.

Each address class has a default subnet mask (A =
/8, B = /16, C = /24). The default subnet masks
only the network portion of the address, the effect
of which is no subnetting. With each bit of subnetting
beyond the default, you can create 2n–2 subnets.
The preceding example has 254 subnets, each
with 254 hosts. This counts the address ending
with .0, but not the address ending in .255.
Continuing with the preceding analogy, the subnet
mask tells the network devices how many apartments
are in the building.

Identifying Subnet Addresses
Given an IP address and subnet mask, you can
identify the subnet address, broadcast address, and
first and last usable addresses within a subnet as
follows:
1. Write down the 32-bit address and the subnet
mask below that (174.24.4.176/26 is shown
in the following figure).
2. Draw a vertical line just after the last 1 bit in
the subnet mask.
3. Copy the portion of the IP address to the left
of the line. Place all 1s for the remaining free
spaces to the right. This is the broadcast
address for the subnet.
4. The first and last address can also be found
by placing ...0001 and ...1110, respectively, in
the remaining free spaces.
5. Copy the portion of the IP address to the left
of the line. Place all 0s for the remaining free
spaces to the right. This is the subnet number.
174.24.4.176 1010111000110000000100 10110000 Host
255.255.255.192 1111111111111111111111 11000000 Mask
174.24.4.128 1010111000110000000100 10000000 Subnet
174.24.4.191 1010111000110000000100 10111111 Broadcast
At-a-Glance: IP Addressing
Network
128
10000000
10
00001010
173
10110010
46
00101110
Host
IP
Address
Subnet
Mask
This subnet mask can also be written as "/24", where 24
represents the number of 1s in the subnet mask.

Subnetting

Subnetting is a method of segmenting hosts within
a network and providing additional structure.
Without subnets, an organization operates as a flat
network. These flat topologies result in short routing
tables, but as the network grows, the use of
bandwidth becomes inefficient.

In the figure, a Class B network is flat, with a single
broadcast and collision domain. Collision
domains are explained in more detail in the
Ethernet chapter. For now, just think of them as a
small network segment with a handful of devices.
Adding Layer 2 switches to the network creates
more collision domains but does not control
broadcasts.
In the next figure, the same network has been subdivided
into several segments or subnets. This is
accomplished by using the third octet (part of the
host address space for a Class B network) to segment
the network. Note that the outside world
sees this network the same as in the previous figure.

Subnetting is a bit complex at first pass. Think of
it like a street address. For a house, the street
address may provide the needed addressability to
reach all the house’s occupants. Now consider an
apartment building. The street address only gets
you to the right building. You need to know in
which apartment the occupant you are seeking
resides. In this crude example, the apartment number
acts a bit like a subnet.

Address Classes

When the IP address scheme was developed, only
the first octet was used to identify the network
portion of the address. At the time it was assumed
that 254 networks would be more than enough to
cover the research groups and universities using
this protocol. As usage grew, however, it became
clear that more network designations would be
needed (each with fewer hosts). This issue led to
the development of address classes.
Addresses are segmented into five classes (A
through E). Classes A, B, and C are the most common.
Class A has 8 network bits and 24 host bits.
Class B has 16 network bits and 16 host bits, and
Class C has 24 network bits and 8 host bits. This
scheme was based on the assumption that there
would be many more small networks (each with
fewer endpoints) than large networks in the world.
Class D is used for multicast, and Class E is
reserved for research. The following table breaks
down the three main classes. Note that the Class A
address starting with 127 is reserved.

Logical Versus Physical

MAC addresses are considered physical addresses
because they are assigned to pieces of hardware by
the manufacturer and cannot be reassigned.
IP addresses are assigned by a network administrator
and have meaning only in a TCP/IP network.
These addresses are used solely for routing purposes
and can be reassigned.
Host and network: Rather than assigning numbers
at random to various endpoints (which would be
extremely difficult to manage), every company and
organization listed on the Internet is given a block
of public address numbers to use. This is accomplished
by using a two-part addressing scheme that
identifies a network and host. This two-part
scheme allows the following:
• All the endpoints within a network share the
same network number.
• The remaining bits identify each host within
that network.
In the figure, the first two octets (128.10) identify
a company with an Internet presence (it’s the
address of the router that accesses the Internet).
All computers and servers within the company’s
network share the same network address. The next
two octets identify a specific endpoint (computer,
server, printer, and so on). In this example the
company has 65,536 addresses it can assign (16
bits, or 216). Therefore, all devices in this network
would have an address between 128.10.0.1 and
128.10.255.255.

What Problems Need to Be Solved?

Each IP address is a 32-bit number, which means
that there are about 4.3 trillion address combinations.
These addresses must be allocated in a way
that balances the need for administrative and routing
efficiency with the need to retain as many
usable addresses as possible.
Dotted decimal: The most common notation for
describing an IP address is dotted decimal. Dotted
decimal breaks a 32-bit binary number into four
8-bit numbers (represented in decimal form), which
is called an octet. Each octet is separated by a period,
which aids in the organizational scheme to be
discussed. For example, the binary address
00001010100000001011001000101110 can be
represented in dotted decimal as 10.128.178.46.

Why Should I Care About IP Addressing?

Behind every website, Universal Resource Locator
(URL), and computer or other device connected to
the Internet is a number that uniquely identifies
that device. This unique identifier is called an IP
address. These addresses are the key components
of the routing schemes used over the Internet. For
example, if you are downloading a data sheet from
www.cisco.com to your computer, the header of
the packets comprising the document includes both
the host address (in this case, the IP address of
Cisco’s public server) and the destination address
(your PC).

Port Numbers

TCP and UDP can send data from several upperlayer
applications on the same datagram. Port
numbers (also called socket numbers) are used to
keep track of different conversations crossing the
network at any given time. Some of the more wellknown
port numbers are controlled by the Internet
Assigned Numbers Authority (IANA). For example,
Telnet is always defined by port 23.
Applications that do not use well-known port
numbers have numbers randomly assigned from a
specific range.
The use of port numbers is what allows you to
watch streaming video on your computer while
checking e-mails and downloading documents
from a web page all at the same time. All three
may use TCP/IP, but use of a port number allows
the applications to distinguish which are video and
which are e-mail packets.

UDP

UDP is a connectionless, unreliable Layer 4 protocol.
Unreliable in this sense means that the protocol
does not ensure that every packet will reach its
destination. UDP is used for applications that provide
their own error recovery process or when
retransmission does not make sense. UDP is simple
and efficient, trading reliability for speed.
Why not resend? It may not be obvious why you
would not resend dropped packets if you had the
option to do so. However, real-time applications
such as voice and video could be disrupted by
receiving old packets out of order. For example,
suppose a packet containing a portion of speech is
received 2 seconds later than the rest of the conversation.
Playing the sound out into the earpiece
probably will sound like poor audio quality to the
user, because the user is listening further into the
conversation. In these cases, the application usually
can conceal the dropped packets from the end
user so long as they account for a small percentage
of the total.

TCP Windowing

One way to structure a communications protocol is
to have the receiver acknowledge every packet
received from a sender. Although this is the most
reliable method, it can add unnecessary overhead,
especially on fairly reliable connection media.
Windowing is a compromise that reduces overhead
by acknowledging packets only after a specified
number have been received.
The window size from one end station informs the
other side of the connection how much it can accept
at one time. With a window size of 1, each segment
must be acknowledged before another segment is
sent. This is the least efficient use of bandwidth. A
window size of 7 means that an acknowledgment
needs to be sent after the receipt of seven segments;
this allows better utilization of bandwidth. A windowing
example is shown in the figure.

How TCP Connections Are Established

End stations exchange control bits called SYN (for
synchronize) and Initial Sequence Numbers (ISN)
to synchronize during connection establishment.
TCP/IP uses what is known as a three-way handshake
to establish connections.
To synchronize the connection, each side sends its
own initial sequence number and expects to
receive a confirmation in an acknowledgment
(ACK) from the other side. The following figure
shows an example.

TCP/IP Datagrams

TCP/IP information is sent via datagrams. A single
message may be broken into a series of datagrams
that must be reassembled at their destination. Three
layers are associated with the TCP/IP protocol stack:
• Application layer: This layer specifies protocols
for e-mail, file transfer, remote login, and other
applications. Network management is also supported.
• Transport layer: This layer allows multiple
upper-layer applications to use the same data
stream. TCP and UDP protocols provide flow
control and reliability.
• Network layer: Several protocols operate at the
network layer, including IP, ICMP, ARP, and
RARP.
IP provides connectionless, best-effort routing of
datagrams.
TCP/IP hosts use Internet Control Message
Protocol (ICMP) to carry error and control messages
with IP datagrams. For example, a process
called ping allows one station to discover a host
on another network.
Address Resolution Protocol (ARP) allows communication
on a multiaccess medium such as
Ethernet by mapping known IP addresses to MAC
addresses.

What Problems Need to Be Solved?

TCP is a connection-oriented, reliable protocol that
breaks messages into segments and reassembles
them at the destination station (it also resends
packets not received at the destination). TCP also
provides virtual circuits between applications.
A connection-oriented protocol establishes and
maintains a connection during a transmission. The
protocol must establish the connection before sending
data. As soon as the data transfer is complete,
the session is torn down.
User Datagram Protocol (UDP) is an alternative
protocol to TCP that also operates at Layer 4. UDP
is considered an “unreliable,” connectionless protocol.
Although “unreliable” may have a negative
connotation, in cases where real-time information is
being exchanged (such as a voice conversation),
taking the time to set up a connection and resend
dropped packets can do more harm than good.

Why Should I Care About TCP/IP?

TCP/IP is the best-known and most popular protocol
suite used today. Its ease of use and widespread
adoption are some of the best reasons for the
Internet explosion that is taking place.
Encompassed within the TCP/IP protocol is the
capability to offer reliable, connection-based packet
transfer (sometimes called synchronous) as well
as less reliable, connectionless transfers (also called
asynchronous).

Domain Names and Relationship to IP Addresses

Because IP addresses are difficult to remember in their dotted-decimal notation,
a naming convention called domain names was established that’s more
natural for people to use. Domain names such as www.cisco.com are registered
and associated with a particular public IP address. The Domain Name
System (DNS) maps a readable name to an IP address. For example, when you
enter http://www.cisco.com into a browser, the PC uses the DNS protocol to
contact a DNS name server. The name server translates the name
http://www.cisco.com into the actual IP address for that host..

Dynamically Allocated IP Addresses

A network administrator is responsible for assigning which devices receive
which IP addresses in a corporate network. The admin assigns an IP address to
a device in one of two ways: by configuring the device with a specific address
or by letting the device automatically learn its address from the network.
Dynamic Host Configuration Protocol (DHCP) is the protocol used for automatic
IP address assignment. Dynamic addressing saves considerable administrative
effort and conserves IP addressing space. It can be difficult to manually
administer IP addresses for every computer and device on a network. Most
networks use DHCP to automatically assign an available IP address to a device
when it connects to the network. Generally, devices that don’t move around
receive fixed addresses, known as static addressing. For example, servers,
routers, and switches usually receive static IP addresses. The rest use dynamic
addressing. For home networks you do not need a network administrator to
set up your address; instead, a home broadband router allocates IP addresses
via DHCP.

What Is an Address?

For computers to send and receive information to each other, they must have
some form of addressing so that each end device on the network knows what
information to read and what information to ignore. This capability is important
both for the computers that ultimately use the information and for the
devices that deliver information to end stations, such as switches and routers.
Every computer on a network has two addresses:
• MAC address: A manufacturer-allocated ID number (such as a global serial
number) that is permanent and unique to every network device on Earth.
MAC addresses are analogous to a social security number or other national
identification number. You have only one, it stays the same wherever you go,
and no two people (devices) have the same number. MAC address are formatted
using six pairs of hexadecimal numbers, such as 01-23-45-67-89-AB.
Hexadecimal or “hex” is a base 16 numbering scheme that uses the numbers
0 through 9 and the letters A through F to count from 0 to 15. This
might seem odd, but it provides an easy translation from binary (which uses
only 1s and 0s), which is the language of all computers.
• IP address: This address is what matters most to basic networking. Unlike a
MAC address, the IP address of any device is temporary and can be
changed. It is often assigned by the network itself and is analogous to your
street address. It only needs to be unique within a network. Someone else’s
network might use the same IP address, much like another town might have
the same street (for example, 101 Main Street). Every device on an IP network
is given an IP address, which looks like this: 192.168.1.100.
The format of this address is called dotted-decimal notation. The period separators
are pronounced “dot,” as in one ninety two dot one sixty eight dot....”
Because of some rules with binary, the largest number in each section is 255.
In addition to breaking up the number, the dots that appear in IP addresses
allow us to break the address into parts that represent networks and hosts. In
this case, the “network” portion refers to a company, university, government
agency, or your private network. The hosts would be the addresses of all the
computers on the individual network. If you think of the network portion of
the address as a street, the hosts would be all the houses on that street. If you
could see the IP addresses of everyone who is on the same network segment as
you, you would notice that the network portion of the address is the same for
all computers, and the host portion changes from computer to computer. An
example will probably help. Think of an IP address as being like your home
address for the post office: state.city.street.house-number.
Each number in the IP address provides a more and more specific location so
that the Internet can find your computer among millions of other computers.
The Internet is not organized geographically like the postal system, though.
The components of the address (intentionally oversimplified) are majornetwork.
minor-network.local-network.device.

Computers Speaking the Same Language

The Internet protocols comprise the most popular, nonproprietary data-networking
protocol suite in the world. The Internet protocols are communication protocols
used by electronic devices to talk to each other. Initially, computers were the
primary clients of IP protocols, but other types of electronic devices can connect
to IP networks, including printers, cellular phones, and MP3 players.
Today, even common devices such as vending machines, dishwashers, and cars
are being connected to IP networks.
The two best-known Internet protocols are Transmission Control Protocol
(TCP) and Internet Protocol (IP). The Defense Advanced Research Projects
Agency (DARPA) developed the Internet protocols in the mid-1970s. DARPA
funded Stanford University and Bolt, Beranek, and Newman (BBN) to develop
a set of protocols that would allow different types of computers at various
research locations to communicate over a common packet-switched network.
The result of this research produced the Internet protocol suite, which was
later distributed for free with the Berkeley Software Distribution (BSD) UNIX
operating system.
From there, IP became the primary networking protocol, serving as the basis
for the World Wide Web (WWW) and the Internet in general. Internet protocols
are discussed and adopted in the public domain. Technical bulletins called
Requests for Comments (RFC) documents proposed protocols and practices.
These documents are reviewed, edited, published, and analyzed, and then are
accepted by the Internet community (this process takes years).
The Internet protocol suite also comprises application-based protocols, including
definitions for the following:
• Electronic mail (Simple Mail Transfer Protocol [SMTP])
• Terminal emulation (Telnet)
• File transfer (File Transfer Protocol [FTP])
• HTTP
IP is considered a Layer 3 protocol according to the OSI model, and TCP is a
Layer 4 protocol.

Back Haul Providers

A few back haul providers comprise the
high-speed backbone of the Internet.
Only a handful of these providers are
capable of handling the massive
amounts of Internet traffic that continues
to grow. Many parts of the back haul
providers overlap with each other, which
improves both the speed and reliability
of the network. 28

Web Servers

Web Servers
All web pages are stored on computers
called web servers. Thousands of these
servers can be dedicated servers for
companies, hosting servers that house
many personal pages, or even single
computers housing individual pages.

Domain Name Server (DNS)

This server maps domain names to
their IP addresses. One of the reasons
that the Internet has taken off in use and
popularity is because www.cisco.com
is much easier to remember than
25.156.10.4.

Access Providers

The web is really made
of many networks connected
in a hierarchy. Local Internet
service providers (ISPs) typically give
residential and small business access
to the Internet. Regional providers
typically connect several local ISPs to
each other and to back haul providers
that connect with other regional
providers.

Extra Layers?

Discussions among technical purists can often lead
to philosophical or budgetary debates that can
quickly derail otherwise-productive meetings.
These discussions are often referred to as Layer 8
(political) and Layer 9 (financial) debates.
Although these layers are not really part of the
OSI model, they are usually the underlying cause
of heated technology arguments.
Another common joke among networking professionals
is the type of networking problem referred
to as a “Layer 8 issue.” Because the network, computers,
and applications stop at Layer 7, Layer 8
sometimes represents the end user actually using
the system. So if you hear your IT person snicker
to his colleagues that your IT trouble ticket is
closed and it was a “Layer 8 issue,” the IT person
is referring to you.

De-encapsulation

De-encapsulation, the opposite of encapsulation, is
the process of passing information up the stack.
When a layer receives a PDU from the layer below,
it does the following:
1. It reads the control information provided by
the peer source device.
2. The layer strips the control information
(header) from the frame.
3. It processes the data (usually passing it up the
stack).
Each subsequent layer performs this same deencapsulation
process. To continue the preceding
example, when the plane arrives, the box of mail is
removed from the plane. The mailbags are taken
out of the boxes and are sent to the correct post
office. The letters are removed from the mailbags
and are delivered to the correct address. The
intended recipient opens the envelope and reads
the letter.

Encapsulation

The process of passing data down the stack using
PDUs is called data encapsulation. Encapsulation
works as follows: When a layer receives a PDU
from the layer above it, it encapsulates the PDU
with a header and trailer and then passes the PDU
down to the next layer. The control information
that is added to the PDU is read by the peer layer
on the remote device. Think of this as like putting
a letter in an envelope, which has the destination
address on it. The envelope is then put in a mailbag
with a zip code on it. The bag is then placed in
large box with a city name on it. The box is then
put on a plane for transport to the city.