Networking Notebook

SaaS- Software as a Service is an architecture where software applications are hosted and managed by cloud providers and delivered to users over the internet. Instead of installing and maintaining software on individual devices (downloading and consistently updating the app), the user can access the application through a web browser. In a SaaS, the cloud provider manages the underlying infrastructure, security, updates, and maintenance. The user does not interact with anything but the app. Common SaaS are gmail, yahoo, zoom, slack or dropbox.  IaaS- Infrastructure as a Service is a cloud computing model that provides virtualized computing resources over the…

Today I will be discussing cloud computing and the services that are offered in a cloud environment. Cloud computing refers to the delivery of cloud computing resources over the internet such as storage, networking, databases and software. This allows users to deploy computing resources on servers that are owned by the cloud provider. There are multiple types of services offered such as SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service.)  Cloud computing has 5 characteristics that are defined by NIST (National Institute of Standards and Technology):  On-Demand Self-Service- On-Demand Self-Service refers to…

Hi, today I am going to be discussing virtualization specifically on VMs (Virtual Machines), containers and VRF (Virtual Routing and Forwarding.) Virtualization when it comes to networking and IT refers to taking computer resources such as storage, RAM, CPU and virtualizing it. There are a lot of reasons on why to virtualize hardware but one of the primary benefits is that one machine can host multiple guest operating systems. The reason it is able to do so is because since the hardware has been virtualized, the resources can now be logically split, so instead of dedicating 4 CPUs to one…

Today I am going to be discussing WAN (Wide Area Network) architectures. A WAN is a large-scale telecommunications network that spans large geographic distances and interconnects multiple LANs (Local Area Networks) across cities, regions, countries, and continents. A WAN allows hosts in one private LAN to communicate with hosts in a completely different LAN. When corporations or service providers use WAN to communicate there are many different technologies that can be used to transport packets over the shared network. WAN technologies include leased lines, DSL (Digital Subscriber Line) , CATV, MPLS (Multi Protocol Label Switching) and VPNs (Virtual Private Network). …

Today I will be talking about VPNs which stand for Virtual Private Network. A VPN is a type of WAN technology that allows secure communication over an untrusted network such as the internet, allowing individuals or entire networks to communicate over a shared network safely as if they were on a private network. A public network is a network that is open to the public and accessible to anyone, while a private network is more restricted and accessible for selected individuals.  For example, a web server hosting a public website can be accessed by anyone that knows the url, but…

Today I am going to be discussing MPLS which stands for Multi Protocol Label Switching. This is a WAN technology used by service providers such as ISPs to forward traffic across large networks efficiently using “labels,” instead of using the traditional method of doing a routing table lookup. These labels are basically instructions to tell the router where to forward the packet. These labels are confined to the inside of the service providers network only. Since MPLS uses labels, this makes MPLS protocol agnostic. This means that the format being sent to the MPLS network can be in any format…

Today I will be discussing a two-tier topology called “Spine and Leaf.” This is a popular data center topology that uses a “partial mesh” set up to optimize east-west traffic within the network. East-West traffic refers to data communication that occurs between devices, servers, or systems within the same data center, cloud environment, or internal network rather than traffic traveling in and out the network. A web server communicating with a database server or a log server is an example of east-west traffic. On the contrary, North-South traffic refers to data communication that moves between devices inside a private network…

Today I will be discussing the “Three Tier Model” and the “Collapsed Core Model.” The three tier design consists of three tiers while the collapsed core is two layers. The collapsed core is used when the costs do not justify having a complex three tier setup and to minimize unnecessary complexity. The functions (layers) that will be found in both of these are the access, distribution, and core layers, the only difference is how they are implemented. Access Layer- The first layer in the three tier model is the “access layer.” This layer is responsible for providing connectivity for end…

Today I will be discussing topology types including full mesh, partial mesh and star.Every topology type has their own unique strengths and weaknesses when it comes to implementation.  Star- The first topology type I will be discussing is a “star” topology. A star topology is a network design in which each device in the topology has a direct connection (point-to-point link) to a central device. The central device is typically a switch and usually acts as the main communication point that receives traffic from connected devices and forwards it to the appropriate destination device. The central device is vital to…

Today I am going to discuss a layer 2 security feature called port security. Port Security is used on switches to control and restrict access to a switch port based on the MAC address of the connected device. The restrictions can either be by only allowing a specific MAC address on a port, and/or only allowing a certain number of MAC addresses on a port. Port Security can be used to reduce the risk of attacks such as MAC flooding, ARP spoofing , or a rogue device gaining network access. Port Security has 3 types of violation modes which are…

Today I will be discussing DHCP snooping. DHCP snooping is a layer 2 security feature used on switches that prevent rogue DHCP server attacks. It does this by filtering DHCP messages based on trusted/untrusted ports and building a binding table of legitimate IP to MAC to VLAN to switch port mappings.DHCP Starvation- DHCP is an application layer protocol that is used to automatically provision IP addresses, default gateway IPs and DNS server IP addresses to clients on a network. Unfortunately bad actors have found ways to manipulate this process in order to perform attacks such as DHCP starvation, or DHCP…

Today I am going to talk about QOS scheduling. Scheduling is a QOS mechanism that determines the order and timing at which packets are taken from queues and sent out over a physical network link. Different types of scheduling are round robin, CBWFQ (Class Based Weighted Fair Queueing), and LLQ (Low Latency Queue.)  Round Robin- The first type of scheduling mechanism is round robin. Round robin is a scheduling mechanism used in networking to process queues in a circular, sequential order, giving each queue an equal opportunity to be served. Round Robin works by servicing one queue at a time…

Today I am going to continue to talk about QOS (Quality of Service). QOS is used on network devices to classify and mark traffic based on their priority level, allowing for higher priority traffic to receive different treatment than lower priority traffic as it moves through the network. The steps of QOS are: Classification- When a packet is being created, it must first be classified. A traffic class in QOS is a distinct group of packets that share a similar quality. For example video, Voice over IP, best effort, bulk file transfers can all be designated in their own kind…

Today I am going to talk more about QOS and the congestion avoidance and management behaviors that take place. One of the major reasons why performance lacks in networks is because there is either not enough bandwidth or there are too many devices/applications competing for bandwidth. They can be either, but both reasons lead to network congestion. Network congestion occurs when the incoming traffic arrives at a faster rate than the device or network link can transmit it. This means that data is coming in way faster than data exiting the device. The result of this causes network devices to…

Today I am going to talk about QOS (Quality of Service) and the criteria that impacts how well an application or service performs. QOS is a mechanism used to classify, mark, and prioritize certain kinds of traffic to ensure they perform well under congestion. This allows for critical applications and services to maintain performance despite the network undergoing congestion. When thinking of QOS, there are certain criteria that must be monitored in order to dictate whether an application will function well or not. These criteria are total bandwidth, delay or latency, jitter and packet loss. If any of these suffer,…

Today I am going to be discussing POE (Power Over Ethernet). POE is a technology that allows for electrical power and data to be transmitted over the same ethernet cable. This allows for network devices such as IP phones, IP cameras and WAP to operate without having to worry about having a separate power supply.  PSE/PD- When it comes to POE, there are two categories of devices which are either PD (Powered Device) or PSE (Power Sourcing Equipment.) A PD is a network device that receives electrical power from a PSE, allowing it to operate without having a separate power…

NAT is a mechanism performed by a router that translates private IP addresses in the RFC 1918 range to one or more globally unique public IP addresses that can be routed over the Internet. In NAT there are specific names of these addresses. In NAT there is an inside local, inside global, outside local, and an outside global. 1) Inside/Outside = The location of the device relative to the NAT router  2) Local/Global = Refers to the side of the NAT router at which the IP address is being viewed from. Inside Local- An inside local is the IP address…

Today I am going to talk about NAT (Network Address Translation.) IP addresses are assigned to device interfaces and serve as an identifier for a specific device when communicating with other devices whether internally and externally. An IP address, specifically the destination IP address enables the router to send packets toward the next hop. Since IP addresses are used to identify a specific device or host, IPv4 addresses must be unique because two devices sharing the same IP address would cause an IP conflict leading to communication errors or packet loss.  IPv4- IPv4 addresses are 32 bit addresses divided into…

Today I am going to talk about FTP (File Transfer Protocol) and TFTP (Trivial File Transfer Protocol.) FTP is a TCP protocol on port 20 and 21, while TFTP operates on UDP port 69. TFTP and FTP are both used to transfer files over an IP network. They both use a client-server model where a client has the choice to copy files from a server or copy files to a server. FTP is known for having more features than TFTP, as TFTP is a more lightweight protocol compared to FTP. TFTP- TFTP is a UDP protocol used to transfer files…

Today I am going to talk about NTP (Network Time Protocol). NTP is a UDP protocol (port 123) that is used to synchronize the clocks of network devices on a network. NTP usually has a source that serves as the ultimate time source where all the devices receive their time from. The reason why NTP is an important protocol is because it is useful for logging accuracy in terms of timestamps or security in terms of logs used for security auditing or verifying digital certificates as many of certificates have an expiration date. If the time is not correct on…

SSH stands for Secure Shell and is mostly used on UDP port 22. SSH is a protocol that is used to remotely access network devices such as routers, switches, APs and many more devices. These SSH sessions are mostly for management and provide a convenient way to manage and verify configuration states without having to physically be next to a network device. Before SSH, there was telnet which used TCP port 23 but telnet is not secure as it provides no type of encryption. SSH is superior being that it allows you to do the same thing Telnet does but…

Hi, today I am going to dive into the syslog monitoring locations. Syslog is one of the major logging protocols that allow network devices such as routers, switches, APs, or firewalls to generate, store, and send event notifications to a centralized logging or external server. Syslog is versatile in where these messages can be displayed and a popular place aside from a dedicated server collecting syslogs are in the CLI.  Console Line- The first monitoring location I am going to talk about is the console line. If you have been doing any sort of labbing for the CCNA, you probably…

Today I am going to talk about syslog. Syslog is a UDP (port 514) protocol that is the standard for logging where it allows network devices to generate, store and send event based notifications to a centralized server. If you have been doing any type of labs, you have definitely seen a syslog message as they appear automatically in the CLI of cisco messages. Syslogs come in a specific format and are useful for monitoring device and network health like when a router fails, or an interface fails. It is good for troubleshooting system or network issues like if an…

In recent blogs, I’ve written about SNMP and how it works. SNMP is a great protocol for monitoring network devices on an IP network. There are currently 3 versions of SNMP and all of them have different ways of implementing security. The latest version of SNMP which is version 3 is the most secure, with version 2 being a little more secure but can be easily cracked.  SNMPv2c- SNMP started to bring about security through authentication and permission with community strings which are widely used in SNMPv2c. Community strings are plain-text passwords that must be included inside the SNMP message…

SNMP is a network management protocol used to manage and monitor network devices on an IP network. It is an application layer protocol that is run in an agent-manager model. SNMP communication is initiated by both the manager and the agent, depending on the type of operation. Today I am going to discuss the various types of messages that can be done on both ends.  GET- I am going to start off with manager initiated commands that are used to retrieve information. When a manager sends commands to retrieve various information from an SNMP, it is called “polling.” Polling in…

Today I am going to talk about SNMP which stands for Simple Network Management Protocol. This is an application-layer protocol that is used to monitor, configure, and manage network devices on an IP network. This protocol is an agent-manager model, where both the agent and the manager communicate to each other exchanging information that is able to be collected on a network device. The devices that are usually  monitored via SNMP are routers, switches, servers, printers, APs, firewalls and more. This is a very structured protocol in how it works so in the next few paragraphs I will be breaking…

DHCP is a protocol used to automatically assign IP addresses to devices on a network. There are two DHCP features that I want to talk about today which are “release” and “renew.”  Release- When a client sends a DHCP release, the host is prematurely relinquishing its IP address lease. When IP address leases are assigned there is a lease duration and when that duration time is met then the IP address is released back into the IP address pool. A release request forfeits the IP address lease before the lease duration times out, allowing the IP address to immediately return…

DHCP is a network management protocol that is used to automatically assign IP addresses to devices on a local network. This is done through broadcasting DHCP messages so the DHCP server can respond. But what if the DHCP server is located on another subnet? This is where a DHCP relay agent takes over. Relay Agent– A DHCP relay agent is a router or a layer 3 device that is responsible for listening to DHCP broadcast messages from clients and forwarding them to the DHCP server on a different subnet. This allows an organization to centrally manage the IP address and…

DORA- Today I am going to talk about DHCP which stands for Dynamic Host Configuration Protocol. DHCP is a network management protocol that is used to dynamically assign IP addresses and other network configuration parameters to devices automatically. DHCP reduces manually having to assign device after device. DHCP is stateful, meaning that every IP address assigned is tracked and stored inside the DHCP server. The process of obtaining an IP address lease from a DHCP server is called “DORA.” DORA stands for “Discover, Offer, Request and Acknowledgement.” Discover- The first step of the DHCP process starts with a DHCP message…

Today I am going to talk about DNS which stands for Domain Name System. DNS is a system that allows for users to access web servers or websites via human-readable domain names instead of an IP number. An IP address consists of 32 bits, and is formatted in dotted decimal format to make it more readable. Even though it is more readable to humans, it is harder to remember multiple IP addresses to multiple websites simultaneously. It’s kind of like phone numbers and having contacts. When a contact is added on a phone, instead of typing someone’s number, I can…

Today I am going to talk about ACL which means Access Control Lists. ACLs are used to filter traffic based on a certain kind of criteria which are usually found in IP headers. ACLs can be used on their own but can also be used with protocols such as NAT and NTP. NAT uses ACLs that can filter whose addresses get translated, and NTP servers  use ACLs that can filter who is able to synchronize timing with it. There are two types of ACLs which are standard and extended. Traffic can be filtered by either an entire network, subnet, or…

Today I am going to talk about DAD which is Duplicate Address Detection. DAD is widely used in IPv6 networks to prevent multiple devices from having a duplicate address on the local link.  When a device is assigned an IPv6 address, the device uses DAD to ensure that the IPv6 address is not already in use before the device begins using it. When an IPv6 address is first assigned that specific IPv6 address is placed in a “tentative” state. This means that the address cannot be used to send any packets using that address. When the tentative address is assigned…

With the introduction of IPv6 came different ways for the same things to get done. For example address resolution can now be done with NDP which stands for Neighbor Discovery Protocol. NDP not only can perform address resolution but also perform DAD (Duplicate Address Detection) and router discovery. These functions are carried out by ICMPv6 packets which are NS (Neighbor Solicitation), NA (Neighbor Advertisement), RS (Router Solicitation), and RA (Router Advertisement).  Neighbor Solicitation- The first message I am going to talk about is NS (Neighbor Solicitation.) These messages can be sent to initiate address resolution or DAD. The source of…

When it comes to IPv6 as you probably know multicast is used a lot! It essentially replaces functions that operate on broadcasts and replaces it with multicast instead. One of the ways that multicast is more efficient than broadcast is its ability to target a specific amount of people rather than every single person on the local network. One type of multicast that is extremely targeted is a solicited-node multicast address.  This address is made out of a regular unicast or anycast IPv6 address and is used in operations in NDP. It is mostly used as the destination address in…

Today I am going to talk about the IPv6 header and the purpose of each field inside of the header. The IPv6 header unlike the IPv4 header is fixed meaning it will always remain 40 bytes. It consists of similar fields as IPv4 but with different names. (PIC)  Version- The IPv6 header starts off with a field called “Version,” which is 4 bits long. This field is solely to let the receiving device know what IP version is being used. It is similar to the version field in IPv4, but this field will always be set to 6 to indicate…

Today I am going to talk about the presentation layer. The presentation layer is the 6th layer of the OSI model and plays a crucial role in computer communication. It is capable of performing multiple functions such as translating between data formats, encryption and decryption, and compression.  How Computers Talk- Depending on the protocol encryption and compression are optional and are chosen when required such as applications such as SSH or HTTPS where encryption is needed. But what happens at the presentation layer when there is no need for encryption or compression? The answer is translation! Computers can communicate with…

Today I am going to talk about EUI-64 (Extended Unique Identifier 64-bit). IPv6 is a little different from IPv4 because not only does it have DHCPv6, it also has a feature called SLAAC (Stateless Address Autoconfiguration) which can use EUI-64. SLAAC is used to automatically generate an IPv6 address, and EUI-64 is used to automatically generate the interface ID portion with only the device’s MAC address. It does this in 3 simple steps: Once these steps are done, the interface ID has been made and the device interface now has an automatically assigned IPv6 address.  An example would be this…

Today I am going to talk about multicast scopes. Multicast is a message type that is used to transmit a single stream of data to a group of interested recipients who have displayed interest in receiving that data by joining a “multicast group.” The original data stream is only transmitted once, and network devices such as routers retransmit those packets to the destination. Multicast is widely used for IPTV, video conferencing usually for corporations, financial market data, and used by a lot of routing protocols (OSPF, RIPv2, EIGRP.) Multicast can be transmitted within different types of scopes, scope meaning how…

Today I am going to talk about the different types of IPv6 addresses used. Although IPv6 is just supposed to be another IP protocol with sufficient addresses, the design of IPv6 is very different when it comes to addresses. The types of addresses I will get into today are ULA (Unique Local Addresses), GUA (Global Unicast Address), and LLA (Link Local Address.)  Each one of these addresses are used for different reasons and purposes and is vital to understanding IPv6.  ULA- ULA is a private only address, meaning that this address can only be used in a private network. Functioning…

When it comes to networking and communication, there are many different ways network devices can talk to each other. Different processes utilize different communication types depending on the context. The most common message types are unicast, broadcast, multicast, and anycast. IPv4 utilizes unicast, broadcast, and multicast. IPv6 supports unicast, multicast, and anycast. IPv6 does not support broadcasting of any kind, as it uses multicast groups for functions that require broadcast in IPv4. Unicast- Unicast messages are a simple one to one communication. Unicast messages are mostly sent when the destination address is known, whether it’s an IP or MAC address.…

Today I am going to talk about IPv6 which is another Internet Protocol that was created to address the exhaustion of IPv4 addresses. IPv6 was created in hopes of going from IPv4 to the internet being completely IPv6, but never fully took over because of mechanisms such as NAT and RFC 1918 private addressing that can overlap with multiple LANs. Even though IPv6 is another internet protocol, just a different version there are a lot of differences in how it works. First off it uses hexadecimals instead of decimals. Decimals range from 0 – 9, while hexadecimal ranges from 0…

Every IP-capable network device has an interface called a loopback interface. A loopback interface can be found in PCs, switches, and routers. A loopback interface is an address that when pinged or routed to is processed internally by the device and not tied to any physical interface. It is a virtual interface when configured with an IP address that is always in an up/up (administratively up/operationally up) state. It can be used for management purposes, for testing purposes, and assigned as the RID for dynamic routing protocols. For testing the loopback address is used to test local processes and applications…

In these past few blog posts, I’ve discussed TCP and everything it entails, but even though it is the most used protocol by applications, others transport data via UDP (User Datagram Protocol.) UDP is used for applications such as SNMP, DHCP, TFTP, and Syslog. Unlike TCP, UDP is connectionless meaning it doesn’t need to form a connection before sending data to a destination. It also provides no sequencing, retransmissions, or any type of acknowledgements. Although this sounds like a bad idea it really isn’t for certain applications that are real-time or time-sensitive. If you’re playing Call of Duty and start…

TCP is known for its reliability compared to UDP, and one of the ways that it does this is by sequence numbers and acknowledgements. Retransmissions are also a big factor in its reliability as well. There is a timer called “retransmission timeout timer” and when the segment is sent the retransmission timer starts for it. The segment will be temporarily stored in a retransmission queue, and it will sit in that queue until an ACK is sent. If an ACK is received, then the segment will be deleted from the retransmission queue and if no ACK is received within the…

TCP is one of the main transport layer protocols that is used for many applications such as HTTPS, FTP, SMTP, and SSH. It is a very reliable protocol providing sequencing and acknowledgements unlike its counterpart UDP. Another important feature of TCP is flow control. Flow control is a mechanism used by TCP to avoid the sending host from overwhelming the receiving host by sending data at too fast  a rate that it can handle. This is common for setups where the receiving host application is processing data slower than the sending server or host. In order to avoid dropped packets…

Today I am going to talk about TCP (Transmission Control Protocol), and all of its features that it provides layer 4. TCP is a transport layer protocol that is widely used for the bulk of the applications used today such as FTP, SMTP, POP3, Telnet, SSH, HTTP, and HTTPS. Connection-Orientated- TCP is a transport layer protocol known for its reliability due to it being a “connection-orientated” protocol. By “connection-orientated” I mean that a connection has been fully established before data begins transferring. Before data can begin transferring a client and a server go through a process called a “3 way…

Today I am going to discuss multiplexing and demultiplexing. These are crucial mechanisms operating at layer 4 that allows computer users to use multiple applications at the same time. A typical user working in a corporate environment is most likely using email, the web browser, VoIP (Voice over IP), SSH, FTP, DNS and so much more. I mean I’ll admit it, I am never browsing the web with only one tab open lol. So how does the receiving host know where to forward the data? Through multiplexing and demultiplexing!  Sockets- Multiplexing allows a host to run multiple concurrent applications at…

Today I am going to talk about GLBP (Gateway Load Balancing Protocol), which is another FHRP but this time with major differences on how it functions. GLBP is another Cisco proprietary protocol that provides gateway redundancy but also provides load balancing on top of it. Instead of having the typical FHRP master/active router with a backup/standby ready to take over, it has multiple routers forwarding traffic at the same time.  AVG- GLBP allows multiple routers to forward traffic at the same time by dividing routers into two roles which are AVG (Active Virtual Gateway) and AVF (Active Virtual Forwarders). The…

HSRP- Another FHRP protocol is HSRP which is a Cisco proprietary protocol. This protocol functions in the same way as VRRP does for the most part with a few differences, so let’s dive into it. The main router that is responsible for forwarding traffic for the HSRP group is called the “active” router. The active router is chosen from the HSRP by having the highest priority, and if there is a tie then the highest IP address wins the active router spot. The router with the next highest priority (next highest IP if there is a tie-breaker) becomes the standby…

Hi today I am going to talk about FHRP (First Hop Redundancy Protocol), and the protocols within it such as VRRP (Virtual Router Redundancy Protocol), HSRP (Hot Standby Redundancy Protocol), and GLBP (Gateway Load Balancing Protocol). FHRP is a default gateway redundancy protocol that provides a backup for the main default gateway. In setups like HSRP and VRRP, there is one active/master router responsible for forwarding packets like a normal topology but FHRP logically has a router on standby/backup waiting to take over the default gateways role if it were to fail for any reason. FHRP does this by creating…

Today I am going to talk about serial interfaces. Serial interfaces are a point-to-point connection that is mostly used for WAN links or connections. By WAN connections, I mean T1/E1 circuits, DSL (digital subscriber lines), or leased lines. This WAN connection is most commonly from an ISP to a customer. Serial interfaces function very differently from regular parallel interfaces being how bits are transmitted. Parallel interfaces transmit multiple bits simultaneously while serial interfaces transmit data one bit at a time in sequential order.  DCE/DTE- An important factor of serial interfaces are DCE (Data Communications Equipment) and DTE (Data Terminal Equipment).…

Today I am going to talk about LSA types. As you probably already know, OSPF routers in the same area have a database (LSDB) full of LSAs. This LSDB serves as the network topology map from which routes are created. LSAs can also extend to inter-areas and certain LSAs are meant for the entire OSPF AS/domain. Different types of LSAs serve different purposes. Type 1- The first LSA I am going to talk about are LSA Type 1 which are also known as Router LSAs. These LSAs are generated by every router in the intra-area, and are used to describe…

OSPF is a very versatile dynamic routing protocol, not only does it provide redundancy, fast convergence, scalability, automatic failover but it works with all types of network types as well. Today I am going to talk about broadcast and point-to-point OSPF networks and how they function.Broadcast- Broadcast OSPF network is one of the most common types of topology. An OSPF network is considered an OSPF broadcast network if every router is connected to the same segment either by a switch or an ethernet hub. When routers are connected to the same segment, if one router were to send a broadcast…

In order for OSPF to keep its topology current and up to date with any changes or failures, it has some important timers. Three timers I am going to talk about today are the hello interval timer, dead interval timer, and the retransmission timer.  Hello Timer- The hello timer is a timer that dictates how frequently OSPF routers will send hello packets. Hello packets serve many different OSPF processes but the periodic hello packets sent when the topology is fully converged is to maintain neighbor adjacencies. For broadcast and point-to-point networks the hello interval timer is usually 10 seconds by…

Today I am going to dive into OSPF router adjacency roles. In broadcast/non-broadcast multi-access network topologies, OSPF elects routers to maintain a certain role within the topology to provide redundancy, and make communication/updates more efficient. The roles that make OSPF broadcast network types run smoothly are the DR (Designated Router), BDR (Backup Designated Router), and DRother. All three of these play a crucial role when the OSPF network is fully converged.  DR- The DR is the primary router of the network topology. There is only one DR router per segment, and the DR is chosen by selecting the router with…

Today I am going to talk about OSPF neighbor states and what goes on under the hood when a new OSPF topology first comes online. Before a link reaches a full state and the network is fully converged with a complete identical topology map. For broadcast and non-broadcast multi-access topologies, link neighbors must go through 7 neighbor states before they can become fully adjacent neighbors. By fully adjacent I mean that the topology has selected the DR, BDR, DRother(if there are any), and the shortest path algorithm is being calculated with this topology. The neighbor states start from down, to…

Today I am going to talk about the types of messages that can be sent when OSPF is enabled. Every message type is unique in its own way and allows OSPF to function as smoothly as it does. These message types each serve their purpose in their own way from discovering neighbors to providing reliability. There are 5 types of messages which are hello packets, DBD packets, LSU packets, LSR packets, and LSAck packets. I’ve put a chart below matching them to their message type number identifier. Hello- The first message I am going to talk about is a type…

Hi, today I am going to talk about OSPF routers and the role of each router. Since OSPF is a vast protocol with a lot going on, different routers carry different duties to make sure that the OSPF AS functions the way that it is supposed to. Without these routers and their role OSPF would not be as efficient and scalable as it currently is.  Internal Router- The first router I am going to talk about is the Internal Router. The name pretty much speaks for itself, but it’s a router where all of its interfaces reside within one OSPF…

Today I am going to begin to talk about OSPF and OSPF areas. OSPF is short for Open Shortest Path First, and is an IGP link-state protocol. OSPF operates with routers all having the same identical topology map and from that identical map, every router calculates the shortest path possible using Dijkstra’s algorithm. The shortest path is calculated by the metric cost  (cost = reference bandwidth / interface bandwidth). Once the topology is fully up, routers flood updates (LSAs) whenever something in the topology changes like a link going down or a router being added to the topology. Area- Today…

Today I am going to talk about floating static routes. Floating static routes are backup routes that are strategically configured on a router that serves as a redundancy mechanism in case a primary dynamic route fails. These static routes are invisible to the eye, meaning when they are configured if you look at the routing table you will not see any static route as if it had not been configured. But even though it is invisible to the human eye, that route is basically in limbo or “floating” until the primary route to the destination has failed. A floating static…

Today I am going to be talking about EIGRP which stands for Enhanced Interior Gateway Protocol. EIGRP is an dynamic IGP that is an advanced distance-vector protocol. EIGRP is viewed as a “hybrid” protocol because it has features of both distance-vector and link-state protocols. EIGRP has an AD of 90 and uses a composite metric formula that mostly considers bandwidth and delay, with optional considerations like load and reliability.  Feasible/Reported Distance- EIGRP consists of a main route which is a successor route and a backup route which is a feasible successor route. In order to understand how the successor and…

Today I am going to talk about RIP which is Routing Information Protocol. This is a dynamic protocol and is mostly obsolete because there are other protocols that converge much more quickly like OSPF and EIGRP. RIP has a 30 second update timer and a 180 second invalid timer making convergence very slow compared to its counterpart dynamic routing protocols. RIP is an interior gateway protocol meaning these are configured for routing within an AS (Autonomous System). This specific IGP is a distance-vector protocol as well. A distance-vector protocol is a protocol that calculates routes based on distance metrics which…

Today we are going to talk about AD and metrics. If you’ve ever seen a routing table you’ve probably seen something like this [110/65]. Here’s a picture of it below: AD- The number to the left is AD which stands for administrative distance and the number to the right stands for metrics. Ever wondered when there are multiple routing protocols enabled and they have a route to the same destination network, which would the routing table install into the table? The answer is the lowest AD. When a routing table has conflicted routes from multiple protocols to the destination it…

Static Routing- When it comes to routing, there are two options that can be done which are dynamic or static routing. Each has their own pros and cons, let’s break it down. Static routes are routes that are manually installed in the routing table by an IT member. These routes are “dumb” routes meaning that they only know the destination network, next hop address or outgoing interface. After that, there is nothing else to it. As you can see, if something were to happen, like a link to the path to the destination goes down the route will remain in…

Today we are going to talk about etherchannel. As you know redundancy is huge when it comes to networking, and building a network that can stay online through many failures. Eliminating a single point of failure is one of the best ways to provide redundancy and etherchannel does just that. Etherchannel is a technology in switches that allows you to group and combine multiple physical cables into one logical link. You can turn 3,4,5,6 redundant cables to act as one logically, the switch will interpret it as one and even STP will interpret it as one cable. The max amount…

So now that we’ve talked all about STP all in my last couple posts, we are still not done lol. STP has been upgraded to RSTP which stands for Rapid Spanning Tree Protocol. This basically functions the same as STP meaning it prevents layer 2 loops while providing redundant back paths, but the difference in RSTP is the speed of convergence. Instead of the long 15 second listening and 15s learning state for a port to reach forwarding that 30 to 50 seconds have been cut into just a couple seconds. This counts for when RSTP first gets enabled, and…

STP not only provides redundancy and prevents layer 2 loops but it comes jam packed with a ton of additional options that can make a network more secure and functional. Today we are going to dive into all the features that can be enabled on STP.  Portfast- The first feature that I will be talking about is Portfast. Portfast is an STP feature that allows a port to immediately skip both transitional states listening and learning, and go straight into forwarding as soon as the link comes online. When a PC is connected to a switch, it usually has to…

In recent blogs I’ve talked about port roles which are designated and root ports. But today we are going to talk about port states which are blocking, listening, learning, and forwarding. Every port, no matter which role they are, is either blocking or forwarding. During a topology change, ports can be seen listening or learning. In order for me to talk about them, I need to make it clear what a transitional state is versus a stable state. A stable state is the state of the STP topology where the network has fully converged. This is the state where the…

Today we are going to talk about STP timers. STP consists of three timers that include a hello timer, max age timer, and a forward delay timer. These timer values are determined and set by the root bridge and the non-root bridges adapt to those timers.  Hello Timer – A hello timer is the interval at which BPDUs are being sent out. BPDUs start as soon as a device is configured with STP so a root bridge and port roles can be elected. After the full topology has been decided, BPDUs must continue to be sent in order to detect any…

Today, we are going to talk about the root bridge and port roles in STP. STP is a protocol that provides a loop free topology so that networks can have redundant links without it causing a broadcast storm. In order for STP to provide redundancy while preventing layer 2 loops, switches and ports need to be assigned a role on what to do based on STP metrics.  The first thing that needs to be done for STP to be fully functional is that a switch needs to take on the role of becoming the root bridge. The root bridge is…

Hi, today I am going to talk about STP (Spanning Tree Protocol). STP is a layer 2 redundancy mechanism widely used to control layer 2 loops and broadcast storms logically. STP is an amazing protocol because not only does it prevent broadcast storms, but it provides redundancy so if something in the topology fails an alternate path is calculated. What is redundancy? Redundancy is the act of multiplying the same devices, or cables in order to prevent single points of failures. So instead of having one router, redundancy is having 2 routers one for the main operation and one for…

There are certain types of traffic that require no VLAN tags at all when traversing a trunk link, and the switch will still know who the ethernet frame belongs to. An ethernet frame that travels trunk links without any VLAN tag belongs to the Native VLAN. By default the native VLAN is 1 but the native VLAN can be configured as any existing VLAN, such as VLAN 100, VLAN 200, or VLAN 300. For example if the native VLAN for a topology with 3 switches is VLAN 100. When an ethernet frame arrives at one of those switches via a…

Hi, today I am going to be talking about DTP (Dynamic Trunking Protocol) and VTP (VLAN Trunking Protocol). These are features that are not really used in modern networks because of security reasons but they are a part of the CCNA exam which I am currently studying for so why not. DTP is a protocol that is used to negotiate trunking between two switches. This protocol when enabled on both switches decides whether the interfaces that are linking them together should operate as an access port or trunk port. A switch port  can be configured in different modes such as dynamic…

During the past few articles I have talked about VLANs, VLAN tagging and all the good layer 2 things. But I didn’t discuss how hosts on different VLANs communicate, so let’s dive into it. The process of a host in one VLAN communicating with a host on another VLAN is interVLAN routing. This is the process of giving a certain VLAN a default gateway and that default gateway then routes it to the destination host. Reminds you of anything? This process is basically the same for a host in a LAN to communicate with a host in a different LAN.…

Hi, today I am going to dive into VLAN tagging and how it works. First let’s break down what access and trunk ports are. Access ports are ports that are connected to end devices such as PCs or laptops. When a switch port  is configured as an access port, it carries traffic for one VLAN (usually the VLAN of the device connected) and carries that traffic untagged. So if a port is configured with “switch port  mode access VLAN 10,” it will carry untagged traffic only for VLAN 10. A trunk port on the other hand is a port that…

Hi, today I am going to talk about VLANs (Virtual Local Area Network). In order to understand what VLANs are we need to know what a broadcast domain, and a LAN (Local Area Network) is. A broadcast domain is a set of devices that will receive a broadcast frame when any device in that set sends one. One example of a broadcast domain is 8 devices that are connected to an ethernet hub. When one device on that hub transmits data to another host on that ethernet hub, every other host receives it even if the data was directed at…

Hi, today I am going to dive into the classful addressing and classless addressing and their differences. Before classless IP addressing, there was rigid classful addressing. By classful, I mean that there is a block of fixed addresses per network, and the leading decimal had to be within a certain range as well. Let’s start with the leading range, but first it’s important to know that there are 5 classes. Classes A, B, C, D, and E. Each of these define the leading decimal, the number of networks(subnets) and the numbers of addresses per network(subnet). Class A ranges from 0…

Hi, today I am going to talk about the life of a packet which means the process that happens when an IP packet needs to arrive at a destination that must pass through intermediate routers. This is one of the most important topics to truly understand networking.  When a PC on one subnet wants to communicate with a server or another PC in a different subnet, an IP packet has the potential to cross paths with multiple routers. Each router must perform decapsulation, routing table lookups, ARP if needed and forward packets to the next hop. This happens continually until…

Today we are going to talk about default gateway and default routes. These two are vital when it comes to internetworking and external communication. A default gateway is a router that serves as the “exit door” into subnets that hosts are not currently in. Lets break it down, picture a topology with 10 PCs connected to a switch in the same subnet. PC1 can talk to PC2 and PC2 can talk to PC3. Now what if PC1 wants to browse the internet and communicate with a web server 1000 miles away. How would it get there? There’s no way a…

Today we are going to talk about connected and local routes. Routes are instructions/rules on a routing table that tells the router where to forward data. A router relies on routes on the routing table to know how to forward a packet. A routing table is populated with routes that tell the router the destination networks, subnet masks of those networks, next hop address toward that network, or an outgoing interface that directs packet toward that network. Without routes, routers would be clueless on where to direct IP packets. Think of it like a GPS, it gives you instructions street…

Today we are going to dive into the IPv4 header that is added when data is being encapsulated. The IPv4 header is vital for network communication, and gives instructions on how to deal with data. Although the IPv4 header can look daunting at first, after you are familiar with the concepts it makes sense as to why each field is there like a puzzle. VersionThe first field in the IPv4 header is a 4 bit field called “Version.” This field lets the receiving host know which version of IP is being used. An IP can be IPv4 or IPv6, and…

Today we are going to talk about subnet masks, network addresses and broadcast addresses. A subnet mask is very important when it comes to the world of networking and logical addressing. Without a subnet mask, IP addressing would be chaotic and unorganized. A subnet mask is a DDN that divides the network portion from the host portion. IP addresses are usually represented by classes such as class A, B or C. (Classful addressing has been taken over the Classes inter-domain routing but for the sake of understanding subnet mask I am giving you this example). In each class there are…

Today we are going to talk about IPv4 which stands for internet protocol version 4. An IP is a logical address that is used in layer 3 to identify host addresses, default gateways, loopback interfaces, and router interfaces. An IP address is much like a home address, where it represents where to send something to for a specific person (for address) or host (for host). A host can be anything where traffic can be sent such as a PC, IoT devices, smartphones, servers or printers.  Before you can understand what IPv4 is, it is crucial that you understand what binary…