Other network/transport protocols, such as NetBIOS Extended User Interface NetBEUI, do not have a sophisti-cated addressing scheme nor the programming intelligence of high OSI model laye
Trang 1TCP/IP protocols on the Internet and the IPX addresses used by the IPX/SPX protocols on NetWare networks are examples of logical addresses These
protocol stacks are referred to as routable because they include
address-ing schemes that identify both the network or subnet and the particular client on that network or subnet Other network/transport protocols, such
as NetBIOS Extended User Interface (NetBEUI), do not have a sophisti-cated addressing scheme (nor the programming intelligence of high OSI model layers such as network and transport layers), thus crippling it and not allowing it to be routed across different networks To make sure you understand what is meant by this, view Figure 6.7 Here, you see a network subdivided by different IP subnets (this will be covered in greater depth in Chapter 7)
You can see that each local area network (LAN) is connected to each other via a WAN, using Frame Relay (both of which will be covered in depth
in Chapter 7) The most critical fact here is that all of this logical address-ing and routaddress-ing are done at the network layer of the OSI model Each sub-net must be unique, and each LAN will need to know how to get to the other LANs That’s where the WAN and the routers come in, acting as the default gateway for your network Also, you need to understand that logical addressing (such as the 10.1.1.1 255.255.255.0 address being assigned to the router on the LAN as the default gateway) is important; it defines how and where the packets are sent and so on So, now that you have assigned the IP address, how does the MAC address tie in? Well, a TCP/IP protocol
called Address Resolution Protocol (ARP) will help map an IP address to a
physical machine address
The network layer is also responsible for creating a virtual circuit (a logical connection, not a physical connection) between points or nodes
A node is a device that has a MAC address, which typically includes
Note
To understand the difference between physical and logical addresses, consider this analogy: if you buy a house, it has a physical address that identifies exactly where it is located on the earth, at a specific latitude and longitude This never changes (unless you have a mobile home that can be moved from one plot of land to another) This is like the MAC address on a NIC Your house also has a logical address assigned to it by the post office, consisting of a street number and street name The city can (and occasionally does) change the names of streets or renumber the houses located on them This is like the IP address assigned to a network interface.
Trang 2computers, printers, and routers This layer is also responsible for routing,
Layer 3 switching (which is nothing more than a Layer 2 switch with a
Layer 3 router built into it) and the forwarding of packets
Routing refers to forwarding packets from one network or subnet to
another Without routing, computers can communicate only with other
computers that are on the same network via ARP broadcasts Routing makes
it possible for computers to send data through many networks to other
computers that are on the other side of the world Routing is the key to the
FIGurE 6.7 TCP/IP Networks Subdivided and Connected via Routers.
Trang 3global Internet and is one of the most important duties of the network layer Easy to remember, routing is simple to understand If you start with a LAN that has the 10.1.1.0 255.255.255.0 network and you wanted to get to the 10.1.2.0 255.255.255.0 network (which has a different network number in the third octet), you would need a router with a routing table (so it knows where to send the packet) to get it there
Finally, the network layer provides additional levels of flow control and error control As mentioned earlier, from this point on, the primary methods
of implementing the OSI model architecture involve software rather than hardware
Devices that operate at this layer include, most prominently, routers and Layer 3 switches
layer 4: Transport
Layer 4 is the transport layer As the name implies, it is responsible for
transporting the data from one node to another It provides transparent data transfer between nodes and manages the end-to-end flow control, error detection, and error recovery
The transport layer protocols initiate contact between host computers and set up a virtual circuit The transport protocols on each host computer verify that the application sending the data is authorized to access the network and that both ends are ready to initiate the data transfer When this synchronization is complete, the data can be sent As the data is being transmitted, the transport protocol on each host monitors the data flow and watches for transport errors If transport errors are detected, the transport protocol can provide error recovery
The functions performed by the transport layer are very important to network communication Just as the data link layer provides lower-level reliability and connection-oriented or connectionless communications, the transport layer does the same thing at a higher level In fact, the two protocols most commonly associated with the transport layer are defined by their connection state: TCP, which is connection-oriented, whereas UDP, which is connectionless
What else does the transport layer do? It handles another aspect of logical addressing: ports If you think of a computer’s IP address as analogous to the street address of a building, you can think of a port as a suite number
or apartment number within that building It further defines exactly where the data should go
A computer might have several network applications running at the same time: a Web browser sending a request to a Web server for a Web page,
Trang 4an e-mail client sending and receiving mail, and a file transfer program
uploading or downloading information to and from an FTP server There
must be some mechanism to determine which incoming data packets
belong to which application, and that’s the function of port numbers The
FTP protocol used by that program is assigned a particular port, whereas
the Web browser and e-mail clients use different protocols (HTTP and Post
Office Protocol [POP3] or Internet Message Access Protocol [IMAP]) that
have their own assigned ports Thus the information that is intended for
the Web browser doesn’t go to the e-mail program by mistake Port numbers
are used by the transport layer protocols (TCP and UDP)
Finally, the transport layer deals with name resolution Because human
beings prefer to identify computers by names instead of IP addresses (after
all, it’s easier to remember “www.microsoft.com” for Microsoft’s Web
server than “207.46.249.222,” for example), but computers know only
how to interpret numbers (and binary numbers, at that), there must be a
way for names to be matched with numerical addresses so that people and
computers don’t drive one another crazy Name resolution methods such
as the domain name system (DNS) solve this problem, and they generally
operate at the upper layers of the OSI model
hEAd oF ThE ClASS…
different Switches for different layers
Troubleshooting network problems requires that you
understand which protocols and devices operate at
which layers of the networking model It’s important
to understand that all switches are not created equal
There are actually several different types of devices
that are called switches and they operate at different
layers of the OSI model.
Layer 2 switches are sometimes called standard
switches They operate at the data link layer and
func-tion like sophisticated hubs When a computer sends
data to a hub, the hub sends it back out on all ports, to
all the connected computers A switch sends the data
only out the port to which the destination computer
(based on the addressing information in the headers)
is attached This decreases the amount of unnecessary
traffic on the network and also increases security.
Layer 3 switches operate at the network layer and are really a specialized type of router They’re
sometimes called switched routers Layer 3 switches
use the information in the packet headers to apply policies, in addition to performing normal routing functions.
Layer 4 switches operate at the transport layer (in addition to the lower layers) and can use the port
number information from TCP or User Datagram
Protocol (UDP) headers They can provide access
control lists (ACLs) to filter traffic for better security and are able to control bandwidth allocation for load balancing purposes Some routers also function as Layer 4 switches These devices can help to identify application layer (Layer 7) protocols, such as capable Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and so on.
Trang 5layer 5: Session
After the transport layer has established the virtual connection, a communi-cation session can be established A communicommuni-cation session occurs between
two processes on two different computers The session layer is responsible
for establishing, monitoring, and terminating sessions, using the virtual circuits established by the transport layer
The session layer is also responsible for putting header information into data packets to indicate where the message begins and ends Once header information is attached to the data packets, the session layer performs synchronization between the sender’s session layer and the receiver’s session layer The use of acknowledgement (ACK) messages helps coordinate transfer of data at the session layer
A very important function of the session layer is controlling whether the communications within a session are sent as full-duplex or half-duplex messages Half-duplex communication goes in both directions between the communicating computers, but information can travel in only one direction at a time (as with walkie-talkie radio communications, in which you have to hold down the microphone button to transmit and cannot hear the person on the other end when you do) With full-duplex communica-tion, information can be sent in both directions at the same time (as in a regular telephone conversation, in which both parties can talk and hear one another at the same time)
hEAd oF ThE ClASS…
Connection-oriented versus Connectionless
What’s the difference between a connection-oriented
and a connectionless protocol? A connection-oriented
protocol such as TCP creates a connection between
the two computers before actually sending the data and
then verifies that the data has reached their destination
by using acknowledgements (messages sent back to
the sending computer from the receiving computer that
acknowledge receipt) Connectionless protocols send the
data and trust that it will reach the proper destination.
Consider an analogy: you need to send a very
impor-tant letter to a business associate, containing valuable
papers that must not get lost along the way You call
him before mailing the letter, to let him know he should expect it (establishing the connection) You might even insure it or send it via certified mail After a few days have passed, your friend calls you back to let you know that he did receive the letter or you get back the return receipt that you requested (acknowledgement) This is the way a connection-oriented communication works It’s different from mailing a relatively unimportant item, such as a postcard to a friend when you’re on vacation
In that case, you just drop it in the mailbox and hope
it gets to the addressee You don’t expect or require any acknowledgement This is like a connectionless communication.
Trang 6Although the transport layer establishes a connection between two
machines, the session layer establishes a connection between two processes
A process is a defined task related to an application An application may run
many processes simultaneously to accomplish the work of the application
These processes are small executable files that together do the work
required by the application You can view the processes running on your
Windows-based computer by pressing CTLALTDEL, selecting Task
Manager, and then clicking the Processes tab You’ll notice you have far
more processes running than applications since each application typically
runs more than one process at a time
The session layer, then, is responsible for setting up the connection
between an application process on one computer and an application process
on another computer, after the transport layer has established the connection
between the two machines
There are many important protocols that operate at the session layer,
including Windows Sockets (the Winsock interface) and NetBIOS (the
Network Basic Input/Output interface)
layer 6: presentation
Data translation is the primary activity of Layer 6, the presentation
layer When data is sent from sender to receiver, the data is translated at
the presentation layer The sender’s application passes data down to the
presentation layer, where it is put into a common format When the data
is received on the other end, the presentation layer changes the data from
the common format back into a format that is useable by the application
Protocol translation, the conversion of data from one protocol to another so
that it can be exchanged between computers that use different platforms or
operating systems, takes place here
This is the layer at which many gateway services operate Gateways
are connection points between networks that use different platforms or
Note
Earlier in this chapter, we mentioned multiplexing Computer communications can be in
half-duplex or full-duplex mode Simplex, or unidirectional (one-way) communication,
generally, is not used in computer networking It is the type of communication used for
radio and over-the-air TV broadcasts (many cable television [CATV]) transmissions now
use two-way signaling to allow for interactive TV).
Trang 7applications Examples include e-mail gateways (which allow for com-munications between two different e-mail programs using a common protocol such as Simple Mail Transfer Protocol [SMTP]), Systems Network Architecture (SNA) gateways (which allow PCs to communicate with mainframe computers), and gateways that cross platforms or file systems (for example, allowing Microsoft clients that use the Server Message Block (SMB) protocol for file sharing to access files on NetWare servers that use NetWare Core Protocol) Gateways are usually implemented via software, such as the Gateway Services for NetWare (GSNW) Software redirectors also operate at this layer
This layer is also where data compression can take place, to minimize the actual number of bits that must be transmitted on the network media to the receiver Data encryption and decryption take place in the presentation layer as well
layer 7: Application
The application layer is the point at which the user application program
interacts with the network This layer of the OSI model should not be confused with the application itself This is very important to understand and remember, as they share the same name Application processes, such as file transfers or e-mail, are initiated within a user application (for example,
an e-mail program) Then the data created by that process are handed to the application layer of the networking software Everything that occurs at this level is application-specific File sharing, remote printer access, network monitoring and management, Remote Procedure Calls (RPCs), and all forms
of electronic messaging occur at this level
Both FTP (a common way of transferring files across a network) and
Telnet function within the application layer, as do SMTP, POP3, and
IMAP4, all of which are used for sending or receiving e-mail There are many other application layer protocols, including HTTP, Network News
Test day Tip
Although it’s important to understand the details of the OSI model for the exam, you’re
likely to run into a limited number of questions related to the specific layers of the model Understanding the basic functions of each layer will help you easily identify correct answers to the questions you may see on the exam It is especially important to remember that, when troubleshooting, you should start with Layer 1 (physical) and work your way up A common error among technicians and network administrators is starting
to troubleshoot at Layer 7 Greater detail about troubleshooting with the OSI model can
be found in Chapter 11, “Network Troubleshooting Tools.”
Trang 8Transfer Protocol (NNTP), and Simple Network Management Protocol
(SNMP)
Be sure to distinguish between the protocols mentioned and applications
that may bear the same names There are many different FTP programs
made by different software vendors, but all of them use the FTP protocol to
transfer files
Encapsulation of Data
One last item to cover before we move on to new material is that you should
make sure you understand what encapsulation is and how it works Notice
that each layer in Figure 6.8 adds a header to the data packet so that by the
time it reaches the physical layer (the last one on the bottom), it is much
longer than when it started at the application layer When data is received by
the receiving host, the headers are stripped off as the data moves back up the
stack, one layer at a time, by the layer that corresponds to the one that added
it This means that each layer on the sending computer communicates only
with the layer of the same name on the receiving machine
The Microsoft Model
Prior to the release of Windows NT 3.1, users who wanted to connect to
a network had to obtain the TCP/IP protocol suite from a third party and
install it TCP/IP did not come bundled with the software At times, the
TCP/IP software that was purchased didn’t work well with the operating
system (OS) because it handled various tasks of network communication in
a slightly different way than did the operating system This sometimes led to
intermittent network problems or time-spent troubleshooting TCP/IP and
operating system interoperability
With the release of Windows
NT 3.1, TCP/IP was built into the operating system, providing a seamless integration of network-ing functionality in the OS Since that time, it has become standard
to provide TCP/IP with the operating system because many computers today connect to a net-work in one form or another
The Microsoft model as
seen in Figure 6.9 provides a standard platform for application developers
FIGurE 6.8 Data Moving through the OSI Layers.
Trang 9This modular design enables the developer to rely upon the underlying services of the OS through the use of standard interfaces (Sound familiar to the discussion we had earlier on the DoD and OSI models?) These interfaces provide specific functionality developers can use as building blocks to develop
an application This makes development time shorter and provides common interfaces for users, making learning and using new applications easier
FIGurE 6.9 The Microsoft Model.
Trang 10Though the Microsoft model is used primarily by programmers, it’s
important to understand the framework we explore, of how TCP/IP works
on a Microsoft Windows-based computer
Understanding the Function of Boundary Layers
The Microsoft model describes software and hardware components and
the connections between them that facilitate computer networking This
modular approach both allows and encourages hardware and software
vendors to develop products that work together through the Microsoft
operating system Boundary layers are interfaces that reside at the
boundar-ies of functionality They interact with the layer below and the layer above,
providing an interface from one layer to the next
Within each layer, various components perform the tasks defined at
the layer A variety of components can provide similar functionality at any
given layer This modular approach provides flexibility for developers while
providing common interfaces that reduce development time and cost
A vendor can provide new functionality at any of these layers, knowing their
products will integrate with the other layers to provide seamless network
com-munications The interfaces defined by Microsoft are the Network Driver
Inter-face Specification (NDIS), Transport Driver InterInter-face (TDI), and the application
program interface (API) Figure 6.9 shows the relationship of these boundary
layers to both the OSI model and to the Microsoft Architecture
The Windows OS is divided into three primary areas: the User, the
Executive, and the Kernel The Kernel is the core of the Microsoft operating
system architecture and it manages the most basic operations including
interacting with the hardware abstraction layer that interacts with the
hardware (CPU, memory, etc.) The Kernel also synchronizes activities with
the Executive level, which includes the Input/Output (I/O) Manager and the
Process Manager The User level interacts with the Executive level; this is
the level at which most applications and user interfaces reside
the NDIs boundary Layer
The NDIS works at the bottom of the networking architecture and maps to
the data link layer of the OSI model and the Network Interface layer of the
DARPA model The NDIS layer is the boundary between the physical network
(physical layer of the OSI model) and the higher-level transport protocols This
layer provides the standardized functions that allow various transport protocols
to use any network device driver that is compatible with the specifications of
this layer, providing both flexibility and reliability to developers The earliest
versions of NDIS were developed by a Microsoft and 3Com joint effort Later,
NDIS versions are proprietary to Microsoft operating systems