Internetworking Overview

1
Internetworking Overview
2
Learning Objectives

• Review how to obtain physical segmentation in a
  network using bridge or a switch
• Describe how logical segmentation is obtained
  using routers
• List various types of firewalls used in
  networking today

3
Network Segmentation

• Usually, an organization is physically and
  logically segmented to meet performance and
  security requirements
• Physical Segmentation
• Use devices like bridges and switches
• Increase bandwidth by creating smaller collision
  domains
• Logical Segmentation
• Use devices such as routers
• Meet security, performance, and manageability
  requirements

4
Network Segmentation
5
Network Segmentation
6
Networking Equipment

• Hub, Repeater, Concentrator, MAU A connectivity
  device used to physically attach users to the
  network
• Bridge An internetworking device that connects
  two or more networks using MAC addressing
• Switch
• Connects two or more networks using addressing
• Reduces latency by processing frames immediately
• Make an intelligent forwarding decision
• Router Connects two or more networks using
  network layer addressing (e.g. IP address)

7
Physical Segmentation

• Carried out at the departmental level (forms one
  logical network with many physical networks
  connected together)
• Analyze traffic pattern using a protocol analyzer
• Determine how each physical segment will be
  created using hubs, bridges, and switches
• Create workgroups using hubs to connect 5 to 25
  users. The hub typically connects to a port on a
  switch or a bridge
• Connect individual power users and servers to a
  switch
• Connect a switch port to a router (typically)

8
Physical Segmentation
9
Bridge and Switch Operation

• Bridge and switch learn MAC address of stations
  by examining source addresses of frames. These
  MAC addresses are then placed on tables
• Bridges and switches filter traffic based on
  destination MAC address. If the destination MAC
  address is off the same port as the frame entered
  on, the frame will be not forwarded out to any
  other ports
• If the destination MAC address is not on the
  incoming port
• Bridges forward the frame to all other ports
• Switches consult the table and forward the frame
  a recognized port
• Store-and-forward switch Vs. Cut-through switch

10
Switching
11
Spinning Tree Algorithm

• Spanning Tree Algorithm
• A layer 2 protocol
• Allows bridges and switches to be physically
  connected into a loop, without suffering
  broadcast storms
• Implementation Process
• Elect the root switch for the network based on
  the switch ID numbers
• Choose the best path to the root switch for each
  switch
• Disable other switch and switch ports that cause
  loops

12
Logical Segmentation Using Routers
13
Routing Overview

• Routers transport routable protocols such as IP,
  through network
• Each router maintain a route table to select path
  for the packets
• Routers use routing protocols such as RIP
  (Routing Information Protocol) and OSPF (Open
  Shortest Path First) to exchange route table with
  each other
• The Internet is connected by many routers
• Other protocols such as IPX and AppleTalk are
  also routed through the networks

14
Routing Metrics

• The routing metric contains the criteria for
  determining the best path to reach a target
  network
• Routing metrics
• Hope count metric
• Bandwidth metric
• Cost metric
• Reliability
• Delay metric
• Utilization metric
• Routers carry out the calculation of the metric
  for determining the path used to transmit data

15
Routing Protocols

• RIP (Routing Information Protocol) based on hop
  counts (number of routers between two nodes
  distance vector)
• OSPF (Open Shortest Path First) based on speed
  and reliability (link state)
• IGRP (Interior Gateway Routing Protocol by
  Cisco) provides load balancing features
• EIGRP (Enhanced interior Gateway Routing
  Protocol based link states such as reliability
  easier to install than OSPF
• BGP (Border Gateway Protocol) based on link
  state designed for large networks
• EGP (Exterior Gateway Protocol) based in
  distance designed for large networks

16
RIP

• Characteristics
• Uses a distance vector algorithm A hop count
  metric is used to determine the path
• RIP selects the path with the fewest number of
  routers
• Broadcasts are used to exchange information
  between routers
• RIP routers typically transmit updates between
  each other every 30 seconds
• Problems
• Hop count limits to 16 routers
• Unreliable transport of message
• Slows paths chosen if network design contains
  flaws

17
OSPF

• Use a link state algorithm for path selection
• Use a sophisticated metric based on speed,
  reliability, and delay to select best paths
  through networks
• Designed for large networks
• Support variable length subnetting

18
IGRP

• Developed by Cisco
• Uses a distance vector algorithm with multiple
  variables (bandwidth, delay, utilization, and
  reliability) to determine the best paths between
  networks
• Send router updates every 90 seconds or when
  changes occur in network

19
Firewalls

• A system that provide advance security
  functionality to a network
• Include a collection of hardware and software
  placed at the edges of a network
• All traffic going to the network must path
  through the firewall
• All traffic going out of the network must path
  through the firewall
• Only authorized traffic will be allowed to pass
  through the firewall
• IP address translation is often accomplished
  using firewall (translate an intranet addressing
  system to a valid internet addressing system)

20
Firewall types

• Packet filters
• Routers are used to filter traffic based on
  source and destination IP addresses (can be
  broken into by savvy hackers)
• Proxy servers
• A proxy server situated between the Internet and
  the organizations router.
• The Server communicates with the Internet on
  behalf of the network
• The real IP addresses remain hidden
• Socks server
• Sock IP Port number
• Only after an application has been SUCKed, users
  can gain access to the Internet
• SMLI (Stateful multilayer inspection)
• The entire packet of data is inspected, and data
  that does not meet criteria for passage is denied

21
Firewall Concept
22
Firewall Types
23
RIP Routing Tables
24
RIP Problems