Computer Networking Articles No 1 2 3 4 Upload 09-01-08 11-01-08 11-01-08 11-01-08 5 11-01-08 6 11-01-08 7 11-01-08 8 9 10 11 12 13 14 15 16 17 16 17 18 19 20 21 22 23 24 25 26 27 28 29 29-01-08 29-01-08 29-01-08 29-01-08 29-01-08 29-01-08 31-01-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 04-02-08 13-02-08 14-02-08 15-02-08 06-03-08 18-03-08 25-03-08 Articles Cisco Certification Introduction to Computer Networking Computer Networking Component Cisco Networking Academy Program Test Sem 1 Chapter 1 Cisco Networking Academy Program Test Sem 1 Chapter 1 Lanjutan Cisco Networking Academy Program Test Sem 1 Chapter 2 Cisco Networking Academy Program Test Sem 1 Chapter 2 Lanjutan VLAN (Virtual Local Area Network) Cisco Switching Concepts Perancangan Jaringan Cisco Switch Routing Protocols pada Cisco Router RIP Routing Protocols pada Cisco Router IGRP Routing Protocols pada Cisco Router OSPF Routing Protocols pada Cisco Router OSPF Lanjutan Cisco Networking Academy Program Test Sem 1 Chapter 3 Cisco Networking Academy Program Test Sem 1 Chapter 4 Cisco Networking Academy Program Test Sem 1 Chapter 5 Cisco Networking Academy Program Test Sem 1 Chapter 6 Cisco Networking Academy Program Test Sem 1 Chapter 6-7 Cisco Networking Academy Program Test Sem 1 Chapter 7 Cisco Networking Academy Program Test Sem 1 Chapter 8 Cisco Networking Academy Program Test Sem 1 Chapter 9 Cisco Networking Academy Program Test Sem 1 Chapter 9-10 Cisco Networking Academy Program Test Sem 1 Chapter 10 Cisco Networking Academy Program Test Sem 1 Chapter 11 Cisco Exploration Semester 1 Chapter 2 Cisco Exploration Semester 1 Chapter 3 Cisco Exploration Semester 1 Chapter 7 Cisco IOS Configuration Access List VPN IP (virtual private network Intenet Protokol) Sertifikasi: CCNA Cisco Certified Network Associate (CCNA) adalah salah satu pondasi penting dalam seri sertifikasi networking yang dikeluarkan oleh Cisco Systems. Level sertifikasi di Cisco setelah CCNA, terdapat CCNP (Cisco Certified Network Professional) dan CCIP (Cisco Certified Internetwork Professional), serta yang paling puncak adalah CCIE (Cisco Certified Internetwork Expert). Seorang bersertifikat CCNA memiliki ilmu pengetahuan dan kemampuan untuk instalasi, konfigurasi, mengoperasikan dan memecahkan permasalahan (troubleshooting) pada LAN, WAN dan layanan dial access untuk network kecil (dibawah 100 node), termasuk didalamnya penggunaan protokol seperti: IP, IGRP, Serial, Frame Relay, IP RIP, VLAN, RIP, Ethernet, Access Lists. Untuk mendapatkan sertifikasi CCNA bisa dilakukan dengan dua cara: 1. Lulus ujian INTRO 640-821 (Introduction to Cisco Networking Technologies) dan ICND 640-811 (Interconnecting Cisco Networking Devices) 2. Lulus ujian CCNA 640-801 Umur sertifikasi CCNA adalah tiga tahun, dan kita untuk memperpanjangnya kita bisa dengan mengikuti ujian CCNA 640-801 atau ICND 640-811. Ujian sertifikasi CCNA 640-801 dengan waktu ujian 90 menit untuk menyelesaikan 55-65 soal ujian. Ujian tersedia dalam bahasa Inggris dan Jepang. Kita bisa mengambil ujian CCNA 640-801, di tempat uji sertifikasi di seluruh Indonesia yang memperoleh pengakuan dari Pearson VUE atau Prometric. Bentuk soal ujian dapat berupa: • • • • • • • Multiple-choice single answer Multiple-choice multiple answer Drag-and-drop Fill-in-the-blank Testlet Simlet Simulations Materi yang diujikan terbagi menjadi empat tema, dengan subtema lengkap seperti berikut: 1. Planning & Designing • • • • • • • Design a simple LAN using Cisco Technology Design an IP addressing scheme to meet design requirements Select an appropriate routing protocol based on user requirements Design a simple internetwork using Cisco technology Develop an access list to meet user specifications Choose WAN services to meet customer requirements 2. Implementation & Operation • • • • Configure routing protocols given user requirements Configure IP addresses, subnet masks, and gateway addresses on routers and hosts Configure a router for additional administrative functionality Configure a switch with VLANS and inter-switch communication 3. Implement a LAN • • • • • • Customize a switch configuration to meet specified network requirements Manage system image and device configuration files Perform an initial configuration on a router Perform an initial configuration on a switch Implement access lists Implement simple WAN protocols 4. Troubleshooting • • • • • • • Utilize the OSI model as a guide for systematic network troubleshooting Perform LAN and VLAN troubleshooting Troubleshoot routing protocols Troubleshoot IP addressing and host configuration Troubleshoot a device as part of a working network Troubleshoot an access list Perform simple WAN troubleshooting 5. Technology • • • • • • • • Describe network communications using layered models Describe the Spanning Tree process Compare and contrast key characteristics of LAN environments Evaluate the characteristics of routing protocols Evaluate TCP/IP communication process and its associated protocols Describe the components of network devices Evaluate rules for packet control Evaluate key characteristics of WANs Pelatihan apa yang harus saya ikuti sebagai persiapan untuk ujian CCNA? Ada tiga jenis pelatihan yang bisa anda pilih dan ikuti untuk mempersiapkan diri dalam ujian mendapatkan sertifikasi CCNA. 1. Mengikuti pelatihan persiapan ujian CCNA 640-801 dari lembaga-lembaga pelatihan yang mengadakan 2. Mengikuti pelatihan persiapan ujian INTRO 640-821 dan ICND 640-811 3. Mengikuti pelatihan CCNA (semester 1-4) sesuai dengan kurikulum Cisco Networking Academy Program (CNAP). Jalur ini sering disebut dengan jalur akademi, pemahaman lebih komprehensif dan ilmu yang didapat relatif lebih matang. Permasalahannya mungkin adalah waktu belajar relatif lebih lama. Hubungi Local Academy (LA) Cisco di wilayah anda untuk mengikuti program pelatihan CNAP.Sumber : by Romi Satria Wahono Introduction to Computer Networking Apa itu Jaringan Komputer ? JARINGAN komputer adalah sebuah kumpulan komputer, printer dan peralatan lainnya yang terhubung dalam satu kesatuan. Informasi dan data bergerak melalui kabel-kabel atau tanpa kabel sehingga memungkinkan pengguna jaringan komputer dapat saling bertukar dokumen dan data, mencetak pada printer yang sama dan bersama-sama menggunakan hardware/software yang terhubung dengan jaringan. Setiap komputer, printer atau periferal yang terhubung dengan jaringan disebut node. Sebuah jaringan komputer dapat memiliki dua, puluhan, ribuan atau bahkan jutaan node. Jenis-Jenis Jaringan Komputer Secara umum jaringan komputer dibagi atas lima jenis, yaitu ; 1. Local Area Network (LAN) Local Area Network (LAN), merupakan jaringan milik pribadi di dalam sebuah gedung atau kampus yang berukuran sampai beberapa kilometer. LAN seringkali digunakan untuk menghubungkan komputer-komputer pribadi dan workstation dalam kantor suatu perusahaan atau pabrik-pabrik untuk memakai bersama sumberdaya (resouce, misalnya printer) dan saling bertukar informasi. 2. Metropolitan Area Network (MAN) Metropolitan Area Network (MAN), pada dasarnya merupakan versi LAN yang berukuran lebih besar dan biasanya menggunakan teknologi yang sama dengan LAN. MAN dapat mencakup kantor-kantor perusahaan yang letaknya berdekatan atau juga sebuah kota dan dapat dimanfaatkan untuk keperluan pribadi (swasta) atau umum. MAN mampu menunjang data dan suara, bahkan dapat berhubungan dengan jaringan televisi kabel. 4. Wide Area Network (WAN) Wide Area Network (WAN), jangkauannya mencakup daerah geografis yang luas,seringkali mencakup sebuah negara bahkan benua. WAN terdiri dari kumpulan mesin mesin yang bertujuan untuk menjalankan program-program (aplikasi) pemakai. 5. 4. Internet Sebenarnya terdapat banyak jaringan didunia ini, seringkali menggunakan perangkat keras dan perangkat lunak yang berbeda-beda . Orang yang terhubung ke jaringan sering berharap untuk bisa berkomunikasi dengan orang lain yang terhubung ke jaringan lainnya. Keinginan seperti ini memerlukan hubungan antar jaringan yang seringkali tidak kampatibel dan berbeda. Biasanya untuk melakukan hal ini diperlukan sebuah mesin yang disebut gateway guna melakukan hubungan dan melaksanakan terjemahan yang diperlukan, baik perangkat keras maupun perangkat lunaknya. Kumpulan jaringan yang terinterkoneksi inilah yang disebut dengan internet. 5. Jaringan Tanpa Kabel Jaringan tanpa kabel merupakan suatu solusi terhadap komukasi yang tidak bisa dilakukan dengan jaringan yang menggunakan kabel. Misalnya orang yang ingin mendapat informasi atau melakukan komunikasi walaupun sedang berada diatas mobil atau pesawat terbang, maka mutlak jaringan tanpa kabel diperlukan karena koneksi kabel tidaklah mungkin dibuat di dalam mobil atau pesawat. Saat ini jaringan tanpa kabel sudah marak digunakan dengan memanfaatkan jasa satelit dan mampu memberikan kecepatan akses yang lebih cepat dibandingkan dengan jaringan yang menggunakan kabel. Wireless LAN dan Hotspot. Topologi Jaringan Komputer Topologi adalah suatu cara menghubungkan komputer yang satu dengan komputer lainnya sehingga membentuk jaringan. Cara yang saat ini banyak digunakan adalah bus, tokenring, star dan peer-to-peer network. Masing-masing topologi ini mempunyai ciri khas, dengan kelebihan dan kekurangannya sendiri. 1. Bus Topology Keuntungan • Hemat kabel • Layout kabel sederhana • Mudah dikembangkan Kerugian • Deteksi dan isolasi kesalahan sangat kecil • Kepadatan lalu lintas • Bila salah satu client rusak, maka jaringan tidak bisa berfungsi. • Diperlukan repeater untuk jarak jauh 2. Topologi Token RING Metode token-ring (sering disebut ring saja) adalah cara menghubungkan komputer sehingga berbentuk ring (lingkaran). Setiap simpul mempunyai tingkatan yang sama. Jaringan akan disebut sebagai loop, data dikirimkan kesetiap simpul dan setiap informasii yang diterima simpul diperiksa alamatnya apakah data itu untuknya atau bukan Keuntungan • Hemat Kabel Kerugian • Peka kesalahan • Pengembangan jaringan lebih kaku 3. Topologi STAR Kontrol terpusat, semua link harus melewati pusat yang menyalurkan data tersebut kesemua simpul atau client yang dipilihnya. Simpul pusat dinamakan stasium primer atau server dan lainnya dinamakan stasiun sekunder atau client server. Setelah hubungan jaringan dimulai oleh server maka setiap client server sewaktu-waktu dapat menggunakan hubungan jaringan tersebut tanpa menunggu perintah dari server. Keuntungan • Paling fleksibel • Pemasangan/perubahan stasiun sangat mudah dan tidak mengganggu bagian jaringan lain • Kontrol terpusat • Kemudahan deteksi dan isolasi kesalahan/kerusakan • Kemudahaan pengelolaan jaringan Kerugian • Boros kabel • Perlu penanganan khusus • Kontrol terpusat (HUB) jadi elemen kritis Manfaat Jaringan Komputer • Resource Sharing, dapat menggunakan sumberdaya yang ada secara bersama-sama. Misal seorang pengguna yang berada 100 km jauhnya dari suatu data, tidak mendapatkan kesulitan dalam menggunakan data tersebut, seolah-olah data tersebut berada didekatnya. Hal ini sering diartikan bahwa jaringan computer mangatasi masalah jarak. • Reliabilitas tinggi, dengan jaringan komputer kita akan mendapatkan reliabilitas yang tinggi dengan memiliki sumber-sumber alternatif persediaan. Misalnya, semua file dapat disimpan atau dicopy ke dua, tiga atu lebih komputer yang terkoneksi ke jaringan. Sehingga bila salah satu mesin rusak, maka salinan di mesin yang lain bisa digunakan. • Menghemat uang. Komputer berukuran kecil mempunyai rasio harga/kinerja yang lebih baik dibandingkan dengan komputer yang besar. Komputer besar seperti mainframe memiliki kecapatan kira-kira sepuluh kali lipat kecepatan computer kecil/pribadi. Akan tetapi harga mainframe seribu kali lebih mahal dari computer pribadi. Ketidakseimbangan rasio harga/kinerja dan kecepatan inilah membuat para perancang sistem untuk membangun sistem yang terdiri dari computer komputer pribadi. • Berbagi saluran komunikasi (internet). • Memudahkan komunikasi antar pemakai jaringan. Komponen Jaringan Komputer Jaringan Komputer tersusun dari beberapa elemen dasar yang meliputi komponen hardware dan software, yaitu : 1. Komponen Hardware Personal Computer (PC), Network Interface Card (NIC), Kabel dan topologi jaringan. 2. Komponen Software Sistem Operasi Jaringan, Network Adapter Driver, Protokol Jaringan. A. Perangkat jaringan 1. Repeater Berfungsi untuk menerima sinyal kemudian meneruskan kembali sinyal yang diterima dengan kekuatan yang sama. Dengan adanya repeter, sinyal dari suatu komputer dapat komputer lain yang letaknya berjauhan. 2. Hub Fungsinya sama dengan repeater hanya hub terdiri dari beberapa port, sehingga hub disebut juga multiport repeter. Repeater dan hub bekerja di physical layer sehingga tidak mempunyai pengetahuan mengenai alamat yang dituju. Meskipun hub memiliki beberapa port tetapi tetap menggunaka metode broadcast dalam mengirimkan sinyal, sehingga bila salah satu port sibuk maka port yang lain harus menunggu jika ingin mengirimkan sinyal. 3. Bridge Berfungsi seperti repeater atau hub tetapi lebih pintar karena bekerja pada lapisan data link sehingga mempunyai kemampuan untuk menggunakan MAC address dalam proses pengiriman frame ke alamat yang dituju. 4. Switch Fungsinya sama dengan bridge hanya switch terdiri dari beberapa port sehingga switch disebut multiport bridge. Dengan kemampuannya tersebut jika salah satu port pada switch sibuk maka port-port lain masih tetap dapat berfungsi. Tetapi bridge dan switch tidak dapat meneruskan paket IP yang ditujukan komputer lain yang secara logic berbeda jaringan. B. Type , Jenis Kabel dan Pengkabelan Setiap jenis kabel mempunyai kemampuan dan spesifikasinya yang berbeda, oleh karena itu dibuatlah pengenalan tipe kabel. Ada beberapa jenis kabel yang dikenal secara umum, yaitu twisted pair (UTPunshielded twisted pair dan STP shielded twisted pair), coaxial cable dan fiber optic. 1. Thin Ethernet (Thinnet) Thin Ethernet atau Thinnet memiliki keunggulan dalam hal biaya yang relatif lebih murah dibandingkan dengan tipe pengkabelan lain, serta pemasangan komponennya lebih mudah. Panjang kabel thin coaxial/RG-58 antara 0.5 – 185 m dan maksimum 30 komputer terhubung.Kabel coaxial jenis ini banyak dipergunakan di kalangan radio amatir, terutama untuk transceiver yang tidak memerlukan output daya yang besar. Untuk digunakan sebagai perangkat jaringan, kabel coaxial jenis ini harus memenuhi standar IEEE 802.3 10BASE2, dimana diameter rata-rata berkisar 5mm dan biasanya berwarna hitam atau warna gelap lainnya. Setiap perangkat (device) dihubungkan dengan BNC T-connector. Kabel jenis ini juga dikenal sebagai thin Ethernet atau ThinNet. Kabel coaxial jenis ini, misalnya jenis RG-58 A/U atau C/U, jika diimplementasikan dengan Tconnector dan terminator dalam sebuah jaringan, harus mengikuti aturan sebagai berikut: • Setiap ujung kabel diberi terminator 50-ohm. • Panjang maksimal kabel adalah 1,000 feet (185 meter) per segment. • Setiap segment maksimum terkoneksi sebanyak 30 perangkat jaringan (devices) • Kartu jaringan cukup menggunakan transceiver yang onboard, tidak perlu tambahan transceiver, kecuali untuk repeater. • Maksimum ada 3 segment terhubung satu sama lain (populated segment). • Setiap segment sebaiknya dilengkapi dengan satu ground. • Panjang minimum antar T-Connector adalah 1,5 feet (0.5 meter). • Maksimum panjang kabel dalam satu segment adalah 1,818 feet (555 meter). • Setiap segment maksimum mempunyai 30 perangkat terkoneksi. 2. Thick Ethernet (Thicknet) Dengan thick Ethernet atau thicknet, jumlah komputer yang dapat dihubungkan dalam jaringan akan lebih banyak dan jarak antara komputer dapat diperbesar, tetapi biaya pengadaan pengkabelan ini lebih mahal serta pemasangannya relatif lebih sulit dibandingkan dengan Thinnet. Pada Thicknet digunakan transceiver untuk menghubungkan setiap komputer dengan sistem jaringan dan konektor yang digunakan adalah konektor tipe DIX. Panjang kabel transceiver maksimum 50 m, panjang kabel Thick Ethernet maksimum 500 m dengan maksimum 100 transceiver terhubung. Kabel coaxial jenis ini dispesifikasikan berdasarkan standar IEEE 802.3 10BASE5, dimana kabel ini mempunyai diameter rata-rata 12mm, dan biasanya diberi warna kuning; kabel jenis ini biasa disebut sebagai standard ethernet atau thick Ethernet, atau hanya disingkat ThickNet, atau bahkan cuman disebut sebagai yellow cable.Kabel Coaxial ini (RG-6) jika digunakan dalam jaringan mempunyai spesifikasi dan aturan sebagai berikut: • Setiap ujung harus diterminasi dengan terminator 50-ohm (dianjurkan menggunakan terminator yang sudah dirakit, bukan menggunakan satu buah resistor 50-ohm 1 watt, sebab resistor mempunyai disipasi tegangan yang lumayan lebar). • Maksimum 3 segment dengan peralatan terhubung (attached devices) atau berupa populated segments. • Setiap kartu jaringan mempunyai pemancar tambahan (external transceiver).Setiap segment maksimum berisi 100 perangkat jaringan, termasuk dalam hal ini repeaters. • Maksimum panjang kabel per segment adalah 1.640 feet (atau sekitar 500 meter). • Maksimum jarak antar segment adalah 4.920 feet (atau sekitar 1500 meter). • Setiap segment harus diberi ground. • Jarang maksimum antara tap atau pencabang dari kabel utama ke perangkat (device) adalah 16 feet (sekitar 5 meter). Jarang minimum antar tap adalah 8 feet (sekitar 2,5 meter). Sumber : Diktat Kuliah Jarkom Akatel : Alfin H,ST Cisco Networking Academy Program Test Semester 1 Chapter 1 Sumber : Dari berbagai sumber Cisco Networking Academy Program Test Semester 1 Chapter 1 Sumber : Dari berbagai sumber Cisco Networking Academy Program Test Semester 1 Chapter 2 Cisco Networking Academy Program Test Semester 1 Chapter 2 VLAN (Virtual Local Area Network) VLAN merupakan suatu model jaringan yang tidak terbatas pada lokasi fisik seperti LAN , hal ini mengakibatkan suatu network dapat dikonfigurasi secara virtual tanpa harus menuruti lokasi fisik peralatan. Penggunaan VLAN akan membuat pengaturan jaringan menjadi sangat fleksibel dimana dapat dibuat segmen yang bergantung pada organisasi atau departemen, tanpa bergantung pada lokasi workstation. Perbedaan yang sangat jelas dari model jaringan Local Area Network dengan Virtual Local Area Network adalah bahwa bentuk jaringan dengan model Local Area Network sangat bergantung pada letak/fisik dari workstation, serta penggunaan hub dan repeater sebagai perangkat jaringan yang memiliki beberapa kelemahan. Sedangkan yang menjadi salah satu kelebihan dari model jaringan dengan VLAN adalah bahwa tiap-tiap workstation/user yang tergabung dalam satu VLAN/bagian (organisasi, kelompok dsb) dapat tetap saling berhubungan walaupun terpisah secara fisik Bagaimana VLAN Bekerja VLAN diklasifikasikan berdasarkan metode (tipe) yang digunakan untuk mengklasifikasikannya, baik menggunakan port, MAC addresses dsb. Semua informasi yang mengandung penandaan/pengalamatan suatu vlan (tagging) di simpan dalam suatu database (tabel), jika penandaannya berdasarkan port yang digunakan maka database harus mengindikasikan port-port yang digunakan oleh VLAN. Untuk mengaturnya maka biasanya digunakan switch/bridge yang manageable atau yang bisa di atur. Switch/bridge inilah yang bertanggung jawab menyimpan semua informasi dan konfigurasi suatu VLAN dan dipastikan semua switch/bridge memiliki informasi yang sama. Switch akan menentukan kemana data-data akan diteruskan dan sebagainya. atau dapat pula digunakan suatu software pengalamatan (bridging software) yang berfungsi mencatat/menandai suatu VLAN beserta workstation yang didalamnya.untuk menghubungkan antar VLAN dibutuhkan router. Tipe-Tipe VLAN Keanggotaan dalam suatu VLAN dapat di klasifikasikan berdasarkan port yang di gunakan , MAC address, tipe protokol. 1. Berdasarkan Port Keanggotaan pada suatu VLAN dapat di dasarkan pada port yang di gunakan oleh VLAN tersebut , Kelemahannya adalah user tidak bisa untuk berpindah pindah, apabila harus berpindah maka Network administrator harus mengkonfigurasikan ulang. 2. Berdasarkan MAC Address Keanggotaan suatu VLAN didasarkan pada MAC address dari setiap workstation /komputer yang dimiliki oleh user. Switch mendeteksi/mencatat semua MAC address yang dimiliki oleh setiap Virtual LAN. MAC address merupakan suatu bagian yang dimiliki oleh NIC (Network Interface Card) di setiap workstation. Kelebihannya apabila user berpindah pindah maka dia akan tetap terkonfigurasi sebagai anggota dari VLAN tersebut.Sedangkan kekurangannya bahwa setiap mesin harus di konfigurasikan secara manual , dan untuk jaringan yang memiliki ratusan workstation maka tipe ini kurang efissien untuk dilakukan. 3. Berdasarkan tipe protokol yang digunakan Keanggotaan VLAN juga bisa berdasarkan protocol yang digunakan 4. Berdasarkan Alamat Subnet IP Subnet IP address pada suatu jaringan juga dapat digunakan untuk mengklasifikasi suatu VLAN. IP address digunakan untuk memetakan keanggotaan VLAN. Keuntungannya seorang user tidak perlu mengkonfigurasikan ulang alamatnya di jaringan apabila berpindah tempat, hanya saja karena bekerja di layer yang lebih tinggi maka akan sedikit lebih lambat untuk meneruskan paket di banding menggunakan MAC addresses. 5. Berdasarkan aplikasi atau kombinasi lain Sangat dimungkinkan untuk menentukan suatu VLAN berdasarkan aplikasi yang dijalankan, atau kombinasi dari semua tipe di atas untuk diterapkan pada suatu jaringan. Misalkan: aplikasi FTP (file transfer protocol) hanya bisa digunakan oleh VLAN 1 dan Telnet hanya bisa digunakan pada VLAN 2. Perbandingan VLAN dan LAN Perbandingan Tingkat Keamanan Penggunaan LAN telah memungkinkan semua komputer yang terhubung dalam jaringan dapat bertukar data atau dengan kata lain berhubungan. Kerjasama ini semakin berkembang dari hanya pertukaran data hingga penggunaan peralatan secara bersama (resource sharing atau disebut juga hardware sharing).10 LAN memungkinkan data tersebar secara broadcast keseluruh jaringan, hal ini akan mengakibatkan mudahnya pengguna yang tidak dikenal (unauthorized user) untuk dapat mengakses semua bagian dari broadcast. Semakin besar broadcast, maka semakin besar akses yang didapat, kecuali hub yang dipakai diberi fungsi kontrol keamanan. VLAN yang merupakan hasil konfigurasi switch menyebabkan setiap port switch diterapkan menjadi milik suatu VLAN. Oleh karena berada dalam satu segmen, port-port yang bernaung dibawah suatu VLAN dapat saling berkomunikasi langsung. Sedangkan port-port yang berada di luar VLAN tersebut atau berada dalam naungan VLAN lain, tidak dapat saling berkomunikasi langsung karena VLAN tidak meneruskan broadcast. VLAN yang memiliki kemampuan untuk memberikan keuntungan tambahan dalam hal keamanan jaringan tidak menyediakan pembagian/penggunaan media/data dalam suatu jaringan secara keseluruhan. Switch pada jaringan menciptakan batas-batas yang hanya dapat digunakan oleh komputer yang termasuk dalam VLAN tersebut. Hal ini mengakibatkan administrator dapat dengan mudah mensegmentasi pengguna, terutama dalam hal penggunaan media/data yang bersifat rahasia (sensitive information) kepada seluruh pengguna jaringan yang tergabung secara fisik. Keamanan yang diberikan oleh VLAN meskipun lebih baik dari LAN,belum menjamin keamanan jaringan secara keseluruhan dan juga belum dapat dianggap cukup untuk menanggulangi seluruh masalah keamanan. VLAN masih sangat memerlukan berbagai tambahan untuk meningkatkan keamanan jaringan itu sendiri seperti firewall, pembatasan pengguna secara akses perindividu, intrusion detection, pengendalian jumlah dan besarnya broadcast domain, enkripsi jaringan, dsb. Dukungan Tingkat keamanan yang lebih baik dari LAN inilah yang dapat dijadikan suatu nilai tambah dari penggunaan VLAN sebagai sistem jaringan. Salah satu kelebihan yang diberikan oleh penggunaan VLAN adalah kontrol administrasi secara terpusat, artinya aplikasi dari manajemen VLAN dapat dikonfigurasikan, diatur dan diawasi secara terpusat, pengendalian broadcast jaringan, rencana perpindahan, penambahan, perubahan dan pengaturan akses khusus ke dalam jaringan serta mendapatkan media/data yang memiliki fungsi penting dalam perencanaan dan administrasi di dalam grup tersebut semuanya dapat dilakukan secara terpusat. Dengan adanya pengontrolan manajemen secara terpusat maka administrator jaringan juga dapat mengelompokkan grup-grup VLAN secara spesifik berdasarkan pengguna dan port dari switch yang digunakan, mengatur tingkat keamanan, mengambil dan menyebar data melewati jalur yang ada, mengkonfigurasi komunikasi yang melewati switch, dan memonitor lalu lintas data serta penggunaan bandwidth dari VLAN saat melalui tempat-tempat yang rawan di dalam jaringan. Sumber : Dari berbagai sumber SWITCHING CONCEPTS Teknologi Ethernet yang saat ini banyak digunakan, ada teknologi thick dan thin Ethernet. Dengan menggunakan collision, layer 2 lebih pintar dari layer 1 dimana dapat meforwarding decisions based pada Media Access Control (MAC) addresses. Bridge berada pada layer 2 yang berfungsi untuk membagi-bagi persegment pada network. Begitu juga dengan switch yang berada pada layer 2, cara kerjanya mirip dengan bridge namun memiliki banyak port (multiport bridge). Kelemahan perangkat pada layer 2 ini adalah melakukan forward frame secara broadcase ke semua device NT, dimana jika terjadi baanyak broadcast pada NT maka akan terjadi sluggish pada waktu respon Saat ini LAN menggunakan kombinasi perangkat pada Layer 1, 2 dan 3 yang disesuaikan dengan kebutuhan dari perusahaan tersebut. Mengapa perlu Segmentasi, karena untuk membagi kebagian kecil dari jaringan yang disebut sebagai segment. Segmentasi mengikuti congestion NT untuk dapat secara signifikan mengurangi banyak segment, disaat transmisi data antar segment, device pada satu segment akan membagi total bandwidth yang ada. Segmentasi dapat dilakukan dengan menggunakan Bridge, Router dan Switch. Switch menggunakan cara collision domain yang tergantung dari jumlah port, dimana 1 port ada 1 collission domain, sedangkan akan ada 1 broadcast domain jika tidak menggunakan fungsi VLAN Perangkat router : 1 port 1 collision domain Perangkat hub menggunakan sistem Half duplex sedangkan switch menggunakan mekanisme full duplex. LAN Switching Ada 2 klasifikasi pada alokasi badwidth di switch port yaitu as symmetric or asymmetric based. Asymmetric switch membuat koneksi antara port dengan bandwidth yang sama. Switching Asymmetric memungkinkan bandwidth untuk terhubung dedicated ke server port switch untuk mencegah terjadinya bottleneck. Metode switching ini memerlukan memory buffering, diperlukan buffer untuk menjaga agar tetap kesinambungan frames diantara perbedaan data rate pada ports. VLAN Teknologi VLAN adalah suatu cara yang memisahkan segmen-segmen pada switch dimana antara 1 segmen dengan segmen lain tidaj dapat terkoneksi, koneksi dapat dilakukan dengan menggunakan router. dalam satu switch akan berbeda network idnya dan berbeda broadcast domainnya. VLAN dijalankan berdasarkan software pada Switch, misalnya ; Metode Switching • • • Cut Through = pada metode ini frame diperiksa sampai field destination, fragmen free = frame diperiksa sampai 64 byte pertama, collision bisa menjadi pada 64 bytes pertama Store & Forward = frame disimpan terlebih dahulu, dicek nilai FCS (Framecheck) nya baru di forward, apabila framenya tidak rusak Adaptive Cut Through = gabungan dari cut thorough dengan store n forwarf, apabila dirasa ada error makan akan berubah dari cut through menjadi store ada forward setelah error berkurang akan kembali lagi Perancangan Jaringan Cisco Switch Implementasi dari perangkat share ke perangkat switch mengalami evolusi selama beberapa tahun. Perancang jaringan awalnya mempunyai keterbatasan dalam pemilihan perangkat untuk membangun sebuah jaringan kampus atau jaringan antar LAN. Pesatnya perkembangan PC dan kebutuhan aplikasi klien-server membutuhkan pipa jaringan yang lebar dan cepat, terutama untuk aplikasi multimedia. Pemenuhan kebutuhan ini berevolusi dari pemakaian perangkat share-hub ke switch. Gambar di atas menunjukkan sebuah strategi untuk mempertahankan infrastruktur kabel dengan pemakaian perangkat yang baru. Bermula dari pemakaian hub, digantikan dengan switch layer 2, switch layer 3, ATM, CDDI (Copper Data Distributed Interface) dan FDDI (Fiber Data Distributed Interface). Strategi dasar perancangan jaringan switch meliputi: Switch LAN Switch LAN adalah perangkat yang secara tipikal mempunyai beberapa port yang menghubungkan beberapa segmen LAN lain dan port pada switch ini berkecepatan tinggi (kita kenal 100Mbps untuk Ethernet, FDDI dan 155Mbps pada ATM). Sebuah switch mempunyai bandwidth yang dedicated untuk setiap portnya. Untuk kinerja yang tinggi biasanya satu port dipasang untuk satu workstation PC. Contoh sederhana seperti terlihat di gambar. Ketika switch mulai bekerja maka pada saat yang sama setiap workstation memulai request data ke workstation lain (atau server), setiap request yang diterima ditampung oleh switch dan memfilter MAC address dan port yang tersambung dari masing-masing workstation, lalu disusun ke dalam sebuah tabel. Switch pada saat ini rata-rata mampu menampung tabel MAC address sebanyak 8000. Ketika host A pada port 1 akan melakukan transfer data ke host B di port 2 switch akan mem-forward bingkai paket dari port 1 ke port 2. Pada saat yang bersamaan host C melakukan transmisi data ke host D maka komunikasi masing-masing tidak akan saling terganggu sebab switch telah menyediakan jalur logik dan fisik secara dedicated. Ketika perangkat yang terhubung ke switch akan melakukan transmisi data ke sebuah host yang tidak termasuk dalam tabel MAC di atas maka switch akan mengalihkan bingkai data tersebut ke seluruh port dan tidak termasuk port asal data tersebut. Teknik ini disebut dengan flooding. Implementasi switch atau beberapa switch jika tanpa pertimbangan dan perancangan bisa menyebabkan jaringan lumpuh karena flooding ini (bayangkan jika flooding ini terjadi di share-hub). Dalam jaringan TCP/IP setiap workstation juga mempunyai tabel MAC address, tabel ini biasa disebut dengan ARP (Address Resolution Protocol). Tabel ini disusun sebagai pasangan MAC address dengan IP address. Dengan tersambungnya workstation tersebut ke switch, pada saat workstation membroadcast ARP/NetBIOS untuk mencari pasangan MAC address dan IP address workstation lain akan dihadang oleh switch. Kondisi seperti ini menyebabkan nama workstation tidak bisa langsung tampil dalam jaringan Samba atau Windows. Solusi masalah fisik ini ditanggulangi dengan implementasi WINS server, setiap workstation mendaftarkan dirinya langsung ke WINS server dan WINS server akan menjawab setiap query dari broadcast ARP/NetBIOS. Virtual LAN Sebuah Virtual LAN atau dikenal sebagai VLAN merupakan fungsi logik dari sebuah switch. Fungsi logik ini mampu membagi jaringan LAN ke dalam beberapa jaringan virtual. Jaringan virtual ini tersambung ke dalam perangkat fisik yang sama. Implementasi VLAN dalam jaringan memudahkan seorang administrator jaringan dalam membagi secara logik group-group workstation secara fungsional dan tidak dibatasi oleh batasan lokasi. Generasi pertama VLAN berbasis dari OSI Layer 2 (MAC address) dengan mekanisme bridging dan multiplexing. Implementasi umum VLAN bisa kita deskripsikan dalam gambar berikut: Ethernet 10Mbps tersambung ke masing-masing switch A, B, C dan D di tiap-tiap lantai, keempat switch ini tersambung ke sebuah Fast-Ethernet switch E 100Mbps. Dari gambar tersebut bisa kita lihat ada dua VLAN yaitu VLAN 10 dan VLAN 20. Masing-masing VLAN mempunyai jalur yang dedicated antar workstationnya, jalur ini sering disebut sebagai sebuah broadcast domain. Selain secara fisik switch membatasi broadcast data, manajemen VLAN akan membatasi lagi broadcast ini sehingga VLAN 10 dan VLAN 20 sama sekali tidak ada komunikasi langsung. Implementasi VLAN biasanya digabungkan dengan teknologi routing yang bekerja di lapisan ketiga OSI (lapisan network). Dalam jaringan TCP/IP masing-masing VLAN membutuhkan sebuah gateway (gateway dalam artian logik) untuk bisa berkomunikasi dengan VLAN lainnya. Kampus LAN Sebuah jaringan yang terdiri dari beberapa segmen dan menggunakan perangkat switch sering disebut sebagai Campus LAN. Selain teknologi switching yang mengendalikan jalur data juga diterapkan teknologi routing untuk mewadahi kebutuhan komunikasi antar VLAN. Kombinasi dua teknologi ini memberikan kelebihan jaringan berupa: • • • Jalur data yang dedicated sebagai backbone kecepatan tinggi Implementasi VLAN bagi workgroup yang terpisah secara lokasi yang berjauhan Teknologi routing antar VLAN untuk komunikasi karena batasan VLAN itu sendiri selain juga sebagai penerapan jaringan TCP/IP untuk bergabung ke network yang lebih besar, internet. Implementasi firewall pada teknologi routing (berbasis TCP/IP ) Implementasi fisik dalam satu Campus LAN didasarkan atas kondisi fisik yang ada, apakah memungkinkan dengan kabel UTP/STP, atau kabel telepon secara back-to-back atau harus dengan kabel serat optik. Pertimbangan Perancangan dan Implementasi Ada beberapa pertimbangan dalam perancangan jaringan dengan penggunaan teknologi switching yaitu perbandingan switch LAN dengan router, kelebihan switch LAN, kelebihan router, dan beberapa prinsip perancangan switch dan VLAN. Perbandingan Switch LAN dengan Router Perbedaan mendasar switch dan router adalah prinsip kerjanya yang berbeda dilihat dari referensi lapisan OSI. Perbedaan ini menghasilkan cara yang berbeda dalam mengatur lalu lintas jaringan. o Loops, penggunaan beberapa switch dalam satu jaringan memungkinkan terjadinya loop pada komunikasi antar host/workstation. Switch mempunyai teknologi algoritma Spanning Tree Protocol (STP) untuk mencegah loop data seperti ini. Jika dibandingkan dengan router, router menyediakan komunikasi yang bebas loop dengan jalur yang optimal. o o o o o Convergence, dalam switch yang transparan bisa terjadi jalur data secara switching lebih panjang jika dibandingkan dengan penggunaan router. Protokol routing seperti OSPF (Open Shortest Path First) menyediakan komunikasi routing data berdasarkan jalur data terdekat. Broadcast, switch LAN tidak memfilter data broadcast dan multicast karena switch beroperasi pada lapisan 2 sedangkan broadcast/multicast adalah paket data di lapisan 3, broadcast yang berlebihan bisa menyebabkan kondisi yang disebut broadcast-storm. Pada router broadcast dan multicast tidak diforward dan bisa difilter. Subnet, switch dan router mempunyai perbedaan mendasar dalam mengurangi broadcast domain, secara fisik kita bisa merancang segmentasi LAN, dalam teknologi routing perbedaan subnet tidak dibatasi secara fisik harus dalam switch yang sama. Security, kombinasi switch dan router mampu meningkatkan keamanan secara protokol masing-masing. Switch bisa memfilter header paket data berdasarkan MAC address dan router selain memfilter di lapisan 3 network juga mampu memfilter berdasarkan MAC address. Media-Dependence, dua faktor yang harus dipertimbangkan dalam perancangan jaringan heterogen (mixed-media), yang pertama adalah faktor Maximum Transfer Unit (MTU), tiap topologi mempunyai MTU yang berbeda. Yang kedua adalah proses translasi paket karena perbedaan media di atas. Switch secara transparan akan menerjemahkan paket yang berbeda supaya tetap saling berkomunikasi. Pada router terjadi secara independen karena router bekerja di lapisan network, bukan lapisan datalink. Kelebihan Switch o o o o Switch dan Switch VLAN sama-sama bekerja di lapisan kedua lapisan OSI. Implementasi teknologi pada lapisan ini memberikan tiga kelebihan utama: Bandwidth, switch LAN memberikan bandwidth yang dedicated untuk setiap dan antar portnya. Jika masing-masing port tersambung ke switch lagi atau share-hub maka tiap segmen tersebut mendapat alokasi bandwidth yang sama (contohnya adalah gambar implementasi VLAN di atas). Teknik ini biasa disebut dengan segmentasi mikro (microsegmenting). VLAN, switch VLAN mampu membagi grup port secara fisik menjadi beberapa segmen LAN secara logik, masing-masing broadcast domain yang terjadi tidak akan saling mengganggu antar VLAN. VLAN ini sering juga disebut sebagai switched domains atau autonomous switching domains. Komunikasi antar VLAN membutuhkan router (berfungsi sebagai gateway masing-masing VLAN). Otomatisasi pengenalan dan penerjemahan paket, salah satu teknologi yang dikembangkan oleh Cisco adalah Automatic Paket Recognition and Translation (APaRT) yang berfungsi untuk menyediakan transparansi antara Ethernet dengan CDDI/FDDI. Kelebihan Router o o o Broadcast/Multicast Control, router mampu mengendalikan broadcast dan multicast dengan tiga cara yaitu dengan meng-cache alamat host, meng-cache layanan network-advertise dan menyediakan protokol khusus seperti Internet Group Message Protocol (IGMP) yang biasa dipakai dalam jaringan Multicast Backbone. Broadcast Segmentation, untuk mencegah broadcast router juga bertanggungjawab dengan cara yang berlainan tergantung protokol yang dipakai misalnya dalam TCP/IP menggunakan proxy ARP dan protokol Internet Control Message Protocol (ICMP). Media Transition, dalam jaringan heterogen router mampu menerjemahkan paket ke dalam media yang berbeda, dalam kondisi ini paket data di-fragmentasi oleh router karena perbedaan MTU. Kelebihan VLAN Isu utama implementasi VLAN dibandingkan jaringan hub/flat adalah scalability terhadap topologi jaringan dan penyederhanaan manajemen. Kelebihan yang ditawarkan pada VLAN adalah: o o o o Broadcast control, layaknya switch biasa membatasai broadcast domain VLAN mampu membatasi broadcast dari masing-masing grup-grup VLAN, antar VLAN tidak terjadi broadcast silang. Security, meskipun secara fisik berada dalam switch yang sama VLAN membentengi sebuah grup dari VLAN lain atau dari akses luar jaringan, selain itu implementasi firewall di routernya bisa dipasang juga. Performance, pengelompokkan secara grup logik ini memberikan jalur data yang dedicated untuk setiap grup, otomatis masing-masing grup mendapat kinerja jalur data yang maksimum. Management, prinsip logik pada VLAN memberikan kemudahan secara manajemen, seorang user dari satu grup VLAN yang berpindah lokasi tidak perlu lagi mengganti koneksi/sambungan ke switch, administrator cukup mengubah anggota grup VLAN tersebut (port baru masuk grup VLAN dan port lama dikeluarkan dari grup VLAN). Implementasi VLAN Implementasi VLAN pada sebuah switch bisa dibedakan atas: port, cara ini mengatur agar setiap port hanya mendukung satu VLAN, workstation dalam VLAN yang sama memperoleh sambungan switched dan komunikasi antar VLAN harus routedmelalui perangkat khusus router atau internal switch itu sendiri jika mendukung teknologi routing (perangkat ini sering disebut sebagai Switch Layer 3). Cara seperti ini sering disebut sebagai segment-based VLAN. protokol, VLAN berdasarkan alamat network (OSI lapisan ketiga) memungkinkan topologi virtual untuk setiap protokol, dengan setiap protokol mempunyai rule, firewall dll. Routing antar VLAN akan terjadi secara otomatis tanpa tambahan perangkat router eksternal. Dengan kata lain VLAN ini membolehkan satu port menjadi beberapa VLAN. Cara seperti ini sering disebut sebagai virtual subnet VLAN. user defined, cara ini bisa dianggap paling fleksibel, membolehkan switch membentuk VLAN atas dasar paket data, sebagai contoh VLAN disusun atas dasar MAC address. Sumber : Dari berbagai sumber ROUTING PROTOCOL PADA CISCO ROUTER Analogi routing protocol adalah bagaikan marka penunjuk jalan yang biasanya berwarna hijau dan terdapat di jalan-jalan raya. Marka penunjuk jalan ini sangat berguna untuk menghantarkan Anda ke tempat yang dituju. Jika Anda mengikuti terus marka penunjuk jalan ini maka kemungkinan besar Anda akan sampai ke tempat tujuan. Marka jalan tersebut akan menciptakan sebuah rute perjalanan untuk Anda tempuh ke tujuan. Mungkin terbentang banyak rute untuk mencapai tempat tujuan Anda, namun biasanya marka jalan tersebut akan menunjukan jalan yang terbaik untuk mencapai tujuan tersebut. Routing protokol bekerja dengan analogi yang hampir sama dengan marka jalan tersebut. Routing protokol memiliki tugas dan fungsi menunjukkan jalan untuk sebuah informasi agar dapat mencapai tempat tujuannya. Routing protokol akan mengumpulkan rute-rute perjalanan apa saja yang tersedia dalam sebuah jaringan dan semua kemungkinan yang ada. Kemudian rute-rute yang terkumpul tersebut diolah dan dijadikan sebuah tabel yang disebut sebagai routing table. Dari routing tabel ini, kemudian perangkat jaringan pintar seperti router dapat memilih jalan terbaik untuk menuju ke lokasi tujuan. (RIP) Routing Information Protocol RIP termasuk dalam protokol distance-vector, sebuah protokol yang sangat sederhana. Protokol distance-vector sering juga disebut protokol Bellman-Ford, karena berasal dari algoritma perhitungan jarak terpendek oleh R.E. Bellman, dan dideskripsikan dalam bentuk algoritma-terdistribusi pertama kali oleh Ford dan Fulkerson. Setiap router dengan protokol distance-vector ketika pertama kali dijalankan hanya mengetahui cara routing ke dirinya sendiri (informasi lokal) dan tidak mengetahui topologi jaringan tempatnya berada. Router kemudia mengirimkan informasi lokal tersebut dalam bentuk distance-vector ke semua link yang terhubung langsung dengannya. Router yang menerima informasi routing menghitung distance-vector, menambahkan distance-vector dengan metrik link tempat informasi tersebut diterima, dan memasukkannya ke dalam entri forwarding table jika dianggap merupakan jalur terbaik. Informasi routing setelah penambahan metrik kemudian dikirim lagi ke seluruh antarmuka router, dan ini dilakukan setiap selang waktu tertentu. Demikian seterusnya sehingga seluruh router di jaringan mengetahui topologi jaringan tersebut. Protokol distance-vector memiliki kelemahan yang dapat terlihat apabila dalam jaringan ada link yang terputus. Dua kemungkinan kegagalan yang mungkin terjadi adalah efek bouncing dan menghitung-sampai-tak-hingga (counting to infinity). Efek bouncing dapat terjadi pada jaringan yang menggunakan metrik yang berbeda pada minimal sebuah link. Link yang putus dapat menyebabkan routing loop, sehingga datagram yang melewati link tertentu hanya berputar-putar di antara dua router (bouncing) sampai umur (time to live) datagram tersebut habis. Menghitung-sampai-tak-hingga terjadi karena router terlambat menginformasikan bahwa suatu link terputus. Keterlambatan ini menyebabkan router harus mengirim dan menerima distance-vector serta menghitung metrik sampai batas maksimum metrik distance-vector tercapai. Link tersebut dinyatakan putus setelah distance-vector mencapai batas maksimum metrik. Pada saat menghitung metrik ini juga terjadi routing loop, bahkan untuk waktu yang lebih lama daripada apabila terjadi efek bouncing.. RIP tidak mengadopsi protokol distance-vector begitu saja, melainkan dengan melakukan beberapa penambahan pada algoritmanya agar routing loop yang terjadi dapat diminimalkan. Split horizon digunakan RIP untuk meminimalkan efek bouncing. Prinsip yang digunakan split horizon sederhana: jika node A menyampaikan datagram ke tujuan X melalui node B, maka bagi B tidak masuk akal untuk mencapai tujuan X melalui A. Jadi, A tidak perlu memberitahu B bahwa X dapat dicapai B melalui A. Untuk mencegah kasus menghitung-sampai-tak-hingga, RIP menggunakan metode Triggered Update. RIP memiliki timer untuk mengetahui kapan router harus kembali memberikan informasi routing. Jika terjadi perubahan pada jaringan, sementara timer belum habis, router tetap harus mengirimkan informasi routing karena dipicu oleh perubahan tersebut (triggered update). Dengan demikian, router-router di jaringan dapat dengan cepat mengetahui perubahan yang terjadi dan meminimalkan kemungkinan routing loop terjadi. RIP yang didefinisikan dalam RFC-1058 menggunakan metrik antara 1 dan 15, sedangkan 16 dianggap sebagai tak-hingga. Route dengan distance-vector 16 tidak dimasukkan ke dalam forwarding table. Batas metrik 16 ini mencegah waktu menghitung-sampai-tak-hingga yang terlalu lama. Paket-paket RIP secara normal dikirimkan setiap 30 detik atau lebih cepat jika terdapat triggered updates. Jika dalam 180 detik sebuah route tidak diperbarui, router menghapus entri route tersebut dari forwarding table. RIP tidak memiliki informasi tentang subnet setiap route. Router harus menganggap setiap route yang diterima memiliki subnet yang sama dengan subnet pada router itu. Dengan demikian, RIP tidak mendukung Variable Length Subnet Masking (VLSM). RIP versi 2 (RIP-2 atau RIPv2) berupaya untuk menghasilkan beberapa perbaikan atas RIP, yaitu dukungan untuk VLSM, menggunakan otentikasi, memberikan informasi hop berikut (next hop), dan multicast. Penambahan informasi subnet mask pada setiap route membuat router tidak harus mengasumsikan bahwa route tersebut memiliki subnet mask yang sama dengan subnet mask yang digunakan padanya. RIP-2 juga menggunakan otentikasi agar dapat mengetahui informasi routing mana yang dapat dipercaya. Otentikasi diperlukan pada protokol routing untuk membuat protokol tersebut menjadi lebih aman. RIP-1 tidak menggunakan otentikasi sehingga orang dapat memberikan informasi routing palsu. Informasi hop berikut pada RIP-2 digunakan oleh router untuk menginformasikan sebuah route tetapi untuk mencapai route tersebut tidak melewati router yang memberi informasi, melainkan router yang lain. Pemakaian hop berikut biasanya di perbatasan antar-AS. RIP-1 menggunakan alamat broadcast untuk mengirimkan informasi routing. Akibatnya, paket ini diterima oleh semua host yang berada dalam subnet tersebut dan menambah beban kerja host. RIP-2 dapat mengirimkan paket menggunakan multicast pada IP 224.0.0.9 sehingga tidak semua host perlu menerima dan memproses informasi routing. Hanya router-router yang menggunakan RIP-2 yang menerima informasi routing tersebut tanpa perlu mengganggu host-host lain dalam subnet. RIP merupakan protokol routing yang sederhana, dan ini menjadi alasan mengapa RIP paling banyak diimplementasikan dalam jaringan. Mengatur routing menggunakan RIP tidak rumit dan memberikan hasil yang cukup dapat diterima, terlebih jika jarang terjadi kegagalan link jaringan. Walaupun demikian, untuk jaringan yang besar dan kompleks, RIP mungkin tidak cukup. Dalam kondisi demikian, penghitungan routing dalam RIP sering membutuhkan waktu yang lama, dan menyebabkan terjadinya routing loop. Untuk jaringan seperti ini, sebagian besar spesialis jaringan komputer menggunakan protokol yang masuk dalam kelompok link-state. Cara Kerja RIP RIP bekerja dengan menginformasikan status network yang dipegang secara langsung kepada router tetangganya. Karakteristik dari RIP: • • • • • • Distance vector routing protocol Hop count sebagi metric untuk memilih rute Maximum hop count 15, hop ke 16 dianggap unreachable Secara default routing update 30 detik sekali RIPv1 (classfull routing protocol) tidak mengirimkan subnet mask pada update RIPv2 (classless routing protocol) mengirimkan subnet mask pada update Kelemahan RIP Dalam implementasi RIP memang mudah untuk digunakan, namun RIP mempunyai masalah serius pada Autonomous System yang besar, yaitu : 1. Terbatasnya diameter network Telah disebutkan sedikit di atas bahwa RIP hanya bisa menerima metrik sampai 15. Lebih dari itu tujuan dianggap tidak terjangkau. Hal ini bisa menjadi masalah pada network yang besar. 2. Konvergensi yang lambat Untuk menghapus entry tabel routing yang bermasalah, RIP mempunyai metode yang tidak efesien. Seperti pada contoh skema network di atas, misalkan subnet 10 bernilai 1 hop dari router 2 dan bernilai 2 hop dari router 3. Ini pada kondisi bagus, namun apabila router 1 crash, maka subnet 3 akan dihapus dari table routing kepunyaan router 2 sampai batas waktu 180 detik. Sementara itu, router 3 belum mengetahui bahwa subnet 3 tidak terjangkau, ia masih mempunyai table routing yang lama yang menyatakan subnet 3 sejauh 2 hop (yang melalui router 2). Waktu subnet 3 dihapus dari router 2, router 3 memberikan informasi ini kepada router 2 dan router 2 melihat bahwa subnet 3 bisa dijangkau lewat router 3 dengan 3 hop ( 2 + 1 ).Karena ini adalah routing baru maka ia akan memasukkannya ke dalam KRT. Berikutnya, router 2 akan mengupdate routing table dan memberikannya kepada router 3 bahwa subnet 3 bernilai 3 hop. Router 3 menerima dan menambahkan 1 hop lagi menjadi 4. Lalu tabel routing diupdate lagi dan router 2 meneriman informasi jalan menuju subnet 3 menjadi 5 hop. Demikian seterusnya sampai nilainya lebih dari 30. Routing atas terus menerus looping sampai nilainya lebih dari 30 hop. 3. Tidak bisa membedakan network masking lebih dari /24 RIP membaca ip address berdasarkan kepada kelas A, B dan C. Seperti kita ketahui bahwa kelas C mempunyai masking 24 bit. Dan masking ini masih bias diperpanjang menjadi 25 bit, 26 bit dan seterusnya. RIP tidak dapat membacanya bila lebih dari 24 bit. Ini adalah masalah besar, mengingat masking yang lebih dari 24 bit banyak dipakai. Hal ini sudah dapat di atasi pada RIPv2. Interior Gateway routing Protocol Interior Gateway routing Protocol atau yang biasa dikenal dengan sebutan IGRP merupakan suatu protokol jaringan kepemilikan yang mengembangkan sistem Cisco yang dirancang pada sistem otonomi untuk menyediakan suatu alternatif RIP (Routing Information Protocol). IGRP merupakan suatu penjaluran jarak antara vektor protokol, bahwa masing-masing penjaluran bertugas untuk mengirimkan semua atau sebagian dari isi table penjaluran dalam penjaluran pesan untuk memperbaharui pada waktu tertentu untuk masing-masing penjaluran. Penjaluran memilih alur yang terbaik antara sumber dan tujuan. Untuk menyediakan fleksibilitas tambahan, IGRP mengijinkan untuk melakukan penjaluran multipath. Bentuk garis equal bandwidth dapat menjalankan arus lalu lintas dalam round robin, dengan melakukan peralihan secara otomatis kepada garis kedua jika sampai garis kesatu turun. Operasi IGRP Masing-masing penjaluran secara rutin mengirimkan masing-masing jaringan lokal kepada suatu pesan yang berisi salinan tabel penjaluran dari tabel lainnya. Pesan ini berisi tentang biaya-biaya dan jaringan yang akan dicapai untuk menjangkau masing-masing jaringan tersebut. Penerima pesan penjaluran dapat menjangkau semua jaringan didalam pesan sepanjang penjaluran yang bisa digunakan untuk mengirimkan pesan. Tujuan dari IGRP yaitu: • Penjaluran stabil dijaringan kompleks sangat besar dan tidaka ada pengulangan penjaluran. • • • • Overhead rendah, IGRP sendiri tidak menggunakan bandwidth yang diperlukan untuk tugasnya. Pemisahan lalu lintas antar beberapa rute paralel. Kemampuan untuk menangani berbagai jenis layanan dengan informasi tunggal. Mempertimbangkan menghitung laju kesalahan dan tingkat lalu lintas pada alur yang berbeda. Perubahan IGRP Kemudian setelah melalui proses pembaharuan IGRP kemudian menjadi EIGRP (Enhanced IGRP), persamaannya adalah IGRP dan EIGRP sama-sama kompatibel dan antara router-router yang menjalankan EIGRP dan IGRP dengan autonomous system yang sama akan langsung otomatis terdistribusi. Selain itu EIGRP juga akan memberikan tagging external route untuk setiap route yang berasal dari: • Routing protocol non EIGRP. • Routing protocol IGRP dengan AS number yang sama. Open Shortest Path First (OSPF) Definisi OSPF OSPF merupakan sebuah routing protokol berjenis IGP yang hanya dapat bekerja dalam jaringan internal suatu ogranisasi atau perusahaan. Jaringan internal maksudnya adalah jaringan dimana user masih memiliki hak untuk menggunakan, mengatur, dan memodifikasinya. Atau dengan kata lain, user masih memiliki hak administrasi terhadap jaringan tersebut. Jika user sudah tidak memiliki hak untuk menggunakan dan mengaturnya, maka jaringan tersebut dapat dikategorikan sebagai jaringan eksternal. Selain itu, OSPF juga merupakan routing protokol yang berstandar terbuka. Maksudnya adalah routing protokol ini bukan ciptaan dari vendor manapun. Dengan demikian, siapapun dapat menggunakannya, perangkat manapun dapat kompatibel dengannya, dan dimanapun routing protokol ini dapat diimplementasikan. OSPF merupakan routing protokol yang menggunakan konsep hirarki routing, artinya OSPF membagi-bagi jaringan menjadi beberapa tingkatan. Tingkatan-tingkatan ini diwujudkan dengan menggunakan sistem pengelompokan area. Dengan menggunakan konsep hirarki routing ini sistem penyebaran informasinya menjadi lebih teratur dan tersegmentasi, tidak menyebar ke sana kemari dengan sembarangan. Efek dari keteraturan distribusi routing ini adalah jaringan yang penggunaan bandwidth-nya lebih efisien, lebih cepat mencapai konvergensi, dan lebih presisi dalam menentukan rute-rute terbaik menuju ke sebuah lokasi. OSPF merupakan salah satu routing protocol yang selalu berusaha untuk bekerja demikian. Teknologi yang digunakan oleh routing protokol ini adalah teknologi link-state yang memang didesain untuk bekerja dengan sangat efisien dalam proses pengiriman update informasi rute. Hal ini membuat routing protokol OSPF menjadi sangat cocok untuk terus dikembangkan menjadi network berskala besar. Pengguna OSPF biasanya adalah para administrator jaringan berskala sedang sampai besar. Jaringan dengan jumlah router lebih dari sepuluh buah, dengan banyak lokasi-lokasi remote yang perlu juga dijangkau dari pusat, dengan jumlah pengguna jaringan lebih dari lima ratus perangkat komputer, mungkin sudah layak menggunakan routing protocol ini. OSPF Membentuk Hubungan dengan Router Lain Untuk memulai semua aktivitas OSPF dalam menjalankan pertukaran informasi routing, hal pertama yang harus dilakukannya adalah membentuk sebuah komunikasi dengan para router lain. Router lain yang berhubungan langsung atau yang berada di dalam satu jaringan dengan router OSPF tersebut disebut dengan neighbour router atau router tetangga. Langkah pertama yang harus dilakukan sebuah router OSPF adalah harus membentuk hubungan dengan neighbour router. Router OSPF mempunyai sebuah mekanisme untuk dapat menemukan router tetangganya dan dapat membuka hubungan. Mekanisme tersebut disebut dengan istilah Hello protocol. Dalam membentuk hubungan dengan tetangganya, router OSPF akan mengirimkan sebuah paket berukuran kecil secara periodik ke dalam jaringan atau ke sebuah perangkat yang terhubung langsung dengannya. Paket kecil tersebut dinamai dengan istilah Hello packet. Pada kondisi standar, Hello packet dikirimkan berkala setiap 10 detik sekali (dalam media broadcast multiaccess) dan 30 detik sekali dalam media Point-to-Point. Hello packet berisikan informasi seputar pernak-pernik yang ada pada router pengirim. Hello packet pada umumnya dikirim dengan menggunakan multicast address untuk menuju ke semua router yang menjalankan OSPF (IP multicast 224.0.0.5). Semua router yang menjalankan OSPF pasti akan mendengarkan protokol hello ini dan juga akan mengirimkan hello packet-nya secara berkala. Cara kerja dari Hello protocol dan pembentukan neighbour router terdiri dari beberapa jenis, tergantung dari jenis media di mana router OSPF berjalan. Seperti telah dijelaskan di atas, OSPF harus membentuk hubungan dulu dengan router tetangganya untuk dapat saling berkomunikasi seputar informasi routing. Untuk membentuk sebuah hubungan dengan router tetangganya, OSPF mengandalkan Hello protocol. Namun uniknya cara kerja Hello protocol pada OSPF berbeda-beda pada setiap jenis media. Ada beberapa jenis media yang dapat meneruskan informasi OSPF, masingmasing memiliki karakteristik sendiri, sehingga OSPF pun bekerja mengikuti karakteristik mereka. Media tersebut adalah sebagai berikut: Broadcast Multiaccess Media jenis ini adalah media yang banyak terdapat dalam jaringan lokal atau LAN seperti misalnya ethernet, FDDI, dan token ring. Dalam kondisi media seperti ini, OSPF akan mengirimkan traffic multicast dalam pencarian router-router neighbour-nya. Namun ada yang unik dalam proses pada media ini, yaitu akan terpilih dua buah router yang berfungsi sebagai Designated Router (DR) dan Backup Designated Router (BDR). Point-to-Point Teknologi Point-to-Point digunakan pada kondisi di mana hanya ada satu router lain yang terkoneksi langsung dengan sebuah perangkat router. Contoh dari teknologi ini misalnya link serial. Dalam kondisi Point-to-Point ini, router OSPF tidak perlu membuat Designated Router dan Back-up-nya karena hanya ada satu router yang perlu dijadikan sebagai neighbour. Dalam proses pencarian neighbour ini, router OSPF juga akan melakukan pengiriman Hello packet dan pesan-pesan lainnya menggunakan alamat multicast bernama AllSPFRouters 224.0.0.5. Point-to-Multipoint Media jenis ini adalah media yang memiliki satu interface yang menghubungkannya dengan banyak tujuan. Jaringan-jaringan yang ada di bawahnya dianggap sebagai serangkaian jaringan Point-to-Point yang saling terkoneksi langsung ke perangkat utamanya. Pesan-pesan routing protocol OSPF akan direplikasikan ke seluruh jaringan Point-to-Point tersebut. Pada jaringan jenis ini, traffic OSPF juga dikirimkan menggunakan alamat IP multicast. Tetapi yang membedakannya dengan media berjenis broadcast multi-access adalah tidak adanya pemilihan Designated dan Backup Designated Router karena sifatnya yang tidak meneruskan broadcast. Nonbroadcast Multiaccess (NBMA) Media berjenis Nonbroadcast multi-access ini secara fisik merupakan sebuah serial line biasa yang sering ditemui pada media jenis Point-to-Point. Namun secara faktanya, media ini dapat menyediakan koneksi ke banyak tujuan, tidak hanya ke satu titik saja. Contoh dari media ini adalah X.25 dan frame relay yang sudah sangat terkenal dalam menyediakan solusi bagi kantor-kantor yang terpencar lokasinya. Di dalam penggunaan media ini pun dikenal dua jenis penggunaan, yaitu jaringan partial mesh dan fully mesh. OSPF melihat media jenis ini sebagai media broadcast multiaccess. Namun pada kenyataannya, media ini tidak bisa meneruskan broadcast ke titik-titik yang ada di dalamnya. Maka dari itu untuk penerapan OSPF dalam media ini, dibutuhkan konfigurasi DR dan BDR yang dilakukan secara manual. Setelah DR dan BDR terpilih, router DR akan mengenerate LSA untuk seluruh jaringan. Dalam media jenis ini yang menjadi DR dan BDR adalah router yang memiliki koneksi langsung ke seluruh router tetangganya. Semua traffic yang dikirimkan dari router-router neighbour akan direplikasikan oleh DR dan BDR untuk masing-masing router dan dikirim dengan menggunakan alamat unicast atau seperti layaknya proses OSPF pada media Point-to-Point. • Proses Terjadinya OSPF Secara garis besar, proses yang dilakukan routing protokol OSPF mulai dari awal hingga dapat saling bertukar informasi ada lima langkah. Berikut ini adalah langkah-langkahnya: Membentuk Adjacency Router Adjacency router arti harafiahnya adalah router yang bersebelahan atau yang terdekat. Jadi proses pertama dari router OSPF ini adalah menghubungkan diri dan saling berkomunikasi dengan para router terdekat atau neighbour router. Untuk dapat membuka komunikasi, Hello protocol akan bekerja dengan mengirimkan Hello packet. Misalkan ada dua buah router, Router A dan B yang saling berkomunikasi OSPF. Ketika OSPF kali pertama bekerja, maka kedua router tersebut akan saling mengirimkan Hello packet dengan alamat multicast sebagai tujuannya. Di dalam Hello packet terdapat sebuah field yang berisi Neighbour ID. Misalkan router B menerima Hello packet lebih dahulu dari router A. Maka Router B akan mengirimkan kembali Hello packet-nya dengan disertai ID dari Router A. Ketika router A menerima hello packet yang berisikan ID dari dirinya sendiri, maka Router A akan menganggap Router B adalah adjacent router dan mengirimkan kembali hello packet yang telah berisi ID Router B ke Router B. Dengan demikian Router B juga akan segera menganggap Router A sebagai adjacent routernya. Sampai di sini adjacency router telah terbentuk dan siap melakukan pertukaran informasi routing. Contoh pembentukan adjacency di atas hanya terjadi pada proses OSPF yang berlangsung pada media Point-to-Point. Namun, prosesnya akan lain lagi jika OSPF berlangsung pada media broadcast multiaccess seperti pada jaringan ethernet. Karena media broadcast akan meneruskan paket-paket hello ke seluruh router yang ada dalam jaringan, maka adjacency router-nya tidak hanya satu. Proses pembentukan adjacency akan terus berulang sampai semua router yang ada di dalam jaringan tersebut menjadi adjacent router. Namun apa yang akan terjadi jika semua router menjadi adjacent router? Tentu komunikasi OSPF akan meramaikan jaringan. Bandwidth jaringan Anda menjadi tidak efisien terpakai karena jatah untuk data yang sesungguhnya ingin lewat di dalamnya akan berkurang. Untuk itu pada jaringan broadcast multiaccess akan terjadi lagi sebuah proses pemilihan router yang menjabat sebagai “juru bicara” bagi router-router lainnya. Router juru bicara ini sering disebut dengan istilah Designated Router. Selain router juru bicara, disediakan juga back-up untuk router juru bicara ini. Router ini disebut dengan istilah Backup Designated Router. Langkah berikutnya adalah proses pemilihan DR dan BDR, jika memang diperlukan. Memilih DR dan BDR (jika diperlukan) Dalam jaringan broadcast multiaccess, DR dan BDR sangatlah diperlukan. DR dan BDR akan menjadi pusat komunikasi seputar informasi OSPF dalam jaringan tersebut. Semua paket pesan yang ada dalam proses OSPF akan disebarkan oleh DR dan BDR. Maka itu, pemilihan DR dan BDR menjadi proses yang sangat kritikal. Sesuai dengan namanya, BDR merupakan “shadow” dari DR. Artinya BDR tidak akan digunakan sampai masalah terjadi pada router DR. Ketika router DR bermasalah, maka posisi juru bicara akan langsung diambil oleh router BDR. Sehingga perpindahan posisi juru bicara akan berlangsung dengan smooth. Proses pemilihan DR/BDR tidak lepas dari peran penting Hello packet. Di dalam Hello packet ada sebuah field berisikan ID dan nilai Priority dari sebuah router. Semua router yang ada dalam jaringan broadcast multi-access akan menerima semua Hello dari semua router yang ada dalam jaringan tersebut pada saat kali pertama OSPF berjalan. Router dengan nilai Priority tertinggi akan menang dalam pemilihan dan langsung menjadi DR. Router dengan nilai Priority di urutan kedua akan dipilih menjadi BDR. Status DR dan BDR ini tidak akan berubah sampai salah satunya tidak dapat berfungsi baik, meskipun ada router lain yang baru bergabung dalam jaringan dengan nilai Priority-nya lebih tinggi. Secara default, semua router OSPF akan memiliki nilai Priority 1. Range Priority ini adalah mulai dari 0 hingga 255. Nilai 0 akan menjamin router tersebut tidak akan menjadi DR atau BDR, sedangkan nilai 255 menjamin sebuah router pasti akan menjadi DR. Router ID biasanya akan menjadi sebuah “tie breaker” jika nilai Priority-nya sama. Jika dua buah router memiliki nilai Priority yang sama, maka yang menjadi DR dan BDR adalah router dengan nilai router ID tertinggi dalam jaringan. Setelah DR dan BDR terpilih, langkah selanjutnya adalah mengumpulkan seluruh informasi jalur dalam jaringan. Mengumpulkan State-state dalam Jaringan Setelah terbentuk hubungan antarrouter-router OSPF, kini saatnya untuk bertukar informasi mengenai state-state dan jalur-jalur yang ada dalam jaringan. Pada jaringan yang menggunakan media broadcast multiaccess, DR-lah yang akan melayani setiap router yang ingin bertukar informasi OSPF dengannya. DR akan memulai lebih dulu proses pengiriman ini. Namun yang menjadi pertanyaan selanjutnya adalah, siapakah yang memulai lebih dulu pengiriman data link-state OSPF tersebut pada jaringan Pointto-Point? Untuk itu, ada sebuah fase yang menangani siapa yang lebih dulu melakukan pengiriman. Fase ini akan memilih siapa yang akan menjadi master dan siapa yang menjadi slave dalam proses pengiriman. Router yang menjadi master akan melakukan pengiriman lebih dahulu, sedangkan router slave akan mendengarkan lebih dulu. Fase ini disebut dengan istilah Exstart State. Router master dan slave dipilih berdasarkan router ID tertinggi dari salah satu router. Ketika sebuah router mengirimkan Hello packet, router ID masing-masing juga dikirimkan ke router neighbour. Setelah membandingkan dengan miliknya dan ternyata lebih rendah, maka router tersebut akan segera terpilih menjadi master dan melakukan pengiriman lebih dulu ke router slave. Setelah fase Exstart lewat, maka router akan memasuki fase Exchange. Pada fase ini kedua buah router akan saling mengirimkan Database Description Packet. Isi paket ini adalah ringkasan status untuk seluruh media yang ada dalam jaringan. Jika router penerimanya belum memiliki informasi yang ada dalam paket Database Description, maka router pengirim akan masuk dalam fase loading state. Fase loading state merupakan fase di mana sebuah router mulai mengirimkan informasi state secara lengkap ke router tetangganya. Setelah loading state selesai, maka router-router yang tergabung dalam OSPF akan memiliki informasi state yang lengkap dan penuh dalam database statenya. Fase ini disebut dengan istilah Full state. Sampai fase ini proses awal OSPF sudah selesai, namun database state tidak bisa digunakan untuk proses forwarding data. Maka dari itu, router akan memasuki langkah selanjutnya, yaitu memilih rute-rute terbaik menuju ke suatu lokasi yang ada dalam database state tersebut. Memilih Rute Terbaik untuk Digunakan Setelah informasi seluruh jaringan berada dalam database, maka kini saatnya untuk memilih rute terbaik untuk dimasukkan ke dalam routing table. Jika sebuah rute telah masuk ke dalam routing table, maka rute tersebut akan terus digunakan. Untuk memilih rute-rute terbaik, parameter yang digunakan oleh OSPF adalah Cost. Metrik Cost biasanya akan menggambarkan seberapa dekat dan cepatnya sebuah rute. Nilai Cost didapat dari perhitungan dengan rumus: Router OSPF akan menghitung semua cost yang ada dan akan menjalankan algoritma Shortest Path First untuk memilih rute terbaiknya. Setelah selesai, maka rute tersebut langsung dimasukkan dalam routing table dan siap digunakan untuk forwarding data. Menjaga Informasi Routing Tetap Upto-date Ketika sebuah rute sudah masuk ke dalam routing table, router tersebut harus juga memaintain state database-nya. Hal ini bertujuan kalau ada sebuah rute yang sudah tidak valid, maka router harus tahu dan tidak boleh lagi menggunakannya. Ketika ada perubahan link-state dalam jaringan, OSPF router akan melakukan flooding terhadap perubahan ini. Tujuannya adalah agar seluruh router dalam jaringan mengetahui perubahan tersebut. Sampai di sini semua proses OSPF akan terus berulang-ulang. Mekanisme seperti ini membuat informasi rute-rute yang ada dalam jaringan terdistribusi dengan baik, terpilih dengan baik dan dapat digunakan dengan baik pula. Keuntungan Menggunakan OSPF Speed of convergence Support for Variable Length Subnet Mask (VLSM) Network size Path selection Grouping of members Sumber : Dari berbagai sumber Cisco Networking Academy Program Test Sem 1 Chapter 3 Cisco Networking Academy Program Test Sem 1 Chapter 4 Cisco Networking Academy Program Test Sem 1 Chapter 4 Cisco Networking Academy Program Test Sem 1 Chapter 6 Cisco Networking Academy Program Test Sem 1 Chapter 7 Cisco Networking Academy Program Test Sem 1 Chapter 8 Cisco Networking Academy Program Test Sem 1 Chapter 9 + Cisco Networking Academy Program Test Sem 1 Chapter 9-10 + Cisco Networking Academy Program Test Sem 1 Chapter 10 Cisco Networking Academy Program Test Sem 1 Chapter 11 Cisco Exploration Semester 1 Chapter 2 Communicating Over The Network Introduction More and more, it is networks that connect us. People communicate online from everywhere. Efficient, dependable technology enables networks to be available whenever and wherever we need them. As our human network continues to expand, the platform that connects and supports it must also grow. Rather than developing unique and separate systems for the delivery of each new service, the network industry as a whole has developed the means to both analyze the existing platform and enhance it incrementally. This ensures that existing communications are maintained while new services are introduced that are both cost effective and technologically sound. In this course, we focus on these aspects of the information network: o o o o o Devices that make up the network Media that connect the devices Messages that are carried across the network Rules and processes that govern network communications Tools and commands for constructing and maintaining networks Central to the study of networks is the use of generally-accepted models that describe network functions. These models provide a framework for understanding current networks and for facilitating the development of new technologies to support future communications needs. Within this course, we use these models, as well as tools designed to analyze and simulate network functionality. Two of the tools that will enable you to build and interact with simulated networks are Packet Tracer 4.1 software and Wireshark network protocol analyzer. This chapter prepares you to: o o o o o Describe the structure of a network, including the devices and media that are necessary for successful communications. Explain the function of protocols in network communications. Explain the advantages of using a layered model to describe network functionality. Describe the role of each layer in two recognized network models: The TCP/IP model and the OSI model. Describe the importance of addressing and naming schemes in network communications. 1. The Platform for communications 1. The Elements Of Communications Communication begins with a message, or information, that must be sent from one individual or device to another. People exchange ideas using many different communication methods. All of these methods have three elements in common. The first of these elements is the message source, or sender. Message sources are people, or electronic devices, that need to send a message to other individuals or devices. The second element of communication is the destination, or receiver, of the message. The destination receives the message and interprets it. A third element, called a channel, consists of the media that provides the pathway over which the message can travel from source to destination. Consider, for example, the desire to communicate using words, pictures, and sounds. Each of these messages can be sent across a data or information network by first converting them into binary digits, or bits. These bits are then encoded into a signal that can be transmitted over the appropriate medium. In computer networks, the media is usually a type of cable, or a wireless transmission. The term network in this course will refer to data or information networks capable of carrying many different types of communications, including traditional computer data, interactive voice, video, and entertainment products. 1. Communicating The Messages In theory, a single communication, such as a music video or an e-mail message, could be sent across a network from a source to a destination as one massive continuous stream of bits. If messages were actually transmitted in this manner, it would mean that no other device would be able to send or receive messages on the same network while this data transfer was in progress. These large streams of data would result in significant delays. Further, if a link in the interconnected network infrastructure failed during the transmission, the complete message would be lost and have to be retransmitted in full. A better approach is to divide the data into smaller, more manageable pieces to send over the network. This division of the data stream into smaller pieces is called segmentation. Segmenting messages has two primary benefits. First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process used to interleave the pieces of separate conversations together on the network is called multiplexing. Second, segmentation can increase the reliability of network communications. The separate pieces of each message need not travel the same pathway across the network from source to destination. If a particular path becomes congested with data traffic or fails, individual pieces of the message can still be directed to the destination using alternate pathways. If part of the message fails to make it to the destination, only the missing parts need to be retransmitted. The downside to using segmentation and multiplexing to transmit messages across a network is the level of complexity that is added to the process. Imagine if you had to send a 100-page letter, but each envelope would only hold one page. The process of addressing, labeling, sending, receiving, and opening the entire hundred envelopes would be time-consuming for both the sender and the recipient. In network communications, each segment of the message must go through a similar process to ensure that it gets to the correct destination and can be reassembled into the content of the original message. Various types of devices throughout the network participate in ensuring that the pieces of the message arrive reliably at their destination. 1. Component Of The Networks The path that a message takes from source to destination can be as simple as a single cable connecting one computer to another or as complex as a network that literally spans the globe. This network infrastructure is the platform that supports our human network. It provides the stable and reliable channel over which our communications can occur. Devices and media are the physical elements or hardware of the network. Hardware is often the visible components of the network platform such as a laptop, a PC, a switch, or the cabling used to connect the devices. Occasionally, some components may not be so visible. In the case of wireless media, messages are transmitted through the air using invisible radio frequency or infrared waves. Services and processes are the communication programs, called software, that run on the networked devices. A network service provides information in response to a request. Services include many of the common network applications people use every day, like email hosting services and web hosting services. Processes provide the functionality that directs and moves the messages through the network. Processes are less obvious to us but are critical to the operation of networks. 1. End Devices and their role on the networks The network devices that people are most familiar with are called end devices. These devices form the interface between the human network and the underlying communication network. Some examples of end devices are: 1. 2. 3. 4. 5. Computers (work stations, laptops, file servers, web servers) Network printers VoIP phones Security cameras Mobile handheld devices (such as wireless barcode scanners, PDAs) In the context of a network, end devices are referred to as hosts. A host device is either the source or destination of a message transmitted over the network. In order to distinguish one host from another, each host on a network is identified by an address. When a host initiates communication, it uses the address of the destination host to specify where the message should be sent. In modern networks, a host can act as a client, a server, or both. Software installed on the host determines which role it plays on the network. Servers are hosts that have software installed that enables them to provide information and services, like e-mail or web pages, to other hosts on the network. Clients are hosts that have software installed that enables them to request and display the information obtained from the server. 1. Intermediary Devices and their role on the networks In addition to the end devices that people are familiar with, networks rely on intermediary devices to provide connectivity and to work behind the scenes to ensure that data flows across the network. These devices connect the individual hosts to the network and can connect multiple individual networks to form an internetwork. Examples of intermediary network devices are: 1. 2. 3. 4. Network Access Devices (Hubs, switches, and wireless access points) Internetworking Devices (routers) Communication Servers and Modems Security Devices (firewalls) The management of data as it flows through the network is also a role of the intermediary devices. These devices use the destination host address, in conjunction with information about the network interconnections, to determine the path that messages should take through the network. Processes running on the intermediary network devices perform these functions: 1. Regenerate and retransmit data signals 2. Maintain information about what pathways exist through the network and internetwork 3. Notify other devices of errors and communication failures 4. Direct data along alternate pathways when there is a link failure 5. Classify and direct messages according to QoS priorities 6. Permit or deny the flow of data, based on security settings 1. Network Media Communication across a network is carried on a medium. The medium provides the channel over which the message travels from source to destination. Modern networks primarily use three types of media to interconnect devices and to provide the pathway over which data can be transmitted. These media are: 1. Metallic wires within cables 2. Glass or plastic fibers (fiber optic cable) 3. Wireless transmission The signal encoding that must occur for the message to be transmitted is different for each media type. On metallic wires, the data is encoded into electrical impulses that match specific patterns. Fiber optic transmissions rely on pulses of light, within either infrared or visible light ranges. In wireless transmission, patterns of electromagnetic waves depict the various bit values. Different types of network media have different features and benefits. Not all network media has the same characteristics and is appropriate for the same purpose. Criteria for choosing a network media are: 1. 2. 3. 4. The distance the media can successfully carry a signal. The environment in which the media is to be installed. The amount of data and the speed at which it must be transmitted. The cost of the media and installation 1. Lan , Wan and Internetworks 1. Local Area Networks Networks infrastructures can vary greatly in terms of: o o o The size of the area covered The number of users connected The number and types of services available An individual network usually spans a single geographical area, providing services and applications to people within a common organizational structure, such as a single business, campus or region. This type of network is called a Local Area Network (LAN). A LAN is usually administered by a single organization. The administrative control that governs the security and access control policies are enforced on the network level. 1. Wide Area Networks When a company or organization has locations that are separated by large geographical distances, it may be necessary to use a telecommunications service provider (TSP) to interconnect the LANs at the different locations. Telecommunications service providers operate large regional networks that can span long distances. Traditionally, TSPs transported voice and data communications on separate networks. Increasingly, these providers are offering converged information network services to their subscribers. Individual organizations usually lease connections through a telecommunications service provider network. These networks that connect LANs in geographically separated locations are referred to as Wide Area Networks (WANs). Although the organization maintains all of the policies and administration of the LANs at both ends of the connection, the policies within the communications service provider network are controlled by the TSP. WANs use specifically designed network devices to make the interconnections between LANs. Because of the importance of these devices to the network, configuring, installing and maintaining these devices are skills that are integral to the function of an organization's network. LANs and WANs are very useful to individual organizations. They connect the users within the organization. They allow many forms of communication including exchange emails, corporate training, and other resource sharing. 1. The Internet – A Network of Networks Although there are benefits to using a LAN or WAN, most of us need to communicate with a resource on another network, outside of our local organization. Examples of this type of communication include: o o o o o Sending an e-mail to a friend in another country Accessing news or products on a website Getting a file from a neighbor's computer Instant messaging with a relative in another city Following a favorite sporting team's performance on a cell phone Internetwork A global mesh of interconnected networks (internetworks) meets these human communication needs. Some of these interconnected networks are owned by large public and private organizations, such as government agencies or industrial enterprises, and are reserved for their exclusive use. The most well-known and widely used publiclyaccessible internetwork is the Internet. The Internet is created by the interconnection of networks belonging to Internet Service Providers (ISPs). These ISP networks connect to each other to provide access for millions of users all over the world. Ensuring effective communication across this diverse infrastructure requires the application of consistent and commonly recognized technologies and protocols as well as the cooperation of many network administration agencies. Intranet The term intranet is often used to refer to a private connection of LANs and WANs that belongs to an organization, and is designed to be accessible only by the organization's members, employees, or others with authorization. Note: The following terms may be interchangeable: internetwork, data network, and network. A connection of two or more data networks forms an internetwork - a network of networks. It is also common to refer to an internetwork as a data network - or simply as a network - when considering communications at a high level. The usage of terms depends on the context at the time and terms may often be interchanged. 1. Network Representations When conveying complex information such as the network connectivity and operation of a large internetwork, it is helpful to use visual representations and graphics. Like any other language, the language of networking uses a common set of symbols to represent the different end devices, network devices and media. The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network. Throughout this course and labs, you will learn both how these devices operate and how to perform basic configuration tasks on these devices. In addition to these representations, specialized terminology is used when discussing how each of these devices and media connect to each other. Important terms to remember are: Network Interface Card - A NIC, or LAN adapter, provides the physical connection to the network at the PC or other host device. The media connecting the PC to the networking device plugs directly into the NIC. Physical Port - A connector or outlet on a networking device where the media is connected to a host or other networking device. Interface - Specialized ports on an internetworking device that connect to individual networks. Because routers are used to interconnect networks, the ports on a router are referred to network interfaces. In this activity, you will gain experience with data network symbols by creating a simple logical topology. Click the Packet Tracer icon for more details. 1. Activity Using Neo Trace In this activity, you will observe the flow of information across the Internet. This activity should be performed on a computer that has Internet access and access to a command line. You will use the Windows embedded tracert utility and then the more enhanced NeoTrace program. This lab also assumes the installation of NeoTrace. Click the Lab Icon for more details. 1. Protocols 1. Rules That Govern Communications All communication, whether face-to-face or over a network, is governed by predetermined rules called protocols. These protocols are specific to the characteristics of the conversation. In our day-to-day personal communication, the rules we use to communicate over one medium, like a telephone call, are not necessarily the same as the protocols for using another medium, such as sending a letter. Think of how many different rules or protocols govern all the different methods of communication that exist in the world today. Successful communication between hosts on a network requires the interaction of many different protocols. A group of inter-related protocols that are necessary to perform a communication function is called a protocol suite. These protocols are implemented in software and hardware that is loaded on each host and network device. One of the best ways to visualize how all of the protocols interact on a particular host is to view it as a stack. A protocol stack shows how the individual protocols within the suite are implemented on the host. The protocols are viewed as a layered hierarchy, with each higher level service depending on the functionality defined by the protocols shown in the lower levels. The lower layers of the stack are concerned with moving data over the network and providing services to the upper layers, which are focused on the content of the message being sent and the user interface. Using layers to describe face-to-face communication For example, consider two people communicating face-to-face. As the figure shows, we can use three layers to describe this activity. At the bottom layer, the physical layer, we have two people, each with a voice that can utter words aloud. At the second layer, the rules layer, we have an agreement to speak in a common language. At the top layer, the content layer, we have the words actually spoken-the content of the communication. Were we to witness this conversation, we would not actually see "layers" floating in space. It is important to understand that the use of layers is a model and, as such, it provides a way to conveniently break a complex task into parts and describe how they work. 1. Network Protocols At the human level, some communication rules are formal and others are simply understood, or implicit, based on custom and practice. For devices to successfully communicate, a network protocol suite must describe precise requirements and interactions. Networking protocol suites describe processes such as: The format or structure of the message The method by which networking devices share information about pathways with other networks How and when error and system messages are passed between devices The setup and termination of data transfer sessions Individual protocols in a protocol suite may be vendor-specific and proprietary. Proprietary, in this context, means that one company or vendor controls the definition of the protocol and how it functions. Some proprietary protocols can be used by different organizations with permission from the owner. Others can only be implemented on equipment manufactured by the proprietary vendor. 1. Protocol Suites and Industry Standards Often, many of the protocols that comprise a protocol suite reference other widely utilized protocols or industry standards. A standard is a process or protocol that has been endorsed by the networking industry and ratified by a standards organization, such as the Institute of Electrical and Electronics Engineers (IEEE) or the Internet Engineering Task Force (IETF). The use of standards in developing and implementing protocols ensures that products from different manufacturers can work together for efficient communications. If a protocol is not rigidly observed by a particular manufacturer, their equipment or software may not be able to successfully communicate with products made by other manufacturers. In data communications, for example, if one end of a conversation is using a protocol to govern one-way communication and the other end is assuming a protocol describing twoway communication, in all probability, no information will be exchanged. 1. The Interaction of Protocols An example of the use of a protocol suite in network communications is the interaction between a web server and a web browser. This interaction uses a number of protocols and standards in the process of exchanging information between them. The different protocols work together to ensure that the messages are received and understood by both parties. Examples of these protocols are: Application Protocol: Hypertext Transfer Protocol (HTTP) is a common protocol that governs the way that a web server and a web client interact. HTTP defines the content and formatting of the requests and responses exchanged between the client and server. Both the client and the web server software implement HTTP as part of the application. The HTTP protocol relies on other protocols to govern how the messages are transported between client and server Transport Protocol: Transmission Control Protocol (TCP) is the transport protocol that manages the individual conversations between web servers and web clients. TCP divides the HTTP messages into smaller pieces, called segments, to be sent to the destination client. It is also responsible for controlling the size and rate at which messages are exchanged between the server and the client. Internetwork Protocol: The most common internetwork protocol is Internet Protocol (IP). IP is responsible for taking the formatted segments from TCP, encapsulating them into packets, assigning the appropriate addresses, and selecting the best path to the destination host. Network Access Protocols: Network access protocols describe two primary functions, data link management and the physical transmission of data on the media. Data-link management protocols take the packets from IP and format them to be transmitted over the media. The standards and protocols for the physical media govern how the signals are sent over the media and how they are interpreted by the receiving clients. Transceivers on the network interface cards implement the appropriate standards for the media that is being used. 1. Technology Independent Protocols Networking protocols describe the functions that occur during network communications. In the face-to-face conversation example, a protocol for communicating might state that in order to signal that the conversation is complete, the sender must remain silent for two full seconds. However, this protocol does not specify how the sender is to remain silent for the two seconds. Protocols generally do not describe how to accomplish a particular function. By describing only what functions are required of a particular communication rule but not how they are to be carried out, the implementation of a particular protocol can be technology-independent. Looking at the web server example, HTTP does not specify what programming language is used to create the browser, which web server software should be used to serve the web pages, what operating system the software runs on, or the hardware requirements necessary to display the browser. It also does not describe how the server should detect errors, although it does describe what the server should do if an error occurs. This means that a computer - and other devices, like mobile phones or PDAs - can access a web page stored on any type of web server that uses any form of operating system from anywhere on the Internet. 1. Using Layered Models 1. Benefit using layered models To visualize the interaction between various protocols, it is common to use a layered model. A layered model depicts the operation of the protocols occurring within each layer, as well as the interaction with the layers above and below it. There are benefits to using a layered model to describe network protocols and operations. Using a layered model: o o o o Assists in protocol design, because protocols that operate at a specific layer have defined information that they act upon and a defined interface to the layers above and below. Fosters competition because products from different vendors can work together. Prevents technology or capability changes in one layer from affecting other layers above and below. Provides a common language to describe networking functions and capabilities. 1. Protocol and References models There are two basic types of networking models: protocol models and reference models. A protocol model provides a model that closely matches the structure of a particular protocol suite. The hierarchical set of related protocols in a suite typically represents all the functionality required to interface the human network with the data network. The TCP/IP model is a protocol model because it describes the functions that occur at each layer of protocols within the TCP/IP suite. A reference model provides a common reference for maintaining consistency within all types of network protocols and services. A reference model is not intended to be an implementation specification or to provide a sufficient level of detail to define precisely the services of the network architecture. The primary purpose of a reference model is to aid in clearer understanding of the functions and process involved. The Open Systems Interconnection (OSI) model is the most widely known internetwork reference model. It is used for data network design, operation specifications, and troubleshooting. Although the TCP/IP and OSI models are the primary models used when discussing network functionality, designers of network protocols, services, or devices can create their own models to represent their products. Ultimately, designers are required to communicate to the industry by relating their product or service to either the OSI model or the TCP/IP model, or to both. 1. The TCP / IP Models The first layered protocol model for internetwork communications was created in the early 1970s and is referred to as the Internet model. It defines four categories of functions that must occur for communications to be successful. The architecture of the TCP/IP protocol suite follows the structure of this model. Because of this, the Internet model is commonly referred to as the TCP/IP model. Most protocol models describe a vendor-specific protocol stack. However, since the TCP/IP model is an open standard, one company does not control the definition of the model. The definitions of the standard and the TCP/IP protocols are discussed in a public forum and defined in a publicly-available set of documents. These documents are called Requests for Comments (RFCs). They contain both the formal specification of data communications protocols and resources that describe the use of the protocols. The RFCs also contain technical and organizational documents about the Internet, including the technical specifications and policy documents produced by the Internet Engineering Task Force (IETF). 1. The Communication Process The TCP/IP model describes the functionality of the protocols that make up the TCP/IP protocol suite. These protocols, which are implemented on both the sending and receiving hosts, interact to provide end-to-end delivery of applications over a network. A complete communication process includes these steps: 1. Creation of data at the application layer of the originating source end device 2. Segmentation and encapsulation of data as it passes down the protocol stack in the source end device 3. Generation of the data onto the media at the network access layer of the stack 4. Transportation of the data through the internetwork, which consists of media and any intermediary devices 5. Reception of the data at the network access layer of the destination end device 6. Decapsulation and reassembly of the data as it passes up the stack in the destination device 7. Passing this data to the destination application at the Application layer of the destination end device 1. Protocol data units and encasulaption As application data is passed down the protocol stack on its way to be transmitted across the network media, various protocols add information to it at each level. This is commonly known as the encapsulation process. The form that a piece of data takes at any layer is called a Protocol Data Unit (PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used. At each stage of the process, a PDU has a different name to reflect its new appearance. Although there is no universal naming convention for PDUs, in this course, the PDUs are named according to the protocols of the TCP/IP suite. o o o o o Data - The general term for the PDU used at the Application layer Segment - Transport Layer PDU Packet - Internetwork Layer PDU Frame - Network Access Layer PDU Bits - A PDU used when physically transmitting data over the medium 1. The Sending and Receiving Process When sending messages on a network, the protocol stack on a host operates from top to bottom. In the web server example, we can use the TCP/IP model to illustrate the process of sending an HTML web page to a client. The Application layer protocol, HTTP, begins the process by delivering the HTML formatted web page data to the Transport layer. There the application data is broken into TCP segments. Each TCP segment is given a label, called a header, containing information about which process running on the destination computer should receive the message. It also contains the information to enable the destination process to reassemble the data back to its original format. The Transport layer encapsulates the web page HTML data within the segment and sends it to the Internet layer, where the IP protocol is implemented. Here the entire TCP segment is encapsulated within an IP packet, which adds another label, called the IP header. The IP header contains source and destination host IP addresses, as well as information necessary to deliver the packet to its corresponding destination process. Next, the IP packet is sent to the Network Access layer Ethernet protocol where it is encapsulated within a frame header and trailer. Each frame header contains a source and destination physical address. The physical address uniquely identifies the devices on the local network. The trailer contains error checking information. Finally the bits are encoded onto the Ethernet media by the server NIC. This process is reversed at the receiving host. The data is decapsulated as it moves up the stack toward the end user application. 1. The OSI Model Initially the OSI model was designed by the International Organization for Standardization (ISO) to provide a framework on which to build a suite of open systems protocols. The vision was that this set of protocols would be used to develop an international network that would not be dependent on proprietary systems. Unfortunately, the speed at which the TCP/IP based Internet was adopted, and the rate at which it expanded, caused the OSI Protocol Suite development and acceptance to lag behind. Although few of the protocols developed using the OSI specifications are in widespread use today, the seven-layer OSI model has made major contributions to the development of other protocols and products for all types of new networks. As a reference model, the OSI model provides an extensive list of functions and services that can occur at each layer. It also describes the interaction of each layer with the layers directly above and below it. Although the content of this course will be structured around the OSI Model the focus of discussion will be the protocols identified in the TCP/IP protocol stack. Note that whereas the TCP/IP model layers are referred to only by name, the seven OSI model layers are more often referred to by number than by name. 1. Comparing The OSI Model and TCP IP Model The protocols that make up the TCP/IP protocol suite can be described in terms of the OSI reference model. In the OSI model, the Network Access layer and the Application layer of the TCP/IP model are further divided to describe discreet functions that need to occur at these layers. At the Network Access Layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium; it only describes the handoff from the Internet Layer to the physical network protocols. The OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network. The key parallels between the two network models occur at the OSI model Layers 3 and 4. OSI Model Layer 3, the Network layer, almost universally is used to discuss and document the range of processes that occur in all data networks to address and route messages through an internetwork. The Internet Protocol (IP) is the TCP/IP suite protocol that includes the functionality described at Layer 3. Layer 4, the Transport layer of the OSI model, is often used to describe general services or functions that manage individual conversations between source and destination hosts. These functions include acknowledgement, error recovery, and sequencing. At this layer, the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide the necessary functionality. The TCP/IP Application layer includes a number of protocols that provide specific functionality to a variety of end user applications. The OSI model Layers 5, 6 and 7 are used as references for application software developers and vendors to produce products that need to access networks for communications. In this activity, you will see how Packet Tracer uses the OSI Model as a reference to display the encapsulation details of a variety of the TCP/IP protocols. Click the Packet Tracer icon for more details. 1. Network Adressing 1. Adressing The Networks The OSI model describes the processes of encoding, formatting, segmenting, and encapsulating data for transmission over the network. A data stream that is sent from a source to a destination can be divided into pieces and interleaved with messages traveling from other hosts to other destinations. Billions of these pieces of information are traveling over a network at any given time. It is critical for each piece of data to contain enough identifying information to get it to the correct destination. There are various types of addresses that must be included to successfully deliver the data from a source application running on one host to the correct destination application running on another. Using the OSI model as a guide, we can see the different addresses and identifiers that are necessary at each layer. 1. Getting the data to the end device During the process of encapsulation, address identifiers are added to the data as it travels down the protocol stack on the source host. Just as there are multiple layers of protocols that prepare the data for transmission to its destination, there are multiple layers of addressing to ensure its delivery. The first identifier, the host physical address, is contained in the header of the Layer 2 PDU, called a frame. Layer 2 is concerned with the delivery of messages on a single local network. The Layer 2 address is unique on the local network and represents the address of the end device on the physical media. In a LAN using Ethernet, this address is called the Media Access Control (MAC) address. When two end devices communicate on the local Ethernet network, the frames that are exchanged between them contain the destination and source MAC addresses. Once a frame is successfully received by the destination host, the Layer 2 address information is removed as the data is decapsulated and moved up the protocol stack to Layer 3. 1. Getting the data through the Internetwork Layer 3 protocols are primarily designed to move data from one local network to another local network within an internetwork. Whereas Layer 2 addresses are only used to communicate between devices on a single local network, Layer 3 addresses must include identifiers that enable intermediary network devices to locate hosts on different networks. In the TCP/IP protocol suite, every IP host address contains information about the network where the host is located. At the boundary of each local network, an intermediary network device, usually a router, decapsulates the frame to read the destination host address contained in the header of the packet, the Layer 3 PDU. Routers use the network identifier portion of this address to determine which path to use to reach the destination host. Once the path is determined, the router encapsulates the packet in a new frame and sends it on its way toward the destination end device. When the frame reaches its final destination, the frame and packet headers are removed and the data moved up to Layer 4. 1. Getting the data to the right application At Layer 4, information contained in the PDU header does not identify a destination host or a destination network. What it does identify is the specific process or service running on the destination host device that will act on the data being delivered. Hosts, whether they are clients or servers on the Internet, can run multiple network applications simultaneously. People using PCs often have an e-mail client running at the same time as a web browser, an instant messaging program, some streaming media, and perhaps even a game. All these separately running programs are examples of individual processes. Viewing a web page invokes at least one network process. Clicking a hyperlink causes a web browser to communicate with a web server. At the same time, in the background, an e-mail client may be sending and receiving email, and a colleague or friend may be sending an instant message. Think about a computer that has only one network interface on it. All the data streams created by the applications that are running on the PC enter and leave through that one interface, yet instant messages do not popup in the middle of word processor document or e-mail showing up in a game. This is because the individual processes running on the source and destination hosts communicate with each other. Each application or service is represented at Layer 4 by a port number. A unique dialogue between devices is identified with a pair of Layer 4 source and destination port numbers that are representative of the two communicating applications. When the data is received at the host, the port number is examined to determine which application or process is the correct destination for the data. 1. Warrior of the net An entertaining resource to help you visualize networking concepts is the animated movie "Warriors of the Net" by TNG Media Lab. Before viewing the video, there are a few things to consider. First, in terms of concepts you have learned in this chapter, think about when in the video you are on the LAN, on WAN, on intranet, on Internet; and what are end devices versus intermediate devices; how the OSI and TCP/IP models apply; what protocols are involved. Second, some terms are mentioned in the video which may not be familiar. The types of packets mentioned refers to the type of upper level data (TCP, UDP, ICMP Ping, PING of death) that is encapsulated in the IP Packets (everything is eventually converted into IP Packets). The devices the packet encounters on its journey are router, proxy server, router switch, corporate intranet, the proxy, URL, firewall, bandwidth, hosts, web server. Third, while port numbers 21, 23, 25, 53, and 80 are referred to explicitly in the video, IP addresses are referred to only implicitly - can you see where? Where in the video might MAC addresses have been involved? Finally, though all animations often have simplifications in them, there is one outright error in the video. About 5 minutes in, the statement is made "What happens when Mr. IP doesn't receive an acknowledgement, he simply sends a replacement packet." As you will find out in later chapters, this is not a function of the Layer 3 Internet Protocol, which is an "unreliable", best effort delivery protocol, but rather a function of the Transport Layer TCP Protocol. By the end of this course you will have a much better understanding of the breadth and depth of the concepts depicted in the video. We hope you enjoy it. Download the movie from http://www.warriorsofthe.net 1. Chapters Labs 1. Lab : Topology Orientation and Building a Small Network This lab begins by having you construct two small networks. It then shows how they are connected to the larger hands-on lab network used throughout the course. This network is a simplified model of a section of the Internet and will be used to develop your practical networking skills. The following sequence of labs will introduce the networking terms below. This networking terminology will be studied in detail in subsequent chapters. Straight-through Cable: Unshielded twisted pair (UTP) copper cable for connecting dissimilar networking devices Crossover Cable: UTP copper cable for connecting similar networking devices Serial Cable: Copper cable typical of wide area connections Ethernet: Dominant local area network technology MAC Address: Ethernet Layer 2, physical address IP Address: Layer 3 logical address Subnet Mask: Required to interpret the IP address Default Gateway: The IP address on a router interface to which a network sends traffic leaving the local network NIC: Network Interface Card, the port or interface that allows an end device to participate in a network Port (hardware): An interface that allows a networking device to participate in network and to be connected via networking media Port (software): Layer 4 protocol address in the TCP/IP suite Interface (hardware): A port Interface (software): A logical interaction point within software PC: End device Computer: End device Workstation: End device Switch: Intermediate device which makes decision on frames based on Layer 2 addresses (typical Ethernet MAC addresses) Router: Layer 3, 2, and 1 device which makes decisions on packets based on Layer 3 addresses (typically IPv4 addresses) Bit: Binary digit, logical 1 or zero, has various physical representations as electrical, optical, or microwave pulses; Layer 1 PDU Frame: Layer 2 PDU Packet: Layer 3 PDU Click the Lab Icon for more details. In this activity, you will use Packet Tracer to complete the Topology Orientation and Building a Small Network lab. Click the Packet Tracer icon to launch the Packet Tracer activity. 1. Lab : Using WireShark to View Protocol Data Unit n this lab, you will learn to use the very powerful Wireshark tool by capturing ("sniffing") traffic off of the model network. Click the Lab Icon for more details. 1. Summary Data networks are systems of end devices, intermediary devices, and the media connecting the devices, which provide the platform for the human network. These devices, and the services that operate on them, can interconnect in a global and user-transparent way because they comply with rules and protocols. The use of layered models as abstractions means that the operations of network systems can be analyzed and developed to cater the needs of future communication services. The most widely-used networking models are OSI and TCP/IP. Associating the protocols that set the rules of data communications with the different layers is useful in determining which devices and services are applied at specific points as data passes across LANs and WANs. As it passes down the stack, data is segmented into pieces and encapsulated with addresses and other labels. The process is reversed as the pieces are decapsulated and passed up the destination protocol stack. Applying models allows various individuals, companies, and trade associations to analyze current networks and plan the networks of the future. Cisco Exploration Semester 1 Chapter 3 Chapter Introduction Aplication Functionaly and Protocols Most of us experience the Internet through the World Wide Web, e-mail services, and file-sharing programs. These applications, and many others, provide the human interface to the underlying network, enabling us to send and receive information with relative ease. Typically the applications that we use are intuitive, meaning we can access and use them without knowing how they work. However, for network professionals, it is important to know how an application is able to format, transmit and interpret messages that are sent and received across the network. Visualizing the mechanisms that enable communication across the network is made easier if we use the layered framework of the Open System Interconnection (OSI) model. In this chapter, we will focus on the role of one layer, the Application layer and its components: applications, services, and protocols. We will explore how these three elements make the robust communication across the information network possible. In this chapter, you will learn to: o o o o o o o Describe how the functions of the three upper OSI model layers provide network services to end user applications. Describe how the TCP/IP Application Layer protocols provide the services specified by the upper layers of the OSI model. Define how people use the Application Layer to communicate across the information network. Describe the function of well-known TCP/IP applications, such as the World Wide Web and email, and their related services (HTTP, DNS, SMB, DHCP, SMTP/POP, and Telnet). Describe file-sharing processes that use peer-to-peer applications and the Gnutella protocol. Explain how protocols ensure services running on one kind of device can send to and receive data from many different network devices. Use network analysis tools to examine and explain how common user applications work. 3.1.1 OSI and TCP/IP Protocols The Open Systems Interconnection reference model is a layered, abstract representation created as a guideline for network protocol design. The OSI model divides the networking process into seven logical layers, each of which has unique functionality and to which are assigned specific services and protocols. In this model, information is passed from one layer to the next, starting at the Application layer on the transmitting host, proceeding down the hierarchy to the Physical layer, then passing over the communications channel to the destination host, where the information proceeds back up the hierarchy, ending at the Application layer. The figure depicts the steps in this process. The Application layer The Application layer, Layer seven, is the top layer of both the OSI and TCP/IP models. It is the layer that provides the interface between the applications we use to communicate and the underlying network over which our messages are transmitted . Application layer protocols are used to exchange data between programs running on the source and destination hosts. There are many Application layer protocols and new protocols are always being developed. Although the TCP/IP protocol suite was developed prior to the definition of the OSI model, the functionality of the TCP/IP application layer protocols fit roughly into the framework of the top three layers of the OSI model: Application, Presentation and Session layers. Most TCP/IP application layer protocols were developed before the emergence of personal computers, graphical user interfaces and multimedia objects. As a result, these protocols implement very little of the functionality that is specified in the OSI model Presentation and Session layers. The Presentation Layer The Presentation layer has three primary functions: o o o Coding and conversion of Application layer data to ensure that data from the source device can be interpreted by the appropriate application on the destination device. Compression of the data in a manner that can be decompressed by the destination device. Encryption of the data for transmission and the decryption of data upon receipt by the destination. Presentation layer implementations are not typically associated with a particular protocol stack. The standards for video and graphics are examples. Some well-known standards for video include QuickTime and Motion Picture Experts Group (MPEG). QuickTime is an Apple Computer specification for video and audio, and MPEG is a standard for video compression and coding. Among the well-known graphic image formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Tagged Image File Format (TIFF). GIF and JPEG are compression and coding standards for graphic images, and TIFF is a standard coding format for graphic images. The Session Layer As the name of the Session layer implies, functions at this layer create and maintain dialogs between source and destination applications. The Session layer handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time. Most applications, like web browsers or e-mail clients, incorporate functionality of the OSI layers 5, 6 and 7. The most widely-known TCP/IP Application layer protocols are those that provide for the exchange of user information. These protocols specify the format and control information necessary for many of the common Internet communication functions. Among these TCP/IP protocols are: o o o o o Domain Name Service Protocol (DNS) is used to resolve Internet names to IP addresses. Hypertext Transfer Protocol (HTTP) is used to transfer files that make up the Web pages of the World Wide Web. Simple Mail Transfer Protocol (SMTP) is used for the transfer of mail messages and attachments. Telnet, a terminal emulation protocol, is used to provide remote access to servers and networking devices. File Transfer Protocol (FTP) is used for interactive file transfer between systems. The protocols in the TCP/IP suite are generally defined by Requests for Comments (RFCs). The Internet Engineering Task Force maintains the RFCs as the standards for the TCP/IP suite. 3.1.2 Application Layer Software The functions associated with the Application layer protocols enable our human network to interface with the underlying data network. When we open a web browser or an instant message window, an application is started, and the program is put into the device's memory where it is executed. Each executing program loaded on a device is referred to as a process. Within the Application layer, there are two forms of software programs or processes that provide access to the network: applications and services . Network-Aware Applications Applications are the software programs used by people to communicate over the network. Some end-user applications are network-aware, meaning that they implement the application layer protocols and are able to communicate directly with the lower layers of the protocol stack. E-mail clients and web browsers are examples of these types of applications. Application layer Services Other programs may need the assistance of Application layer services to use network resources, like file transfer or network print spooling. Though transparent to the user, these services are the programs that interface with the network and prepare the data for transfer. Different types of data - whether it is text, graphics, or video - require different network services to ensure that it is properly prepared for processing by the functions occurring at the lower layers of OSI model. Each application or network service uses protocols which define the standards and data formats to be used. Without protocols, the data network would not have a common way to format and direct data. In order to understand the function of various network services, it is necessary to become familiar with the underlying protocols that govern their operation. Rollover the buttons in the figure to view examples. 3.1.3 User Application Services and Aplication Layer Protocols As mentioned previously, the Application layer uses protocols that are implemented within applications and services. While applications provide people with a way to create messages and application layer services establish an interface to the network, protocols provide the rules and formats that govern how data is treated. All three components may be used by a single executable program and may even use the same name. For example, when discussing "Telnet" we could be referring to the application, the service, or the protocol. In the OSI model, applications that interact directly with people are considered to be at the top of the stack, as are the people themselves. Like all layers within the OSI model, the Application layer relies on the functions of the lower layers in order to complete the communication process. Within the Application layer, protocols specify what messages are exchanged between the source and destination hosts, the syntax of the control commands, the type and format of the data being transmitted, and the appropriate methods for error notification and recovery. Play the animation to see the interaction between applications, services, and protocols. 3.1.4 Application Layer Protocols Functions Application layer protocols are used by both the source and destination devices during a communication session. In order for the communications to be successful, the application layer protocols implemented on the source and destination host must match. Protocols establish consistent rules for exchanging data between applications and services loaded on the participating devices. Protocols specify how data inside the messages is structured and the types of messages that are sent between source and destination. These messages can be requests for services, acknowledgments, data messages, status messages, or error messages. Protocols also define message dialogues, ensuring that a message being sent is met by the expected response and the correct services are invoked when data transfer occurs. Many different types of applications communicate across data networks. Therefore, Application layer services must implement multiple protocols to provide the desired range of communication experiences. Each protocol has a specific purpose and contains the characteristics required to meet that purpose. The right protocol details in each layer must be followed so that the functions at one layer interface properly with the services in the lower layer. Applications and services may also use multiple protocols in the course of a single conversation. One protocol may specify how to establish the network connection and another describe the process for the data transfer when the message is passed to the next lower layer. 3.2.1 Client Server Model When people attempt to access information on their device, whether it is a PC, laptop, PDA, cell phone, or some other device connected to a network, the data may not be physically stored on their device. If that is the case, a request to access that information must be made to the device where the data resides. The Client/Server model In the client/server model, the device requesting the information is called a client and the device responding to the request is called a server. Client and server processes are considered to be in the Application layer. The client begins the exchange by requesting data from the server, which responds by sending one or more streams of data to the client. Application layer protocols describe the format of the requests and responses between clients and servers. In addition to the actual data transfer, this exchange may also require control information, such as user authentication and the identification of a data file to be transferred. One example of a client/server network is a corporate environment where employees use a company e-mail server to send, receive and store e-mail. The e-mail client on an employee computer issues a request to the e-mail server for any unread mail. The server responds by sending the requested e-mail to the client. Although data is typically described as flowing from the server to the client, some data always flows from the client to the server. Data flow may be equal in both directions, or may even be greater in the direction going from the client to the server. For example, a client may transfer a file to the server for storage purposes. Data transfer from a client to a server is referred to as an upload and data from a server to a client as a download. Rollover the tabs in the figure to view file transfer. 3.2.2 Servers In a general networking context, any device that responds to requests from client applications is functioning as a server. A server is usually a computer that contains information to be shared with many client systems. For example, web pages, documents, databases, pictures, video, and audio files can all be stored on a server and delivered to requesting clients. In other cases, such as a network printer, the print server delivers the client print requests to the specified printer. Different types of server applications may have different requirements for client access. Some servers may require authentication of user account information to verify if the user has permission to access the requested data or to use a particular operation. Such servers rely on a central list of user accounts and the authorizations, or permissions, (both for data access and operations) granted to each user. When using an FTP client, for example, if you request to upload data to the FTP server, you may have permission to write to your individual folder but not to read other files on the site. In a client/server network, the server runs a service, or process, sometimes called a server daemon. Like most services, daemons typically run in the background and are not under an end user's direct control. Daemons are described as "listening" for a request from a client, because they are programmed to respond whenever the server receives a request for the service provided by the daemon. When a daemon "hears" a request from a client, it exchanges appropriate messages with the client, as required by its protocol, and proceeds to send the requested data to the client in the proper format. 3.2.3 Application Layer Services and Protocols A single application may employ many different supporting Application layer services; thus what appears to the user as one request for a web page may, in fact, amount to dozens of individual requests. And for each request, multiple processes may be executed. For example, a client may require several individual processes to formulate just one request to a server. Additionally, servers typically have multiple clients requesting information at the same time. For example, a Telnet server may have many clients requesting connections to it. These individual client requests must be handled simultaneously and separately for the network to succeed. The Application layer processes and services rely on support from lower layer functions to successfully manage the multiple conversations. 3.2.4 Peer to Peer Networking and Application The Peer-to-Peer Model In addition to the client/server model for networking, there is also a peer-to-peer model. Peer-to-peer networking involves two distinct forms: peer-to-peer network design and peer-to-peer applications (P2P). Both forms have similar features but in practice work very differently. Peer-to-Peer Networks In a peer-to-peer network, two or more computers are connected via a network and can share resources (such as printers and files) without having a dedicated server . Every connected end device (known as a peer) can function as either a server or a client. One computer might assume the role of server for one transaction while simultaneously serving as a client for another. The roles of client and server are set on a per request basis. A simple home network with two connected computers sharing a printer is an example of a peer-to-peer network. Each person can set his or her computer to share files, enable networked games, or share an Internet connection. Another example of peer-to-peer network functionality is two computers connected to a large network that use software applications to share resources between one another through the network. Unlike the client/server model, which uses dedicated servers, peer-to-peer networks decentralize the resources on a network . Instead of locating information to be shared on dedicated servers, information can be located anywhere on any connected device. Most of the current operating systems support file and print sharing without requiring additional server software. Because peer-to-peer networks usually do not use centralized user accounts, permissions, or monitors, it is difficult to enforce security and access policies in networks containing more than just a few computers. User accounts and access rights must be set individually on each peer device. Peer-to-Peer Applications A peer-to-peer application (P2P), unlike a peer-to-peer network, allows a device to act as both a client and a server within the same communication. In this model, every client is a server and every server a client. Both can initiate a communication and are considered equal in the communication process. However, peer-to-peer applications require that each end device provide a user interface and run a background service. When you launch a specific peer-to-peer application it invokes the required user interface and background services. After that the devices can communicate directly. Some P2P applications use a hybrid system where resource sharing is decentralized but the indexes that point to resource locations are stored in a centralized directory. In a hybrid system, each peer accesses an index server to get the location of a resource stored on another peer. The index server can also help connect two peers, but once connected, the communication takes place between the two peers without additional communication to the index server. Peer-to-peer applications can be used on peer-to-peer networks, client/server networks, and across the Internet. 3.3.1 DNS Services and Protocols Now that we have a better understanding of how applications provide an interface for the user and provide access to the network, we will take a look at some specific commonly used protocols. As we will see later in this course, the Transport layer uses an addressing scheme called a port number. Port numbers identify applications and Application layer services that are the source and destination of data. Server programs generally use predefined port numbers that are commonly known by clients. As we examine the different TCP/IP Application layer protocols and services, we will be referring to the TCP and UDP port numbers normally associated with these services. Some of these services are: o o o o o o o Domain Name System (DNS) - TCP/UDP Port 53 Hypertext Transfer Protocol (HTTP) - TCP Port 80 Simple Mail Transfer Protocol (SMTP) - TCP Port 25 Post Office Protocol (POP) - UDP Port 110 Telnet - TCP Port 23 Dynamic Host Configuration Protocol - UDP Port 67 File Transfer Protocol (FTP) - TCP Ports 20 and 21 DNS In data networks, devices are labeled with numeric IP addresses, so that they can participate in sending and receiving messages over the network. However, most people have a hard time remembering this numeric address. Hence, domain names were created to convert the numeric address into a simple, recognizable name. On the Internet these domain names, such as www.cisco.com, are much easier for people to remember than 198.133.219.25, which is the actual numeric address for this server. Also, if Cisco decides to change the numeric address, it is transparent to the user, since the domain name will remain www.cisco.com. The new address will simply be linked to the existing domain name and connectivity is maintained. When networks were small, it was a simple task to maintain the mapping between domain names and the addresses they represented. However, as networks began to grow and the number of devices increased, this manual system became unworkable. The Domain Name System (DNS) was created for domain name to address resolution for these networks. DNS uses a distributed set of servers to resolve the names associated with these numbered addresses. The DNS protocol defines an automated service that matches resource names with the required numeric network address. It includes the format for queries, responses, and data formats. DNS protocol communications use a single format called a message. This message format is used for all types of client queries and server responses, error messages, and the transfer of resource record information between servers. DNS is a client/server service; however, it differs from the other client/server services that we are examining. While other services use a client that is an application (such as web browser, e-mail client), the DNS client runs as a service itself. The DNS client, sometimes called the DNS resolver, supports name resolution for our other network applications and other services that need it. When configuring a network device, we generally provide one or more DNS Server addresses that the DNS client can use for name resolution. Usually the Internet service provider provides the addresses to use for the DNS servers. When a user's application requests to connect to a remote device by name, the requesting DNS client queries one of these name servers to resolve the name to a numeric address. Computer operating systems also have a utility called nslookup that allows the user to manually query the name servers to resolve a given host name. This utility can also be used to troubleshoot name resolution issues and to verify the current status of the name servers. In the figure, when the nslookup is issued, the default DNS server configured for your host is displayed. In this example, the DNS server is dns-sjk.cisco.com which has an address of 171.68.226.120. We then can type the name of a host or domain for which we wish to get the address. In the first query in the figure, a query is made for www.cisco.com. The responding name server provides the address of 198.133.219.25. The queries shown in the figure are only simple tests. The nslookup has many options available for extensive testing and verification of the DNS process. A DNS server provides the name resolution using the name daemon, which is often called named, (pronounced name-dee). The DNS server stores different types of resource records used to resolve names ( 1). These records contain the name, address, and type of record. Some of these record types are: o o o o A - an end device address NS - an authoritative name server CNAME - the canonical name (or Fully Qualified Domain Name) for an alias; used when multiple services have the single network address but each service has its own entry in DNS MX - mail exchange record; maps a domain name to a list of mail exchange servers for that domain When a client makes a query, the server's "named" process first looks at its own records to see if it can resolve the name. If it is unable to resolve the name using its stored records, it contacts other servers in order to resolve the name. The request may be passed along to a number of servers, which can take extra time and consume bandwidth. Once a match is found and returned to the original requesting server, the server temporarily stores the numbered address that matches the name in cache. If that same name is requested again, the first server can return the address by using the value stored in its name cache. Caching reduces both the DNS query data network traffic and the workloads of servers higher up the hierarchy. The DNS Client service on Windows PCs optimizes the performance of DNS name resolution by storing previously resolved names in memory, as well. The ipconfig /displaydns command displays all of the cached DNS entries on a Windows XP or 2000 computer system. The Domain Name System uses a hierarchical system to create a name database to provide name resolution. The hierarchy looks like an inverted tree with the root at the top and branches below. At the top of the hierarchy, the root servers maintain records about how to reach the toplevel domain servers, which in turn have records that point to the secondary level domain servers and so on. The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are: o o o o o .au - Australia .co - Colombia .com - a business or industry .jp - Japan .org - a non-profit organization After top-level domains are second-level domain names, and below them are other lower level domains. Each domain name is a path down this inverted tree starting from the root. For example, as shown in the figure, the root DNS server may not know exactly where the e-mail server mail.cisco.com is located, but it maintains a record for the "com" domain within the top-level domain. Likewise, the servers within the "com" domain may not have a record for mail.cisco.com, but they do have a record for the "cisco.com" domain. The servers within the cisco.com domain have a record (a MX record to be precise) for mail.cisco.com. The Domain Name System relies on this hierarchy of decentralized servers to store and maintain these resource records. The resource records list domain names that the server can resolve and alternative servers that can also process requests. If a given server has resource records that correspond to its level in the domain hierarchy, it is said to be authoritative for those records. For example, a name server in the cisco.netacad.net domain would not be authoritative for the mail.cisco.com record because that record is held at a higher domain level server, specifically the name server in the cisco.com domain. Links http://www.ietf.org//rfc/rfc1034.txt http://www.ietf.org/rfc/rfc1035.txt 3.3.2 WWW Service and HTTP When a web address (or URL) is typed into a web browser, the web browser establishes a connection to the web service running on the server using the HTTP protocol. URLs (or Uniform Resource Locator) and URIs (Uniform Resource Identifier) are the names most people associate with web addresses. The URL http://www.cisco.com/index.html is an example of a URL that refers to a specific resource - a web page named index.html on a server identified as cisco.com (click the tabs in the figure to see the steps used by HTTP). Web browsers are the client applications our computers use to connect to the World Wide Web and access resources stored on a web server. As with most server processes, the web server runs as a background service and makes different types of files available. In order to access the content, web clients make connections to the server and request the desired resources. The server replies with the resources and, upon receipt, the browser interprets the data and presents it to the user. Browsers can interpret and present many data types, such as plain text or Hypertext Markup Language (HTML, the language in which web pages are constructed). Other types of data, however, may require another service or program, typically referred to as plug-ins or add-ons. To help the browser determine what type of file it is receiving, the server specifies what kind of data the file contains. To better understand how the web browser and web client interact, we can examine how a web page is opened in a browser. For this example, we will use the URL: http://www.cisco.com/web-server.htm. First, the browser interprets the three parts of the URL: 1. http (the protocol or scheme) 2. www.cisco.com (the server name) 3. web-server.htm (the specific file name requested). The browser then checks with a name server to convert www.cisco.com into a numeric address, which it uses to connect to the server. Using the HTTP protocol requirements, the browser sends a GET request to the server and asks for the file web-server.htm. The server in turn sends the HTML code for this web page to the browser. Finally, the browser deciphers the HTML code and formats the page for the browser window. The Hypertext Transfer Protocol (HTTP), one of the protocols in the TCP/IP suite, was originally developed to publish and retrieve HTML pages and is now used for distributed, collaborative information systems. HTTP is used across the World Wide Web for data transfer and is one of the most used application protocols. HTTP specifies a request/response protocol. When a client, typically a web browser, sends a request message to a server, the HTTP protocol defines the message types the client uses to request the web page and also the message types the server uses to respond. The three common message types are GET, POST, and PUT. GET is a client request for data. A web browser sends the GET message to request pages from a web server. As shown in the figure, once the server receives the GET request, it responds with a status line, such as HTTP/1.1 200 OK, and a message of its own, the body of which may be the requested file, an error message, or some other information. POST and PUT are used to send messages that upload data to the web server. For example, when the user enters data into a form embedded in a web page, POST includes the data in the message sent to the server. PUT uploads resources or content to the web server. Although it is remarkably flexible, HTTP is not a secure protocol. The POST messages upload information to the server in plain text that can be intercepted and read. Similarly, the server responses, typically HTML pages, are also unencrypted. For secure communication across the Internet, the HTTP Secure (HTTPS) protocol is used for accessing or posting web server information. HTTPS can use authentication and encryption to secure data as it travels between the client and server. HTTPS specifies additional rules for passing data between the Application layer and the Transport Layer. 3.3.3 E-mail Services and SMTP/POP Protocols E-mail, the most popular network service, has revolutionized how people communicate through its simplicity and speed. Yet to run on a computer or other end device, e-mail requires several applications and services. Two example Application layer protocols are Post Office Protocol (POP) and Simple Mail Transfer Protocol (SMTP), shown in the figure. As with HTTP, these protocols define client/server processes. When people compose e-mail messages, they typically use an application called a Mail User Agent (MUA), or e-mail client. The MUA allows messages to be sent and places received messages into the client's mailbox, both of which are distinct processes. In order to receive e-mail messages from an e-mail server, the e-mail client can use POP. Sending e-mail from either a client or a server uses message formats and command strings defined by the SMTP protocol. Usually an e-mail client provides the functionality of both protocols within one application. E-mail Server Processes - MTA and MDA The e-mail server operates two separate processes: o o Mail Transfer Agent (MTA) Mail Delivery Agent (MDA) The Mail Transfer Agent (MTA) process is used to forward e-mail. As shown in the figure, the MTA receives messages from the MUA or from another MTA on another e-mail server. Based on the message header, it determines how a message has to be forwarded to reach its destination. If the mail is addressed to a user whose mailbox is on the local server, the mail is passed to the MDA. If the mail is for a user not on the local server, the MTA routes the e-mail to the MTA on the appropriate server. In the figure, we see that the Mail Delivery Agent (MDA) accepts a piece of e-mail from a Mail Transfer Agent (MTA) and performs the actual delivery. The MDA receives all the inbound mail from the MTA and places it into the appropriate users' mailboxes. The MDA can also resolve final delivery issues, such as virus scanning, spam filtering, and return-receipt handling. Most e-mail communications use the MUA, MTA, and MDA applications. However, there are other alternatives for e-mail delivery. A client may be connected to a corporate e-mail system, such as IBM's Lotus Notes, Novell's Groupwise, or Microsoft's Exchange. These systems often have their own internal e-mail format, and their clients typically communicate with the e-mail server using a proprietary protocol. The server sends or receives e-mail via the Internet through the product's Internet mail gateway, which performs any necessary reformatting. If, for example, two people who work for the same company exchange e-mail with each other using a proprietary protocol, their messages may stay completely within the company's corporate e-mail system. As another alternative, computers that do not have an MUA can still connect to a mail service on a web browser in order to retrieve and send messages in this manner. Some computers may run their own MTA and manage inter-domain e-mail themselves. As mentioned earlier, e-mail can use the protocols, POP and SMTP (see the figure for an explanation of how they each work). POP and POP3 (Post Office Protocol, version 3) are inbound mail delivery protocols and are typical client/server protocols. They deliver email from the e-mail server to the client (MUA). The MDA listens for when a client connects to a server. Once a connection is established, the server can deliver the e-mail to the client. The Simple Mail Transfer Protocol (SMTP), on the other hand, governs the transfer of outbound e-mail from the sending client to the e-mail server (MDA), as well as the transport of e-mail between e-mail servers (MTA). SMTP enables e-mail to be transported across data networks between different types of server and client software and makes e-mail exchange over the Internet possible. The SMTP protocol message format uses a rigid set of commands and replies. These commands support the procedures used in SMTP, such as session initiation, mail transaction, forwarding mail, verifying mailbox names, expanding mailing lists, and the opening and closing exchanges. Some of the commands specified in the SMTP protocol are: o o o o o HELO - identifies the SMTP client process to the SMTP server process EHLO - Is a newer version of HELO, which includes services extensions MAIL FROM - Identifies the sender RCPT TO - Identifies the recipient DATA - Identifies the body of the message 3.3.4 FTP The File Transfer Protocol (FTP) is another commonly used Application layer protocol. FTP was developed to allow for file transfers between a client and a server . An FTP client is an application that runs on a computer that is used to push and pull files from a server running the FTP daemon (FTPd). To successfully transfer files, FTP requires two connections between the client and the server: one for commands and replies, the other for the actual file transfer. The client establishes the first connection to the server on TCP port 21. This connection is used for control traffic, consisting of client commands and server replies. The client establishes the second connection to the server over TCP port 20. This connection is for the actual file transfer and is created every time there is a file transferred. The file transfer can happen in either direction. The client can download (pull) a file from the server or, the client can upload (push) a file to the server. 3.3.5 DNS The Dynamic Host Configuration Protocol (DHCP) service enables devices on a network to obtain IP addresses and other information from a DHCP server. This service automates the assignment of IP addresses, subnet masks, gateway and other IP networking parameters. DHCP allows a host to obtain an IP address dynamically when it connects to the network. The DHCP server is contacted and an address requested. The DHCP server chooses an address from a configured range of addresses called a pool and assigns ("leases") it to the host for a set period. On larger local networks, or where the user population changes frequently, DHCP is preferred. New users may arrive with laptops and need a connection. Others have new workstations that need to be connected. Rather than have the network administrator assign IP addresses for each workstation, it is more efficient to have IP addresses assigned automatically using DHCP. DHCP distributed addresses are not permanently assigned to hosts but are only leased for a period of time. If the host is powered down or taken off the network, the address is returned to the pool for reuse. This is especially helpful with mobile users that come and go on a network. Users can freely move from location to location and re-establish network connections. The host can obtain an IP address once the hardware connection is made, either via a wired or wireless LAN. DHCP makes it possible for you to access the Internet using wireless hotspots at airports or coffee shops. As you enter the area, your laptop DHCP client contacts the local DHCP server via a wireless connection. The DHCP server assigns an IP address to your laptop. As the figure shows, various types of devices can be DHCP servers when running DHCP service software. The DHCP server in most medium to large networks is usually a local dedicated PC-based server. With home networks the DHCP server is usually located at the ISP and a host on the home network receives its IP configuration directly from the ISP. DHCP can pose a security risk because any device connected to the network can receive an address. This risk makes physical security an important factor when determining whether to use dynamic or manual addressing. Dynamic and static addressing both have their places in network designs. Many networks use both DHCP and static addressing. DHCP is used for general purpose hosts such as end user devices, and fixed addresses are used for network devices such as gateways, switches, servers and printers. Without DHCP, users have to manually input the IP address, subnet mask and other network settings in order to join the network. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when the client is powered on. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation. When a DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP DISCOVER packet to identify any available DHCP servers on the network. A DHCP server replies with a DHCP OFFER, which is a lease offer message with an assigned IP address, subnet mask, DNS server, and default gateway information as well as the duration of the lease. The client may receive multiple DHCP OFFER packets if there is more than one DHCP server on the local network, so it must choose between them, and broadcast a DHCP REQUEST packet that identifies the explicit server and lease offer that the client is accepting. A client may choose to request an address that it had previously been allocated by the server. Assuming that the IP address requested by the client, or offered by the server, is still valid, the server would return a DHCP ACK message that acknowledges to the client the lease is finalized. If the offer is no longer valid - perhaps due to a time-out or another client allocating the lease - then the selected server will respond with a DHCP NAK message (Negative Acknowledgement). If a DHCP NAK message is returned, then the selection process must begin again with a new DHCP DISCOVER message being transmitted. Once the client has the lease, it must be renewed prior to the lease expiration through another DHCP REQUEST message. The DHCP server ensures that all IP addresses are unique (an IP address cannot be assigned to two different network devices simultaneously). Using DHCP enables network administrators to easily reconfigure client IP addresses without having to manually make changes to the clients. Most Internet providers use DHCP to allocate addresses to their customers who do not require a static address. The fourth CCNA Exploration course will cover the operation of DHCP in greater detail. 3.3.6 File Sharing and SMB Protocols The Server Message Block (SMB) is a client/server file sharing protocol. IBM developed Server Message Block (SMB) in the late 1980s to describe the structure of shared network resources, such as directories, files, printers, and serial ports. It is a requestresponse protocol. Unlike the file sharing supported by FTP, clients establish a long term connection to servers. Once the connection is established, the user of the client can access the resources on the server as if the resource is local to the client host. SMB file-sharing and print services have become the mainstay of Microsoft networking. With the introduction of the Windows 2000 series of software, Microsoft changed the underlying structure for using SMB. In previous versions of Microsoft products, the SMB services used a non-TCP/IP protocol to implement name resolution. Beginning with Windows 2000, all subsequent Microsoft products use DNS naming. This allows TCP/IP protocols to directly support SMB resource sharing, as shown in the figure. The LINUX and UNIX operating systems also provide a method of sharing resources with Microsoft networks using a version of SMB called SAMBA. The Apple Macintosh operating systems also support resource sharing using the SMB protocol. he SMB protocol describes file system access and how clients can make requests for files. It also describes the SMB protocol inter-process communication. All SMB messages share a common format. This format uses a fixed-sized header followed by a variable-sized parameter and data component. SMB messages can: o o o Start, authenticate, and terminate sessions Control file and printer access Allow an application to send or receive messages to or from another device The SMB file exchange process is shown in the figure. 3.3.7 P2P Services and Gnutella Protocols You learned about FTP and SMB as ways of obtaining files, here is another Application protocol. Sharing files over the Internet has become extremely popular. With P2P applications based on the Gnutella protocol, people can make files on their hard disks available to others for downloading. Gnutella-compatible client software allows users to connect to Gnutella services over the Internet and to locate and access resources shared by other Gnutella peers. Many client applications are available for accessing the Gnutella network, including: BearShare, Gnucleus, LimeWire, Morpheus, WinMX and XoloX (see a screen capture of LimeWire in the figure). While the Gnutella Developer Forum maintains the basic protocol, application vendors often develop extensions to make the protocol work better on their applications. Many P2P applications do not use a central database to record all the files available on the peers. Instead, the devices on the network each tell the other what files are available when queried and use the Gnutella protocol and services to support locating resources. See the figure. When a user is connected to a Gnutella service, the client applications will search for other Gnutella nodes to connect to. These nodes handle queries for resource locations and replies to those requests. They also govern control messages, which help the service discover other nodes. The actual file transfers usually rely on HTTP services. The Gnutella protocol defines five different packet types: o o o o o ping - for device discovery pong - as a reply to a ping query - for file location query hit - as a reply to a query push - as a download request 3.3.8 Telnet Services and Protocols Long before desktop computers with sophisticated graphical interfaces existed, people used text-based systems which were often just display terminals physically attached to a central computer. Once networks were available, people needed a way to remotely access the computer systems in the same manner that they did with the directly attached terminals. Telnet was developed to meet that need. Telnet dates back to the early 1970s and is among the oldest of the Application layer protocols and services in the TCP/IP suite. Telnet provides a standard method of emulating text-based terminal devices over the data network. Both the protocol itself and the client software that implements the protocol are commonly referred to as Telnet. Appropriately enough, a connection using Telnet is called a Virtual Terminal (VTY) session, or connection. Rather than using a physical device to connect to the server, Telnet uses software to create a virtual device that provides the same features of a terminal session with access to the server command line interface (CLI). To support Telnet client connections, the server runs a service called the Telnet daemon. A virtual terminal connection is established from an end device using a Telnet client application. Most operating systems include an Application layer Telnet client. On a Microsoft Windows PC, Telnet can be run from the command prompt. Other common terminal applications that run as Telnet clients are HyperTerminal, Minicom, and TeraTerm. Once a Telnet connection is established, users can perform any authorized function on the server, just as if they were using a command line session on the server itself. If authorized, they can start and stop processes, configure the device, and even shut down the system. Click the tabs in the figure to view the Telnet example. Telnet is a client/server protocol and it specifies how a VTY session is established and terminated. It also provides the syntax and order of the commands used to initiate the Telnet session, as well as control commands that can be issued during a session. Each Telnet command consists of at least two bytes. The first byte is a special character called the Interpret as Command (IAC) character. As its name implies, the IAC defines the next byte as a command rather than text. Some sample Telnet protocol commands include: Are You There (AYT) - Lets the user request that something appear on the terminal screen to indicate that the VTY session is active. Erase Line (EL) - Deletes all text from the current line. Interrupt Process (IP) - Suspends, interrupts, aborts, or terminates the process to which the Virtual Terminal is connected. For example, if a user started a program on the Telnet server via the VTY, he or she could send an IP command to stop the program. While the Telnet protocol supports user authentication, it does not support the transport of encrypted data. All data exchanged during a Telnet sessions is transported as plain text across the network. This means that the data can be intercepted and easily understood. If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure method for server access. SSH provides the structure for secure remote login and other secure network services. It also provides stronger authentication than Telnet and supports the transport of session data using encryption. As a best practice, network professionals should always use SSH in place of Telnet, whenever possible. Later in this course, we will use Telnet and SSH to access and configure network devices over the lab network. 3.4.2 Lab Managing web server 3.5.1 Summary and Review The Application layer is responsible for directly accessing the underlying processes that manage and deliver communication to the human network. This layer serves as the source and destination of communications across data networks. The Application layer applications, protocols, and services enable users to interact with the data network in a way that is meaningful and effective. Applications are computer programs with which the user interacts and which initiate the data transfer process at the user's request. Services are background programs that provide the connection between the Application layer and the lower layers of the networking model. Protocols provide a structure of agreed-upon rules and processes that ensure services running on one particular device can send and receive data from a range of different network devices. Delivery of data over the network can be requested from a server by a client, or between devices that operate in a peer-to-peer arrangement, where the client/server relationship is established according to which device is the source and destination at that time. Messages are exchanged between the Application layer services at each end device in accordance with the protocol specifications to establish and use these relationships. Protocols like HTTP, for example, support the delivery of web pages to end devices. SMTP/POP protocols support sending and receiving e-mail. SMB enables users to share files. DNS resolves the human legible names used to refer to network resources into numeric addresses usable by the network. Cisco Exploration Semester 1 Chapter 7 7. Data Link Layer To support our communication, the OSI model divides the functions of a data network into layers. To recap: The Application layer provides the interface to the user. The Transport layer is responsible for dividing and managing communications between the processes running in the two end systems. The Network layer protocols organize our communication data so that it can travel across internetworks from the originating host to a destination host. For Network layer packets to be transported from source host to destination host, they must traverse different physical networks. These physical networks can consist of different types of physical media such as copper wires, microwaves, optical fibers, and satellite links. Network layer packets do not have a way to directly access these different media. It is the role of the OSI Data Link layer to prepare Network layer packets for transmission and to control access to the physical media. This chapter introduces the general functions of the Data Link layer and the protocols associated with it. Learning Objectives Upon completion of this chapter, you will be able to: • • • • • • • Explain the role of Data Link layer protocols in data transmission. Describe how the Data Link layer prepares data for transmission on network media. Describe the different types of media access control methods. Identify several common logical network topologies and describe how the logical topology determines the media access control method for that network. Explain the purpose of encapsulating packets into frames to facilitate media access. Describe the Layer 2 frame structure and identify generic fields. Explain the role of key frame header and trailer fields, including addressing, QoS, type of protocol, and Frame Check Sequence. 7.1.1 Supporting & Connecting to Upper Layer Services The Data Link layer provides a means for exchanging data over a common local media. The Data Link layer performs two basic services: Allows the upper layers to access the media using techniques such as framing Controls how data is placed onto the media and is received from the media using techniques such as media access control and error detection As with each of the OSI layers, there are terms specific to this layer: Frame - The Data Link layer PDU Node - The Layer 2 notation for network devices connected to a common medium Media/medium (physical)* - The physical means for the transfer of information between two nodes Network (physical)** - Two or more nodes connected to a common medium The Data Link layer is responsible for the exchange of frames between nodes over the media of a physical network. * It is important to understand the meaning of the words medium and media within the context of this chapter. Here, these words refer to the material that actually carries the signals representing the transmitted data. Media is the physical copper cable, optical fiber, or atmosphere through which the signals travel. In this chapter media does not refer to content programming such as audio, animation, television, and video as used when referring to digital content and multimedia. ** A physical network is different from a logical network. Logical networks are defined at the Network layer by the arrangement of the hierarchical addressing scheme. Physical networks represent the interconnection of devices on a common media. Sometimes, a physical network is also referred to as a network segment. Upper Layer Access to Media As we have discussed, a network model allows each layer to function with minimal concern for the roles of the other layers. The Data Link layer relieves the upper layers from the responsibility of putting data on the network and receiving data from the network. This layer provides services to support the communication processes for each medium over which data is to be transmitted. In any given exchange of Network layer packets, there may be numerous Data Link layer and media transitions. At each hop along the path, an intermediary device - usually a router - accepts frames from a medium, decapsulates the frame, and then forwards the packet in a new frame appropriate to the medium of that segment of the physical network. Imagine a data conversation between two distant hosts, such as a PC in Paris with an Internet server in Japan. Although the two hosts may be communicating with their peer Network layer protocols (IP for example), it is likely that numerous Data Link layer protocols are being used to transport the IP packets over various types of LANs and WANs. This packet exchange between two hosts requires a diversity of protocols that must exist at the Data Link layer. Each transition at a router could require a different Data Link layer protocol for transport on a new medium. Notice in the figure that each link between devices uses a different medium. Between the PC and the router may be an Ethernet link. The routers are connected through a satellite link, and the laptop is connected through a wireless link to the last router. In this example, as an IP packet travels from the PC to the laptop, it will be encapsulated into Ethernet frame, decapsulated, processed, and then encapsulated into a new data link frame to cross the satellite link. For the final link, the packet will use a wireless data link frame from the router to the laptop. The Data Link layer effectively insulates the communication processes at the higher layers from the media transitions that may occur end-to-end. A packet is received from and directed to an upper layer protocol, in this case IPv4 or IPv6, that does not need to be aware of which media the communication will use. Without the Data Link layer, a Network layer protocol, such as IP, would have to make provisions for connecting to every type of 71.2 Controlling Transfer Across Local Media Layer 2 protocols specify the encapsulation of a packet into a frame and the techniques for getting the encapsulated packet on and off each medium. The technique used for getting the frame on and off media is called the media access control method. For the data to be transferred across a number of different media, different media access control methods may be required during the course of a single communication. Each network environment that packets encounter as they travel from a local host to a remote host can have different characteristics. For example, one network environment may consist of many hosts contending to access the network medium on an ad hoc basis. Another environment may consist of a direct connection between only two devices over which data flows sequentially as bits in an orderly way. The media access control methods described by the Data Link layer protocols define the processes by which network devices can access the network media and transmit frames in diverse network environments. A node that is an end device uses an adapter to make the connection to the network. For example, to connect to a LAN, the device would use the appropriate Network Interface Card (NIC) to connect to the LAN media. The adapter manages the framing and media access control. At intermediary devices such as a router, where the media type could change for each connected network, different physical interfaces on the router are used to encapsulate the packet into the appropriate frame, and a suitable media access control method is used to access each link. The router in the figure has an Ethernet interface to connect to the LAN and a serial interface to connect to the WAN. As the router processes frames, it will use Data Link layer services to receive the frame from one medium, decapsulate it to the Layer 3 PDU, re-encapsulate the PDU into a new frame, and place the frame on the medium of the next link of the network. 7.1.3 Creating a Frame The description of a frame is a key element of each Data Link layer protocol. Data Link layer protocols require control information to enable the protocols to function. Control information may tell: • • • • Which nodes are in communication with each other When communication between individual nodes begins and when it ends Which errors occurred while the nodes communicated Which nodes will communicate next The Data Link layer prepares a packet for transport across the local media by encapsulating it with a header and a trailer to create a frame. Unlike the other PDUs that have been discussed in this course, the Data Link layer frame includes: • Data - The packet from the Network layer Header - Contains control information, such as addressing, and is located at the beginning of the PDU Trailer - Contains control information added to the end of the PDU • These frame elements will be discussed in more detail later in this chapter. • • Formatting Data for Transmission When data travels on the media, it is converted into a stream of bits, or 1s and 0s. If a node is receiving long streams of bits, how does it determine where a frame starts and stops or which bits represent the address? Framing breaks the stream into decipherable groupings, with control information inserted in the header and trailer as values in different fields. This format gives the physical signals a structure that can be received by nodes and decoded into packets at the destination. Typical field types include: • • • • • Start and stop indicator fields - The beginning and end limits of the frame Naming or addressing fields Type field - The type of PDU contained in the frame Quality - control fields A data field -The frame payload (Network layer packet) Fields at the end of the frame form the trailer. These fields are used for error detection and mark the end of the frame. Not all protocols include all of these fields. The standards for a specific Data Link protocol define the actual frame format. Examples of frame formats will be discussed at the end of this chapter. 7.1.4 Connecting Upper Layer Services to The Media The Data Link layer exists as a connecting layer between the software processes of the layers above it and the Physical layer below it. As such, it prepares the Network layer packets for transmission across some form of media, be it copper, fiber, or the atmosphere. In many cases, the Data Link layer is embodied as a physical entity, such as an Ethernet network interface card (NIC), which inserts into the system bus of a computer and makes the connection between running software processes on the computer and physical media. The NIC is not solely a physical entity, however. Software associated with the NIC enables the NIC to perform its intermediary functions of preparing data for transmission and encoding the data as signals to be sent on the associated media. 7.1.4 Connecting Upper Layer Services to The Media Data Link Sublayers To support a wide variety of network functions, the Data Link layer is often divided into two sublayers: an upper sublayer and an lower sublayer. The upper sublayer defines the software processes that provide services to the Network layer protocols. The lower sublayer defines the media access processes performed by the hardware. Separating the Data Link layer into sublayers allows for one type of frame defined by the upper layer to access different types of media defined by the lower layer. Such is the case in many LAN technologies, including Ethernet. The two common LAN sublayers are: Logical Link Control Logical Link Control (LLC) places information in the frame that identifies which Network layer protocol is being used for the frame. This information allows multiple Layer 3 protocols, such as IP and IPX, to utilize the same network interface and media. Media Access Control Media Access Control (MAC) provides Data Link layer addressing and delimiting of data according to the physical signaling requirements of the medium and the type of Data Link layer protocol in use. 7.1.6 Standart Unlike the protocols of the upper layers of the TCP/IP suite, Data Link layer protocols are generally not defined by Request for Comments (RFCs). Although the Internet Engineering Task Force (IETF) maintains the functional protocols and services for the TCP/IP protocol suite in the upper layers, the IETF does not define the functions and operation of that model's Network access layer. The TCP/IP Network Access layer is the equivalent of the OSI Data Link and Physical layers. These two layer will be discussed in separate chapters for closer examination.. The functional protocols and services at the Data Link layer are described by engineering organizations (such as IEEE, ANSI, and ITU) and communications companies. Engineering organizations set public and open standards and protocols. Communications companies may set and use proprietary protocols to take advantage of new advances in technology or market opportunities. Data Link layer services and specifications are defined by multiple standards based on a variety of technologies and media to which the protocols are applied. Some of these standards integrate both Layer 2 and Layer 1 services. Engineering organizations that define open standards and protocols that apply to the Data Link layer include: International Organization for Standardization (ISO) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) International Telecommunication Union (ITU) Unlike the upper layer protocols, which are implemented mostly in software such as the host operating system or specific applications, Data Link layer processes occur both in software and hardware. The protocols at this layer are implemented within the electronics of the network adapters with which the device connects to the physical network. For example, a device implementing the Data Link layer on a computer would be the network interface card (NIC). For a laptop, a wireless PCMCIA adapter is commonly used. Each of these adapters is the hardware that complies with the Layer 2 standards and protocols. http://www.iso.org http://www.ieee.org http://www.ansi.org http://www.itu.int 7.2.1 Placing Data on The Media Regulating the placement of data frames onto the media is known as media access control. Among the different implementations of the Data Link layer protocols, there are different methods of controlling access to the media. These media access control techniques define if and how the nodes share the media. Media access control is the equivalent of traffic rules that regulate the entrance of motor vehicles onto a roadway. The absence of any media access control would be the equivalent of vehicles ignoring all other traffic and entering the road without regard to the other vehicles. However, not all roads and entrances are the same. Traffic can enter the road by merging, by waiting for its turn at a stop sign, or by obeying signal lights. A driver follows a different set of rules for each type of entrance. In the same way, there are different ways to regulate the placing of frames onto the media. The protocols at the Data Link layer define the rules for access to different media. Some media access control methods use highly-controlled processes to ensure that frames are safely placed on the media. These methods are defined by sophisticated protocols, which require mechanisms that introduce overhead onto the network. The method of media access control used depends on: Media sharing - If and how the nodes share the media Topology - How the connection between the nodes appears to the Data Link layer 7.2.2 Media Access Control for Shared Media Some network topologies share a common medium with multiple nodes. At any one time, there may be a number of devices attempting to send and receive data using the network media. There are rules that govern how these devices share the media. There are two basic media access control methods for shared media: Controlled - Each node has its own time to use the medium Contention-based - All nodes compete for the use of the medium Click the tabs in the figure to see the differences in the two methods. Controlled Access for Shared Media When using the controlled access method, network devices take turns, in sequence, to access the medium. This method is also known as scheduled access or deterministic. If a device does not need to access the medium, the opportunity to use the medium passes to the next device in line. When one device places a frame on the media, no other device can do so until the frame has arrived at the destination and has been processed by the destination. Although controlled access is well-ordered and provides predictable throughput, deterministic methods can be inefficient because a device has to wait for its turn before it can use the medium. Contention-based Access for Shared Media Also referred to as non-deterministic, contention-based methods allow any device to try to access the medium whenever it has data to send. To prevent complete chaos on the media, these methods use a Carrier Sense Multiple Access (CSMA) process to first detect if the media is carrying a signal. If a carrier signal on the media from another node is detected, it means that another device is transmitting. When the device attempting to transmit sees that the media is busy, it will wait and try again after a short time period. If no carrier signal is detected, the device transmits its data. Ethernet and wireless networks use contention-based media access control. It is possible that the CSMA process will fail and two devices will transmit at the same time. This is called a data collision. If this occurs, the data sent by both devices will be corrupted and will need to be resent. Contention-based media access control methods do not have the overhead of controlled access methods. A mechanism for tracking whose turn it is to access the media is not required. However, the contention-based systems do not scale well under heavy media use. As use and the number of nodes increases, the probability of successful media access without a collision decreases. Additionally, The recovery mechanisms required to correct errors due to these collisions further diminishes the throughput. CSMA is usually implemented in conjunction with a method for resolving the media contention. The two commonly used methods are: CSMA/Collision Detection In CSMA/Collision Detection (CSMA/CD), the device monitors the media for the presence of a data signal. If a data signal is absent, indicating that the media is free, the device transmits the data. If signals are then detected that show another device was transmitting at the same time, all devices stop sending and try again later. Traditional forms of Ethernet use this method. CSMA/Collision Avoidance In CSMA/Collision Avoidance (CSMA/CA), the device examines the media for the presence of a data signal. If the media is free, the device sends a notification across the media of its intent to use it. The device then sends the data. This method is used by 802.11 wireless networking technologies. Note: CSMA/CD will be covered in more detail in Chapter 9. 7.2.3 Media Acccess Control for Non-Shared Media Media access control protocols for non-shared media require little or no control before placing frames onto the media. These protocols have simpler rules and procedures for media access control. Such is the case for point-to-point topologies. In point-to-point topologies, the media interconnects just two nodes. In this arrangement, the nodes do not have to share the media with other hosts or determine if a frame is destined for that node. Therefore, Data Link layer protocols have little to do for controlling non-shared media access. Full Duplex and Half Duplex In point-to-point connections, the Data Link layer has to consider whether the communication is half-duplex or full-duplex. Click the tabs in the figure to see the differences in the two methods. Half-duplex communication means that the devices can both transmit and receive on the media but cannot do so simultaneously. Ethernet has established arbitration rules for resolving conflicts arising from instances when more than one station attempts to transmit at the same time. In full-duplex communication, both devices can transmit and receive on the media at the same time. The Data Link layer assumes that the media is available for transmission for both nodes at any time. Therefore, there is no media arbitration necessary in the Data Link layer. The details of a specific media access control technique can only be examined by studying a specific protocol. Within this course, we will study traditional Ethernet, which uses CSMA/CD. Other techniques will be covered in later courses. 7.2.4 Logical VS Physical The topology of a network is the arrangement or relationship of the network devices and the interconnections between them. Network topologies can be viewed at the physical level and the logical level. The physical topology is an arrangement of the nodes and the physical connections between them. The representation of how the media is used to interconnect the devices is the physical topology. These will be covered in later chapters of this course. A logical topology is the way a network transfers frames from one node to the next. This arrangement consists of virtual connections between the nodes of a network independent of their physical layout. These logical signal paths are defined by Data Link layer protocols. The Data Link layer "sees" the logical topology of a network when controlling data access to the media. It is the logical topology that influences the type of network framing and media access control used. The physical or cabled topology of a network will most likely not be the same as the logical topology. Logical topology of a network is closely related to the mechanism used to manage network access. Access methods provide the procedures to manage network access so that all stations have access. When several entities share the same media, some mechanism must be in place to control access. Access methods are applied to networks to regulate this media access. Access methods will be discussed in more detail later. Logical and physical topologies typically used in networks are: • • • Point-to-Point Multi-Access Ring The logical implementations of these topologies and their associated media access control methods are considered in the following sections. 7.2.5 Point-to-Point Technology A point-to-point topology connects two nodes directly together, as shown in the figure. In data networks with point-to-point topologies, the media access control protocol can be very simple. All frames on the media can only travel to or from the two nodes. The frames are placed on the media by the node at one end and taken off the media by the node at the other end of the point-to-point circuit. In point-to-point networks, if data can only flow in one direction at a time, it is operating as a half-duplex link. If data can successfully flow across the link from each node simultaneously, it is a full-duplex link. Data Link layer protocols could provide more sophisticated media access control processes for logical point-to-point topologies, but this would only add unnecessary protocol overhead. Logical Point-to-Point Networks The end nodes communicating in a point-to-point network can be physically connected via a number of intermediate devices. However the use of physical devices in the network does not affect the logical topology. As shown in the figure, the source and destination node may be indirectly connected to each other over some geographical distance. In some cases, the logical connection between nodes forms what is called a virtual circuit. A virtual circuit is a logical connection created within a network between two network devices. The two nodes on either end of the virtual circuit exchange the frames with each other. This occurs even if the frames are directed through intermediary devices. Virtual circuits are important logical communication constructs used by some Layer 2 technologies. The media access method used by the Data Link protocol is determined by the logical point-to-point topology, not the physical topology. This means that the logical point-topoint connection between two nodes may not necessarily be between two physical nodes at each end of a single physical link. CISCO IOS CONFIGURATION Basic Router Commands . Mode-mode CISCO IOS : yaitu User Mode dan Previleged Mode yang akan praktikan praktekan satu per satu Untuk masuk ke User Mode, praktikan cukup menekan tombol Enter, sehingga keluar Router> Untuk mengetahui perintah apa saja yang disupport oleh mode ini tambahkan perintah “ ? “ pada Router>? 1. Router> show version 2. Router> show protocols 3. Router> show history Masuklah kemode previleged dengan mengetikan perintah enable Router> enable Router#? 1. Router# show ip interfaces 2. Router# show ip interfaces brief 3. Router#show running-config Untuk mengubah konfigurasi yang telah ada sebelumnya bisa menggunakan configure terminal untuk memasuki global configuration mode yang kemudian diikuti dengan baris-baris konfigurasi. 1. Router#conf t 2. Router(config )# perintah exit akan diperlukan untuk keluar dari global configuration mode Konfigurasi Router Interface Tugas router adalah meneruskan paket paket dari sebuah network ke network yang lainnya. Sebuhungan dengan tugas tersebut, network interface harus dikonfigurasi sesuai dengan karakteristik-nya. Perintah interface pada mode konfigurasi global disediakan untuk mengkonfigurasi interface-interface pada router. Ada berbagai tipe interface yang dikonfigurasi dengan perintah ini antara lain: Ethernet, Token Ring, FDDI, serial ATM, BRI, dan tunnel. Dalam praktikum, hanya Ethernet dan Serial saja yang akan dibahas lebih lanjut. 1. Mengkonfigurasi Ethernet Interface Perintah interface harus dijalankan pada mode konfigurasi global. Untuk memasuki mode konfigurasi global, gunakan perintah configure terminal, seperti yang telah dijelaskan sebelumnya. Format perintah interface untuk memasuki mode konfigurasi interface untuk Ethernet pada router yang hanya mempunyai satu slot adalah: interface ethernet nomer-port Beberapa jenis router memiliki banyak slot, seperti misalnya Cisco 2600,3600 dan 4000. Untuk router-router dengan banyak slot, format perintahnya adalah: interface ethernet nomer-slot/nomer-port Setelah memasuki mode konfigurasi interface dengan perintah di atas, barulah Ethernet tersebut dapat dikonfigurasi sesuai dengan kebutuhan. Konfigurasi paling dasar yang dibutuhkan agar Ethernet dapat meneruskan paket-paket adalah IP address dan subnet mask. Format konfigurasinya adalah: ip address IP-address subnet-mask Contoh konfigurasi Router1 interface ethernet 0 (pada topology Boson default) 1. Route1r# configure terminal 2. Router1(config)# interface ethernet 0 3. 4. 5. 6. 7. 8. Router1(config-if)# description LAN pada Lab Akatel Router1(config-if)# ip address 192.168.0.1 255.255.255.0 Router1(config-if)# no shut Router1(config-if)# exit Router1(config)# exit Router1# Perintah interface ethernet 0 pada baris ke 2, masuk ke mode konfigurasi interface ethernet 0 Perintah description pada baris ke 3 , memberikan deskripsi singkat tentang interface Perintah ip address pada baris ke 4, memberikan no ip ke interface Perintah no shut (no shutdown) pada perintah baris ke 5 diatas mengintrusikan bahwa interface tersebut langsung diaktifkan Contoh konfigurasi Router2 interface ethernet 1 (pada topology Boson default) 1. 2. 3. 4. 5. 6. 7. 8. Route2r# configure terminal Router2(config)# interface ethernet 0 Router2(config-if)# description LAN pada Lab Akatel Router2(config-if)# ip address 192.168.0.2 255.255.255.0 Router2(config-if)# no shut Router2(config-if)# exit Router2(config)# exit Router2# Uji Koneksitas Router dengan PING Ping lah Router1 ke Router2 Router1# ping 192.168.0.2 Menampilkan ringkasan status IP interface Router1 Router1# show ip interface brief Menampilkan ringkasan status IP interface Router2 Router2# show ip interface brief 2. Mengkonfigurasi Serial Interface Serial interface adalah interface yang seringkali digunakan untuk koneksi ke WAN (Wide Area Network). Koneksi serial membutuhkan clocking untuk sinkronisasi. Dan oleh karena itu, hubungan serial ini harus mempunyai 2 sisi, yaitu DCE (data circuitterminating equipment) dan DTE (data terminal equipment). DCE menyediakan clocking dan DTE akan mengikuti clock yang diberikan oleh DCE. Kabel DCE mempunyai koneksi female (perempuan), sedangkan kabel DTE mempunyai koneksi male (jantan). Pada prakteknya, DCE biasanya disediakan oleh service provider yang biasanya adalah merupakan koneksi ke CSU/DSU. Router sendiri biasanya hanyalah berperan sebagai DTE sehingga router tersebut tidak perlu menyediakan clocking. Walaupun demikian, cisco router juga bisa berperan sebagai DCE yang menyediakan clocking. Fungsi ini biasanya dipakai untuk uji coba router dimana kita bisa menghubungkan 2 buah router back to back sehingga salah satu router harus berfungsi sebagai DCE agar koneksi bisa terjadi. Contoh konfigurasi interface serial sebagai DTE 1. 2. 3. 4. 5. 6. 7. Router # configure terminal Router(config)# interface serial 0 Router(config-if)# description Lab komp Akatel Router(config-if)# ip address 172.16.158.1 255.255.255.0 Router(config-if)# bandwith 64 Router(config-if)# exit Router(config)# exit Contoh konfigurasi interface serial sebagai DCE 1. 2. 3. 4. 5. 6. 7. 8. Router # configure terminal Router(config)# interface serial 0 Router(config-if)# description Lab Cisco sebagai DCE Router(config-if)# ip address 172.16.158. 255.255.255.0 Router(config-if)# bandwith 64 Router(config-if)# clock rate 64000 Router(config-if)# exit Router(config)# exit 1. Uji Koneksitas Router 2 dengan Router 4 2. Menampilkan ringkasan status IP interface Router2 3. Menampilkan ringkasan status IP interface Router4 C. Mengamankan Router dengan Password Untuk menyulitkan orang yang tidak berhak mengubah dan mengacau konfigurasi router, maka router tersebut perlu dilindungi dengan kata sandi (password). Password untuk mode priviledge Setelah user menuliskan password dengan benar untuk mendapatkan akses ke router baik melalui jaringan ataupun console, maka user akan memasuki user mode. Jika password untuk mode priviledge dikonfigurasi, maka user juga harus menuliskan password lagi untuk masuk ke mode itu. Perintah yang digunakan untuk memberi password pada mode ini adalah enable password, atau enable secret. Perbedaan antara kedua perintah tersebut adalah bahwa perintah enable secret membuat password-nya terenkrip sedangkan enable password tidak. Kedua perintah tersebut juga bisa dituliskan kedua-duanya dalam mode konfigurasi global, dan keduanya juga bisa mempunyai password yang berbeda. Namun jika keduanya diletakkan pada konfigurasi, maka password pada enable secret yang akan digunakan untuk memasuki privileged mode. Mengkonfigurasi enable password dari mode priviledge 1. Route1r#conf t 2. Router1(config)#enable password rahasia Mengkonfigurasi enable secret dari mode priviledge 1. Router1#conf t 2. Router1(config)#enable secret rahasiabanget Melihat konfigurasi Router (harus dari mode priviledge) o o Router1 (config)# exit Router 1#show running-config access-list Defines an access list. Syntax: [no] access-list list-name [permit|deny] protocol source source-mask [operator operand] destination destination-mask [proto-type] [operator operand] [established] [fragment] [sample tag-name] [log] [rate-limit tag-name] Attribute permit deny protocol source Description Permits access of packet if conditions are matched. Denies access of packet if conditions are matched. Name or number of an Internet protocol. Name keywords are: icmp, igmp, ip, ospf, pim, tcp, or udp. Number entries are standard internet protocol numbers from 0 - 255. If a protocol is not specified, the entry applies to all protocols. IP address of network or host sending the packet. The router compares routes being tested to this value. Specify the address using one of the following formats: • 32-bit IP address in dotted decimal format. source-mask destination destinationmask operator • keyword any to specify a source and source-mask of 0.0.0.0 255.255.255.255 • keyword host followed by the host address in dotted decimal notation which specifies source-mask of 0.0.0.0 The sourceattribute applies to all protocols Network mask applied to the source address. Specify as a 32-bit IP address in dotted decimal format. The source-mask attribute applies to all protocols. IP address of network or host to which the packet is being sent. Specify the address using one of the following formats: • 32-bit IP address in dotted decimal format. • keyword any to specify a source and source-mask of 0.0.0.0 255.255.255.255 • keyword host followed by the host address in dotted decimal notation which specifies source-mask of 0.0.0.0 The destination attribute applies to all protocols. Network mask applied to the destination address. Specify as a 32-bit IP address in dotted decimal format. The destination-mask attribute apples to all protocols. For udp and tcp packets only. Compares destination ports. When used after the source IP address/source-mask, specifies a source port. When used after the destination IP address/destination-mask, specifies a destination port. Valid values are: eq- specifies the port number is equal to the operand. operand range- specifies an inclusive range of ports in the operand delineated by a space, i.e. ports 1 through 3 would be entered 1 3. Specifies the destination port. Valid values are either a port number or a predefined port number keyword: 0 - 65535- port number Predefined port number keywords for tcp are: • bgp- BGP routing protocol packets • domain- DNS packet • echo- UDP echo port • exec- RSH protocol • ftp- FTP protocol commands. To enable FTP on the Avici router, both the ftp and ftp-data packet types must be permitted. • ftp-data- FTP protocol data • login- Remote login packets • sunrpc- Standard RPC protocol • syslog- UNIX syslog • telnet- Telnet connections Predefined port number keywords for udp are: • bootpc- Server port for the bootp protocol • bootps- DNS packets • domain- echo - UDP echo port • ntp- Network Time Protocol packets • rip- RIP routing protocol packets • snmp- SNMP packets • sunrpc- standard RPC protocol • syslog- UNIX syslog • tftp - Trivial File Transfer protocol packets icmpType, icmpCode icmpMessage igmpType established fragment tos range precedence range ICMP type and code as defined in RFC 792. For ICMP messages only ICMP message text. For ICMP messages only. IGMP message type. For IGMP messages only. For tcp protocol only. Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is the initial TCP datagram to form a connection. Match occurs on packet fragments (those packets with a non-zero offset in their IP header). This keyword can not be used if a port number is specified or if the established keyword is used. IP TOS byte value or range between 0 - 255. For range, specify the low and high number delineated by a space. The tos attribute is not used for the ICMP or IGMP protocols. An alternate form of expressing the TOS byte. This form matches bits ip.tos 7:5. The parameter can be a range, a value from 0 - 7, or a predefined keyword. The following keywords are supported: • critical-ecp = 0xa0 • internet-control = 0xc0 • network-control = 0xe0 • flash = 0x60 • flash-override = 0x80 • immediate = 0x40 dscp range • priority = 0x20 • routine = 0x00 For range, specify the low and high number delineated by a space. An alternate form of expressing the TOS byte. This form matches bits ip.tos 7:2. The parameters can be a range, a value from 0 - 63, or a predefined keyword. The following keywords and predefined values: • ef = 46 • af11 = 10 • af12 = 12 • af13 = 14 • af21 = 18 • af22 = 20 • af23 = 22 • af31 = 26 • af32 = 28 • af33 = 30 • af41 = 34 • af42 = 36 • af43 = 38 For range, specify the low and high number delineated by a space. length range The IP length field. The parameter can be either a single exact match value from 0 - 65535 or a range of values. For range, specify the low and high number delineated by a space. The 15 most significant bits are used for the access list length key. log Generate a syslog message when at least one match occurs within a 10 second interval. The log attribute can be used by all protocols. sample sample- Send a mirror copy of the packet to the configured interface mirror port. name The sample attribute can be used by all protocols. The sample-nameis any preconfigured sample using the sample command. rate-limit rate- Limits the rate of the received bandwidth to the configured rate. The limit-name rate-limit attribute can be used by all protocols. The rate-limit-name is any preconfigured rate-limit using the rate-limit command. Description: Access lists are filters that enable you to: • Restrict the routing information a router learns from or advertises to a neighbor. • Restrict inbound packets bound for either the server or fabric. You can define access lists filters based on any of four elements: • address based access lists identify routes you want to control by network address number. Use the access-list or ip access-list commands to create an address-based access list. • as-path based access lists identify routes you want to control by autonomous system path. Use the ip as-path access-list command to create an autonomous system path based access list. • community-based access lists identify BGP routes you want to control by community. Use the ip community-list command to create a community-based access list. • packet based access lists identify packets by protocol entering a router bound for either the fabric or server, as well as server sourced packets that you want to control. Packets forwarded across the fabric must use the ip access-list command in extended mode. Standard or Extended mode can be specified using the ip access-list command. Standard access lists create filters based on source addresses and are used for server based filtering. Extendedaccess lists create filters based on source addresses, destination addresses, protocol, port number and other features and are used for packet based filtering. Multiple BGP peers or route maps can reference a single access list. You can apply access lists to both inbound and outbound traffic. Each packet is passed through the access list. The rules in the access list are applied in the order in which they appear in the list. When a packet matches any rule, the decision to permit the packet through the filter or deny it is made, and no further rules are processed. This means that the order of commands in your access list is very important. Make entries in your access lists in descending order of likelihood of finding a match. List entries with the greatest probability of being matched before entries with the smallest probability of being matched. This order reduces the time spent processing each packet as it is passed through an access list. NOTE Internally, some code uses TCP sockets to communicate between tasks using the internal loopback address (127.0.0.1). Packet filtering behaves as though the following line was the first entry of every access-list: permit ip host 127.0.0.1 host 127.0.0.1 NOTE Access lists implicitly deny all access that is not expressly permitted. The following line is auto-appended to all access-lists: deny ip any any If it is desirable to over-ride this implicit denial statement, enter a permit ip any any statement as the last entry in the access-list. You cannot modify an existing access list in your configuration file. Instead, you must use the no option to delete the list and then retype the entire list. We recommend you keep your access lists in separate files, allowing you to cut and paste entries into your configuration file. Use the access-list list-name [permit|deny] source source-mask syntax to create a standard address-based access list. Add entries to the list by repeating the command for different IP addresses. Use the access-list list-name [permit|deny] source source-mask destination destination-mask syntax to create an extended address-based access list. Add entries to the list by repeating the command for different IP addresses. Use the access-list list-name [permit|deny] ip source source-mask destination destination-mask [log] [sample] [rate-limit] syntax to create an IP extended packetbased access list to filter any IP protocol packet, including ICMP, TCP, and UDP, based on their source, destination, protocol, destination port, connection state. Use the access-list list-name [permit|deny] icmp source source-mask destination destination-mask [proto-type] [log] [sample] [rate-limit] syntax to create an ICMP packet-based access list to filter any ICMP protocol packet, based on their source, destination, protocol, destination port, connection state. Use the access-list list-name [permit|deny] igmp source source-mask destination destination-mask [proto-type] [log] [sample] [rate-limit] syntax to create an IGMP packet-based access list to filter any IGMP protocol packet, based on their source, destination, protocol, destination port, connection state. Use the access-list list-name [permit|deny] tcp source source-mask [operator operand] destination destination-mask [operator operand] [established] [fragment] [log] [sample] [rate-limit] syntax to create a TCP protocol packet-based access list to filter individual packets based on their source, destination, protocol, destination port, connection state and fragmentation. Use the access-list list-name [permit|deny] udp source source-mask [operator operand] destination destination-mask [operator operand] [fragment] [log] [sample] [rate-limit] syntax to create a UDP protocol packet-based access list to filter individual packets based on their source, destination, protocol, destination port, connection state and fragmentation. Use the route-map, neighbor distribute-list, and neighbor filter-list commands to apply address-based access lists to routes. Use the ip access-group interface configuration command to apply packet-based access lists to an interface. Use the no access list syntax to delete an access list. Factory Default: Deny statement for all options. Command Mode: Configuration. Example 1: In the following example, the 4 access-list commands create a standard access list named ISP4_access that allows access only for hosts on three specified networks: router(config)#access-list ISP4_access permit 10.5.1.121 0.0.0.255 router(config)#access-list ISP4_access permit 128.20.0.0 0.0 255.255 router(config)#access-list ISP4_access permit 120.0.0.0 0.255.255.255 router(config)# Only routes that match entries in the access list are permitted. Note the last line of the access list is a deny any statement to remind your reader that all other access is denied. Example 2: In the following example, the access-list commands create an extended access list allowFTP to permit FTP command and control packets from all sources and destinations: router(config)#access-list allowFTP permit tcp any any eq ftp router(config)#access-list allowFTP permit tcp any any eq ftp-data Example 3: In the following example, the access-list commands create an extended access list denySNMP to deny SNMP packets from all sources and destinations, but permit all other IP traffic: router(config)#access-list denySNMP deny any any udp eq snmp router(config)#access-list denySNMP permit ip any any Example 4: In the following example: • A mirror port is configured to set the destination of interface pos 1/13/1 for any sampled packets received on the pos 1/14/1 interface. • Two sampling frequencies are configured and tag named src-100-d (deny) and src-100-p (permit) and set to 1 in 100 packets. • An extended IP access list is configured named src-filter. • to deny packets from network 12.160/16 with a sample rate of 1 in 100 packets. • to permit packets from network 191/8. • All other packets are permitted without sampling. • IP access-group src-filter is associated with interface pos 1/14/1 for in-bound traffic forwarded across the fabric. • An extended IP access-list is configured named forme and is configured with ACLs that deny telnet traffic from network 10.10/16. • The forme IP access-group is made the default inbound filter for messages intended for the server. router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. router(config)#interface pos 1/14/1 router(config-if)#mirror pos 1/13/1 router(config-if)#exit router(config)#sample src-100-d 100 router(config)#sample src-100-p 100 router(config)#ip access-list extended src_filter router(config-ext-nacl)#deny ip 12.160.0.0 0.0.255.255 sample src-100-d router(config-ext-nacl)#permit ip 191.0.0.0 0.255.255.255 sample src-100-p router(config-ext-nacl)#permit ip any any router(config-ext-nacl)#exit router(config)#interface pos 1/14/1 router(config-if)#ip access-group src_filter control-in router(config-if)#exit router(config)#ip access-list extended forme router(config-ext-nacl)#deny tcp 10.10.0.0 0.0.255.255 any eq telnet router(config-ext-nacl)#deny tcp any eq telnet 10.10.0.0 0.0.255.255 router(config-ext-nacl)#exit router(config)#ip default-access-group forme control-in router(config)#end router# VPN (VIRTUAL PRIVATE NETWORK) IP Kemampuan teknologi IP membangun jaringan Internet dalam skala besar dan tingkat keandalan tinggi merupakan salah satu modal utama untuk memberikan layanan komunikasi baru, VPN IP (virtual private network Intenet Protokol). VPN IP merupakan layanan komunikasi berbasis IP (Internet Protocol) sebagai jaringan private yang terpisah dari internet network (public). VPN IP mengombinasikan berbagai unsur dalam teknologi IP untuk memberi layanan yang memenuhi berbagai komponen layanan komunikasi baku yang ditawarkan oleh teknologi sebelumnya. Aplikasi VPN IP 1. Internet Access 2. Multiservice Service: Integrated Voice and Data 3. Backup Frame Relay Jenis Layanan VPN IP 1. VPN IP Dedicated Merupakan layanan komunikasi data berbasis IPdengan mode transmisi asimetris, yaitu bandwidth ke arah remote (downstream) lebih besar dari pada bandwidth meninggalkan remote (upstream). VPN IP dedicated ini menggunakan teknologi protokol TCP/IP (Transmission Control Protocol/Internet Protocol). Diperlukan kebutuhan transaksi aplikasi client server dimana remote hanya berfungsi sebagai client dan kantor pusat berfungsi sebagai server. 1. Metode Koneksi 2. Koneksi 24 jam sehari 3. Kecepatan koneksi 1. 32 kbps (upstream) / 64 kbps (downstream) 2. 64 kbps (upstream) / 128 kbps (downstream) 3. 128 kbps (upstream) / 256kbps (downstream) 4. 256kbps (upstream) / 512 kbps (downstream) 5. 512 kbps (upstream)/ 1024 kbps (downstream) 4. VPN menumpangkan komunikasi data pada saluran telepon pelanggan eksisting, tanpa mengganggu kualitas komunikasi suara. 1. Keunggulan 5. Efisiensi biaya 6. Efisiensi perangkat (pelanggan tidak perlu menyediakan router). 7. Efisiensi bandwidth 8. Mudah diintegrasikan dengan jaringan Frame Relay yang sudah ada di Pusat. 9. Aman karena didukung tunneling VPN dari MPLS teknologi. 10. Konfigurasi VPN IP Dedicated Kantor Gambar 1.9 VPN IP untuk Akses Intranet 1. VPN IP Dial Merupakan layanan komunikasi data berbasis IPdengan metode akses dial.dimana layanan ini digunakanuntuk kebutuhan transaksi aplikasi di kantor yang penggunaan aplikasinya kurang dari 4 jam per hari. Dapat melakukan dial ke suatu port dedicated atau dialokasikan khusus untuk pelanggan. Saluran telepon khusus hanya dapat digunakan oleh pelanggan, atau digunakan bersama (share) oleh user-user pelanggan sesuai kebutuhan. Keunggulan 1. 2. 3. 4. Efisiensi biaya (khusus untuk transaksi aplikasi kurang dari 4 jam/hari). Efisiensi perangkat maupun konektivitas jaringan. Aman karena didukung tunneling VPN dari MPLS teknologi. Mudah diintegrasikan dengan jaringan Frame Relay yang sudah ada di Kantor Pusat pelanggan. 5. Otentikasi VPN IP Dial 6. Dilakukan pada Server Otentikasi di kantor pusat pelanggan, dengan menggunakan user ID dan password sebagai berikut: User ID : [email protected] Password : xxxx 1. Setelah sesuai akan diberikan 1 IP Address yang diambil secara acak dari IP Pool di Server Otentikasi. 2. IP address adalah IP Private yang ditentukan sebelumnya oleh pelanggan. 3. Konfigurasi VPN IP Dial Gambar 1.10 Konfigurasi VPN IP Dial VPN Security 1. Authentication Proses mengidentifikasi komputer dan manusia atau user yang memulai VPN Connection. Metode otentikasi dapat dilakukan dengan protokol : 1. 2. 3. 4. 5. Extensible Authentication Protocol (EAP) Challenge Handshake Authentication (CHAP) MS-CHAP Password Authentication Protocol (PAP) Shiva-PAP 2. Authorization Menentukan apa yang boleh dan yang tidak boleh diakses oleh seorang user. 3. Enkripsi VPN Multiservice VPN Multiservice merupakan layanan paket solusi komunikasi data yang memberikan layanan berbasis IP ke end user. Layanan VPN Multiservice ini menggunakan jaringan MPLS (Multi Protocol Label Switch) yang aman untuk melakukan koneksi dalam Wide Area Network (WAN). Dengan layanan multiservice (integrasi layanan data dan suara melalui koneksi VPN), perusahaan dapat mengimplementasikan komunikasi data dan suara dalam LAN menggunakan koneksi Internet. Jaringan sharing MPLS memadukan kemampuan label swapping dengan layer network routing untuk membentuk private network yang aman dan cepat dalam pengiriman paket informasi. Dengan arsitektur jaringan tersebut menjadikan biaya jaringan lebih kompetitif sebagai alternatif solusi jaringan komunikasi WAN private. Implementasi VPN Multiservice ini sangat beragam sesuai kebutuhan dan keinginan konsumen. Contohnya, konsumen dapat mengelola IP dan router jaringan internalnya dari mana saja sepanjang ia terhubung ke Internet. Selain itu, konsumen juga dapat melangsungkan komunikasi suara dalam perusahaan, membangun data center sendiri, dan mengkoneksikan titik percabangan Intranet-nya secara aman. Keunggulan VPN Multiservice 1. Fleksibilitas dalam mengatur prioritas pengiriman jenis paket data untuk aplikasi yang sensitif dan non-sensitive delay (untuk mendukung integrasi layanan voice dan data). 2. Optimalisasi biaya karena pelanggan tidak memerlukan investasi router karena PT.Lintasarta telah menyediakannya. 3. Ekonomis karena menggunakan satu saluran fisik untuk beberapa layanan jasa dan koneksi. 4. Koneksi any-to-any didalam masing-masing VPN. 5. Kompatible dengan publik atau private address. 6. Akses secara langsung (Real Time) NMS (Network Management System) 7. Fully Managed karena jaringan dan router CPE dikelola oleh Lintasarta. Aplikasi VPN Multiservice 1. Aplikasi dengan trafik data yang tinggi dan dengan beberapa koneksi baik intranet, ekstranet dan internet berbasis client-server / telnet / terminal emulation yang terbagi atas : 2. Aplikasi Delay Tolerant : file transfer, e-mail, web intranet, akses Internet Dedicated. 3. Aplikasi Delay Sensitive : e-commerce, ERP,CRM 4. Aplikasi transaksional dan interaktif 5. Perdagangan saham 6. On line Banking 7. Payment point 8. Reservasi Spesifikasi Teknis 1. 2. 3. 4. Kecepatan koneksi : 64 Kbps – 2 Mbps Berbasis protokol IP sampai ke end user Interface LAN Ethernet 10 baseT Didukung dengan teknologi MPLS VPN dengan MPLS Salah satu feature MPLS adalah kemampuan membentuk tunnel atau virtual circuit yang melintasi networknya. Kemampuan ini membuat MPLS berfungsi sebagai platform alami untuk membangun virtual private network (VPN). VPN yang dibangun dengan MPLS sangat berbeda dengan VPN yang hanya dibangun berdasarkan teknologi IP, yang hanya memanfaatkan enkripsi data. VPN dpada MPLS lebih mirip dengan virtual circuit dari FR atau ATM, yang dibangun dengan membentuk isolasi trafik. Trafik benar-benar dipisah dan tidak dapat dibocorkan ke luar lingkup VPN yang didefinisikan. Lapisan pengamanan tambahan seperti IPSec dapat diaplikasikan untuk data security, jika diperlukan. Namun tanpa metode semacam IPSec pun, VPN dengan MPLS dapat digunakan dengan baik. Ref :- http://sinauonline.50webs.com/Cisco/VPN%20IP.html