Computer Networking Articles

advertisement
Computer Networking Articles
No
1
2
3
4
Upload
09-01-08
11-01-08
11-01-08
11-01-08
5 11-01-08
6 11-01-08
7 11-01-08
8
9
10
11
12
13
14
15
16
17
16
17
18
19
20
21
22
23
24
25
26
27
28
29
29-01-08
29-01-08
29-01-08
29-01-08
29-01-08
29-01-08
31-01-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
04-02-08
13-02-08
14-02-08
15-02-08
06-03-08
18-03-08
25-03-08
Articles
Cisco Certification
Introduction to Computer Networking
Computer Networking Component
Cisco Networking Academy Program Test Sem 1 Chapter 1
Cisco Networking Academy Program Test Sem 1 Chapter 1
Lanjutan
Cisco Networking Academy Program Test Sem 1 Chapter 2
Cisco Networking Academy Program Test Sem 1 Chapter 2
Lanjutan
VLAN (Virtual Local Area Network)
Cisco Switching Concepts
Perancangan Jaringan Cisco Switch
Routing Protocols pada Cisco Router RIP
Routing Protocols pada Cisco Router IGRP
Routing Protocols pada Cisco Router OSPF
Routing Protocols pada Cisco Router OSPF Lanjutan
Cisco Networking Academy Program Test Sem 1 Chapter 3
Cisco Networking Academy Program Test Sem 1 Chapter 4
Cisco Networking Academy Program Test Sem 1 Chapter 5
Cisco Networking Academy Program Test Sem 1 Chapter 6
Cisco Networking Academy Program Test Sem 1 Chapter 6-7
Cisco Networking Academy Program Test Sem 1 Chapter 7
Cisco Networking Academy Program Test Sem 1 Chapter 8
Cisco Networking Academy Program Test Sem 1 Chapter 9
Cisco Networking Academy Program Test Sem 1 Chapter 9-10
Cisco Networking Academy Program Test Sem 1 Chapter 10
Cisco Networking Academy Program Test Sem 1 Chapter 11
Cisco Exploration Semester 1 Chapter 2
Cisco Exploration Semester 1 Chapter 3
Cisco Exploration Semester 1 Chapter 7
Cisco IOS Configuration
Access List
VPN IP (virtual private network Intenet Protokol)
Sertifikasi: CCNA
Cisco Certified Network Associate (CCNA) adalah salah satu pondasi penting dalam seri
sertifikasi networking yang dikeluarkan oleh Cisco Systems. Level sertifikasi di Cisco
setelah CCNA, terdapat CCNP (Cisco Certified Network Professional) dan CCIP (Cisco
Certified Internetwork Professional), serta yang paling puncak adalah CCIE (Cisco
Certified Internetwork Expert). Seorang bersertifikat CCNA memiliki ilmu pengetahuan
dan kemampuan untuk instalasi, konfigurasi, mengoperasikan dan memecahkan
permasalahan (troubleshooting) pada LAN, WAN dan layanan dial access untuk network
kecil (dibawah 100 node), termasuk didalamnya penggunaan protokol seperti: IP, IGRP,
Serial, Frame Relay, IP RIP, VLAN, RIP, Ethernet, Access Lists.
Untuk mendapatkan sertifikasi CCNA bisa dilakukan dengan dua cara:
1. Lulus ujian INTRO 640-821 (Introduction to Cisco Networking Technologies)
dan ICND 640-811 (Interconnecting Cisco Networking Devices)
2. Lulus ujian CCNA 640-801
Umur sertifikasi CCNA adalah tiga tahun, dan kita untuk memperpanjangnya kita bisa
dengan mengikuti ujian CCNA 640-801 atau ICND 640-811. Ujian sertifikasi CCNA
640-801 dengan waktu ujian 90 menit untuk menyelesaikan 55-65 soal ujian. Ujian
tersedia dalam bahasa Inggris dan Jepang. Kita bisa mengambil ujian CCNA 640-801, di
tempat uji sertifikasi di seluruh Indonesia yang memperoleh pengakuan dari Pearson
VUE atau Prometric. Bentuk soal ujian dapat berupa:
•
•
•
•
•
•
•
Multiple-choice single answer
Multiple-choice multiple answer
Drag-and-drop
Fill-in-the-blank
Testlet
Simlet
Simulations
Materi yang diujikan terbagi menjadi empat tema, dengan subtema lengkap seperti
berikut:
1. Planning & Designing
•
•
•
•
•
•
•
Design a simple LAN using Cisco Technology
Design an IP addressing scheme to meet design requirements
Select an appropriate routing protocol based on user requirements
Design a simple internetwork using Cisco technology
Develop an access list to meet user specifications
Choose WAN services to meet customer requirements
2. Implementation & Operation
•
•
•
•
Configure routing protocols given user requirements
Configure IP addresses, subnet masks, and gateway addresses on routers and hosts
Configure a router for additional administrative functionality
Configure a switch with VLANS and inter-switch communication
3. Implement a LAN
•
•
•
•
•
•
Customize a switch configuration to meet specified network requirements
Manage system image and device configuration files
Perform an initial configuration on a router
Perform an initial configuration on a switch
Implement access lists
Implement simple WAN protocols
4. Troubleshooting
•
•
•
•
•
•
•
Utilize the OSI model as a guide for systematic network troubleshooting
Perform LAN and VLAN troubleshooting
Troubleshoot routing protocols
Troubleshoot IP addressing and host configuration
Troubleshoot a device as part of a working network
Troubleshoot an access list
Perform simple WAN troubleshooting
5. Technology
•
•
•
•
•
•
•
•
Describe network communications using layered models
Describe the Spanning Tree process
Compare and contrast key characteristics of LAN environments
Evaluate the characteristics of routing protocols
Evaluate TCP/IP communication process and its associated protocols
Describe the components of network devices
Evaluate rules for packet control
Evaluate key characteristics of WANs
Pelatihan apa yang harus saya ikuti sebagai persiapan untuk ujian CCNA? Ada tiga jenis
pelatihan yang bisa anda pilih dan ikuti untuk mempersiapkan diri dalam ujian
mendapatkan sertifikasi CCNA.
1. Mengikuti pelatihan persiapan ujian CCNA 640-801 dari lembaga-lembaga
pelatihan yang mengadakan
2. Mengikuti pelatihan persiapan ujian INTRO 640-821 dan ICND 640-811
3. Mengikuti pelatihan CCNA (semester 1-4) sesuai dengan kurikulum Cisco
Networking Academy Program (CNAP). Jalur ini sering disebut dengan jalur
akademi, pemahaman lebih komprehensif dan ilmu yang didapat relatif lebih
matang. Permasalahannya mungkin adalah waktu belajar relatif lebih lama.
Hubungi Local Academy (LA) Cisco di wilayah anda untuk mengikuti program
pelatihan CNAP.Sumber : by Romi Satria Wahono
Introduction to Computer Networking
Apa itu Jaringan Komputer ?
JARINGAN komputer adalah sebuah kumpulan komputer, printer dan peralatan lainnya
yang terhubung dalam satu kesatuan. Informasi dan data bergerak melalui kabel-kabel
atau tanpa kabel sehingga memungkinkan pengguna jaringan komputer dapat saling
bertukar dokumen dan data, mencetak pada printer yang sama dan bersama-sama
menggunakan hardware/software yang terhubung dengan jaringan. Setiap komputer,
printer atau periferal yang terhubung dengan jaringan disebut node. Sebuah jaringan
komputer dapat memiliki dua, puluhan, ribuan atau bahkan jutaan node.
Jenis-Jenis Jaringan Komputer
Secara umum jaringan komputer dibagi atas lima jenis, yaitu ;
1. Local Area Network (LAN)
Local Area Network (LAN), merupakan jaringan milik pribadi di dalam sebuah gedung
atau kampus yang berukuran sampai beberapa kilometer. LAN seringkali digunakan
untuk menghubungkan komputer-komputer pribadi dan workstation dalam kantor suatu
perusahaan atau pabrik-pabrik untuk memakai bersama sumberdaya (resouce, misalnya
printer) dan saling bertukar informasi.
2. Metropolitan Area Network (MAN)
Metropolitan Area Network (MAN), pada dasarnya merupakan versi LAN yang
berukuran lebih besar dan biasanya menggunakan teknologi yang sama dengan LAN.
MAN dapat mencakup kantor-kantor perusahaan yang letaknya berdekatan atau juga
sebuah kota dan dapat dimanfaatkan untuk keperluan pribadi (swasta) atau umum. MAN
mampu menunjang data dan suara, bahkan dapat berhubungan dengan jaringan televisi
kabel.
4. Wide Area Network (WAN)
Wide Area Network (WAN), jangkauannya mencakup daerah geografis yang
luas,seringkali mencakup sebuah negara bahkan benua. WAN terdiri dari
kumpulan mesin mesin yang bertujuan untuk menjalankan program-program
(aplikasi) pemakai.
5.
4. Internet
Sebenarnya terdapat banyak jaringan didunia ini, seringkali menggunakan perangkat
keras dan perangkat lunak yang berbeda-beda . Orang yang terhubung ke jaringan sering
berharap untuk bisa berkomunikasi dengan orang lain yang terhubung ke jaringan
lainnya. Keinginan seperti ini memerlukan hubungan antar jaringan yang seringkali tidak
kampatibel dan berbeda. Biasanya untuk melakukan hal ini diperlukan sebuah mesin
yang disebut gateway guna melakukan hubungan dan melaksanakan terjemahan yang
diperlukan, baik perangkat keras maupun perangkat lunaknya. Kumpulan jaringan yang
terinterkoneksi inilah yang disebut dengan internet.
5. Jaringan Tanpa Kabel
Jaringan tanpa kabel merupakan suatu solusi terhadap komukasi yang tidak bisa
dilakukan dengan jaringan yang menggunakan kabel. Misalnya orang yang ingin
mendapat informasi atau melakukan komunikasi walaupun sedang berada diatas mobil
atau pesawat terbang, maka mutlak jaringan tanpa kabel diperlukan karena koneksi kabel
tidaklah mungkin dibuat di dalam mobil atau pesawat. Saat ini jaringan tanpa kabel sudah
marak digunakan dengan memanfaatkan jasa satelit dan mampu memberikan kecepatan
akses yang lebih cepat dibandingkan dengan jaringan yang menggunakan kabel. Wireless
LAN dan Hotspot.
Topologi Jaringan Komputer
Topologi adalah suatu cara menghubungkan komputer yang satu dengan komputer
lainnya sehingga membentuk jaringan. Cara yang saat ini banyak digunakan adalah bus,
tokenring, star dan peer-to-peer network. Masing-masing topologi ini mempunyai ciri
khas, dengan kelebihan dan kekurangannya sendiri.
1. Bus Topology
Keuntungan
• Hemat kabel
• Layout kabel sederhana
• Mudah dikembangkan
Kerugian
• Deteksi dan isolasi kesalahan sangat kecil
• Kepadatan lalu lintas
• Bila salah satu client rusak, maka jaringan tidak bisa berfungsi.
• Diperlukan repeater untuk jarak jauh
2. Topologi Token RING
Metode token-ring (sering disebut ring saja) adalah cara menghubungkan komputer
sehingga berbentuk ring (lingkaran). Setiap simpul mempunyai tingkatan yang sama.
Jaringan akan disebut sebagai loop, data dikirimkan kesetiap simpul dan setiap informasii
yang diterima simpul diperiksa alamatnya apakah data itu untuknya atau bukan
Keuntungan
• Hemat Kabel
Kerugian
• Peka kesalahan
• Pengembangan jaringan lebih kaku
3. Topologi STAR
Kontrol terpusat, semua link harus melewati pusat yang menyalurkan data tersebut
kesemua simpul atau client yang dipilihnya. Simpul pusat dinamakan stasium primer atau
server dan lainnya dinamakan stasiun sekunder atau client server. Setelah hubungan
jaringan dimulai oleh server maka setiap client server sewaktu-waktu dapat menggunakan
hubungan jaringan tersebut tanpa menunggu perintah dari server.
Keuntungan
• Paling fleksibel
• Pemasangan/perubahan stasiun sangat mudah dan tidak mengganggu bagian jaringan
lain
• Kontrol terpusat
• Kemudahan deteksi dan isolasi kesalahan/kerusakan
• Kemudahaan pengelolaan jaringan
Kerugian
• Boros kabel
• Perlu penanganan khusus
• Kontrol terpusat (HUB) jadi elemen kritis
Manfaat Jaringan Komputer
• Resource Sharing, dapat menggunakan sumberdaya yang ada secara bersama-sama.
Misal seorang pengguna yang berada 100 km jauhnya dari suatu data, tidak mendapatkan
kesulitan dalam menggunakan data tersebut, seolah-olah data tersebut berada didekatnya.
Hal ini sering diartikan bahwa jaringan computer mangatasi masalah jarak.
• Reliabilitas tinggi, dengan jaringan komputer kita akan mendapatkan reliabilitas yang
tinggi dengan memiliki sumber-sumber alternatif persediaan. Misalnya, semua file dapat
disimpan atau dicopy ke dua, tiga atu lebih komputer yang terkoneksi ke jaringan.
Sehingga bila salah satu mesin rusak, maka salinan di mesin yang lain bisa digunakan.
• Menghemat uang. Komputer berukuran kecil mempunyai rasio harga/kinerja yang
lebih baik dibandingkan dengan komputer yang besar. Komputer besar seperti mainframe
memiliki kecapatan kira-kira sepuluh kali lipat kecepatan computer kecil/pribadi. Akan
tetapi harga mainframe seribu kali lebih mahal dari computer pribadi. Ketidakseimbangan
rasio harga/kinerja dan kecepatan inilah membuat para perancang sistem untuk
membangun sistem yang terdiri dari
computer komputer pribadi.
• Berbagi saluran komunikasi (internet).
• Memudahkan komunikasi antar pemakai jaringan.
Komponen Jaringan Komputer
Jaringan Komputer tersusun dari beberapa elemen dasar yang meliputi komponen
hardware dan software, yaitu :
1. Komponen Hardware
Personal Computer (PC), Network Interface Card (NIC), Kabel dan topologi jaringan.
2. Komponen Software
Sistem Operasi Jaringan, Network Adapter Driver, Protokol Jaringan.
A. Perangkat jaringan
1. Repeater
Berfungsi untuk menerima sinyal kemudian meneruskan kembali sinyal yang diterima
dengan kekuatan yang sama. Dengan adanya repeter, sinyal dari suatu komputer dapat
komputer lain yang letaknya berjauhan.
2. Hub
Fungsinya sama dengan repeater hanya hub terdiri dari beberapa port, sehingga hub
disebut juga multiport repeter. Repeater dan hub bekerja di physical layer sehingga tidak
mempunyai pengetahuan mengenai alamat yang dituju. Meskipun hub memiliki beberapa
port tetapi tetap menggunaka metode broadcast dalam mengirimkan sinyal, sehingga bila
salah satu port sibuk maka port yang lain harus menunggu jika ingin mengirimkan sinyal.
3. Bridge
Berfungsi seperti repeater atau hub tetapi lebih pintar karena bekerja pada lapisan data
link sehingga mempunyai kemampuan untuk menggunakan MAC address dalam proses
pengiriman frame ke alamat yang dituju.
4. Switch
Fungsinya sama dengan bridge hanya switch terdiri dari beberapa port sehingga switch
disebut multiport bridge. Dengan kemampuannya tersebut jika salah satu port pada
switch sibuk maka port-port lain masih tetap dapat berfungsi. Tetapi bridge dan switch
tidak dapat meneruskan paket IP yang ditujukan komputer lain yang secara logic berbeda
jaringan.
B. Type , Jenis Kabel dan Pengkabelan
Setiap jenis kabel mempunyai kemampuan dan spesifikasinya yang berbeda, oleh karena
itu dibuatlah pengenalan tipe kabel. Ada beberapa jenis kabel yang dikenal secara umum,
yaitu twisted pair (UTPunshielded twisted pair dan STP shielded twisted pair), coaxial
cable dan fiber optic.
1. Thin Ethernet (Thinnet)
Thin Ethernet atau Thinnet memiliki keunggulan dalam hal biaya yang relatif lebih
murah dibandingkan dengan tipe pengkabelan lain, serta pemasangan komponennya lebih
mudah. Panjang kabel thin coaxial/RG-58 antara 0.5 – 185 m dan maksimum 30
komputer terhubung.Kabel coaxial jenis ini banyak dipergunakan di kalangan radio
amatir, terutama untuk transceiver yang tidak memerlukan output daya yang besar.
Untuk digunakan sebagai perangkat jaringan, kabel coaxial jenis ini harus memenuhi
standar IEEE 802.3 10BASE2, dimana diameter rata-rata berkisar 5mm dan biasanya
berwarna hitam atau warna gelap lainnya. Setiap perangkat (device) dihubungkan dengan
BNC T-connector. Kabel jenis ini juga dikenal sebagai thin Ethernet atau ThinNet. Kabel
coaxial jenis ini, misalnya jenis RG-58 A/U atau C/U, jika diimplementasikan dengan
Tconnector dan terminator dalam sebuah jaringan, harus mengikuti aturan sebagai
berikut:
• Setiap ujung kabel diberi terminator 50-ohm.
• Panjang maksimal kabel adalah 1,000 feet (185 meter) per segment.
• Setiap segment maksimum terkoneksi sebanyak 30 perangkat jaringan (devices)
• Kartu jaringan cukup menggunakan transceiver yang onboard, tidak perlu tambahan
transceiver, kecuali untuk repeater.
• Maksimum ada 3 segment terhubung satu sama lain (populated segment).
• Setiap segment sebaiknya dilengkapi dengan satu ground.
• Panjang minimum antar T-Connector adalah 1,5 feet (0.5 meter).
• Maksimum panjang kabel dalam satu segment adalah 1,818 feet (555 meter).
• Setiap segment maksimum mempunyai 30 perangkat terkoneksi.
2. Thick Ethernet (Thicknet)
Dengan thick Ethernet atau thicknet, jumlah komputer yang dapat dihubungkan dalam
jaringan akan lebih banyak dan jarak antara komputer dapat diperbesar, tetapi biaya
pengadaan pengkabelan ini lebih mahal serta pemasangannya relatif lebih sulit
dibandingkan dengan Thinnet. Pada Thicknet digunakan transceiver untuk
menghubungkan setiap komputer dengan sistem jaringan dan konektor yang digunakan
adalah konektor tipe DIX. Panjang kabel transceiver maksimum 50 m, panjang kabel
Thick Ethernet maksimum 500 m dengan maksimum 100 transceiver terhubung. Kabel
coaxial jenis ini dispesifikasikan berdasarkan standar IEEE 802.3 10BASE5, dimana
kabel ini mempunyai diameter rata-rata 12mm, dan biasanya diberi warna kuning; kabel
jenis ini biasa disebut sebagai standard ethernet atau thick Ethernet, atau hanya disingkat
ThickNet, atau bahkan cuman disebut sebagai yellow cable.Kabel Coaxial ini (RG-6) jika
digunakan dalam jaringan mempunyai spesifikasi dan aturan sebagai berikut:
• Setiap ujung harus diterminasi dengan terminator 50-ohm (dianjurkan menggunakan
terminator yang sudah dirakit, bukan menggunakan satu buah resistor 50-ohm 1 watt,
sebab resistor mempunyai disipasi tegangan yang lumayan lebar).
• Maksimum 3 segment dengan peralatan terhubung (attached devices) atau berupa
populated segments.
• Setiap kartu jaringan mempunyai pemancar tambahan (external transceiver).Setiap
segment maksimum berisi 100 perangkat jaringan, termasuk dalam hal ini repeaters.
• Maksimum panjang kabel per segment adalah 1.640 feet (atau sekitar 500 meter).
• Maksimum jarak antar segment adalah 4.920 feet (atau sekitar 1500 meter).
• Setiap segment harus diberi ground.
• Jarang maksimum antara tap atau pencabang dari kabel utama ke perangkat (device)
adalah 16 feet (sekitar 5 meter). Jarang minimum antar tap adalah 8 feet (sekitar 2,5
meter).
Sumber : Diktat Kuliah Jarkom Akatel : Alfin H,ST
Cisco Networking Academy Program Test
Semester 1 Chapter 1
Sumber : Dari berbagai sumber
Cisco Networking Academy Program Test
Semester 1 Chapter 1
Sumber : Dari berbagai sumber
Cisco Networking Academy Program Test
Semester 1 Chapter 2
Cisco Networking Academy Program Test
Semester 1 Chapter 2
VLAN (Virtual Local Area Network)
VLAN merupakan suatu model jaringan yang tidak terbatas pada lokasi fisik seperti LAN
, hal ini mengakibatkan suatu network dapat dikonfigurasi secara virtual tanpa harus
menuruti lokasi fisik peralatan. Penggunaan VLAN akan membuat pengaturan jaringan
menjadi sangat fleksibel dimana dapat dibuat segmen yang bergantung pada organisasi
atau departemen, tanpa bergantung pada lokasi workstation.
Perbedaan yang sangat jelas dari model jaringan Local Area Network dengan Virtual
Local Area Network adalah bahwa bentuk jaringan dengan model Local Area Network
sangat bergantung pada letak/fisik dari workstation, serta penggunaan hub dan repeater
sebagai perangkat jaringan yang memiliki beberapa kelemahan. Sedangkan yang menjadi
salah satu kelebihan dari model jaringan dengan VLAN adalah bahwa tiap-tiap
workstation/user yang tergabung dalam satu VLAN/bagian (organisasi, kelompok dsb)
dapat tetap saling berhubungan walaupun terpisah secara fisik
Bagaimana VLAN Bekerja
VLAN diklasifikasikan berdasarkan metode (tipe) yang digunakan untuk
mengklasifikasikannya, baik menggunakan port, MAC addresses dsb. Semua informasi
yang mengandung penandaan/pengalamatan suatu vlan (tagging) di simpan dalam suatu
database (tabel), jika penandaannya berdasarkan port yang digunakan maka database
harus mengindikasikan port-port yang digunakan oleh VLAN. Untuk mengaturnya maka
biasanya digunakan switch/bridge yang manageable atau yang bisa di atur. Switch/bridge
inilah yang bertanggung jawab menyimpan semua informasi dan konfigurasi suatu
VLAN dan dipastikan semua switch/bridge memiliki informasi yang sama. Switch akan
menentukan kemana data-data akan diteruskan dan sebagainya. atau dapat pula
digunakan suatu software pengalamatan (bridging software) yang berfungsi
mencatat/menandai suatu VLAN beserta workstation yang didalamnya.untuk
menghubungkan antar VLAN dibutuhkan router.
Tipe-Tipe VLAN
Keanggotaan dalam suatu VLAN dapat di klasifikasikan berdasarkan port yang di
gunakan , MAC address, tipe protokol.
1. Berdasarkan Port
Keanggotaan pada suatu VLAN dapat di dasarkan pada port yang di gunakan oleh VLAN
tersebut , Kelemahannya adalah user tidak bisa untuk berpindah pindah, apabila harus
berpindah maka Network administrator harus mengkonfigurasikan ulang.
2. Berdasarkan MAC Address
Keanggotaan suatu VLAN didasarkan pada MAC address dari setiap workstation
/komputer yang dimiliki oleh user. Switch mendeteksi/mencatat semua MAC address
yang dimiliki oleh setiap Virtual LAN. MAC address merupakan suatu bagian yang
dimiliki oleh NIC (Network Interface Card) di setiap workstation. Kelebihannya apabila
user berpindah pindah maka dia akan tetap terkonfigurasi sebagai anggota dari VLAN
tersebut.Sedangkan kekurangannya bahwa setiap mesin harus di konfigurasikan secara
manual , dan untuk jaringan yang memiliki ratusan workstation maka tipe ini kurang
efissien untuk dilakukan.
3. Berdasarkan tipe protokol yang digunakan
Keanggotaan VLAN juga bisa berdasarkan protocol yang digunakan
4. Berdasarkan Alamat Subnet IP
Subnet IP address pada suatu jaringan juga dapat digunakan untuk mengklasifikasi suatu
VLAN. IP address digunakan untuk memetakan keanggotaan VLAN. Keuntungannya
seorang user tidak perlu mengkonfigurasikan ulang alamatnya di jaringan apabila
berpindah tempat, hanya saja karena bekerja di layer yang lebih tinggi maka akan sedikit
lebih lambat untuk meneruskan paket di banding menggunakan MAC addresses.
5. Berdasarkan aplikasi atau kombinasi lain
Sangat dimungkinkan untuk menentukan suatu VLAN berdasarkan aplikasi yang
dijalankan, atau kombinasi dari semua tipe di atas untuk diterapkan pada suatu jaringan.
Misalkan: aplikasi FTP (file transfer protocol) hanya bisa digunakan oleh VLAN 1 dan
Telnet hanya bisa digunakan pada VLAN 2.
Perbandingan VLAN dan LAN
Perbandingan Tingkat Keamanan
Penggunaan LAN telah memungkinkan semua komputer yang terhubung dalam jaringan
dapat bertukar data atau dengan kata lain berhubungan. Kerjasama ini semakin
berkembang dari hanya pertukaran data hingga penggunaan peralatan secara bersama
(resource sharing atau disebut juga hardware sharing).10 LAN memungkinkan data
tersebar secara broadcast keseluruh jaringan, hal ini akan mengakibatkan mudahnya
pengguna yang tidak dikenal (unauthorized user) untuk dapat mengakses semua bagian
dari broadcast. Semakin besar broadcast, maka semakin besar akses yang didapat, kecuali
hub yang dipakai diberi fungsi kontrol keamanan.
VLAN yang merupakan hasil konfigurasi switch menyebabkan setiap port switch
diterapkan menjadi milik suatu VLAN. Oleh karena berada dalam satu segmen, port-port
yang bernaung dibawah suatu VLAN dapat saling berkomunikasi langsung. Sedangkan
port-port yang berada di luar VLAN tersebut atau berada dalam naungan VLAN lain,
tidak dapat saling berkomunikasi langsung karena VLAN tidak meneruskan broadcast.
VLAN yang memiliki kemampuan untuk memberikan keuntungan tambahan dalam hal
keamanan jaringan tidak menyediakan pembagian/penggunaan media/data dalam suatu
jaringan secara keseluruhan. Switch pada jaringan menciptakan batas-batas yang hanya
dapat digunakan oleh komputer yang termasuk dalam VLAN tersebut. Hal ini
mengakibatkan administrator dapat dengan mudah mensegmentasi pengguna, terutama
dalam hal penggunaan media/data yang bersifat rahasia (sensitive information) kepada
seluruh pengguna jaringan yang tergabung secara fisik.
Keamanan yang diberikan oleh VLAN meskipun lebih baik dari LAN,belum menjamin
keamanan jaringan secara keseluruhan dan juga belum dapat dianggap cukup untuk
menanggulangi seluruh masalah keamanan. VLAN masih sangat memerlukan berbagai
tambahan untuk meningkatkan keamanan jaringan itu sendiri seperti firewall, pembatasan
pengguna secara akses perindividu, intrusion detection, pengendalian jumlah dan
besarnya broadcast domain, enkripsi jaringan, dsb.
Dukungan Tingkat keamanan yang lebih baik dari LAN inilah yang dapat dijadikan suatu
nilai tambah dari penggunaan VLAN sebagai sistem jaringan. Salah satu kelebihan yang
diberikan oleh penggunaan VLAN adalah kontrol administrasi secara terpusat, artinya
aplikasi dari manajemen VLAN dapat dikonfigurasikan, diatur dan diawasi secara
terpusat, pengendalian broadcast jaringan, rencana perpindahan, penambahan, perubahan
dan pengaturan akses khusus ke dalam jaringan serta mendapatkan media/data yang
memiliki fungsi penting dalam perencanaan dan administrasi di dalam grup tersebut
semuanya dapat dilakukan secara terpusat.
Dengan adanya pengontrolan manajemen secara terpusat maka administrator jaringan
juga dapat mengelompokkan grup-grup VLAN secara spesifik berdasarkan pengguna
dan port dari switch yang digunakan, mengatur tingkat keamanan, mengambil dan
menyebar data melewati jalur yang ada, mengkonfigurasi komunikasi yang melewati
switch, dan memonitor lalu lintas data serta penggunaan bandwidth dari VLAN saat
melalui tempat-tempat yang rawan di dalam jaringan.
Sumber : Dari berbagai sumber
SWITCHING CONCEPTS
Teknologi Ethernet yang saat ini banyak digunakan, ada teknologi thick dan thin
Ethernet. Dengan menggunakan collision, layer 2 lebih pintar dari layer 1 dimana dapat
meforwarding decisions based pada Media Access Control (MAC) addresses. Bridge
berada pada layer 2 yang berfungsi untuk membagi-bagi persegment pada network.
Begitu juga dengan switch yang berada pada layer 2, cara kerjanya mirip dengan bridge
namun memiliki banyak port (multiport bridge).
Kelemahan perangkat pada layer 2 ini adalah melakukan forward frame secara
broadcase ke semua device NT, dimana jika terjadi baanyak broadcast pada NT maka
akan terjadi sluggish pada waktu respon Saat ini LAN menggunakan kombinasi
perangkat pada Layer 1, 2 dan 3 yang disesuaikan dengan kebutuhan dari perusahaan
tersebut.
Mengapa perlu Segmentasi, karena untuk membagi kebagian kecil dari jaringan yang
disebut sebagai segment. Segmentasi mengikuti congestion NT untuk dapat secara
signifikan mengurangi banyak segment, disaat transmisi data antar segment, device pada
satu segment akan membagi total bandwidth yang ada. Segmentasi dapat dilakukan
dengan menggunakan Bridge, Router dan Switch.
Switch menggunakan cara collision domain yang tergantung dari jumlah port, dimana 1
port ada 1 collission domain, sedangkan akan ada 1 broadcast domain jika tidak
menggunakan fungsi VLAN Perangkat router : 1 port 1 collision domain Perangkat hub
menggunakan sistem Half duplex sedangkan switch menggunakan mekanisme full
duplex.
LAN Switching
Ada 2 klasifikasi pada alokasi badwidth di switch port yaitu as symmetric or
asymmetric based. Asymmetric switch membuat koneksi antara port dengan
bandwidth yang sama. Switching Asymmetric memungkinkan bandwidth untuk
terhubung dedicated ke server port switch untuk mencegah terjadinya bottleneck.
Metode switching ini memerlukan memory buffering, diperlukan buffer untuk
menjaga agar tetap kesinambungan frames diantara perbedaan data rate pada ports.
VLAN
Teknologi VLAN adalah suatu cara yang memisahkan segmen-segmen pada switch
dimana antara 1 segmen dengan segmen lain tidaj dapat terkoneksi, koneksi dapat
dilakukan dengan menggunakan router. dalam satu switch akan berbeda network
idnya dan berbeda broadcast domainnya. VLAN dijalankan berdasarkan software
pada Switch, misalnya ;
Metode Switching
•
•
•
Cut Through = pada metode ini frame diperiksa sampai field destination,
fragmen free = frame diperiksa sampai 64 byte pertama, collision bisa menjadi
pada 64 bytes pertama
Store & Forward = frame disimpan terlebih dahulu, dicek nilai FCS
(Framecheck) nya baru di forward, apabila framenya tidak rusak
Adaptive Cut Through = gabungan dari cut thorough dengan store n forwarf,
apabila dirasa ada error makan akan berubah dari cut through menjadi store ada
forward setelah error berkurang akan kembali lagi
Perancangan Jaringan Cisco Switch
Implementasi dari perangkat share ke perangkat switch mengalami evolusi selama
beberapa tahun. Perancang jaringan awalnya mempunyai keterbatasan dalam pemilihan
perangkat untuk membangun sebuah jaringan kampus atau jaringan antar LAN. Pesatnya
perkembangan PC dan kebutuhan aplikasi klien-server membutuhkan pipa jaringan yang
lebar dan cepat, terutama untuk aplikasi multimedia. Pemenuhan kebutuhan ini
berevolusi dari pemakaian perangkat share-hub ke switch.
Gambar di atas menunjukkan sebuah strategi untuk mempertahankan infrastruktur kabel
dengan pemakaian perangkat yang baru. Bermula dari pemakaian hub, digantikan dengan
switch layer 2, switch layer 3, ATM, CDDI (Copper Data Distributed Interface) dan
FDDI (Fiber Data Distributed Interface). Strategi dasar perancangan jaringan switch
meliputi:
Switch LAN
Switch LAN adalah perangkat yang secara tipikal mempunyai beberapa port yang
menghubungkan beberapa segmen LAN lain dan port pada switch ini berkecepatan tinggi
(kita kenal 100Mbps untuk Ethernet, FDDI dan 155Mbps pada ATM). Sebuah switch
mempunyai bandwidth yang dedicated untuk setiap portnya. Untuk kinerja yang tinggi
biasanya satu port dipasang untuk satu workstation PC. Contoh sederhana seperti terlihat
di gambar.
Ketika switch mulai bekerja maka pada saat yang sama setiap workstation memulai
request data ke workstation lain (atau server), setiap request yang diterima ditampung
oleh switch dan memfilter MAC address dan port yang tersambung dari masing-masing
workstation, lalu disusun ke dalam sebuah tabel. Switch pada saat ini rata-rata mampu
menampung tabel MAC address sebanyak 8000.
Ketika host A pada port 1 akan melakukan transfer data ke host B di port 2 switch akan
mem-forward bingkai paket dari port 1 ke port 2. Pada saat yang bersamaan host C
melakukan transmisi data ke host D maka komunikasi masing-masing tidak akan saling
terganggu sebab switch telah menyediakan jalur logik dan fisik secara dedicated.
Ketika perangkat yang terhubung ke switch akan melakukan transmisi data ke sebuah
host yang tidak termasuk dalam tabel MAC di atas maka switch akan mengalihkan
bingkai data tersebut ke seluruh port dan tidak termasuk port asal data tersebut. Teknik ini
disebut dengan flooding. Implementasi switch atau beberapa switch jika tanpa
pertimbangan dan perancangan bisa menyebabkan jaringan lumpuh karena flooding ini
(bayangkan jika flooding ini terjadi di share-hub).
Dalam jaringan TCP/IP setiap workstation juga mempunyai tabel MAC address, tabel ini
biasa disebut dengan ARP (Address Resolution Protocol). Tabel ini disusun sebagai
pasangan MAC address dengan IP address. Dengan tersambungnya workstation tersebut
ke switch, pada saat workstation membroadcast ARP/NetBIOS untuk mencari pasangan
MAC address dan IP address workstation lain akan dihadang oleh switch. Kondisi seperti
ini menyebabkan nama workstation tidak bisa langsung tampil dalam jaringan Samba
atau Windows. Solusi masalah fisik ini ditanggulangi dengan implementasi WINS server,
setiap workstation mendaftarkan dirinya langsung ke WINS server dan WINS server akan
menjawab setiap query dari broadcast ARP/NetBIOS.
Virtual LAN
Sebuah Virtual LAN atau dikenal sebagai VLAN merupakan fungsi logik dari sebuah
switch. Fungsi logik ini mampu membagi jaringan LAN ke dalam beberapa jaringan
virtual. Jaringan virtual ini tersambung ke dalam perangkat fisik yang sama.
Implementasi VLAN dalam jaringan memudahkan seorang administrator jaringan dalam
membagi secara logik group-group workstation secara fungsional dan tidak dibatasi oleh
batasan lokasi. Generasi pertama VLAN berbasis dari OSI Layer 2 (MAC address)
dengan mekanisme bridging dan multiplexing.
Implementasi umum VLAN bisa kita deskripsikan dalam gambar berikut:
Ethernet 10Mbps tersambung ke masing-masing switch A, B, C dan D di tiap-tiap lantai,
keempat switch ini tersambung ke sebuah Fast-Ethernet switch E 100Mbps. Dari gambar
tersebut bisa kita lihat ada dua VLAN yaitu VLAN 10 dan VLAN 20. Masing-masing
VLAN mempunyai jalur yang dedicated antar workstationnya, jalur ini sering disebut
sebagai sebuah broadcast domain. Selain secara fisik switch membatasi broadcast data,
manajemen VLAN akan membatasi lagi broadcast ini sehingga VLAN 10 dan VLAN 20
sama sekali tidak ada komunikasi langsung.
Implementasi VLAN biasanya digabungkan dengan teknologi routing yang bekerja di
lapisan ketiga OSI (lapisan network). Dalam jaringan TCP/IP masing-masing VLAN
membutuhkan sebuah gateway (gateway dalam artian logik) untuk bisa berkomunikasi
dengan VLAN lainnya.
Kampus LAN
Sebuah jaringan yang terdiri dari beberapa segmen dan menggunakan perangkat switch
sering disebut sebagai Campus LAN. Selain teknologi switching yang mengendalikan
jalur data juga diterapkan teknologi routing untuk mewadahi kebutuhan komunikasi antar
VLAN. Kombinasi dua teknologi ini memberikan kelebihan jaringan berupa:
•
•
•
Jalur data yang dedicated sebagai backbone kecepatan tinggi
Implementasi VLAN bagi workgroup yang terpisah secara lokasi yang berjauhan
Teknologi routing antar VLAN untuk komunikasi karena batasan VLAN itu
sendiri selain juga sebagai penerapan jaringan TCP/IP untuk bergabung ke
network yang lebih besar, internet.
Implementasi firewall pada teknologi routing (berbasis TCP/IP )
Implementasi fisik dalam satu Campus LAN didasarkan atas kondisi fisik yang ada,
apakah memungkinkan dengan kabel UTP/STP, atau kabel telepon secara back-to-back
atau harus dengan kabel serat optik.
Pertimbangan Perancangan dan Implementasi
Ada beberapa pertimbangan dalam perancangan jaringan dengan penggunaan teknologi
switching yaitu perbandingan switch LAN dengan router, kelebihan switch LAN,
kelebihan router, dan beberapa prinsip perancangan switch dan VLAN.
Perbandingan Switch LAN dengan Router
Perbedaan mendasar switch dan router adalah prinsip kerjanya yang berbeda dilihat dari
referensi lapisan OSI. Perbedaan ini menghasilkan cara yang berbeda dalam mengatur
lalu lintas jaringan.
o
Loops, penggunaan beberapa switch dalam satu jaringan memungkinkan
terjadinya loop pada komunikasi antar host/workstation. Switch
mempunyai teknologi algoritma Spanning Tree Protocol (STP) untuk
mencegah loop data seperti ini. Jika dibandingkan dengan router, router
menyediakan komunikasi yang bebas loop dengan jalur yang optimal.
o
o
o
o
o
Convergence, dalam switch yang transparan bisa terjadi jalur data secara
switching lebih panjang jika dibandingkan dengan penggunaan router.
Protokol routing seperti OSPF (Open Shortest Path First) menyediakan
komunikasi routing data berdasarkan jalur data terdekat.
Broadcast, switch LAN tidak memfilter data broadcast dan multicast
karena switch beroperasi pada lapisan 2 sedangkan broadcast/multicast
adalah paket data di lapisan 3, broadcast yang berlebihan bisa
menyebabkan kondisi yang disebut broadcast-storm. Pada router
broadcast dan multicast tidak diforward dan bisa difilter.
Subnet, switch dan router mempunyai perbedaan mendasar dalam
mengurangi broadcast domain, secara fisik kita bisa merancang
segmentasi LAN, dalam teknologi routing perbedaan subnet tidak dibatasi
secara fisik harus dalam switch yang sama.
Security, kombinasi switch dan router mampu meningkatkan keamanan
secara protokol masing-masing. Switch bisa memfilter header paket data
berdasarkan MAC address dan router selain memfilter di lapisan 3
network juga mampu memfilter berdasarkan MAC address.
Media-Dependence, dua faktor yang harus dipertimbangkan dalam
perancangan jaringan heterogen (mixed-media), yang pertama adalah
faktor Maximum Transfer Unit (MTU), tiap topologi mempunyai MTU
yang berbeda. Yang kedua adalah proses translasi paket karena perbedaan
media di atas. Switch secara transparan akan menerjemahkan paket yang
berbeda supaya tetap saling berkomunikasi. Pada router terjadi secara
independen karena router bekerja di lapisan network, bukan lapisan datalink.
Kelebihan Switch
o
o
o
o
Switch dan Switch VLAN sama-sama bekerja di lapisan kedua lapisan
OSI. Implementasi teknologi pada lapisan ini memberikan tiga kelebihan
utama:
Bandwidth, switch LAN memberikan bandwidth yang dedicated untuk
setiap dan antar portnya. Jika masing-masing port tersambung ke switch
lagi atau share-hub maka tiap segmen tersebut mendapat alokasi
bandwidth yang sama (contohnya adalah gambar implementasi VLAN di
atas). Teknik ini biasa disebut dengan segmentasi mikro
(microsegmenting).
VLAN, switch VLAN mampu membagi grup port secara fisik menjadi
beberapa segmen LAN secara logik, masing-masing broadcast domain
yang terjadi tidak akan saling mengganggu antar VLAN. VLAN ini sering
juga disebut sebagai switched domains atau autonomous switching
domains. Komunikasi antar VLAN membutuhkan router (berfungsi
sebagai gateway masing-masing VLAN).
Otomatisasi pengenalan dan penerjemahan paket, salah satu teknologi
yang dikembangkan oleh Cisco adalah Automatic Paket Recognition and
Translation (APaRT) yang berfungsi untuk menyediakan transparansi
antara Ethernet dengan CDDI/FDDI.
Kelebihan Router
o
o
o
Broadcast/Multicast Control, router mampu mengendalikan broadcast
dan multicast dengan tiga cara yaitu dengan meng-cache alamat host,
meng-cache layanan network-advertise dan menyediakan protokol khusus
seperti Internet Group Message Protocol (IGMP) yang biasa dipakai
dalam jaringan Multicast Backbone.
Broadcast Segmentation, untuk mencegah broadcast router juga
bertanggungjawab dengan cara yang berlainan tergantung protokol yang
dipakai misalnya dalam TCP/IP menggunakan proxy ARP dan protokol
Internet Control Message Protocol (ICMP).
Media Transition, dalam jaringan heterogen router mampu
menerjemahkan paket ke dalam media yang berbeda, dalam kondisi ini
paket data di-fragmentasi oleh router karena perbedaan MTU.
Kelebihan VLAN
Isu utama implementasi VLAN dibandingkan jaringan hub/flat adalah scalability
terhadap topologi jaringan dan penyederhanaan manajemen. Kelebihan yang
ditawarkan pada VLAN adalah:
o
o
o
o
Broadcast control, layaknya switch biasa membatasai broadcast domain
VLAN mampu membatasi broadcast dari masing-masing grup-grup
VLAN, antar VLAN tidak terjadi broadcast silang.
Security, meskipun secara fisik berada dalam switch yang sama VLAN
membentengi sebuah grup dari VLAN lain atau dari akses luar jaringan,
selain itu implementasi firewall di routernya bisa dipasang juga.
Performance, pengelompokkan secara grup logik ini memberikan jalur
data yang dedicated untuk setiap grup, otomatis masing-masing grup
mendapat kinerja jalur data yang maksimum.
Management, prinsip logik pada VLAN memberikan kemudahan secara
manajemen, seorang user dari satu grup VLAN yang berpindah lokasi
tidak perlu lagi mengganti koneksi/sambungan ke switch, administrator
cukup mengubah anggota grup VLAN tersebut (port baru masuk grup
VLAN dan port lama dikeluarkan dari grup VLAN).
Implementasi VLAN
Implementasi VLAN pada sebuah switch bisa dibedakan atas:



port, cara ini mengatur agar setiap port hanya mendukung satu
VLAN, workstation dalam VLAN yang sama memperoleh
sambungan switched dan komunikasi antar VLAN harus
routedmelalui perangkat khusus router atau internal switch itu
sendiri jika mendukung teknologi routing (perangkat ini sering
disebut sebagai Switch Layer 3). Cara seperti ini sering disebut
sebagai segment-based VLAN.
protokol, VLAN berdasarkan alamat network (OSI lapisan ketiga)
memungkinkan topologi virtual untuk setiap protokol, dengan
setiap protokol mempunyai rule, firewall dll. Routing antar VLAN
akan terjadi secara otomatis tanpa tambahan perangkat router
eksternal. Dengan kata lain VLAN ini membolehkan satu port
menjadi beberapa VLAN. Cara seperti ini sering disebut sebagai
virtual subnet VLAN.
user defined, cara ini bisa dianggap paling fleksibel,
membolehkan switch membentuk VLAN atas dasar paket data,
sebagai contoh VLAN disusun atas dasar MAC address.
Sumber : Dari berbagai sumber
ROUTING PROTOCOL PADA CISCO ROUTER
Analogi routing protocol adalah bagaikan marka penunjuk jalan yang biasanya berwarna
hijau dan terdapat di jalan-jalan raya. Marka penunjuk jalan ini sangat berguna untuk
menghantarkan Anda ke tempat yang dituju. Jika Anda mengikuti terus marka penunjuk
jalan ini maka kemungkinan besar Anda akan sampai ke tempat tujuan. Marka jalan
tersebut akan menciptakan sebuah rute perjalanan untuk Anda tempuh ke tujuan.
Mungkin terbentang banyak rute untuk mencapai tempat tujuan Anda, namun biasanya
marka jalan tersebut akan menunjukan jalan yang terbaik untuk mencapai tujuan tersebut.
Routing protokol bekerja dengan analogi yang hampir sama dengan marka jalan tersebut.
Routing protokol memiliki tugas dan fungsi menunjukkan jalan untuk sebuah informasi
agar dapat mencapai tempat tujuannya. Routing protokol akan mengumpulkan rute-rute
perjalanan apa saja yang tersedia dalam sebuah jaringan dan semua kemungkinan yang
ada. Kemudian rute-rute yang terkumpul tersebut diolah dan dijadikan sebuah tabel yang
disebut sebagai routing table. Dari routing tabel ini, kemudian perangkat jaringan pintar
seperti router dapat memilih jalan terbaik untuk menuju ke lokasi tujuan.
(RIP) Routing Information Protocol
RIP termasuk dalam protokol distance-vector, sebuah protokol yang sangat sederhana.
Protokol distance-vector sering juga disebut protokol Bellman-Ford, karena berasal dari
algoritma perhitungan jarak terpendek oleh R.E. Bellman, dan dideskripsikan dalam
bentuk algoritma-terdistribusi pertama kali oleh Ford dan Fulkerson.
Setiap router dengan protokol distance-vector ketika pertama kali dijalankan hanya
mengetahui cara routing ke dirinya sendiri (informasi lokal) dan tidak mengetahui
topologi jaringan tempatnya berada. Router kemudia mengirimkan informasi lokal
tersebut dalam bentuk distance-vector ke semua link yang terhubung langsung
dengannya. Router yang menerima informasi routing menghitung distance-vector,
menambahkan distance-vector dengan metrik link tempat informasi tersebut diterima, dan
memasukkannya ke dalam entri forwarding table jika dianggap merupakan jalur terbaik.
Informasi routing setelah penambahan metrik kemudian dikirim lagi ke seluruh
antarmuka router, dan ini dilakukan setiap selang waktu tertentu. Demikian seterusnya
sehingga seluruh router di jaringan mengetahui topologi jaringan tersebut.
Protokol distance-vector memiliki kelemahan yang dapat terlihat apabila dalam jaringan
ada link yang terputus. Dua kemungkinan kegagalan yang mungkin terjadi adalah efek
bouncing dan menghitung-sampai-tak-hingga (counting to infinity). Efek bouncing dapat
terjadi pada jaringan yang menggunakan metrik yang berbeda pada minimal sebuah link.
Link yang putus dapat menyebabkan routing loop, sehingga datagram yang melewati link
tertentu hanya berputar-putar di antara dua router (bouncing) sampai umur (time to live)
datagram tersebut habis.
Menghitung-sampai-tak-hingga terjadi karena router terlambat menginformasikan bahwa
suatu link terputus. Keterlambatan ini menyebabkan router harus mengirim dan
menerima distance-vector serta menghitung metrik sampai batas maksimum metrik
distance-vector tercapai. Link tersebut dinyatakan putus setelah distance-vector mencapai
batas maksimum metrik. Pada saat menghitung metrik ini juga terjadi routing loop,
bahkan untuk waktu yang lebih lama daripada apabila terjadi efek bouncing..
RIP tidak mengadopsi protokol distance-vector begitu saja, melainkan dengan melakukan
beberapa penambahan pada algoritmanya agar routing loop yang terjadi dapat
diminimalkan. Split horizon digunakan RIP untuk meminimalkan efek bouncing. Prinsip
yang digunakan split horizon sederhana: jika node A menyampaikan datagram ke tujuan
X melalui node B, maka bagi B tidak masuk akal untuk mencapai tujuan X melalui A.
Jadi, A tidak perlu memberitahu B bahwa X dapat dicapai B melalui A.
Untuk mencegah kasus menghitung-sampai-tak-hingga, RIP menggunakan metode
Triggered Update. RIP memiliki timer untuk mengetahui kapan router harus kembali
memberikan informasi routing. Jika terjadi perubahan pada jaringan, sementara timer
belum habis, router tetap harus mengirimkan informasi routing karena dipicu oleh
perubahan tersebut (triggered update). Dengan demikian, router-router di jaringan dapat
dengan cepat mengetahui perubahan yang terjadi dan meminimalkan kemungkinan
routing loop terjadi.
RIP yang didefinisikan dalam RFC-1058 menggunakan metrik antara 1 dan 15,
sedangkan 16 dianggap sebagai tak-hingga. Route dengan distance-vector 16 tidak
dimasukkan ke dalam forwarding table. Batas metrik 16 ini mencegah waktu
menghitung-sampai-tak-hingga yang terlalu lama. Paket-paket RIP secara normal
dikirimkan setiap 30 detik atau lebih cepat jika terdapat triggered updates. Jika dalam 180
detik sebuah route tidak diperbarui, router menghapus entri route tersebut dari forwarding
table. RIP tidak memiliki informasi tentang subnet setiap route. Router harus
menganggap setiap route yang diterima memiliki subnet yang sama dengan subnet pada
router itu. Dengan demikian, RIP tidak mendukung Variable Length Subnet Masking
(VLSM).
RIP versi 2 (RIP-2 atau RIPv2) berupaya untuk menghasilkan beberapa perbaikan atas
RIP, yaitu dukungan untuk VLSM, menggunakan otentikasi, memberikan informasi hop
berikut (next hop), dan multicast. Penambahan informasi subnet mask pada setiap route
membuat router tidak harus mengasumsikan bahwa route tersebut memiliki subnet mask
yang sama dengan subnet mask yang digunakan padanya.
RIP-2 juga menggunakan otentikasi agar dapat mengetahui informasi routing mana yang
dapat dipercaya. Otentikasi diperlukan pada protokol routing untuk membuat protokol
tersebut menjadi lebih aman. RIP-1 tidak menggunakan otentikasi sehingga orang dapat
memberikan informasi routing palsu. Informasi hop berikut pada RIP-2 digunakan oleh
router untuk menginformasikan sebuah route tetapi untuk mencapai route tersebut tidak
melewati router yang memberi informasi, melainkan router yang lain. Pemakaian hop
berikut biasanya di perbatasan antar-AS.
RIP-1 menggunakan alamat broadcast untuk mengirimkan informasi routing. Akibatnya,
paket ini diterima oleh semua host yang berada dalam subnet tersebut dan menambah
beban kerja host.
RIP-2 dapat mengirimkan paket menggunakan multicast pada IP 224.0.0.9 sehingga tidak
semua host perlu menerima dan memproses informasi routing. Hanya router-router yang
menggunakan RIP-2 yang menerima informasi routing tersebut tanpa perlu mengganggu
host-host lain dalam subnet.
RIP merupakan protokol routing yang sederhana, dan ini menjadi alasan mengapa RIP
paling banyak diimplementasikan dalam jaringan. Mengatur routing menggunakan RIP
tidak rumit dan memberikan hasil yang cukup dapat diterima, terlebih jika jarang terjadi
kegagalan link jaringan. Walaupun demikian, untuk jaringan yang besar dan kompleks,
RIP mungkin tidak cukup. Dalam kondisi demikian, penghitungan routing dalam RIP
sering membutuhkan waktu yang lama, dan menyebabkan terjadinya routing loop. Untuk
jaringan seperti ini, sebagian besar spesialis jaringan komputer menggunakan protokol
yang masuk dalam kelompok link-state.
Cara Kerja RIP
RIP bekerja dengan menginformasikan status network yang dipegang secara langsung
kepada router tetangganya.
Karakteristik dari RIP:
•
•
•
•
•
•
Distance vector routing protocol
Hop count sebagi metric untuk memilih rute
Maximum hop count 15, hop ke 16 dianggap unreachable
Secara default routing update 30 detik sekali
RIPv1 (classfull routing protocol) tidak mengirimkan subnet mask pada update
RIPv2 (classless routing protocol) mengirimkan subnet mask pada update
Kelemahan RIP
Dalam implementasi RIP memang mudah untuk digunakan, namun RIP mempunyai
masalah serius pada Autonomous System yang besar, yaitu :
1. Terbatasnya diameter network
Telah disebutkan sedikit di atas bahwa RIP hanya bisa menerima metrik sampai 15. Lebih
dari itu tujuan dianggap tidak terjangkau. Hal ini bisa menjadi masalah pada network
yang besar.
2. Konvergensi yang lambat
Untuk menghapus entry tabel routing yang bermasalah, RIP mempunyai metode yang
tidak efesien. Seperti pada contoh skema network di atas, misalkan subnet 10 bernilai 1
hop dari router 2 dan bernilai 2 hop dari router 3. Ini pada kondisi bagus, namun apabila
router 1 crash, maka subnet 3 akan dihapus dari table routing kepunyaan router 2 sampai
batas waktu 180 detik. Sementara itu, router 3 belum mengetahui bahwa subnet 3 tidak
terjangkau, ia masih mempunyai table routing yang lama yang menyatakan subnet 3
sejauh 2 hop (yang melalui router 2). Waktu subnet 3 dihapus dari router 2, router 3
memberikan informasi ini
kepada router 2 dan router 2 melihat bahwa subnet 3 bisa dijangkau lewat router 3
dengan 3 hop ( 2 + 1 ).Karena ini adalah routing baru maka ia akan memasukkannya ke
dalam KRT. Berikutnya, router 2 akan mengupdate routing table dan memberikannya
kepada router 3 bahwa subnet 3 bernilai 3 hop. Router 3 menerima dan menambahkan 1
hop lagi menjadi 4. Lalu tabel routing diupdate lagi dan router 2 meneriman informasi
jalan menuju subnet 3 menjadi 5 hop.
Demikian seterusnya sampai nilainya lebih dari 30. Routing atas terus menerus looping
sampai nilainya lebih dari 30 hop.
3. Tidak bisa membedakan network masking lebih dari /24
RIP membaca ip address berdasarkan kepada kelas A, B dan C. Seperti kita ketahui
bahwa kelas C mempunyai masking 24 bit. Dan masking ini masih bias diperpanjang
menjadi 25 bit, 26 bit dan seterusnya. RIP tidak dapat membacanya bila lebih dari 24 bit.
Ini adalah masalah besar, mengingat masking yang lebih dari 24 bit banyak dipakai. Hal
ini sudah dapat di atasi pada RIPv2.
Interior Gateway routing Protocol
Interior Gateway routing Protocol atau yang biasa dikenal dengan sebutan IGRP
merupakan suatu protokol jaringan kepemilikan yang mengembangkan sistem Cisco yang
dirancang pada sistem otonomi untuk menyediakan suatu alternatif RIP (Routing
Information Protocol). IGRP merupakan suatu penjaluran jarak antara vektor protokol,
bahwa masing-masing penjaluran bertugas untuk mengirimkan semua atau sebagian dari
isi table penjaluran dalam penjaluran pesan untuk memperbaharui pada waktu tertentu
untuk masing-masing penjaluran.
Penjaluran memilih alur yang terbaik antara sumber dan tujuan. Untuk menyediakan
fleksibilitas tambahan, IGRP mengijinkan untuk melakukan penjaluran multipath. Bentuk
garis equal bandwidth dapat menjalankan arus lalu lintas dalam round robin, dengan
melakukan peralihan secara otomatis kepada garis kedua jika sampai garis kesatu turun.
Operasi IGRP
Masing-masing penjaluran secara rutin mengirimkan masing-masing jaringan lokal
kepada suatu pesan yang berisi salinan tabel penjaluran dari tabel lainnya. Pesan ini berisi
tentang biaya-biaya dan jaringan yang akan dicapai untuk menjangkau masing-masing
jaringan tersebut. Penerima pesan penjaluran dapat menjangkau semua jaringan didalam
pesan sepanjang penjaluran yang bisa digunakan untuk mengirimkan pesan.
Tujuan dari IGRP yaitu:
•
Penjaluran stabil dijaringan kompleks sangat besar dan tidaka ada pengulangan
penjaluran.
•
•
•
•
Overhead rendah, IGRP sendiri tidak menggunakan bandwidth yang diperlukan
untuk tugasnya.
Pemisahan lalu lintas antar beberapa rute paralel.
Kemampuan untuk menangani berbagai jenis layanan dengan informasi tunggal.
Mempertimbangkan menghitung laju kesalahan dan tingkat lalu lintas pada alur
yang berbeda.
Perubahan IGRP
Kemudian setelah melalui proses pembaharuan IGRP kemudian menjadi EIGRP
(Enhanced IGRP), persamaannya adalah IGRP dan EIGRP sama-sama kompatibel dan
antara router-router yang menjalankan EIGRP dan IGRP dengan autonomous system
yang sama akan langsung otomatis terdistribusi. Selain itu EIGRP juga akan memberikan
tagging external route untuk setiap route yang berasal dari:
•
Routing protocol non EIGRP.
•
Routing protocol IGRP dengan AS number yang sama.
Open Shortest Path First (OSPF)
Definisi OSPF
OSPF merupakan sebuah routing protokol berjenis IGP yang hanya dapat bekerja dalam
jaringan internal suatu ogranisasi atau perusahaan. Jaringan internal maksudnya adalah
jaringan dimana user masih memiliki hak untuk menggunakan, mengatur, dan
memodifikasinya. Atau dengan kata lain, user masih memiliki hak administrasi terhadap
jaringan tersebut. Jika user sudah tidak memiliki hak untuk menggunakan dan
mengaturnya, maka jaringan tersebut dapat dikategorikan sebagai jaringan eksternal.
Selain itu, OSPF juga merupakan routing protokol yang berstandar terbuka. Maksudnya
adalah routing protokol ini bukan ciptaan dari vendor manapun. Dengan demikian,
siapapun dapat menggunakannya, perangkat manapun dapat kompatibel dengannya, dan
dimanapun routing protokol ini dapat diimplementasikan.
OSPF merupakan routing protokol yang menggunakan konsep hirarki routing, artinya
OSPF membagi-bagi jaringan menjadi beberapa tingkatan. Tingkatan-tingkatan ini
diwujudkan dengan menggunakan sistem pengelompokan area. Dengan menggunakan
konsep hirarki routing ini sistem penyebaran informasinya menjadi lebih teratur dan
tersegmentasi, tidak menyebar ke sana kemari dengan sembarangan. Efek dari
keteraturan distribusi routing ini adalah jaringan yang penggunaan bandwidth-nya lebih
efisien, lebih cepat mencapai konvergensi, dan lebih presisi dalam menentukan rute-rute
terbaik menuju ke sebuah lokasi. OSPF merupakan salah satu routing protocol yang
selalu berusaha untuk bekerja demikian.
Teknologi yang digunakan oleh routing protokol ini adalah teknologi link-state yang
memang didesain untuk bekerja dengan sangat efisien dalam proses pengiriman update
informasi rute. Hal ini membuat routing protokol OSPF menjadi sangat cocok untuk terus
dikembangkan menjadi network berskala besar. Pengguna OSPF biasanya adalah para
administrator jaringan berskala sedang sampai besar. Jaringan dengan jumlah router lebih
dari sepuluh buah, dengan banyak lokasi-lokasi remote yang perlu juga dijangkau dari
pusat, dengan jumlah pengguna jaringan lebih dari lima ratus perangkat komputer,
mungkin sudah layak menggunakan routing protocol ini.
OSPF Membentuk Hubungan dengan Router Lain
Untuk memulai semua aktivitas OSPF dalam menjalankan pertukaran informasi routing,
hal pertama yang harus dilakukannya adalah membentuk sebuah komunikasi dengan para
router lain. Router lain yang berhubungan langsung atau yang berada di dalam satu
jaringan dengan router OSPF tersebut disebut dengan neighbour router atau router
tetangga.
Langkah pertama yang harus dilakukan sebuah router OSPF adalah harus membentuk
hubungan dengan neighbour router. Router OSPF mempunyai sebuah mekanisme untuk
dapat menemukan router tetangganya dan dapat membuka hubungan. Mekanisme
tersebut disebut dengan istilah Hello protocol.
Dalam membentuk hubungan dengan tetangganya, router OSPF akan mengirimkan
sebuah paket berukuran kecil secara periodik ke dalam jaringan atau ke sebuah perangkat
yang terhubung langsung dengannya. Paket kecil tersebut dinamai dengan istilah Hello
packet. Pada kondisi standar, Hello packet dikirimkan berkala setiap 10 detik sekali
(dalam media broadcast multiaccess) dan 30 detik sekali dalam media Point-to-Point.
Hello packet berisikan informasi seputar pernak-pernik yang ada pada router pengirim.
Hello packet pada umumnya dikirim dengan menggunakan multicast address untuk
menuju ke semua router yang menjalankan OSPF (IP multicast 224.0.0.5). Semua router
yang menjalankan OSPF pasti akan mendengarkan protokol hello ini dan juga akan
mengirimkan hello packet-nya secara berkala. Cara kerja dari Hello protocol dan
pembentukan neighbour router terdiri dari beberapa jenis, tergantung dari jenis media di
mana router OSPF berjalan.
Seperti telah dijelaskan di atas, OSPF harus membentuk hubungan dulu dengan router
tetangganya untuk dapat saling berkomunikasi seputar informasi routing. Untuk
membentuk sebuah hubungan dengan router tetangganya, OSPF mengandalkan Hello
protocol. Namun uniknya cara kerja Hello protocol pada OSPF berbeda-beda pada setiap
jenis media. Ada beberapa jenis media yang dapat meneruskan informasi OSPF, masingmasing memiliki karakteristik sendiri, sehingga OSPF pun bekerja mengikuti
karakteristik mereka. Media tersebut adalah sebagai berikut:
Broadcast Multiaccess
Media jenis ini adalah media yang banyak terdapat dalam jaringan lokal atau LAN seperti
misalnya ethernet, FDDI, dan token ring. Dalam kondisi media seperti ini, OSPF akan
mengirimkan traffic multicast dalam pencarian router-router neighbour-nya. Namun ada
yang unik dalam proses pada media ini, yaitu akan terpilih dua buah router yang
berfungsi sebagai Designated Router (DR) dan Backup Designated Router (BDR).
Point-to-Point
Teknologi Point-to-Point digunakan pada kondisi di mana hanya ada satu router lain yang
terkoneksi langsung dengan sebuah perangkat router. Contoh dari teknologi ini misalnya
link serial. Dalam kondisi Point-to-Point ini, router OSPF tidak perlu membuat
Designated Router dan Back-up-nya karena hanya ada satu router yang perlu dijadikan
sebagai neighbour. Dalam proses pencarian neighbour ini, router OSPF juga akan
melakukan pengiriman Hello packet dan pesan-pesan lainnya menggunakan alamat
multicast bernama AllSPFRouters 224.0.0.5.
Point-to-Multipoint
Media jenis ini adalah media yang memiliki satu interface yang menghubungkannya
dengan banyak tujuan. Jaringan-jaringan yang ada di bawahnya dianggap sebagai
serangkaian jaringan Point-to-Point yang saling terkoneksi langsung ke perangkat
utamanya. Pesan-pesan routing protocol OSPF akan direplikasikan ke seluruh jaringan
Point-to-Point tersebut.
Pada jaringan jenis ini, traffic OSPF juga dikirimkan menggunakan alamat IP multicast.
Tetapi yang membedakannya dengan media berjenis broadcast multi-access adalah tidak
adanya pemilihan Designated dan Backup Designated Router karena sifatnya yang tidak
meneruskan broadcast.
Nonbroadcast Multiaccess (NBMA)
Media berjenis Nonbroadcast multi-access ini secara fisik merupakan sebuah serial line
biasa yang sering ditemui pada media jenis Point-to-Point. Namun secara faktanya, media
ini dapat menyediakan koneksi ke banyak tujuan, tidak hanya ke satu titik saja. Contoh
dari media ini adalah X.25 dan frame relay yang sudah sangat terkenal dalam
menyediakan solusi bagi kantor-kantor yang terpencar lokasinya. Di dalam penggunaan
media ini pun dikenal dua jenis penggunaan, yaitu jaringan partial mesh dan fully mesh.
OSPF melihat media jenis ini sebagai media broadcast multiaccess. Namun pada
kenyataannya, media ini tidak bisa meneruskan broadcast ke titik-titik yang ada di
dalamnya. Maka dari itu untuk penerapan OSPF dalam media ini, dibutuhkan konfigurasi
DR dan BDR yang dilakukan secara manual. Setelah DR dan BDR terpilih, router DR
akan mengenerate LSA untuk seluruh jaringan.
Dalam media jenis ini yang menjadi DR dan BDR adalah router yang memiliki koneksi
langsung ke seluruh router tetangganya. Semua traffic yang dikirimkan dari router-router
neighbour akan direplikasikan oleh DR dan BDR untuk masing-masing router dan
dikirim dengan menggunakan alamat unicast atau seperti layaknya proses OSPF pada
media Point-to-Point.
•
Proses Terjadinya OSPF
Secara garis besar, proses yang dilakukan routing protokol OSPF mulai dari awal hingga
dapat saling bertukar informasi ada lima langkah. Berikut ini adalah langkah-langkahnya:
Membentuk Adjacency Router
Adjacency router arti harafiahnya adalah router yang bersebelahan atau yang terdekat.
Jadi proses pertama dari router OSPF ini adalah menghubungkan diri dan saling
berkomunikasi dengan para router terdekat atau neighbour router. Untuk dapat membuka
komunikasi, Hello protocol akan bekerja dengan mengirimkan Hello packet.
Misalkan ada dua buah router, Router A dan B yang saling berkomunikasi OSPF. Ketika
OSPF kali pertama bekerja, maka kedua router tersebut akan saling mengirimkan Hello
packet dengan alamat multicast sebagai tujuannya. Di dalam Hello packet terdapat
sebuah field yang berisi Neighbour ID. Misalkan router B menerima Hello packet lebih
dahulu dari router A. Maka Router B akan mengirimkan kembali Hello packet-nya
dengan disertai ID dari Router A.
Ketika router A menerima hello packet yang berisikan ID dari dirinya sendiri, maka
Router A akan menganggap Router B adalah adjacent router dan mengirimkan kembali
hello packet yang telah berisi ID Router B ke Router B. Dengan demikian Router B juga
akan segera menganggap Router A sebagai adjacent routernya. Sampai di sini adjacency
router telah terbentuk dan siap melakukan pertukaran informasi routing.
Contoh pembentukan adjacency di atas hanya terjadi pada proses OSPF yang
berlangsung pada media Point-to-Point. Namun, prosesnya akan lain lagi jika OSPF
berlangsung pada media broadcast multiaccess seperti pada jaringan ethernet. Karena
media broadcast akan meneruskan paket-paket hello ke seluruh router yang ada dalam
jaringan, maka adjacency router-nya tidak hanya satu. Proses pembentukan adjacency
akan terus berulang sampai semua router yang ada di dalam jaringan tersebut menjadi
adjacent router.
Namun apa yang akan terjadi jika semua router menjadi adjacent router? Tentu
komunikasi OSPF akan meramaikan jaringan. Bandwidth jaringan Anda menjadi tidak
efisien terpakai karena jatah untuk data yang sesungguhnya ingin lewat di dalamnya akan
berkurang. Untuk itu pada jaringan broadcast multiaccess akan terjadi lagi sebuah proses
pemilihan router yang menjabat sebagai “juru bicara” bagi router-router lainnya. Router
juru bicara ini sering disebut dengan istilah Designated Router. Selain router juru bicara,
disediakan juga back-up untuk router juru bicara ini. Router ini disebut dengan istilah
Backup Designated Router. Langkah berikutnya adalah proses pemilihan DR dan BDR,
jika memang diperlukan.
Memilih DR dan BDR (jika diperlukan)
Dalam jaringan broadcast multiaccess, DR dan BDR sangatlah diperlukan. DR dan BDR
akan menjadi pusat komunikasi seputar informasi OSPF dalam jaringan tersebut. Semua
paket pesan yang ada dalam proses OSPF akan disebarkan oleh DR dan BDR. Maka itu,
pemilihan DR dan BDR menjadi proses yang sangat kritikal. Sesuai dengan namanya,
BDR merupakan “shadow” dari DR. Artinya BDR tidak akan digunakan sampai masalah
terjadi pada router DR. Ketika router DR bermasalah, maka posisi juru bicara akan
langsung diambil oleh router BDR. Sehingga perpindahan posisi juru bicara akan
berlangsung dengan smooth.
Proses pemilihan DR/BDR tidak lepas dari peran penting Hello packet. Di dalam Hello
packet ada sebuah field berisikan ID dan nilai Priority dari sebuah router. Semua router
yang ada dalam jaringan broadcast multi-access akan menerima semua Hello dari semua
router yang ada dalam jaringan tersebut pada saat kali pertama OSPF berjalan. Router
dengan nilai Priority tertinggi akan menang dalam pemilihan dan langsung menjadi DR.
Router dengan nilai Priority di urutan kedua akan dipilih menjadi BDR. Status DR dan
BDR ini tidak akan berubah sampai salah satunya tidak dapat berfungsi baik, meskipun
ada router lain yang baru bergabung dalam jaringan dengan nilai Priority-nya lebih tinggi.
Secara default, semua router OSPF akan memiliki nilai Priority 1. Range Priority ini
adalah mulai dari 0 hingga 255. Nilai 0 akan menjamin router tersebut tidak akan menjadi
DR atau BDR, sedangkan nilai 255 menjamin sebuah router pasti akan menjadi DR.
Router ID biasanya akan menjadi sebuah “tie breaker” jika nilai Priority-nya sama. Jika
dua buah router memiliki nilai Priority yang sama, maka yang menjadi DR dan BDR
adalah router dengan nilai router ID tertinggi dalam jaringan. Setelah DR dan BDR
terpilih, langkah selanjutnya adalah mengumpulkan seluruh informasi jalur dalam
jaringan.
Mengumpulkan State-state dalam Jaringan
Setelah terbentuk hubungan antarrouter-router OSPF, kini saatnya untuk bertukar
informasi mengenai state-state dan jalur-jalur yang ada dalam jaringan. Pada jaringan
yang menggunakan media broadcast multiaccess, DR-lah yang akan melayani setiap
router yang ingin bertukar informasi OSPF dengannya. DR akan memulai lebih dulu
proses pengiriman ini. Namun yang menjadi pertanyaan selanjutnya adalah, siapakah
yang memulai lebih dulu pengiriman data link-state OSPF tersebut pada jaringan Pointto-Point?
Untuk itu, ada sebuah fase yang menangani siapa yang lebih dulu melakukan pengiriman.
Fase ini akan memilih siapa yang akan menjadi master dan siapa yang menjadi slave
dalam proses pengiriman.
Router yang menjadi master akan melakukan pengiriman lebih dahulu, sedangkan router
slave akan mendengarkan lebih dulu. Fase ini disebut dengan istilah Exstart State. Router
master dan slave dipilih berdasarkan router ID tertinggi dari salah satu router. Ketika
sebuah router mengirimkan Hello packet, router ID masing-masing juga dikirimkan ke
router neighbour.
Setelah membandingkan dengan miliknya dan ternyata lebih rendah, maka router tersebut
akan segera terpilih menjadi master dan melakukan pengiriman lebih dulu ke router
slave. Setelah fase Exstart lewat, maka router akan memasuki fase Exchange. Pada fase
ini kedua buah router akan saling mengirimkan Database Description Packet. Isi paket ini
adalah ringkasan status untuk seluruh media yang ada dalam jaringan. Jika router
penerimanya belum memiliki informasi yang ada dalam paket Database Description,
maka router pengirim akan masuk dalam fase loading state. Fase loading state merupakan
fase di mana sebuah router mulai mengirimkan informasi state secara lengkap ke router
tetangganya.
Setelah loading state selesai, maka router-router yang tergabung dalam OSPF akan
memiliki informasi state yang lengkap dan penuh dalam database statenya. Fase ini
disebut dengan istilah Full state. Sampai fase ini proses awal OSPF sudah selesai, namun
database state tidak bisa digunakan untuk proses forwarding data. Maka dari itu, router
akan memasuki langkah selanjutnya, yaitu memilih rute-rute terbaik menuju ke suatu
lokasi yang ada dalam database state tersebut.
Memilih Rute Terbaik untuk Digunakan
Setelah informasi seluruh jaringan berada dalam database, maka kini saatnya untuk
memilih rute terbaik untuk dimasukkan ke dalam routing table. Jika sebuah rute telah
masuk ke dalam routing table, maka rute tersebut akan terus digunakan. Untuk memilih
rute-rute terbaik, parameter yang digunakan oleh OSPF adalah Cost. Metrik Cost
biasanya akan menggambarkan seberapa dekat dan cepatnya sebuah rute. Nilai Cost
didapat dari perhitungan dengan rumus:
Router OSPF akan menghitung semua cost yang ada dan akan menjalankan algoritma
Shortest Path First untuk memilih rute terbaiknya. Setelah selesai, maka rute tersebut
langsung dimasukkan dalam routing table dan siap digunakan untuk forwarding data.
Menjaga Informasi Routing Tetap Upto-date
Ketika sebuah rute sudah masuk ke dalam routing table, router tersebut harus juga memaintain state database-nya. Hal ini bertujuan kalau ada sebuah rute yang sudah tidak
valid, maka router harus tahu dan tidak boleh lagi menggunakannya.
Ketika ada perubahan link-state dalam jaringan, OSPF router akan melakukan flooding
terhadap perubahan ini. Tujuannya adalah agar seluruh router dalam jaringan mengetahui
perubahan tersebut.
Sampai di sini semua proses OSPF akan terus berulang-ulang. Mekanisme seperti ini
membuat informasi rute-rute yang ada dalam jaringan terdistribusi dengan baik, terpilih
dengan baik dan dapat digunakan dengan baik pula.
Keuntungan Menggunakan OSPF





Speed of convergence
Support for Variable Length Subnet Mask (VLSM)
Network size
Path selection
Grouping of members
Sumber : Dari berbagai sumber
Cisco Networking Academy Program Test Sem 1 Chapter 3
Cisco Networking Academy Program Test Sem 1 Chapter 4
Cisco Networking Academy Program Test Sem 1 Chapter 4
Cisco Networking Academy Program Test Sem 1 Chapter 6
Cisco Networking Academy Program Test Sem 1 Chapter 7
Cisco Networking Academy Program Test Sem 1 Chapter 8
Cisco Networking Academy Program Test Sem 1 Chapter 9
+
Cisco Networking Academy Program Test Sem 1 Chapter 9-10
+
Cisco Networking Academy Program Test Sem 1 Chapter 10
Cisco Networking Academy Program Test Sem 1 Chapter 11
Cisco Exploration Semester 1 Chapter 2
Communicating Over The Network
Introduction
More and more, it is networks that connect us. People communicate online from
everywhere. Efficient, dependable technology enables networks to be available whenever
and wherever we need them. As our human network continues to expand, the platform
that connects and supports it must also grow.
Rather than developing unique and separate systems for the delivery of each new service,
the network industry as a whole has developed the means to both analyze the existing
platform and enhance it incrementally. This ensures that existing communications are
maintained while new services are introduced that are both cost effective and
technologically sound.
In this course, we focus on these aspects of the information network:
o
o
o
o
o
Devices that make up the network
Media that connect the devices
Messages that are carried across the network
Rules and processes that govern network communications
Tools and commands for constructing and maintaining networks
Central to the study of networks is the use of generally-accepted models that describe
network functions. These models provide a framework for understanding current
networks and for facilitating the development of new technologies to support future
communications needs.
Within this course, we use these models, as well as tools designed to analyze and
simulate network functionality. Two of the tools that will enable you to build and interact
with simulated networks are Packet Tracer 4.1 software and Wireshark network protocol
analyzer.
This chapter prepares you to:
o
o
o
o
o
Describe the structure of a network, including the devices and media that are
necessary for successful communications.
Explain the function of protocols in network communications.
Explain the advantages of using a layered model to describe network
functionality.
Describe the role of each layer in two recognized network models: The TCP/IP
model and the OSI model.
Describe the importance of addressing and naming schemes in network
communications.
1. The Platform for communications
1. The Elements Of Communications
Communication begins with a message, or information, that must be sent from one
individual or device to another. People exchange ideas using many different
communication methods. All of these methods have three elements in common. The first
of these elements is the message source, or sender. Message sources are people, or
electronic devices, that need to send a message to other individuals or devices. The
second element of communication is the destination, or receiver, of the message. The
destination receives the message and interprets it. A third element, called a channel,
consists of the media that provides the pathway over which the message can travel from
source to destination.
Consider, for example, the desire to communicate using words, pictures, and sounds.
Each of these messages can be sent across a data or information network by first
converting them into binary digits, or bits. These bits are then encoded into a signal that
can be transmitted over the appropriate medium. In computer networks, the media is
usually a type of cable, or a wireless transmission.
The term network in this course will refer to data or information networks capable of
carrying many different types of communications, including traditional computer data,
interactive voice, video, and entertainment products.
1. Communicating The Messages
In theory, a single communication, such as a music video or an e-mail message, could be
sent across a network from a source to a destination as one massive continuous stream of
bits. If messages were actually transmitted in this manner, it would mean that no other
device would be able to send or receive messages on the same network while this data
transfer was in progress. These large streams of data would result in significant delays.
Further, if a link in the interconnected network infrastructure failed during the
transmission, the complete message would be lost and have to be retransmitted in full.
A better approach is to divide the data into smaller, more manageable pieces to send over
the network. This division of the data stream into smaller pieces is called segmentation.
Segmenting messages has two primary benefits.
First, by sending smaller individual pieces from source to destination, many different
conversations can be interleaved on the network. The process used to interleave the
pieces of separate conversations together on the network is called multiplexing.
Second, segmentation can increase the reliability of network communications. The
separate pieces of each message need not travel the same pathway across the network
from source to destination. If a particular path becomes congested with data traffic or
fails, individual pieces of the message can still be directed to the destination using
alternate pathways. If part of the message fails to make it to the destination, only the
missing parts need to be retransmitted.
The downside to using segmentation and multiplexing to transmit messages across a
network is the level of complexity that is added to the process. Imagine if you had to send
a 100-page letter, but each envelope would only hold one page. The process of
addressing, labeling, sending, receiving, and opening the entire hundred envelopes would
be time-consuming for both the sender and the recipient.
In network communications, each segment of the message must go through a similar
process to ensure that it gets to the correct destination and can be reassembled into the
content of the original message.
Various types of devices throughout the network participate in ensuring that the pieces of
the message arrive reliably at their destination.
1. Component Of The Networks
The path that a message takes from source to destination can be as simple as a single
cable connecting one computer to another or as complex as a network that literally spans
the globe. This network infrastructure is the platform that supports our human network. It
provides the stable and reliable channel over which our communications can occur.
Devices and media are the physical elements or hardware of the network. Hardware is
often the visible components of the network platform such as a laptop, a PC, a switch, or
the cabling used to connect the devices. Occasionally, some components may not be so
visible. In the case of wireless media, messages are transmitted through the air using
invisible radio frequency or infrared waves.
Services and processes are the communication programs, called software, that run on the
networked devices. A network service provides information in response to a request.
Services include many of the common network applications people use every day, like email hosting services and web hosting services. Processes provide the functionality that
directs and moves the messages through the network. Processes are less obvious to us but
are critical to the operation of networks.
1. End Devices and their role on the networks
The network devices that people are most familiar with are called end devices. These
devices form the interface between the human network and the underlying
communication network. Some examples of end devices are:
1.
2.
3.
4.
5.
Computers (work stations, laptops, file servers, web servers)
Network printers
VoIP phones
Security cameras
Mobile handheld devices (such as wireless barcode scanners,
PDAs)
In the context of a network, end devices are referred to as hosts. A host device is either
the source or destination of a message transmitted over the network. In order to
distinguish one host from another, each host on a network is identified by an address.
When a host initiates communication, it uses the address of the destination host to specify
where the message should be sent.
In modern networks, a host can act as a client, a server, or both. Software installed on the
host determines which role it plays on the network.
Servers are hosts that have software installed that enables them to provide information
and services, like e-mail or web pages, to other hosts on the network.
Clients are hosts that have software installed that enables them to request and display the
information obtained from the server.
1. Intermediary Devices and their role on the networks
In addition to the end devices that people are familiar with, networks rely on intermediary
devices to provide connectivity and to work behind the scenes to ensure that data flows
across the network. These devices connect the individual hosts to the network and can
connect multiple individual networks to form an internetwork. Examples of intermediary
network devices are:
1.
2.
3.
4.
Network Access Devices (Hubs, switches, and wireless access points)
Internetworking Devices (routers)
Communication Servers and Modems
Security Devices (firewalls)
The management of data as it flows through the network is also a role of the intermediary
devices. These devices use the destination host address, in conjunction with information
about the network interconnections, to determine the path that messages should take
through the network. Processes running on the intermediary network devices perform
these functions:
1. Regenerate and retransmit data signals
2. Maintain information about what pathways exist through the network and
internetwork
3. Notify other devices of errors and communication failures
4. Direct data along alternate pathways when there is a link failure
5. Classify and direct messages according to QoS priorities
6. Permit or deny the flow of data, based on security settings
1.
Network Media
Communication across a network is carried on a medium. The medium provides the
channel over which the message travels from source to destination.
Modern networks primarily use three types of media to interconnect devices and to
provide the pathway over which data can be transmitted. These media are:
1. Metallic wires within cables
2. Glass or plastic fibers (fiber optic cable)
3. Wireless transmission
The signal encoding that must occur for the message to be transmitted is different for
each media type. On metallic wires, the data is encoded into electrical impulses that
match specific patterns. Fiber optic transmissions rely on pulses of light, within either
infrared or visible light ranges. In wireless transmission, patterns of electromagnetic
waves depict the various bit values.
Different types of network media have different features and benefits. Not all network
media has the same characteristics and is appropriate for the same purpose. Criteria for
choosing a network media are:
1.
2.
3.
4.
The distance the media can successfully carry a signal.
The environment in which the media is to be installed.
The amount of data and the speed at which it must be transmitted.
The cost of the media and installation
1. Lan , Wan and Internetworks
1. Local Area Networks
Networks infrastructures can vary greatly in terms of:
o
o
o
The size of the area covered
The number of users connected
The number and types of services available
An individual network usually spans a single geographical area, providing services and
applications to people within a common organizational structure, such as a single
business, campus or region. This type of network is called a Local Area Network (LAN).
A LAN is usually administered by a single organization. The administrative control that
governs the security and access control policies are enforced on the network level.
1. Wide Area Networks
When a company or organization has locations that are separated by large geographical
distances, it may be necessary to use a telecommunications service provider (TSP) to
interconnect the LANs at the different locations. Telecommunications service providers
operate large regional networks that can span long distances. Traditionally, TSPs
transported voice and data communications on separate networks. Increasingly, these
providers are offering converged information network services to their subscribers.
Individual organizations usually lease connections through a telecommunications service
provider network. These networks that connect LANs in geographically separated
locations are referred to as Wide Area Networks (WANs). Although the organization
maintains all of the policies and administration of the LANs at both ends of the
connection, the policies within the communications service provider network are
controlled by the TSP.
WANs use specifically designed network devices to make the interconnections between
LANs. Because of the importance of these devices to the network, configuring, installing
and maintaining these devices are skills that are integral to the function of an
organization's network.
LANs and WANs are very useful to individual organizations. They connect the users
within the organization. They allow many forms of communication including exchange emails, corporate training, and other resource sharing.
1. The Internet – A Network of Networks
Although there are benefits to using a LAN or WAN, most of us need to communicate
with a resource on another network, outside of our local organization.
Examples of this type of communication include:
o
o
o
o
o
Sending an e-mail to a friend in another country
Accessing news or products on a website
Getting a file from a neighbor's computer
Instant messaging with a relative in another city
Following a favorite sporting team's performance on a cell phone
Internetwork
A global mesh of interconnected networks (internetworks) meets these human
communication needs. Some of these interconnected networks are owned by large public
and private organizations, such as government agencies or industrial enterprises, and are
reserved for their exclusive use. The most well-known and widely used publiclyaccessible internetwork is the Internet.
The Internet is created by the interconnection of networks belonging to Internet Service
Providers (ISPs). These ISP networks connect to each other to provide access for millions
of users all over the world. Ensuring effective communication across this diverse
infrastructure requires the application of consistent and commonly recognized
technologies and protocols as well as the cooperation of many network administration
agencies.
Intranet
The term intranet is often used to refer to a private connection of LANs and WANs that
belongs to an organization, and is designed to be accessible only by the organization's
members, employees, or others with authorization.
Note: The following terms may be interchangeable: internetwork, data network, and
network. A connection of two or more data networks forms an internetwork - a network
of networks. It is also common to refer to an internetwork as a data network - or simply
as a network - when considering communications at a high level. The usage of terms
depends on the context at the time and terms may often be interchanged.
1. Network Representations
When conveying complex information such as the network connectivity and operation of
a large internetwork, it is helpful to use visual representations and graphics. Like any
other language, the language of networking uses a common set of symbols to represent
the different end devices, network devices and media. The ability to recognize the logical
representations of the physical networking components is critical to being able to
visualize the organization and operation of a network. Throughout this course and labs,
you will learn both how these devices operate and how to perform basic configuration
tasks on these devices.
In addition to these representations, specialized terminology is used when discussing how
each of these devices and media connect to each other. Important terms to remember are:
Network Interface Card - A NIC, or LAN adapter, provides the physical connection to the
network at the PC or other host device. The media connecting the PC to the networking
device plugs directly into the NIC.
Physical Port - A connector or outlet on a networking device where the media is
connected to a host or other networking device.
Interface - Specialized ports on an internetworking device that connect to individual
networks. Because routers are used to interconnect networks, the ports on a router are
referred to network interfaces.
In this activity, you will gain experience with data network symbols by creating a simple
logical topology.
Click the Packet Tracer icon for more details.
1. Activity Using Neo Trace
In this activity, you will observe the flow of information across the Internet. This activity
should be performed on a computer that has Internet access and access to a command
line. You will use the Windows embedded tracert utility and then the more enhanced
NeoTrace program. This lab also assumes the installation of NeoTrace.
Click the Lab Icon for more details.
1. Protocols
1. Rules That Govern Communications
All communication, whether face-to-face or over a network, is governed by
predetermined rules called protocols. These protocols are specific to the characteristics of
the conversation. In our day-to-day personal communication, the rules we use to
communicate over one medium, like a telephone call, are not necessarily the same as the
protocols for using another medium, such as sending a letter.
Think of how many different rules or protocols govern all the different methods of
communication that exist in the world today.
Successful communication between hosts on a network requires the interaction of many
different protocols. A group of inter-related protocols that are necessary to perform a
communication function is called a protocol suite. These protocols are implemented in
software and hardware that is loaded on each host and network device.
One of the best ways to visualize how all of the protocols interact on a particular host is
to view it as a stack. A protocol stack shows how the individual protocols within the suite
are implemented on the host. The protocols are viewed as a layered hierarchy, with each
higher level service depending on the functionality defined by the protocols shown in the
lower levels. The lower layers of the stack are concerned with moving data over the
network and providing services to the upper layers, which are focused on the content of
the message being sent and the user interface.
Using layers to describe face-to-face communication
For example, consider two people communicating face-to-face. As the figure shows, we
can use three layers to describe this activity. At the bottom layer, the physical layer, we
have two people, each with a voice that can utter words aloud. At the second layer, the
rules layer, we have an agreement to speak in a common language. At the top layer, the
content layer, we have the words actually spoken-the content of the communication.
Were we to witness this conversation, we would not actually see "layers" floating in
space. It is important to understand that the use of layers is a model and, as such, it
provides a way to conveniently break a complex task into parts and describe how they
work.
1. Network Protocols
At the human level, some communication rules are formal and others are simply
understood, or implicit, based on custom and practice. For devices to successfully
communicate, a network protocol suite must describe precise requirements and
interactions.
Networking protocol suites describe processes such as:
The format or structure of the message
The method by which networking devices share information about pathways with other
networks
How and when error and system messages are passed between devices
The setup and termination of data transfer sessions
Individual protocols in a protocol suite may be vendor-specific and proprietary.
Proprietary, in this context, means that one company or vendor controls the definition of
the protocol and how it functions. Some proprietary protocols can be used by different
organizations with permission from the owner. Others can only be implemented on
equipment manufactured by the proprietary vendor.
1. Protocol Suites and Industry Standards
Often, many of the protocols that comprise a protocol suite reference other widely
utilized protocols or industry standards. A standard is a process or protocol that has been
endorsed by the networking industry and ratified by a standards organization, such as the
Institute of Electrical and Electronics Engineers (IEEE) or the Internet Engineering Task
Force (IETF).
The use of standards in developing and implementing protocols ensures that products
from different manufacturers can work together for efficient communications. If a
protocol is not rigidly observed by a particular manufacturer, their equipment or software
may not be able to successfully communicate with products made by other
manufacturers.
In data communications, for example, if one end of a conversation is using a protocol to
govern one-way communication and the other end is assuming a protocol describing twoway communication, in all probability, no information will be exchanged.
1. The Interaction of Protocols
An example of the use of a protocol suite in network communications is the interaction
between a web server and a web browser. This interaction uses a number of protocols and
standards in the process of exchanging information between them. The different protocols
work together to ensure that the messages are received and understood by both parties.
Examples of these protocols are:
Application Protocol:
Hypertext Transfer Protocol (HTTP) is a common protocol that governs the way that a
web server and a web client interact. HTTP defines the content and formatting of the
requests and responses exchanged between the client and server. Both the client and the
web server software implement HTTP as part of the application. The HTTP protocol
relies on other protocols to govern how the messages are transported between client and
server
Transport Protocol:
Transmission Control Protocol (TCP) is the transport protocol that manages the
individual conversations between web servers and web clients. TCP divides the HTTP
messages into smaller pieces, called segments, to be sent to the destination client. It is
also responsible for controlling the size and rate at which messages are exchanged
between the server and the client.
Internetwork Protocol:
The most common internetwork protocol is Internet Protocol (IP). IP is responsible for
taking the formatted segments from TCP, encapsulating them into packets, assigning the
appropriate addresses, and selecting the best path to the destination host.
Network Access Protocols:
Network access protocols describe two primary functions, data link management and the
physical transmission of data on the media. Data-link management protocols take the
packets from IP and format them to be transmitted over the media. The standards and
protocols for the physical media govern how the signals are sent over the media and how
they are interpreted by the receiving clients. Transceivers on the network interface cards
implement the appropriate standards for the media that is being used.
1. Technology Independent Protocols
Networking protocols describe the functions that occur during network communications.
In the face-to-face conversation example, a protocol for communicating might state that
in order to signal that the conversation is complete, the sender must remain silent for two
full seconds. However, this protocol does not specify how the sender is to remain silent
for the two seconds.
Protocols generally do not describe how to accomplish a particular function. By
describing only what functions are required of a particular communication rule but not
how they are to be carried out, the implementation of a particular protocol can be
technology-independent.
Looking at the web server example, HTTP does not specify what programming language
is used to create the browser, which web server software should be used to serve the web
pages, what operating system the software runs on, or the hardware requirements
necessary to display the browser. It also does not describe how the server should detect
errors, although it does describe what the server should do if an error occurs.
This means that a computer - and other devices, like mobile phones or PDAs - can access
a web page stored on any type of web server that uses any form of operating system from
anywhere on the Internet.
1. Using Layered Models
1. Benefit using layered models
To visualize the interaction between various protocols, it is common to use a layered
model. A layered model depicts the operation of the protocols occurring within each
layer, as well as the interaction with the layers above and below it.
There are benefits to using a layered model to describe network protocols and operations.
Using a layered model:
o
o
o
o
Assists in protocol design, because protocols that operate at a specific layer have
defined information that they act upon and a defined interface to the layers above
and below.
Fosters competition because products from different vendors can work together.
Prevents technology or capability changes in one layer from affecting other layers
above and below.
Provides a common language to describe networking functions and capabilities.
1. Protocol and References models
There are two basic types of networking models: protocol models and reference models.
A protocol model provides a model that closely matches the structure of a particular
protocol suite. The hierarchical set of related protocols in a suite typically represents all
the functionality required to interface the human network with the data network. The
TCP/IP model is a protocol model because it describes the functions that occur at each
layer of protocols within the TCP/IP suite.
A reference model provides a common reference for maintaining consistency within all
types of network protocols and services. A reference model is not intended to be an
implementation specification or to provide a sufficient level of detail to define precisely
the services of the network architecture. The primary purpose of a reference model is to
aid in clearer understanding of the functions and process involved.
The Open Systems Interconnection (OSI) model is the most widely known internetwork
reference model. It is used for data network design, operation specifications, and
troubleshooting.
Although the TCP/IP and OSI models are the primary models used when discussing
network functionality, designers of network protocols, services, or devices can create
their own models to represent their products. Ultimately, designers are required to
communicate to the industry by relating their product or service to either the OSI model
or the TCP/IP model, or to both.
1. The TCP / IP Models
The first layered protocol model for internetwork communications was created in the
early 1970s and is referred to as the Internet model. It defines four categories of functions
that must occur for communications to be successful. The architecture of the TCP/IP
protocol suite follows the structure of this model. Because of this, the Internet model is
commonly referred to as the TCP/IP model.
Most protocol models describe a vendor-specific protocol stack. However, since the
TCP/IP model is an open standard, one company does not control the definition of the
model. The definitions of the standard and the TCP/IP protocols are discussed in a public
forum and defined in a publicly-available set of documents. These documents are called
Requests for Comments (RFCs). They contain both the formal specification of data
communications protocols and resources that describe the use of the protocols.
The RFCs also contain technical and organizational documents about the Internet,
including the technical specifications and policy documents produced by the Internet
Engineering Task Force (IETF).
1. The Communication Process
The TCP/IP model describes the functionality of the protocols that make up the TCP/IP
protocol suite. These protocols, which are implemented on both the sending and receiving
hosts, interact to provide end-to-end delivery of applications over a network.
A complete communication process includes these steps:
1. Creation of data at the application layer of the originating source end device
2. Segmentation and encapsulation of data as it passes down the protocol stack in the
source end device
3. Generation of the data onto the media at the network access layer of the stack
4. Transportation of the data through the internetwork, which consists of media and any
intermediary devices
5. Reception of the data at the network access layer of the destination end device
6. Decapsulation and reassembly of the data as it passes up the stack in the destination
device
7. Passing this data to the destination application at the Application layer of the
destination end device
1. Protocol data units and encasulaption
As application data is passed down the protocol stack on its way to be transmitted across
the network media, various protocols add information to it at each level. This is
commonly known as the encapsulation process.
The form that a piece of data takes at any layer is called a Protocol Data Unit (PDU).
During encapsulation, each succeeding layer encapsulates the PDU that it receives from
the layer above in accordance with the protocol being used. At each stage of the process,
a PDU has a different name to reflect its new appearance. Although there is no universal
naming convention for PDUs, in this course, the PDUs are named according to the
protocols of the TCP/IP suite.
o
o
o
o
o
Data - The general term for the PDU used at the Application layer
Segment - Transport Layer PDU
Packet - Internetwork Layer PDU
Frame - Network Access Layer PDU
Bits - A PDU used when physically transmitting data over the medium
1. The Sending and Receiving Process
When sending messages on a network, the protocol stack on a host operates from top to
bottom. In the web server example, we can use the TCP/IP model to illustrate the process
of sending an HTML web page to a client.
The Application layer protocol, HTTP, begins the process by delivering the HTML
formatted web page data to the Transport layer. There the application data is broken into
TCP segments. Each TCP segment is given a label, called a header, containing
information about which process running on the destination computer should receive the
message. It also contains the information to enable the destination process to reassemble
the data back to its original format.
The Transport layer encapsulates the web page HTML data within the segment and sends
it to the Internet layer, where the IP protocol is implemented. Here the entire TCP
segment is encapsulated within an IP packet, which adds another label, called the IP
header. The IP header contains source and destination host IP addresses, as well as
information necessary to deliver the packet to its corresponding destination process.
Next, the IP packet is sent to the Network Access layer Ethernet protocol where it is
encapsulated within a frame header and trailer. Each frame header contains a source and
destination physical address. The physical address uniquely identifies the devices on the
local network. The trailer contains error checking information. Finally the bits are
encoded onto the Ethernet media by the server NIC.
This process is reversed at the receiving host. The data is decapsulated as it moves up the
stack toward the end user application.
1. The OSI Model
Initially the OSI model was designed by the International Organization for
Standardization (ISO) to provide a framework on which to build a suite of open systems
protocols. The vision was that this set of protocols would be used to develop an
international network that would not be dependent on proprietary systems.
Unfortunately, the speed at which the TCP/IP based Internet was adopted, and the rate at
which it expanded, caused the OSI Protocol Suite development and acceptance to lag
behind. Although few of the protocols developed using the OSI specifications are in
widespread use today, the seven-layer OSI model has made major contributions to the
development of other protocols and products for all types of new networks.
As a reference model, the OSI model provides an extensive list of functions and services
that can occur at each layer. It also describes the interaction of each layer with the layers
directly above and below it. Although the content of this course will be structured around
the OSI Model the focus of discussion will be the protocols identified in the TCP/IP
protocol stack.
Note that whereas the TCP/IP model layers are referred to only by name, the seven OSI
model layers are more often referred to by number than by name.
1. Comparing The OSI Model and TCP IP Model
The protocols that make up the TCP/IP protocol suite can be described in terms of the
OSI reference model. In the OSI model, the Network Access layer and the Application
layer of the TCP/IP model are further divided to describe discreet functions that need to
occur at these layers.
At the Network Access Layer, the TCP/IP protocol suite does not specify which protocols
to use when transmitting over a physical medium; it only describes the handoff from the
Internet Layer to the physical network protocols. The OSI Layers 1 and 2 discuss the
necessary procedures to access the media and the physical means to send data over a
network.
The key parallels between the two network models occur at the OSI model Layers 3 and
4. OSI Model Layer 3, the Network layer, almost universally is used to discuss and
document the range of processes that occur in all data networks to address and route
messages through an internetwork. The Internet Protocol (IP) is the TCP/IP suite protocol
that includes the functionality described at Layer 3.
Layer 4, the Transport layer of the OSI model, is often used to describe general services
or functions that manage individual conversations between source and destination hosts.
These functions include acknowledgement, error recovery, and sequencing. At this layer,
the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol
(UDP) provide the necessary functionality.
The TCP/IP Application layer includes a number of protocols that provide specific
functionality to a variety of end user applications. The OSI model Layers 5, 6 and 7 are
used as references for application software developers and vendors to produce products
that need to access networks for communications.
In this activity, you will see how Packet Tracer uses the OSI Model as a reference to
display the encapsulation details of a variety of the TCP/IP protocols.
Click the Packet Tracer icon for more details.
1. Network Adressing
1. Adressing The Networks
The OSI model describes the processes of encoding, formatting, segmenting, and
encapsulating data for transmission over the network. A data stream that is sent from a
source to a destination can be divided into pieces and interleaved with messages traveling
from other hosts to other destinations. Billions of these pieces of information are
traveling over a network at any given time. It is critical for each piece of data to contain
enough identifying information to get it to the correct destination.
There are various types of addresses that must be included to successfully deliver the data
from a source application running on one host to the correct destination application
running on another. Using the OSI model as a guide, we can see the different addresses
and identifiers that are necessary at each layer.
1. Getting the data to the end device
During the process of encapsulation, address identifiers are added to the data as it travels
down the protocol stack on the source host. Just as there are multiple layers of protocols
that prepare the data for transmission to its destination, there are multiple layers of
addressing to ensure its delivery.
The first identifier, the host physical address, is contained in the header of the Layer 2
PDU, called a frame. Layer 2 is concerned with the delivery of messages on a single local
network. The Layer 2 address is unique on the local network and represents the address
of the end device on the physical media. In a LAN using Ethernet, this address is called
the Media Access Control (MAC) address. When two end devices communicate on the
local Ethernet network, the frames that are exchanged between them contain the
destination and source MAC addresses. Once a frame is successfully received by the
destination host, the Layer 2 address information is removed as the data is decapsulated
and moved up the protocol stack to Layer 3.
1. Getting the data through the Internetwork
Layer 3 protocols are primarily designed to move data from one local network to another
local network within an internetwork. Whereas Layer 2 addresses are only used to
communicate between devices on a single local network, Layer 3 addresses must include
identifiers that enable intermediary network devices to locate hosts on different networks.
In the TCP/IP protocol suite, every IP host address contains information about the
network where the host is located.
At the boundary of each local network, an intermediary network device, usually a router,
decapsulates the frame to read the destination host address contained in the header of the
packet, the Layer 3 PDU. Routers use the network identifier portion of this address to
determine which path to use to reach the destination host. Once the path is determined,
the router encapsulates the packet in a new frame and sends it on its way toward the
destination end device. When the frame reaches its final destination, the frame and packet
headers are removed and the data moved up to Layer 4.
1. Getting the data to the right application
At Layer 4, information contained in the PDU header does not identify a destination host
or a destination network. What it does identify is the specific process or service running
on the destination host device that will act on the data being delivered. Hosts, whether
they are clients or servers on the Internet, can run multiple network applications
simultaneously. People using PCs often have an e-mail client running at the same time as
a web browser, an instant messaging program, some streaming media, and perhaps even a
game. All these separately running programs are examples of individual processes.
Viewing a web page invokes at least one network process. Clicking a hyperlink causes a
web browser to communicate with a web server. At the same time, in the background, an
e-mail client may be sending and receiving email, and a colleague or friend may be
sending an instant message.
Think about a computer that has only one network interface on it. All the data streams
created by the applications that are running on the PC enter and leave through that one
interface, yet instant messages do not popup in the middle of word processor document or
e-mail showing up in a game.
This is because the individual processes running on the source and destination hosts
communicate with each other. Each application or service is represented at Layer 4 by a
port number. A unique dialogue between devices is identified with a pair of Layer 4
source and destination port numbers that are representative of the two communicating
applications. When the data is received at the host, the port number is examined to
determine which application or process is the correct destination for the data.
1. Warrior of the net
An entertaining resource to help you visualize networking concepts is the animated
movie "Warriors of the Net" by TNG Media Lab. Before viewing the video, there are a
few things to consider. First, in terms of concepts you have learned in this chapter, think
about when in the video you are on the LAN, on WAN, on intranet, on Internet; and what
are end devices versus intermediate devices; how the OSI and TCP/IP models apply;
what protocols are involved.
Second, some terms are mentioned in the video which may not be familiar. The types of
packets mentioned refers to the type of upper level data (TCP, UDP, ICMP Ping, PING of
death) that is encapsulated in the IP Packets (everything is eventually converted into IP
Packets). The devices the packet encounters on its journey are router, proxy server, router
switch, corporate intranet, the proxy, URL, firewall, bandwidth, hosts, web server.
Third, while port numbers 21, 23, 25, 53, and 80 are referred to explicitly in the video, IP
addresses are referred to only implicitly - can you see where? Where in the video might
MAC addresses have been involved?
Finally, though all animations often have simplifications in them, there is one outright
error in the video. About 5 minutes in, the statement is made "What happens when Mr. IP
doesn't receive an acknowledgement, he simply sends a replacement packet." As you will
find out in later chapters, this is not a function of the Layer 3 Internet Protocol, which is
an "unreliable", best effort delivery protocol, but rather a function of the Transport Layer
TCP Protocol.
By the end of this course you will have a much better understanding of the breadth and
depth of the concepts depicted in the video. We hope you enjoy it.
Download the movie from http://www.warriorsofthe.net
1. Chapters Labs
1. Lab : Topology Orientation and Building a Small Network
This lab begins by having you construct two small networks. It then shows how they are
connected to the larger hands-on lab network used throughout the course. This network is
a simplified model of a section of the Internet and will be used to develop your practical
networking skills.
The following sequence of labs will introduce the networking terms below. This
networking terminology will be studied in detail in subsequent chapters.
Straight-through Cable: Unshielded twisted pair (UTP) copper cable for connecting
dissimilar networking devices
Crossover Cable: UTP copper cable for connecting similar networking devices
Serial Cable: Copper cable typical of wide area connections
Ethernet: Dominant local area network technology
MAC Address: Ethernet Layer 2, physical address
IP Address: Layer 3 logical address
Subnet Mask: Required to interpret the IP address
Default Gateway: The IP address on a router interface to which a network sends traffic
leaving the local network
NIC: Network Interface Card, the port or interface that allows an end device to
participate in a network
Port (hardware): An interface that allows a networking device to participate in network
and to be connected via networking media
Port (software): Layer 4 protocol address in the TCP/IP suite
Interface (hardware): A port
Interface (software): A logical interaction point within software
PC: End device
Computer: End device
Workstation: End device
Switch: Intermediate device which makes decision on frames based on Layer 2 addresses
(typical Ethernet MAC addresses)
Router: Layer 3, 2, and 1 device which makes decisions on packets based on Layer 3
addresses (typically IPv4 addresses)
Bit: Binary digit, logical 1 or zero, has various physical representations as electrical,
optical, or microwave pulses; Layer 1 PDU
Frame: Layer 2 PDU
Packet: Layer 3 PDU
Click the Lab Icon for more details.
In this activity, you will use Packet Tracer to complete the Topology Orientation and
Building a Small Network lab.
Click the Packet Tracer icon to launch the Packet Tracer activity.
1. Lab : Using WireShark to View Protocol Data Unit
n this lab, you will learn to use the very powerful Wireshark tool by capturing ("sniffing")
traffic off of the model network.
Click the Lab Icon for more details.
1. Summary
Data networks are systems of end devices, intermediary devices, and the media
connecting the devices, which provide the platform for the human network.
These devices, and the services that operate on them, can interconnect in a global and
user-transparent way because they comply with rules and protocols.
The use of layered models as abstractions means that the operations of network systems
can be analyzed and developed to cater the needs of future communication services.
The most widely-used networking models are OSI and TCP/IP. Associating the protocols
that set the rules of data communications with the different layers is useful in determining
which devices and services are applied at specific points as data passes across LANs and
WANs.
As it passes down the stack, data is segmented into pieces and encapsulated with
addresses and other labels. The process is reversed as the pieces are decapsulated and
passed up the destination protocol stack.
Applying models allows various individuals, companies, and trade associations to
analyze current networks and plan the networks of the future.
Cisco Exploration Semester 1 Chapter 3
Chapter Introduction Aplication Functionaly and Protocols
Most of us experience the Internet through the World Wide Web, e-mail services, and
file-sharing programs. These applications, and many others, provide the human interface
to the underlying network, enabling us to send and receive information with relative ease.
Typically the applications that we use are intuitive, meaning we can access and use them
without knowing how they work. However, for network professionals, it is important to
know how an application is able to format, transmit and interpret messages that are sent
and received across the network.
Visualizing the mechanisms that enable communication across the network is made easier
if we use the layered framework of the Open System Interconnection (OSI) model. In this
chapter, we will focus on the role of one layer, the Application layer and its components:
applications, services, and protocols. We will explore how these three elements make the
robust communication across the information network possible.
In this chapter, you will learn to:
o
o
o
o
o
o
o
Describe how the functions of the three upper OSI model layers provide network
services to end user applications.
Describe how the TCP/IP Application Layer protocols provide the services
specified by the upper layers of the OSI model.
Define how people use the Application Layer to communicate across the
information network.
Describe the function of well-known TCP/IP applications, such as the World Wide
Web and email, and their related services (HTTP, DNS, SMB, DHCP, SMTP/POP,
and Telnet).
Describe file-sharing processes that use peer-to-peer applications and the Gnutella
protocol.
Explain how protocols ensure services running on one kind of device can send to
and receive data from many different network devices.
Use network analysis tools to examine and explain how common user
applications work.
3.1.1 OSI and TCP/IP Protocols
The Open Systems Interconnection reference model is a layered, abstract representation
created as a guideline for network protocol design. The OSI model divides the
networking process into seven logical layers, each of which has unique functionality and
to which are assigned specific services and protocols.
In this model, information is passed from one layer to the next, starting at the Application
layer on the transmitting host, proceeding down the hierarchy to the Physical layer, then
passing over the communications channel to the destination host, where the information
proceeds back up the hierarchy, ending at the Application layer. The figure depicts the
steps in this process.
The Application layer
The Application layer, Layer seven, is the top layer of both the OSI and TCP/IP models.
It is the layer that provides the interface between the applications we use to communicate
and the underlying network over which our messages are transmitted . Application layer
protocols are used to exchange data between programs running on the source and
destination hosts. There are many Application layer protocols and new protocols are
always being developed.
Although the TCP/IP protocol suite was developed prior to the definition of the OSI
model, the functionality of the TCP/IP application layer protocols fit roughly into the
framework of the top three layers of the OSI model: Application, Presentation and
Session layers.
Most TCP/IP application layer protocols were developed before the emergence of
personal computers, graphical user interfaces and multimedia objects. As a result, these
protocols implement very little of the functionality that is specified in the OSI model
Presentation and Session layers.
The Presentation Layer
The Presentation layer has three primary functions:
o
o
o
Coding and conversion of Application layer data to ensure that data from the
source device can be interpreted by the appropriate application on the destination
device.
Compression of the data in a manner that can be decompressed by the destination
device.
Encryption of the data for transmission and the decryption of data upon receipt by
the destination.
Presentation layer implementations are not typically associated with a particular protocol
stack. The standards for video and graphics are examples. Some well-known standards
for video include QuickTime and Motion Picture Experts Group (MPEG). QuickTime is
an Apple Computer specification for video and audio, and MPEG is a standard for video
compression and coding.
Among the well-known graphic image formats are Graphics Interchange Format (GIF),
Joint Photographic Experts Group (JPEG), and Tagged Image File Format (TIFF). GIF
and JPEG are compression and coding standards for graphic images, and TIFF is a
standard coding format for graphic images.
The Session Layer
As the name of the Session layer implies, functions at this layer create and maintain
dialogs between source and destination applications. The Session layer handles the
exchange of information to initiate dialogs, keep them active, and to restart sessions that
are disrupted or idle for a long period of time.
Most applications, like web browsers or e-mail clients, incorporate functionality of the
OSI layers 5, 6 and 7.
The most widely-known TCP/IP Application layer protocols are those that provide for the
exchange of user information. These protocols specify the format and control information
necessary for many of the common Internet communication functions. Among these
TCP/IP protocols are:
o
o
o
o
o
Domain Name Service Protocol (DNS) is used to resolve Internet names to IP
addresses.
Hypertext Transfer Protocol (HTTP) is used to transfer files that make up the Web
pages of the World Wide Web.
Simple Mail Transfer Protocol (SMTP) is used for the transfer of mail messages
and attachments.
Telnet, a terminal emulation protocol, is used to provide remote access to servers
and networking devices.
File Transfer Protocol (FTP) is used for interactive file transfer between systems.
The protocols in the TCP/IP suite are generally defined by Requests for Comments
(RFCs). The Internet Engineering Task Force maintains the RFCs as the standards for the
TCP/IP suite.
3.1.2 Application Layer Software
The functions associated with the Application layer protocols enable our human network
to interface with the underlying data network. When we open a web browser or an instant
message window, an application is started, and the program is put into the device's
memory where it is executed. Each executing program loaded on a device is referred to as
a process.
Within the Application layer, there are two forms of software programs or processes that
provide access to the network: applications and services .
Network-Aware Applications
Applications are the software programs used by people to communicate over the network.
Some end-user applications are network-aware, meaning that they implement the
application layer protocols and are able to communicate directly with the lower layers of
the protocol stack. E-mail clients and web browsers are examples of these types of
applications.
Application layer Services
Other programs may need the assistance of Application layer services to use network
resources, like file transfer or network print spooling. Though transparent to the user,
these services are the programs that interface with the network and prepare the data for
transfer. Different types of data - whether it is text, graphics, or video - require different
network services to ensure that it is properly prepared for processing by the functions
occurring at the lower layers of OSI model.
Each application or network service uses protocols which define the standards and data
formats to be used. Without protocols, the data network would not have a common way
to format and direct data. In order to understand the function of various network services,
it is necessary to become familiar with the underlying protocols that govern their
operation.
Rollover the buttons in the figure to view examples.
3.1.3 User Application Services and Aplication Layer Protocols
As mentioned previously, the Application layer uses protocols that are implemented
within applications and services. While applications provide people with a way to create
messages and application layer services establish an interface to the network, protocols
provide the rules and formats that govern how data is treated. All three components may
be used by a single executable program and may even use the same name. For example,
when discussing "Telnet" we could be referring to the application, the service, or the
protocol.
In the OSI model, applications that interact directly with people are considered to be at
the top of the stack, as are the people themselves. Like all layers within the OSI model,
the Application layer relies on the functions of the lower layers in order to complete the
communication process. Within the Application layer, protocols specify what messages
are exchanged between the source and destination hosts, the syntax of the control
commands, the type and format of the data being transmitted, and the appropriate
methods for error notification and recovery.
Play the animation to see the interaction between applications, services, and protocols.
3.1.4 Application Layer Protocols Functions
Application layer protocols are used by both the source and destination devices during a
communication session. In order for the communications to be successful, the application
layer protocols implemented on the source and destination host must match.
Protocols establish consistent rules for exchanging data between applications and services
loaded on the participating devices. Protocols specify how data inside the messages is
structured and the types of messages that are sent between source and destination. These
messages can be requests for services, acknowledgments, data messages, status messages,
or error messages. Protocols also define message dialogues, ensuring that a message
being sent is met by the expected response and the correct services are invoked when data
transfer occurs.
Many different types of applications communicate across data networks. Therefore,
Application layer services must implement multiple protocols to provide the desired
range of communication experiences. Each protocol has a specific purpose and contains
the characteristics required to meet that purpose. The right protocol details in each layer
must be followed so that the functions at one layer interface properly with the services in
the lower layer.
Applications and services may also use multiple protocols in the course of a single
conversation. One protocol may specify how to establish the network connection and
another describe the process for the data transfer when the message is passed to the next
lower layer.
3.2.1 Client Server Model
When people attempt to access information on their device, whether it is a PC, laptop,
PDA, cell phone, or some other device connected to a network, the data may not be
physically stored on their device. If that is the case, a request to access that information
must be made to the device where the data resides.
The Client/Server model
In the client/server model, the device requesting the information is called a client and the
device responding to the request is called a server. Client and server processes are
considered to be in the Application layer. The client begins the exchange by requesting
data from the server, which responds by sending one or more streams of data to the client.
Application layer protocols describe the format of the requests and responses between
clients and servers. In addition to the actual data transfer, this exchange may also require
control information, such as user authentication and the identification of a data file to be
transferred.
One example of a client/server network is a corporate environment where employees use
a company e-mail server to send, receive and store e-mail. The e-mail client on an
employee computer issues a request to the e-mail server for any unread mail. The server
responds by sending the requested e-mail to the client.
Although data is typically described as flowing from the server to the client, some data
always flows from the client to the server. Data flow may be equal in both directions, or
may even be greater in the direction going from the client to the server. For example, a
client may transfer a file to the server for storage purposes. Data transfer from a client to
a server is referred to as an upload and data from a server to a client as a download.
Rollover the tabs in the figure to view file transfer.
3.2.2 Servers
In a general networking context, any device that responds to requests from client
applications is functioning as a server. A server is usually a computer that contains
information to be shared with many client systems. For example, web pages, documents,
databases, pictures, video, and audio files can all be stored on a server and delivered to
requesting clients. In other cases, such as a network printer, the print server delivers the
client print requests to the specified printer.
Different types of server applications may have different requirements for client access.
Some servers may require authentication of user account information to verify if the user
has permission to access the requested data or to use a particular operation. Such servers
rely on a central list of user accounts and the authorizations, or permissions, (both for
data access and operations) granted to each user. When using an FTP client, for example,
if you request to upload data to the FTP server, you may have permission to write to your
individual folder but not to read other files on the site.
In a client/server network, the server runs a service, or process, sometimes called a server
daemon. Like most services, daemons typically run in the background and are not under
an end user's direct control. Daemons are described as "listening" for a request from a
client, because they are programmed to respond whenever the server receives a request
for the service provided by the daemon. When a daemon "hears" a request from a client,
it exchanges appropriate messages with the client, as required by its protocol, and
proceeds to send the requested data to the client in the proper format.
3.2.3 Application Layer Services and Protocols
A single application may employ many different supporting Application layer services;
thus what appears to the user as one request for a web page may, in fact, amount to
dozens of individual requests. And for each request, multiple processes may be executed.
For example, a client may require several individual processes to formulate just one
request to a server.
Additionally, servers typically have multiple clients requesting information at the same
time. For example, a Telnet server may have many clients requesting connections to it.
These individual client requests must be handled simultaneously and separately for the
network to succeed. The Application layer processes and services rely on support from
lower layer functions to successfully manage the multiple conversations.
3.2.4 Peer to Peer Networking and Application
The Peer-to-Peer Model
In addition to the client/server model for networking, there is also a peer-to-peer model.
Peer-to-peer networking involves two distinct forms: peer-to-peer network design and
peer-to-peer applications (P2P). Both forms have similar features but in practice work
very differently.
Peer-to-Peer Networks
In a peer-to-peer network, two or more computers are connected via a network and can
share resources (such as printers and files) without having a dedicated server . Every
connected end device (known as a peer) can function as either a server or a client. One
computer might assume the role of server for one transaction while simultaneously
serving as a client for another. The roles of client and server are set on a per request basis.
A simple home network with two connected computers sharing a printer is an example of
a peer-to-peer network. Each person can set his or her computer to share files, enable
networked games, or share an Internet connection. Another example of peer-to-peer
network functionality is two computers connected to a large network that use software
applications to share resources between one another through the network.
Unlike the client/server model, which uses dedicated servers, peer-to-peer networks
decentralize the resources on a network . Instead of locating information to be shared on
dedicated servers, information can be located anywhere on any connected device. Most of
the current operating systems support file and print sharing without requiring additional
server software. Because peer-to-peer networks usually do not use centralized user
accounts, permissions, or monitors, it is difficult to enforce security and access policies in
networks containing more than just a few computers. User accounts and access rights
must be set individually on each peer device.
Peer-to-Peer Applications
A peer-to-peer application (P2P), unlike a peer-to-peer network, allows a device to act as
both a client and a server within the same communication. In this model, every client is a
server and every server a client. Both can initiate a communication and are considered
equal in the communication process. However, peer-to-peer applications require that each
end device provide a user interface and run a background service. When you launch a
specific peer-to-peer application it invokes the required user interface and background
services. After that the devices can communicate directly.
Some P2P applications use a hybrid system where resource sharing is decentralized but
the indexes that point to resource locations are stored in a centralized directory. In a
hybrid system, each peer accesses an index server to get the location of a resource stored
on another peer. The index server can also help connect two peers, but once connected,
the communication takes place between the two peers without additional communication
to the index server.
Peer-to-peer applications can be used on peer-to-peer networks, client/server networks,
and across the Internet.
3.3.1 DNS Services and Protocols
Now that we have a better understanding of how applications provide an interface for the
user and provide access to the network, we will take a look at some specific commonly
used protocols.
As we will see later in this course, the Transport layer uses an addressing scheme called a
port number. Port numbers identify applications and Application layer services that are
the source and destination of data. Server programs generally use predefined port
numbers that are commonly known by clients. As we examine the different TCP/IP
Application layer protocols and services, we will be referring to the TCP and UDP port
numbers normally associated with these services. Some of these services are:
o
o
o
o
o
o
o
Domain Name System (DNS) - TCP/UDP Port 53
Hypertext Transfer Protocol (HTTP) - TCP Port 80
Simple Mail Transfer Protocol (SMTP) - TCP Port 25
Post Office Protocol (POP) - UDP Port 110
Telnet - TCP Port 23
Dynamic Host Configuration Protocol - UDP Port 67
File Transfer Protocol (FTP) - TCP Ports 20 and 21
DNS
In data networks, devices are labeled with numeric IP addresses, so that they can
participate in sending and receiving messages over the network. However, most people
have a hard time remembering this numeric address. Hence, domain names were created
to convert the numeric address into a simple, recognizable name.
On the Internet these domain names, such as www.cisco.com, are much easier for people
to remember than 198.133.219.25, which is the actual numeric address for this server.
Also, if Cisco decides to change the numeric address, it is transparent to the user, since
the domain name will remain www.cisco.com. The new address will simply be linked to
the existing domain name and connectivity is maintained. When networks were small, it
was a simple task to maintain the mapping between domain names and the addresses they
represented. However, as networks began to grow and the number of devices increased,
this manual system became unworkable.
The Domain Name System (DNS) was created for domain name to address resolution for
these networks. DNS uses a distributed set of servers to resolve the names associated
with these numbered addresses.
The DNS protocol defines an automated service that matches resource names with the
required numeric network address. It includes the format for queries, responses, and data
formats. DNS protocol communications use a single format called a message. This
message format is used for all types of client queries and server responses, error
messages, and the transfer of resource record information between servers.
DNS is a client/server service; however, it differs from the other client/server services
that we are examining. While other services use a client that is an application (such as
web browser, e-mail client), the DNS client runs as a service itself. The DNS client,
sometimes called the DNS resolver, supports name resolution for our other network
applications and other services that need it.
When configuring a network device, we generally provide one or more DNS Server
addresses that the DNS client can use for name resolution. Usually the Internet service
provider provides the addresses to use for the DNS servers. When a user's application
requests to connect to a remote device by name, the requesting DNS client queries one of
these name servers to resolve the name to a numeric address.
Computer operating systems also have a utility called nslookup that allows the user to
manually query the name servers to resolve a given host name. This utility can also be
used to troubleshoot name resolution issues and to verify the current status of the name
servers.
In the figure, when the nslookup is issued, the default DNS server configured for your
host is displayed. In this example, the DNS server is dns-sjk.cisco.com which has an
address of 171.68.226.120.
We then can type the name of a host or domain for which we wish to get the address. In
the first query in the figure, a query is made for www.cisco.com. The responding name
server provides the address of 198.133.219.25.
The queries shown in the figure are only simple tests. The nslookup has many options
available for extensive testing and verification of the DNS process.
A DNS server provides the name resolution using the name daemon, which is often called
named, (pronounced name-dee).
The DNS server stores different types of resource records used to resolve names ( 1).
These records contain the name, address, and type of record.
Some of these record types are:
o
o
o
o
A - an end device address
NS - an authoritative name server
CNAME - the canonical name (or Fully Qualified Domain Name) for an alias;
used when multiple services have the single network address but each service has
its own entry in DNS
MX - mail exchange record; maps a domain name to a list of mail exchange
servers for that domain
When a client makes a query, the server's "named" process first looks at its own records
to see if it can resolve the name. If it is unable to resolve the name using its stored
records, it contacts other servers in order to resolve the name.
The request may be passed along to a number of servers, which can take extra time and
consume bandwidth. Once a match is found and returned to the original requesting server,
the server temporarily stores the numbered address that matches the name in cache.
If that same name is requested again, the first server can return the address by using the
value stored in its name cache. Caching reduces both the DNS query data network traffic
and the workloads of servers higher up the hierarchy. The DNS Client service on
Windows PCs optimizes the performance of DNS name resolution by storing previously
resolved names in memory, as well. The ipconfig /displaydns command displays all of the
cached DNS entries on a Windows XP or 2000 computer system.
The Domain Name System uses a hierarchical system to create a name database to
provide name resolution. The hierarchy looks like an inverted tree with the root at the top
and branches below.
At the top of the hierarchy, the root servers maintain records about how to reach the toplevel domain servers, which in turn have records that point to the secondary level domain
servers and so on.
The different top-level domains represent either the type of organization or the country of
origin. Examples of top-level domains are:
o
o
o
o
o
.au - Australia
.co - Colombia
.com - a business or industry
.jp - Japan
.org - a non-profit organization
After top-level domains are second-level domain names, and below them are other lower
level domains.
Each domain name is a path down this inverted tree starting from the root.
For example, as shown in the figure, the root DNS server may not know exactly where
the e-mail server mail.cisco.com is located, but it maintains a record for the "com"
domain within the top-level domain. Likewise, the servers within the "com" domain may
not have a record for mail.cisco.com, but they do have a record for the "cisco.com"
domain. The servers within the cisco.com domain have a record (a MX record to be
precise) for mail.cisco.com.
The Domain Name System relies on this hierarchy of decentralized servers to store and
maintain these resource records. The resource records list domain names that the server
can resolve and alternative servers that can also process requests. If a given server has
resource records that correspond to its level in the domain hierarchy, it is said to be
authoritative for those records.
For example, a name server in the cisco.netacad.net domain would not be authoritative
for the mail.cisco.com record because that record is held at a higher domain level server,
specifically the name server in the cisco.com domain.
Links
http://www.ietf.org//rfc/rfc1034.txt
http://www.ietf.org/rfc/rfc1035.txt
3.3.2 WWW Service and HTTP
When a web address (or URL) is typed into a web browser, the web browser establishes a
connection to the web service running on the server using the HTTP protocol. URLs (or
Uniform Resource Locator) and URIs (Uniform Resource Identifier) are the names most
people associate with web addresses.
The URL http://www.cisco.com/index.html is an example of a URL that refers to a
specific resource - a web page named index.html on a server identified as cisco.com
(click the tabs in the figure to see the steps used by HTTP).
Web browsers are the client applications our computers use to connect to the World Wide
Web and access resources stored on a web server. As with most server processes, the web
server runs as a background service and makes different types of files available.
In order to access the content, web clients make connections to the server and request the
desired resources. The server replies with the resources and, upon receipt, the browser
interprets the data and presents it to the user.
Browsers can interpret and present many data types, such as plain text or Hypertext
Markup Language (HTML, the language in which web pages are constructed). Other
types of data, however, may require another service or program, typically referred to as
plug-ins or add-ons. To help the browser determine what type of file it is receiving, the
server specifies what kind of data the file contains.
To better understand how the web browser and web client interact, we can examine how a
web page is opened in a browser. For this example, we will use the URL:
http://www.cisco.com/web-server.htm.
First, the browser interprets the three parts of the URL:
1. http (the protocol or scheme)
2. www.cisco.com (the server name)
3. web-server.htm (the specific file name requested).
The browser then checks with a name server to convert www.cisco.com into a numeric
address, which it uses to connect to the server. Using the HTTP protocol requirements,
the browser sends a GET request to the server and asks for the file web-server.htm. The
server in turn sends the HTML code for this web page to the browser. Finally, the
browser deciphers the HTML code and formats the page for the browser window.
The Hypertext Transfer Protocol (HTTP), one of the protocols in the TCP/IP suite, was
originally developed to publish and retrieve HTML pages and is now used for distributed,
collaborative information systems. HTTP is used across the World Wide Web for data
transfer and is one of the most used application protocols.
HTTP specifies a request/response protocol. When a client, typically a web browser,
sends a request message to a server, the HTTP protocol defines the message types the
client uses to request the web page and also the message types the server uses to respond.
The three common message types are GET, POST, and PUT.
GET is a client request for data. A web browser sends the GET message to request pages
from a web server. As shown in the figure, once the server receives the GET request, it
responds with a status line, such as HTTP/1.1 200 OK, and a message of its own, the
body of which may be the requested file, an error message, or some other information.
POST and PUT are used to send messages that upload data to the web server. For
example, when the user enters data into a form embedded in a web page, POST includes
the data in the message sent to the server.
PUT uploads resources or content to the web server.
Although it is remarkably flexible, HTTP is not a secure protocol. The POST messages
upload information to the server in plain text that can be intercepted and read. Similarly,
the server responses, typically HTML pages, are also unencrypted.
For secure communication across the Internet, the HTTP Secure (HTTPS) protocol is
used for accessing or posting web server information. HTTPS can use authentication and
encryption to secure data as it travels between the client and server. HTTPS specifies
additional rules for passing data between the Application layer and the Transport Layer.
3.3.3 E-mail Services and SMTP/POP Protocols
E-mail, the most popular network service, has revolutionized how people communicate
through its simplicity and speed. Yet to run on a computer or other end device, e-mail
requires several applications and services. Two example Application layer protocols are
Post Office Protocol (POP) and Simple Mail Transfer Protocol (SMTP), shown in the
figure. As with HTTP, these protocols define client/server processes.
When people compose e-mail messages, they typically use an application called a Mail
User Agent (MUA), or e-mail client. The MUA allows messages to be sent and places
received messages into the client's mailbox, both of which are distinct processes.
In order to receive e-mail messages from an e-mail server, the e-mail client can use POP.
Sending e-mail from either a client or a server uses message formats and command
strings defined by the SMTP protocol. Usually an e-mail client provides the functionality
of both protocols within one application.
E-mail Server Processes - MTA and MDA
The e-mail server operates two separate processes:
o
o
Mail Transfer Agent (MTA)
Mail Delivery Agent (MDA)
The Mail Transfer Agent (MTA) process is used to forward e-mail. As shown in
the figure, the MTA receives messages from the MUA or from another MTA on another
e-mail server. Based on the message header, it determines how a message has to be
forwarded to reach its destination. If the mail is addressed to a user whose mailbox is on
the local server, the mail is passed to the MDA. If the mail is for a user not on the local
server, the MTA routes the e-mail to the MTA on the appropriate server.
In the figure, we see that the Mail Delivery Agent (MDA) accepts a piece of e-mail from
a Mail Transfer Agent (MTA) and performs the actual delivery. The MDA receives all the
inbound mail from the MTA and places it into the appropriate users' mailboxes. The
MDA can also resolve final delivery issues, such as virus scanning, spam filtering, and
return-receipt handling. Most e-mail communications use the MUA, MTA, and MDA
applications. However, there are other alternatives for e-mail delivery.
A client may be connected to a corporate e-mail system, such as IBM's Lotus Notes,
Novell's Groupwise, or Microsoft's Exchange. These systems often have their own
internal e-mail format, and their clients typically communicate with the e-mail server
using a proprietary protocol.
The server sends or receives e-mail via the Internet through the product's Internet mail
gateway, which performs any necessary reformatting. If, for example, two people who
work for the same company exchange e-mail with each other using a proprietary
protocol, their messages may stay completely within the company's corporate e-mail
system.
As another alternative, computers that do not have an MUA can still connect to a mail
service on a web browser in order to retrieve and send messages in this manner. Some
computers may run their own MTA and manage inter-domain e-mail themselves.
As mentioned earlier, e-mail can use the protocols, POP and SMTP (see the figure for an
explanation of how they each work). POP and POP3 (Post Office Protocol, version 3) are
inbound mail delivery protocols and are typical client/server protocols. They deliver email from the e-mail server to the client (MUA). The MDA listens for when a client
connects to a server. Once a connection is established, the server can deliver the e-mail to
the client.
The Simple Mail Transfer Protocol (SMTP), on the other hand, governs the transfer of
outbound e-mail from the sending client to the e-mail server (MDA), as well as the
transport of e-mail between e-mail servers (MTA). SMTP enables e-mail to be
transported across data networks between different types of server and client software
and makes e-mail exchange over the Internet possible.
The SMTP protocol message format uses a rigid set of commands and replies. These
commands support the procedures used in SMTP, such as session initiation, mail
transaction, forwarding mail, verifying mailbox names, expanding mailing lists, and the
opening and closing exchanges.
Some of the commands specified in the SMTP protocol are:
o
o
o
o
o
HELO - identifies the SMTP client process to the SMTP server process
EHLO - Is a newer version of HELO, which includes services extensions
MAIL FROM - Identifies the sender
RCPT TO - Identifies the recipient
DATA - Identifies the body of the message
3.3.4 FTP
The File Transfer Protocol (FTP) is another commonly used Application layer protocol.
FTP was developed to allow for file transfers between a client and a server . An FTP
client is an application that runs on a computer that is used to push and pull files from a
server running the FTP daemon (FTPd).
To successfully transfer files, FTP requires two connections between the client and the
server: one for commands and replies, the other for the actual file transfer.
The client establishes the first connection to the server on TCP port 21. This connection is
used for control traffic, consisting of client commands and server replies.
The client establishes the second connection to the server over TCP port 20. This
connection is for the actual file transfer and is created every time there is a file
transferred.
The file transfer can happen in either direction. The client can download (pull) a file from
the server or, the client can upload (push) a file to the server.
3.3.5 DNS
The Dynamic Host Configuration Protocol (DHCP) service enables devices on a network
to obtain IP addresses and other information from a DHCP server. This service automates
the assignment of IP addresses, subnet masks, gateway and other IP networking
parameters.
DHCP allows a host to obtain an IP address dynamically when it connects to the network.
The DHCP server is contacted and an address requested. The DHCP server chooses an
address from a configured range of addresses called a pool and assigns ("leases") it to the
host for a set period.
On larger local networks, or where the user population changes frequently, DHCP is
preferred. New users may arrive with laptops and need a connection. Others have new
workstations that need to be connected. Rather than have the network administrator
assign IP addresses for each workstation, it is more efficient to have IP addresses
assigned automatically using DHCP.
DHCP distributed addresses are not permanently assigned to hosts but are only leased for
a period of time. If the host is powered down or taken off the network, the address is
returned to the pool for reuse. This is especially helpful with mobile users that come and
go on a network. Users can freely move from location to location and re-establish
network connections. The host can obtain an IP address once the hardware connection is
made, either via a wired or wireless LAN.
DHCP makes it possible for you to access the Internet using wireless hotspots at airports
or coffee shops. As you enter the area, your laptop DHCP client contacts the local DHCP
server via a wireless connection. The DHCP server assigns an IP address to your laptop.
As the figure shows, various types of devices can be DHCP servers when running DHCP
service software. The DHCP server in most medium to large networks is usually a local
dedicated PC-based server.
With home networks the DHCP server is usually located at the ISP and a host on the
home network receives its IP configuration directly from the ISP.
DHCP can pose a security risk because any device connected to the network can receive
an address. This risk makes physical security an important factor when determining
whether to use dynamic or manual addressing.
Dynamic and static addressing both have their places in network designs. Many networks
use both DHCP and static addressing. DHCP is used for general purpose hosts such as
end user devices, and fixed addresses are used for network devices such as gateways,
switches, servers and printers.
Without DHCP, users have to manually input the IP address, subnet mask and other
network settings in order to join the network. The DHCP server maintains a pool of IP
addresses and leases an address to any DHCP-enabled client when the client is powered
on. Because the IP addresses are dynamic (leased) rather than static (permanently
assigned), addresses no longer in use are automatically returned to the pool for
reallocation. When a DHCP-configured device boots up or connects to the network, the
client broadcasts a DHCP DISCOVER packet to identify any available DHCP servers on
the network. A DHCP server replies with a DHCP OFFER, which is a lease offer message
with an assigned IP address, subnet mask, DNS server, and default gateway information
as well as the duration of the lease.
The client may receive multiple DHCP OFFER packets if there is more than one DHCP
server on the local network, so it must choose between them, and broadcast a DHCP
REQUEST packet that identifies the explicit server and lease offer that the client is
accepting. A client may choose to request an address that it had previously been allocated
by the server.
Assuming that the IP address requested by the client, or offered by the server, is still
valid, the server would return a DHCP ACK message that acknowledges to the client the
lease is finalized. If the offer is no longer valid - perhaps due to a time-out or another
client allocating the lease - then the selected server will respond with a DHCP NAK
message (Negative Acknowledgement). If a DHCP NAK message is returned, then the
selection process must begin again with a new DHCP DISCOVER message being
transmitted.
Once the client has the lease, it must be renewed prior to the lease expiration through
another DHCP REQUEST message.
The DHCP server ensures that all IP addresses are unique (an IP address cannot be
assigned to two different network devices simultaneously). Using DHCP enables network
administrators to easily reconfigure client IP addresses without having to manually make
changes to the clients. Most Internet providers use DHCP to allocate addresses to their
customers who do not require a static address.
The fourth CCNA Exploration course will cover the operation of DHCP in greater detail.
3.3.6 File Sharing and SMB Protocols
The Server Message Block (SMB) is a client/server file sharing protocol. IBM developed
Server Message Block (SMB) in the late 1980s to describe the structure of shared
network resources, such as directories, files, printers, and serial ports. It is a requestresponse protocol. Unlike the file sharing supported by FTP, clients establish a long term
connection to servers. Once the connection is established, the user of the client can access
the resources on the server as if the resource is local to the client host.
SMB file-sharing and print services have become the mainstay of Microsoft networking.
With the introduction of the Windows 2000 series of software, Microsoft changed the
underlying structure for using SMB. In previous versions of Microsoft products, the SMB
services used a non-TCP/IP protocol to implement name resolution. Beginning with
Windows 2000, all subsequent Microsoft products use DNS naming. This allows TCP/IP
protocols to directly support SMB resource sharing, as shown in the figure.
The LINUX and UNIX operating systems also provide a method of sharing resources
with Microsoft networks using a version of SMB called SAMBA. The Apple Macintosh
operating systems also support resource sharing using the SMB protocol.
he SMB protocol describes file system access and how clients can make requests for
files. It also describes the SMB protocol inter-process communication. All SMB
messages share a common format. This format uses a fixed-sized header followed by a
variable-sized parameter and data component.
SMB messages can:
o
o
o
Start, authenticate, and terminate sessions
Control file and printer access
Allow an application to send or receive messages to or from another device
The SMB file exchange process is shown in the figure.
3.3.7 P2P Services and Gnutella Protocols
You learned about FTP and SMB as ways of obtaining files, here is another Application
protocol. Sharing files over the Internet has become extremely popular. With P2P
applications based on the Gnutella protocol, people can make files on their hard disks
available to others for downloading. Gnutella-compatible client software allows users to
connect to Gnutella services over the Internet and to locate and access resources shared
by other Gnutella peers.
Many client applications are available for accessing the Gnutella network, including:
BearShare, Gnucleus, LimeWire, Morpheus, WinMX and XoloX (see a screen capture of
LimeWire in the figure). While the Gnutella Developer Forum maintains the basic
protocol, application vendors often develop extensions to make the protocol work better
on their applications.
Many P2P applications do not use a central database to record all the files available on
the peers. Instead, the devices on the network each tell the other what files are available
when queried and use the Gnutella protocol and services to support locating resources.
See the figure.
When a user is connected to a Gnutella service, the client applications will search for
other Gnutella nodes to connect to. These nodes handle queries for resource locations and
replies to those requests. They also govern control messages, which help the service
discover other nodes. The actual file transfers usually rely on HTTP services.
The Gnutella protocol defines five different packet types:
o
o
o
o
o
ping - for device discovery
pong - as a reply to a ping
query - for file location
query hit - as a reply to a query
push - as a download request
3.3.8 Telnet Services and Protocols
Long before desktop computers with sophisticated graphical interfaces existed, people
used text-based systems which were often just display terminals physically attached to a
central computer. Once networks were available, people needed a way to remotely access
the computer systems in the same manner that they did with the directly attached
terminals.
Telnet was developed to meet that need. Telnet dates back to the early 1970s and is
among the oldest of the Application layer protocols and services in the TCP/IP suite.
Telnet provides a standard method of emulating text-based terminal devices over the data
network. Both the protocol itself and the client software that implements the protocol are
commonly referred to as Telnet.
Appropriately enough, a connection using Telnet is called a Virtual Terminal (VTY)
session, or connection. Rather than using a physical device to connect to the server,
Telnet uses software to create a virtual device that provides the same features of a
terminal session with access to the server command line interface (CLI).
To support Telnet client connections, the server runs a service called the Telnet daemon.
A virtual terminal connection is established from an end device using a Telnet client
application. Most operating systems include an Application layer Telnet client. On a
Microsoft Windows PC, Telnet can be run from the command prompt. Other common
terminal applications that run as Telnet clients are HyperTerminal, Minicom, and
TeraTerm.
Once a Telnet connection is established, users can perform any authorized function on the
server, just as if they were using a command line session on the server itself. If
authorized, they can start and stop processes, configure the device, and even shut down
the system.
Click the tabs in the figure to view the Telnet example.
Telnet is a client/server protocol and it specifies how a VTY session is established and
terminated. It also provides the syntax and order of the commands used to initiate the
Telnet session, as well as control commands that can be issued during a session. Each
Telnet command consists of at least two bytes. The first byte is a special character called
the Interpret as Command (IAC) character. As its name implies, the IAC defines the next
byte as a command rather than text.
Some sample Telnet protocol commands include:
Are You There (AYT) - Lets the user request that something appear on the terminal
screen to indicate that the VTY session is active.
Erase Line (EL) - Deletes all text from the current line.
Interrupt Process (IP) - Suspends, interrupts, aborts, or terminates the process to which
the Virtual Terminal is connected. For example, if a user started a program on the Telnet
server via the VTY, he or she could send an IP command to stop the program.
While the Telnet protocol supports user authentication, it does not support the transport of
encrypted data. All data exchanged during a Telnet sessions is transported as plain text
across the network. This means that the data can be intercepted and easily understood.
If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure
method for server access. SSH provides the structure for secure remote login and other
secure network services. It also provides stronger authentication than Telnet and supports
the transport of session data using encryption. As a best practice, network professionals
should always use SSH in place of Telnet, whenever possible.
Later in this course, we will use Telnet and SSH to access and configure network devices
over the lab network.
3.4.2 Lab Managing web server
3.5.1 Summary and Review
The Application layer is responsible for directly accessing the underlying processes that
manage and deliver communication to the human network. This layer serves as the source
and destination of communications across data networks.
The Application layer applications, protocols, and services enable users to interact with
the data network in a way that is meaningful and effective.
Applications are computer programs with which the user interacts and which initiate the
data transfer process at the user's request.
Services are background programs that provide the connection between the Application
layer and the lower layers of the networking model.
Protocols provide a structure of agreed-upon rules and processes that ensure services
running on one particular device can send and receive data from a range of different
network devices.
Delivery of data over the network can be requested from a server by a client, or between
devices that operate in a peer-to-peer arrangement, where the client/server relationship is
established according to which device is the source and destination at that time. Messages
are exchanged between the Application layer services at each end device in accordance
with the protocol specifications to establish and use these relationships.
Protocols like HTTP, for example, support the delivery of web pages to end devices.
SMTP/POP protocols support sending and receiving e-mail. SMB enables users to share
files. DNS resolves the human legible names used to refer to network resources into
numeric addresses usable by the network.
Cisco Exploration Semester 1 Chapter 7
7. Data Link Layer
To support our communication, the OSI model divides the functions of a data network
into layers.
To recap:
The Application layer provides the interface to the user.
The Transport layer is responsible for dividing and managing communications between
the processes running in the two end systems.
The Network layer protocols organize our communication data so that it can travel across
internetworks from the originating host to a destination host.
For Network layer packets to be transported from source host to destination host, they
must traverse different physical networks. These physical networks can consist of
different types of physical media such as copper wires, microwaves, optical fibers, and
satellite links. Network layer packets do not have a way to directly access these different
media.
It is the role of the OSI Data Link layer to prepare Network layer packets for transmission
and to control access to the physical media.
This chapter introduces the general functions of the Data Link layer and the protocols
associated with it.
Learning Objectives
Upon completion of this chapter, you will be able to:
•
•
•
•
•
•
•
Explain the role of Data Link layer protocols in data transmission.
Describe how the Data Link layer prepares data for transmission on network
media.
Describe the different types of media access control methods.
Identify several common logical network topologies and describe how the logical
topology determines the media access control method for that network.
Explain the purpose of encapsulating packets into frames to facilitate media
access.
Describe the Layer 2 frame structure and identify generic fields.
Explain the role of key frame header and trailer fields, including addressing, QoS,
type of protocol, and Frame Check Sequence.
7.1.1 Supporting & Connecting to Upper Layer Services
The Data Link layer provides a means for exchanging data over a common local media.
The Data Link layer performs two basic services:
Allows the upper layers to access the media using techniques such as framing
Controls how data is placed onto the media and is received from the media using
techniques such as media access control and error detection
As with each of the OSI layers, there are terms specific to this layer:
Frame - The Data Link layer PDU
Node - The Layer 2 notation for network devices connected to a common medium
Media/medium (physical)* - The physical means for the transfer of information between
two nodes
Network (physical)** - Two or more nodes connected to a common medium
The Data Link layer is responsible for the exchange of frames between nodes over the
media of a physical network.
* It is important to understand the meaning of the words medium and media within the
context of this chapter. Here, these words refer to the material that actually carries the
signals representing the transmitted data. Media is the physical copper cable, optical
fiber, or atmosphere through which the signals travel. In this chapter media does not refer
to content programming such as audio, animation, television, and video as used when
referring to digital content and multimedia.
** A physical network is different from a logical network. Logical networks are defined
at the Network layer by the arrangement of the hierarchical addressing scheme. Physical
networks represent the interconnection of devices on a common media. Sometimes, a
physical network is also referred to as a network segment.
Upper Layer Access to Media
As we have discussed, a network model allows each layer to function with minimal
concern for the roles of the other layers. The Data Link layer relieves the upper layers
from the responsibility of putting data on the network and receiving data from the
network. This layer provides services to support the communication processes for each
medium over which data is to be transmitted.
In any given exchange of Network layer packets, there may be numerous Data Link layer
and media transitions. At each hop along the path, an intermediary device - usually a
router - accepts frames from a medium, decapsulates the frame, and then forwards the
packet in a new frame appropriate to the medium of that segment of the physical network.
Imagine a data conversation between two distant hosts, such as a PC in Paris with an
Internet server in Japan. Although the two hosts may be communicating with their peer
Network layer protocols (IP for example), it is likely that numerous Data Link layer
protocols are being used to transport the IP packets over various types of LANs and
WANs. This packet exchange between two hosts requires a diversity of protocols that
must exist at the Data Link layer. Each transition at a router could require a different Data
Link layer protocol for transport on a new medium.
Notice in the figure that each link between devices uses a different medium. Between the
PC and the router may be an Ethernet link. The routers are connected through a satellite
link, and the laptop is connected through a wireless link to the last router. In this example,
as an IP packet travels from the PC to the laptop, it will be encapsulated into Ethernet
frame, decapsulated, processed, and then encapsulated into a new data link frame to cross
the satellite link. For the final link, the packet will use a wireless data link frame from the
router to the laptop.
The Data Link layer effectively insulates the communication processes at the higher
layers from the media transitions that may occur end-to-end. A packet is received from
and directed to an upper layer protocol, in this case IPv4 or IPv6, that does not need to be
aware of which media the communication will use.
Without the Data Link layer, a Network layer protocol, such as IP, would have to make
provisions for connecting to every type of
71.2 Controlling Transfer Across Local Media
Layer 2 protocols specify the encapsulation of a packet into a frame and the techniques
for getting the encapsulated packet on and off each medium. The technique used for
getting the frame on and off media is called the media access control method. For the data
to be transferred across a number of different media, different media access control
methods may be required during the course of a single communication.
Each network environment that packets encounter as they travel from a local host to a
remote host can have different characteristics. For example, one network environment
may consist of many hosts contending to access the network medium on an ad hoc basis.
Another environment may consist of a direct connection between only two devices over
which data flows sequentially as bits in an orderly way.
The media access control methods described by the Data Link layer protocols define the
processes by which network devices can access the network media and transmit frames in
diverse network environments.
A node that is an end device uses an adapter to make the connection to the network. For
example, to connect to a LAN, the device would use the appropriate Network Interface
Card (NIC) to connect to the LAN media. The adapter manages the framing and media
access control.
At intermediary devices such as a router, where the media type could change for each
connected network, different physical interfaces on the router are used to encapsulate the
packet into the appropriate frame, and a suitable media access control method is used to
access each link. The router in the figure has an Ethernet interface to connect to the LAN
and a serial interface to connect to the WAN. As the router processes frames, it will use
Data Link layer services to receive the frame from one medium, decapsulate it to the
Layer 3 PDU, re-encapsulate the PDU into a new frame, and place the frame on the
medium of the next link of the network.
7.1.3 Creating a Frame
The description of a frame is a key element of each Data Link layer protocol. Data Link
layer protocols require control information to enable the protocols to function. Control
information may tell:
•
•
•
•
Which nodes are in communication with each other
When communication between individual nodes begins and when it ends
Which errors occurred while the nodes communicated
Which nodes will communicate next
The Data Link layer prepares a packet for transport across the local media by
encapsulating it with a header and a trailer to create a frame.
Unlike the other PDUs that have been discussed in this course, the Data Link layer frame
includes:
•
Data - The packet from the Network layer
Header - Contains control information, such as addressing, and is located at the
beginning of the PDU
Trailer - Contains control information added to the end of the PDU
•
These frame elements will be discussed in more detail later in this chapter.
•
•
Formatting Data for Transmission
When data travels on the media, it is converted into a stream of bits, or 1s and 0s. If a
node is receiving long streams of bits, how does it determine where a frame starts and
stops or which bits represent the address?
Framing breaks the stream into decipherable groupings, with control information inserted
in the header and trailer as values in different fields. This format gives the physical
signals a structure that can be received by nodes and decoded into packets at the
destination.
Typical field types include:
•
•
•
•
•
Start and stop indicator fields - The beginning and end limits of the frame
Naming or addressing fields
Type field - The type of PDU contained in the frame
Quality - control fields
A data field -The frame payload (Network layer packet)
Fields at the end of the frame form the trailer. These fields are used for error detection
and mark the end of the frame.
Not all protocols include all of these fields. The standards for a specific Data Link
protocol define the actual frame format. Examples of frame formats will be discussed at
the end of this chapter.
7.1.4 Connecting Upper Layer Services to The Media
The Data Link layer exists as a connecting layer between the software processes of the
layers above it and the Physical layer below it. As such, it prepares the Network layer
packets for transmission across some form of media, be it copper, fiber, or the
atmosphere.
In many cases, the Data Link layer is embodied as a physical entity, such as an Ethernet
network interface card (NIC), which inserts into the system bus of a computer and makes
the connection between running software processes on the computer and physical media.
The NIC is not solely a physical entity, however. Software associated with the NIC
enables the NIC to perform its intermediary functions of preparing data for transmission
and encoding the data as signals to be sent on the associated media.
7.1.4 Connecting Upper Layer Services to The Media
Data Link Sublayers
To support a wide variety of network functions, the Data Link layer is often divided into
two sublayers: an upper sublayer and an lower sublayer.
The upper sublayer defines the software processes that provide services to the Network
layer protocols.
The lower sublayer defines the media access processes performed by the hardware.
Separating the Data Link layer into sublayers allows for one type of frame defined by the
upper layer to access different types of media defined by the lower layer. Such is the case
in many LAN technologies, including Ethernet.
The two common LAN sublayers are:
Logical Link Control
Logical Link Control (LLC) places information in the frame that identifies which
Network layer protocol is being used for the frame. This information allows multiple
Layer 3 protocols, such as IP and IPX, to utilize the same network interface and media.
Media Access Control
Media Access Control (MAC) provides Data Link layer addressing and delimiting of data
according to the physical signaling requirements of the medium and the type of Data Link
layer protocol in use.
7.1.6 Standart
Unlike the protocols of the upper layers of the TCP/IP suite, Data Link layer protocols are
generally not defined by Request for Comments (RFCs). Although the Internet
Engineering Task Force (IETF) maintains the functional protocols and services for the
TCP/IP protocol suite in the upper layers, the IETF does not define the functions and
operation of that model's Network access layer. The TCP/IP Network Access layer is the
equivalent of the OSI Data Link and Physical layers. These two layer will be discussed in
separate chapters for closer examination..
The functional protocols and services at the Data Link layer are described by engineering
organizations (such as IEEE, ANSI, and ITU) and communications companies.
Engineering organizations set public and open standards and protocols. Communications
companies may set and use proprietary protocols to take advantage of new advances in
technology or market opportunities.
Data Link layer services and specifications are defined by multiple standards based on a
variety of technologies and media to which the protocols are applied. Some of these
standards integrate both Layer 2 and Layer 1 services.
Engineering organizations that define open standards and protocols that apply to the Data
Link layer include:
International Organization for Standardization (ISO)
Institute of Electrical and Electronics Engineers (IEEE)
American National Standards Institute (ANSI)
International Telecommunication Union (ITU)
Unlike the upper layer protocols, which are implemented mostly in software such as the
host operating system or specific applications, Data Link layer processes occur both in
software and hardware. The protocols at this layer are implemented within the electronics
of the network adapters with which the device connects to the physical network.
For example, a device implementing the Data Link layer on a computer would be the
network interface card (NIC). For a laptop, a wireless PCMCIA adapter is commonly
used. Each of these adapters is the hardware that complies with the Layer 2 standards and
protocols.
http://www.iso.org
http://www.ieee.org
http://www.ansi.org
http://www.itu.int
7.2.1 Placing Data on The Media
Regulating the placement of data frames onto the media is known as media access
control. Among the different implementations of the Data Link layer protocols, there are
different methods of controlling access to the media. These media access control
techniques define if and how the nodes share the media.
Media access control is the equivalent of traffic rules that regulate the entrance of motor
vehicles onto a roadway. The absence of any media access control would be the
equivalent of vehicles ignoring all other traffic and entering the road without regard to the
other vehicles.
However, not all roads and entrances are the same. Traffic can enter the road by merging,
by waiting for its turn at a stop sign, or by obeying signal lights. A driver follows a
different set of rules for each type of entrance.
In the same way, there are different ways to regulate the placing of frames onto the
media. The protocols at the Data Link layer define the rules for access to different media.
Some media access control methods use highly-controlled processes to ensure that frames
are safely placed on the media. These methods are defined by sophisticated protocols,
which require mechanisms that introduce overhead onto the network.
The method of media access control used depends on:
Media sharing - If and how the nodes share the media
Topology - How the connection between the nodes appears to the Data Link layer
7.2.2 Media Access Control for Shared Media
Some network topologies share a common medium with multiple nodes. At any one time,
there may be a number of devices attempting to send and receive data using the network
media. There are rules that govern how these devices share the media.
There are two basic media access control methods for shared media:
Controlled - Each node has its own time to use the medium
Contention-based - All nodes compete for the use of the medium
Click the tabs in the figure to see the differences in the two methods.
Controlled Access for Shared Media
When using the controlled access method, network devices take turns, in sequence, to
access the medium. This method is also known as scheduled access or deterministic. If a
device does not need to access the medium, the opportunity to use the medium passes to
the next device in line. When one device places a frame on the media, no other device can
do so until the frame has arrived at the destination and has been processed by the
destination.
Although controlled access is well-ordered and provides predictable throughput,
deterministic methods can be inefficient because a device has to wait for its turn before it
can use the medium.
Contention-based Access for Shared Media
Also referred to as non-deterministic, contention-based methods allow any device to try
to access the medium whenever it has data to send. To prevent complete chaos on the
media, these methods use a Carrier Sense Multiple Access (CSMA) process to first detect
if the media is carrying a signal. If a carrier signal on the media from another node is
detected, it means that another device is transmitting. When the device attempting to
transmit sees that the media is busy, it will wait and try again after a short time period. If
no carrier signal is detected, the device transmits its data. Ethernet and wireless networks
use contention-based media access control.
It is possible that the CSMA process will fail and two devices will transmit at the same
time. This is called a data collision. If this occurs, the data sent by both devices will be
corrupted and will need to be resent.
Contention-based media access control methods do not have the overhead of controlled
access methods. A mechanism for tracking whose turn it is to access the media is not
required. However, the contention-based systems do not scale well under heavy media
use. As use and the number of nodes increases, the probability of successful media access
without a collision decreases. Additionally, The recovery mechanisms required to correct
errors due to these collisions further diminishes the throughput.
CSMA is usually implemented in conjunction with a method for resolving the media
contention. The two commonly used methods are:
CSMA/Collision Detection
In CSMA/Collision Detection (CSMA/CD), the device monitors the media for the
presence of a data signal. If a data signal is absent, indicating that the media is free, the
device transmits the data. If signals are then detected that show another device was
transmitting at the same time, all devices stop sending and try again later. Traditional
forms of Ethernet use this method.
CSMA/Collision Avoidance
In CSMA/Collision Avoidance (CSMA/CA), the device examines the media for the
presence of a data signal. If the media is free, the device sends a notification across the
media of its intent to use it. The device then sends the data. This method is used by
802.11 wireless networking technologies.
Note: CSMA/CD will be covered in more detail in Chapter 9.
7.2.3 Media Acccess Control for Non-Shared Media
Media access control protocols for non-shared media require little or no control before
placing frames onto the media. These protocols have simpler rules and procedures for
media access control. Such is the case for point-to-point topologies.
In point-to-point topologies, the media interconnects just two nodes. In this arrangement,
the nodes do not have to share the media with other hosts or determine if a frame is
destined for that node. Therefore, Data Link layer protocols have little to do for
controlling non-shared media access.
Full Duplex and Half Duplex
In point-to-point connections, the Data Link layer has to consider whether the
communication is half-duplex or full-duplex.
Click the tabs in the figure to see the differences in the two methods.
Half-duplex communication means that the devices can both transmit and receive on the
media but cannot do so simultaneously. Ethernet has established arbitration rules for
resolving conflicts arising from instances when more than one station attempts to transmit
at the same time.
In full-duplex communication, both devices can transmit and receive on the media at the
same time. The Data Link layer assumes that the media is available for transmission for
both nodes at any time. Therefore, there is no media arbitration necessary in the Data
Link layer.
The details of a specific media access control technique can only be examined by
studying a specific protocol. Within this course, we will study traditional Ethernet, which
uses CSMA/CD. Other techniques will be covered in later courses.
7.2.4 Logical VS Physical
The topology of a network is the arrangement or relationship of the network devices and
the interconnections between them. Network topologies can be viewed at the physical
level and the logical level.
The physical topology is an arrangement of the nodes and the physical connections
between them. The representation of how the media is used to interconnect the devices is
the physical topology. These will be covered in later chapters of this course.
A logical topology is the way a network transfers frames from one node to the next. This
arrangement consists of virtual connections between the nodes of a network independent
of their physical layout. These logical signal paths are defined by Data Link layer
protocols. The Data Link layer "sees" the logical topology of a network when controlling
data access to the media. It is the logical topology that influences the type of network
framing and media access control used.
The physical or cabled topology of a network will most likely not be the same as the
logical topology.
Logical topology of a network is closely related to the mechanism used to manage
network access. Access methods provide the procedures to manage network access so
that all stations have access. When several entities share the same media, some
mechanism must be in place to control access. Access methods are applied to networks to
regulate this media access. Access methods will be discussed in more detail later.
Logical and physical topologies typically used in networks are:
•
•
•
Point-to-Point
Multi-Access
Ring
The logical implementations of these topologies and their associated media access control
methods are considered in the following sections.
7.2.5 Point-to-Point Technology
A point-to-point topology connects two nodes directly together, as shown in the figure. In
data networks with point-to-point topologies, the media access control protocol can be
very simple. All frames on the media can only travel to or from the two nodes. The
frames are placed on the media by the node at one end and taken off the media by the
node at the other end of the point-to-point circuit.
In point-to-point networks, if data can only flow in one direction at a time, it is operating
as a half-duplex link. If data can successfully flow across the link from each node
simultaneously, it is a full-duplex link.
Data Link layer protocols could provide more sophisticated media access control
processes for logical point-to-point topologies, but this would only add unnecessary
protocol overhead.
Logical Point-to-Point Networks
The end nodes communicating in a point-to-point network can be physically connected
via a number of intermediate devices. However the use of physical devices in the network
does not affect the logical topology. As shown in the figure, the source and destination
node may be indirectly connected to each other over some geographical distance. In some
cases, the logical connection between nodes forms what is called a virtual circuit. A
virtual circuit is a logical connection created within a network between two network
devices. The two nodes on either end of the virtual circuit exchange the frames with each
other. This occurs even if the frames are directed through intermediary devices. Virtual
circuits are important logical communication constructs used by some Layer 2
technologies.
The media access method used by the Data Link protocol is determined by the logical
point-to-point topology, not the physical topology. This means that the logical point-topoint connection between two nodes may not necessarily be between two physical nodes
at each end of a single physical link.
CISCO IOS CONFIGURATION
Basic Router Commands
.
Mode-mode CISCO IOS : yaitu User Mode dan Previleged Mode yang akan praktikan
praktekan satu per satu
Untuk masuk ke User Mode, praktikan cukup menekan tombol Enter, sehingga keluar
Router>
Untuk mengetahui perintah apa saja yang disupport oleh mode ini tambahkan perintah “ ?
“ pada Router>?
1. Router> show version
2. Router> show protocols
3. Router> show history
Masuklah kemode previleged dengan mengetikan perintah enable
Router> enable
Router#?
1. Router# show ip interfaces
2. Router# show ip interfaces brief
3. Router#show running-config
Untuk mengubah konfigurasi yang telah ada sebelumnya bisa menggunakan configure
terminal untuk memasuki global configuration mode yang kemudian diikuti dengan
baris-baris konfigurasi.
1. Router#conf t
2. Router(config )#
perintah exit akan diperlukan untuk keluar dari global configuration mode
Konfigurasi Router Interface
Tugas router adalah meneruskan paket paket dari sebuah network ke network yang
lainnya. Sebuhungan dengan tugas tersebut, network interface harus dikonfigurasi sesuai
dengan karakteristik-nya. Perintah interface pada mode konfigurasi global disediakan
untuk mengkonfigurasi interface-interface pada router. Ada berbagai tipe interface yang
dikonfigurasi dengan perintah ini antara lain: Ethernet, Token Ring, FDDI, serial ATM,
BRI, dan tunnel. Dalam praktikum, hanya Ethernet dan Serial saja yang akan dibahas
lebih lanjut.
1. Mengkonfigurasi Ethernet Interface
Perintah interface harus dijalankan pada mode konfigurasi global. Untuk memasuki mode
konfigurasi global, gunakan perintah configure terminal, seperti yang telah dijelaskan
sebelumnya.
Format perintah interface untuk memasuki mode konfigurasi interface untuk Ethernet
pada router yang hanya mempunyai satu slot adalah:
interface ethernet nomer-port
Beberapa jenis router memiliki banyak slot, seperti misalnya Cisco 2600,3600 dan 4000.
Untuk router-router dengan banyak slot, format perintahnya adalah:
interface ethernet nomer-slot/nomer-port
Setelah memasuki mode konfigurasi interface dengan perintah di atas, barulah Ethernet
tersebut dapat dikonfigurasi sesuai dengan kebutuhan. Konfigurasi paling dasar yang
dibutuhkan agar Ethernet dapat meneruskan paket-paket adalah IP address dan subnet
mask.
Format konfigurasinya adalah:
ip address IP-address subnet-mask
Contoh konfigurasi Router1 interface ethernet 0 (pada topology Boson default)
1. Route1r# configure terminal
2. Router1(config)# interface ethernet 0
3.
4.
5.
6.
7.
8.
Router1(config-if)# description LAN pada Lab Akatel
Router1(config-if)# ip address 192.168.0.1 255.255.255.0
Router1(config-if)# no shut
Router1(config-if)# exit
Router1(config)# exit
Router1#
Perintah interface ethernet 0 pada baris ke 2, masuk ke mode konfigurasi interface
ethernet 0
Perintah description pada baris ke 3 , memberikan deskripsi singkat tentang interface
Perintah ip address pada baris ke 4, memberikan no ip ke interface
Perintah no shut (no shutdown) pada perintah baris ke 5 diatas mengintrusikan bahwa
interface tersebut langsung diaktifkan
Contoh konfigurasi Router2 interface ethernet 1 (pada topology Boson default)
1.
2.
3.
4.
5.
6.
7.
8.
Route2r# configure terminal
Router2(config)# interface ethernet 0
Router2(config-if)# description LAN pada Lab Akatel
Router2(config-if)# ip address 192.168.0.2 255.255.255.0
Router2(config-if)# no shut
Router2(config-if)# exit
Router2(config)# exit
Router2#
Uji Koneksitas Router dengan PING
Ping lah Router1 ke Router2
Router1# ping 192.168.0.2
Menampilkan ringkasan status IP interface Router1
Router1# show ip interface brief
Menampilkan ringkasan status IP interface Router2
Router2# show ip interface brief
2. Mengkonfigurasi Serial Interface
Serial interface adalah interface yang seringkali digunakan untuk koneksi ke WAN (Wide
Area Network). Koneksi serial membutuhkan clocking untuk sinkronisasi. Dan oleh
karena itu, hubungan serial ini harus mempunyai 2 sisi, yaitu DCE (data
circuitterminating equipment) dan DTE (data terminal equipment). DCE menyediakan
clocking dan DTE akan mengikuti clock yang diberikan oleh DCE. Kabel DCE
mempunyai koneksi female (perempuan), sedangkan kabel DTE mempunyai koneksi
male (jantan). Pada prakteknya, DCE biasanya disediakan oleh service provider yang
biasanya adalah merupakan koneksi ke CSU/DSU. Router sendiri biasanya hanyalah
berperan sebagai DTE sehingga router tersebut tidak perlu menyediakan clocking.
Walaupun demikian, cisco router juga bisa berperan sebagai DCE yang menyediakan
clocking. Fungsi ini biasanya dipakai untuk uji coba router dimana kita bisa
menghubungkan 2 buah router back to back sehingga salah satu router harus berfungsi
sebagai DCE agar koneksi bisa terjadi.
Contoh konfigurasi interface serial sebagai DTE
1.
2.
3.
4.
5.
6.
7.
Router # configure terminal
Router(config)# interface serial 0
Router(config-if)# description Lab komp Akatel
Router(config-if)# ip address 172.16.158.1 255.255.255.0
Router(config-if)# bandwith 64
Router(config-if)# exit
Router(config)# exit
Contoh konfigurasi interface serial sebagai DCE
1.
2.
3.
4.
5.
6.
7.
8.
Router # configure terminal
Router(config)# interface serial 0
Router(config-if)# description Lab Cisco sebagai DCE
Router(config-if)# ip address 172.16.158. 255.255.255.0
Router(config-if)# bandwith 64
Router(config-if)# clock rate 64000
Router(config-if)# exit
Router(config)# exit
1. Uji Koneksitas Router 2 dengan Router 4
2. Menampilkan ringkasan status IP interface Router2
3. Menampilkan ringkasan status IP interface Router4
C. Mengamankan Router dengan Password
Untuk menyulitkan orang yang tidak berhak mengubah dan mengacau konfigurasi router,
maka router tersebut perlu dilindungi dengan kata sandi (password).
Password untuk mode priviledge
Setelah user menuliskan password dengan benar untuk mendapatkan akses ke router
baik melalui jaringan ataupun console, maka user akan memasuki user mode. Jika
password untuk mode priviledge dikonfigurasi, maka user juga harus menuliskan
password lagi untuk masuk ke mode itu. Perintah yang digunakan untuk memberi
password pada mode ini adalah enable password, atau enable secret.
Perbedaan antara kedua perintah tersebut adalah bahwa perintah enable secret membuat
password-nya terenkrip sedangkan enable password tidak. Kedua perintah tersebut juga
bisa dituliskan kedua-duanya dalam mode konfigurasi global, dan keduanya juga bisa
mempunyai password yang berbeda. Namun jika keduanya diletakkan pada konfigurasi,
maka password pada enable secret yang akan digunakan untuk memasuki privileged
mode.
Mengkonfigurasi enable password dari mode priviledge
1. Route1r#conf t
2. Router1(config)#enable password rahasia
Mengkonfigurasi enable secret dari mode priviledge
1. Router1#conf t
2. Router1(config)#enable secret rahasiabanget
Melihat konfigurasi Router (harus dari mode priviledge)
o
o
Router1 (config)# exit
Router 1#show running-config
access-list
Defines an access list.
Syntax: [no] access-list list-name [permit|deny] protocol source source-mask
[operator operand] destination destination-mask [proto-type] [operator operand]
[established] [fragment] [sample tag-name] [log] [rate-limit tag-name]
Attribute
permit
deny
protocol
source
Description
Permits access of packet if conditions are matched.
Denies access of packet if conditions are matched.
Name or number of an Internet protocol. Name keywords are: icmp,
igmp, ip, ospf, pim, tcp, or udp. Number entries are standard internet
protocol numbers from 0 - 255. If a protocol is not specified, the entry
applies to all protocols.
IP address of network or host sending the packet. The router compares
routes being tested to this value. Specify the address using one of the
following formats:
•
32-bit IP address in dotted decimal format.
source-mask
destination
destinationmask
operator
•
keyword any to specify a source and source-mask of 0.0.0.0
255.255.255.255
•
keyword host followed by the host address in dotted decimal
notation which specifies source-mask of 0.0.0.0
The sourceattribute applies to all protocols
Network mask applied to the source address. Specify as a 32-bit IP
address in dotted decimal format. The source-mask attribute applies to
all protocols.
IP address of network or host to which the packet is being sent. Specify
the address using one of the following formats:
•
32-bit IP address in dotted decimal format.
•
keyword any to specify a source and source-mask of 0.0.0.0
255.255.255.255
•
keyword host followed by the host address in dotted decimal
notation which specifies source-mask of 0.0.0.0
The destination attribute applies to all protocols.
Network mask applied to the destination address. Specify as a 32-bit IP
address in dotted decimal format. The destination-mask attribute apples
to all protocols.
For udp and tcp packets only. Compares destination ports.
When used after the source IP address/source-mask, specifies a source
port.
When used after the destination IP address/destination-mask, specifies a
destination port.
Valid values are:
eq- specifies the port number is equal to the operand.
operand
range- specifies an inclusive range of ports in the operand delineated by
a space, i.e. ports 1 through 3 would be entered 1 3.
Specifies the destination port. Valid values are either a port number or a
predefined port number keyword:
0 - 65535- port number
Predefined port number keywords for tcp are:
•
bgp- BGP routing protocol packets
•
domain- DNS packet
•
echo- UDP echo port
•
exec- RSH protocol
•
ftp- FTP protocol commands. To enable FTP on the Avici router,
both the ftp and ftp-data packet types must be permitted.
•
ftp-data- FTP protocol data
•
login- Remote login packets
•
sunrpc- Standard RPC protocol
•
syslog- UNIX syslog
•
telnet- Telnet connections
Predefined port number keywords for udp are:
•
bootpc- Server port for the bootp protocol
•
bootps- DNS packets
•
domain- echo - UDP echo port
•
ntp- Network Time Protocol packets
•
rip- RIP routing protocol packets
•
snmp- SNMP packets
•
sunrpc- standard RPC protocol
•
syslog- UNIX syslog
•
tftp - Trivial File Transfer protocol packets
icmpType,
icmpCode
icmpMessage
igmpType
established
fragment
tos range
precedence
range
ICMP type and code as defined in RFC 792. For ICMP messages only
ICMP message text. For ICMP messages only.
IGMP message type. For IGMP messages only.
For tcp protocol only. Indicates an established connection. A match
occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is the initial TCP datagram to form a connection.
Match occurs on packet fragments (those packets with a non-zero offset
in their IP header). This keyword can not be used if a port number is
specified or if the established keyword is used.
IP TOS byte value or range between 0 - 255. For range, specify the low
and high number delineated by a space.
The tos attribute is not used for the ICMP or IGMP protocols.
An alternate form of expressing the TOS byte. This form matches bits
ip.tos 7:5. The parameter can be a range, a value from 0 - 7, or a
predefined keyword. The following keywords are supported:
•
critical-ecp = 0xa0
•
internet-control = 0xc0
•
network-control = 0xe0
•
flash = 0x60
•
flash-override = 0x80
•
immediate = 0x40
dscp range
•
priority = 0x20
•
routine = 0x00
For range, specify the low and high number delineated by a space.
An alternate form of expressing the TOS byte. This form matches bits
ip.tos 7:2. The parameters can be a range, a value from 0 - 63, or a
predefined keyword. The following keywords and predefined values:
•
ef = 46
•
af11 = 10
•
af12 = 12
•
af13 = 14
•
af21 = 18
•
af22 = 20
•
af23 = 22
•
af31 = 26
•
af32 = 28
•
af33 = 30
•
af41 = 34
•
af42 = 36
•
af43 = 38
For range, specify the low and high number delineated by a space.
length range
The IP length field. The parameter can be either a single exact match
value from 0 - 65535 or a range of values. For range, specify the low
and high number delineated by a space. The 15 most significant bits are
used for the access list length key.
log
Generate a syslog message when at least one match occurs within a 10
second interval. The log attribute can be used by all protocols.
sample sample- Send a mirror copy of the packet to the configured interface mirror port.
name
The sample attribute can be used by all protocols. The sample-nameis
any preconfigured sample using the sample command.
rate-limit rate- Limits the rate of the received bandwidth to the configured rate. The
limit-name
rate-limit attribute can be used by all protocols. The rate-limit-name is
any preconfigured rate-limit using the rate-limit command.
Description: Access lists are filters that enable you to:
•
Restrict the routing information a router learns from or advertises to a neighbor.
•
Restrict inbound packets bound for either the server or fabric.
You can define access lists filters based on any of four elements:
•
address based access lists identify routes you want to control by network address
number. Use the access-list or ip access-list commands to create an address-based
access list.
•
as-path based access lists identify routes you want to control by autonomous
system path. Use the ip as-path access-list command to create an autonomous
system path based access list.
•
community-based access lists identify BGP routes you want to control by
community. Use the ip community-list command to create a community-based
access list.
•
packet based access lists identify packets by protocol entering a router bound for
either the fabric or server, as well as server sourced packets that you want to
control. Packets forwarded across the fabric must use the ip access-list command
in extended mode.
Standard or Extended mode can be specified using the ip access-list command. Standard
access lists create filters based on source addresses and are used for server based filtering.
Extendedaccess lists create filters based on source addresses, destination addresses,
protocol, port number and other features and are used for packet based filtering.
Multiple BGP peers or route maps can reference a single access list. You can apply access
lists to both inbound and outbound traffic.
Each packet is passed through the access list. The rules in the access list are applied in the
order in which they appear in the list. When a packet matches any rule, the decision to
permit the packet through the filter or deny it is made, and no further rules are processed.
This means that the order of commands in your access list is very important. Make entries
in your access lists in descending order of likelihood of finding a match. List entries with
the greatest probability of being matched before entries with the smallest probability of
being matched. This order reduces the time spent processing each packet as it is passed
through an access list.
NOTE Internally, some code uses TCP sockets to communicate between tasks using the
internal loopback address (127.0.0.1). Packet filtering behaves as though the following
line was the first entry of every access-list:
permit ip host 127.0.0.1 host 127.0.0.1
NOTE Access lists implicitly deny all access that is not expressly permitted. The
following line is auto-appended to all access-lists:
deny ip any any
If it is desirable to over-ride this implicit denial statement, enter a permit ip any any
statement as the last entry in the access-list.
You cannot modify an existing access list in your configuration file. Instead, you must
use the no option to delete the list and then retype the entire list. We recommend you
keep your access lists in separate files, allowing you to cut and paste entries into your
configuration file.
Use the access-list list-name [permit|deny] source source-mask syntax to create a
standard address-based access list. Add entries to the list by repeating the command for
different IP addresses.
Use the access-list list-name [permit|deny] source source-mask destination
destination-mask syntax to create an extended address-based access list. Add entries to
the list by repeating the command for different IP addresses.
Use the access-list list-name [permit|deny] ip source source-mask destination
destination-mask [log] [sample] [rate-limit] syntax to create an IP extended packetbased access list to filter any IP protocol packet, including ICMP, TCP, and UDP, based
on their source, destination, protocol, destination port, connection state.
Use the access-list list-name [permit|deny] icmp source source-mask destination
destination-mask [proto-type] [log] [sample] [rate-limit] syntax to create an ICMP
packet-based access list to filter any ICMP protocol packet, based on their source,
destination, protocol, destination port, connection state.
Use the access-list list-name [permit|deny] igmp source source-mask destination
destination-mask [proto-type] [log] [sample] [rate-limit] syntax to create an IGMP
packet-based access list to filter any IGMP protocol packet, based on their source,
destination, protocol, destination port, connection state.
Use the access-list list-name [permit|deny] tcp source source-mask [operator
operand] destination destination-mask [operator operand] [established] [fragment]
[log] [sample] [rate-limit] syntax to create a TCP protocol packet-based access list to
filter individual packets based on their source, destination, protocol, destination port,
connection state and fragmentation.
Use the access-list list-name [permit|deny] udp source source-mask [operator
operand] destination destination-mask [operator operand] [fragment] [log] [sample]
[rate-limit] syntax to create a UDP protocol packet-based access list to filter individual
packets based on their source, destination, protocol, destination port, connection state and
fragmentation.
Use the route-map, neighbor distribute-list, and neighbor filter-list commands to
apply address-based access lists to routes.
Use the ip access-group interface configuration command to apply packet-based access
lists to an interface.
Use the no access list syntax to delete an access list.
Factory Default: Deny statement for all options.
Command Mode: Configuration.
Example 1: In the following example, the 4 access-list commands create a standard
access list named ISP4_access that allows access only for hosts on three specified
networks:
router(config)#access-list ISP4_access permit 10.5.1.121 0.0.0.255
router(config)#access-list ISP4_access permit 128.20.0.0 0.0 255.255
router(config)#access-list ISP4_access permit 120.0.0.0 0.255.255.255
router(config)#
Only routes that match entries in the access list are permitted. Note the last line of the
access list is a deny any statement to remind your reader that all other access is denied.
Example 2: In the following example, the access-list commands create an extended
access list allowFTP to permit FTP command and control packets from all sources and
destinations:
router(config)#access-list allowFTP permit tcp any any eq ftp
router(config)#access-list allowFTP permit tcp any any eq ftp-data
Example 3: In the following example, the access-list commands create an extended
access list denySNMP to deny SNMP packets from all sources and destinations, but
permit all other IP traffic:
router(config)#access-list denySNMP deny any any udp eq snmp
router(config)#access-list denySNMP permit ip any any
Example 4: In the following example:
•
A mirror port is configured to set the destination of interface pos 1/13/1 for any
sampled packets received on the pos 1/14/1 interface.
•
Two sampling frequencies are configured and tag named src-100-d (deny) and
src-100-p (permit) and set to 1 in 100 packets.
•
An extended IP access list is configured named src-filter.
•
to deny packets from network 12.160/16 with a sample rate of 1 in 100 packets.
•
to permit packets from network 191/8.
•
All other packets are permitted without sampling.
•
IP access-group src-filter is associated with interface pos 1/14/1 for in-bound
traffic forwarded across the fabric.
•
An extended IP access-list is configured named forme and is configured with
ACLs that deny telnet traffic from network 10.10/16.
•
The forme IP access-group is made the default inbound filter for messages
intended for the server.
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/14/1
router(config-if)#mirror pos 1/13/1
router(config-if)#exit
router(config)#sample src-100-d 100
router(config)#sample src-100-p 100
router(config)#ip access-list extended src_filter
router(config-ext-nacl)#deny ip 12.160.0.0 0.0.255.255 sample src-100-d
router(config-ext-nacl)#permit ip 191.0.0.0 0.255.255.255 sample src-100-p
router(config-ext-nacl)#permit ip any any
router(config-ext-nacl)#exit
router(config)#interface pos 1/14/1
router(config-if)#ip access-group src_filter control-in
router(config-if)#exit
router(config)#ip access-list extended forme
router(config-ext-nacl)#deny tcp 10.10.0.0 0.0.255.255 any eq telnet
router(config-ext-nacl)#deny tcp any eq telnet 10.10.0.0 0.0.255.255
router(config-ext-nacl)#exit
router(config)#ip default-access-group forme control-in
router(config)#end
router#
VPN (VIRTUAL PRIVATE NETWORK) IP
Kemampuan teknologi IP membangun jaringan Internet dalam skala besar dan tingkat
keandalan tinggi merupakan salah satu modal utama untuk memberikan layanan
komunikasi baru, VPN IP (virtual private network Intenet Protokol). VPN IP merupakan
layanan komunikasi berbasis IP (Internet Protocol) sebagai jaringan private yang terpisah
dari internet network (public).
VPN IP mengombinasikan berbagai unsur dalam teknologi IP untuk memberi layanan
yang memenuhi berbagai komponen layanan komunikasi baku yang ditawarkan oleh
teknologi sebelumnya.
Aplikasi VPN IP
1. Internet Access
2. Multiservice Service: Integrated Voice and Data
3. Backup Frame Relay
Jenis Layanan VPN IP
1. VPN IP Dedicated
Merupakan layanan komunikasi data berbasis IPdengan mode transmisi asimetris, yaitu
bandwidth ke arah remote (downstream) lebih besar dari pada bandwidth meninggalkan
remote (upstream). VPN IP dedicated ini menggunakan teknologi protokol TCP/IP
(Transmission Control Protocol/Internet Protocol). Diperlukan kebutuhan transaksi
aplikasi client server dimana remote hanya berfungsi sebagai client dan kantor pusat
berfungsi sebagai server.
1. Metode Koneksi
2. Koneksi 24 jam sehari
3. Kecepatan koneksi
1. 32 kbps (upstream) / 64 kbps (downstream)
2. 64 kbps (upstream) / 128 kbps (downstream)
3. 128 kbps (upstream) / 256kbps (downstream)
4. 256kbps (upstream) / 512 kbps (downstream)
5. 512 kbps (upstream)/ 1024 kbps (downstream)
4. VPN menumpangkan komunikasi data pada saluran telepon pelanggan
eksisting, tanpa mengganggu kualitas komunikasi suara.
1. Keunggulan
5. Efisiensi biaya
6. Efisiensi perangkat (pelanggan tidak perlu menyediakan router).
7. Efisiensi bandwidth
8. Mudah diintegrasikan dengan jaringan Frame Relay yang sudah ada di
Pusat.
9. Aman karena didukung tunneling VPN dari MPLS teknologi.
10. Konfigurasi VPN IP Dedicated
Kantor
Gambar 1.9 VPN IP untuk Akses Intranet
1. VPN IP Dial
Merupakan layanan komunikasi data berbasis IPdengan metode akses dial.dimana
layanan ini digunakanuntuk kebutuhan transaksi aplikasi di kantor yang penggunaan
aplikasinya kurang dari 4 jam per hari. Dapat melakukan dial ke suatu port dedicated atau
dialokasikan khusus untuk pelanggan. Saluran telepon khusus hanya dapat digunakan
oleh pelanggan, atau digunakan bersama (share) oleh user-user pelanggan sesuai
kebutuhan.
Keunggulan
1.
2.
3.
4.
Efisiensi biaya (khusus untuk transaksi aplikasi kurang dari 4 jam/hari).
Efisiensi perangkat maupun konektivitas jaringan.
Aman karena didukung tunneling VPN dari MPLS teknologi.
Mudah diintegrasikan dengan jaringan Frame Relay yang sudah ada di Kantor
Pusat pelanggan.
5. Otentikasi VPN IP Dial
6. Dilakukan pada Server Otentikasi di kantor pusat pelanggan, dengan
menggunakan user ID dan password sebagai berikut:
User ID : [email protected]
Password : xxxx
1. Setelah sesuai akan diberikan 1 IP Address yang diambil secara acak dari IP Pool
di Server Otentikasi.
2. IP address adalah IP Private yang ditentukan sebelumnya oleh pelanggan.
3. Konfigurasi VPN IP Dial
Gambar 1.10 Konfigurasi VPN IP Dial
VPN Security
1. Authentication
Proses mengidentifikasi komputer dan manusia atau user yang memulai VPN
Connection. Metode otentikasi dapat dilakukan dengan protokol :
1.
2.
3.
4.
5.
Extensible Authentication Protocol (EAP)
Challenge Handshake Authentication (CHAP)
MS-CHAP
Password Authentication Protocol (PAP)
Shiva-PAP
2. Authorization
Menentukan apa yang boleh dan yang tidak boleh diakses oleh seorang user.
3. Enkripsi
VPN Multiservice
VPN Multiservice merupakan layanan paket solusi komunikasi data yang memberikan
layanan berbasis IP ke end user. Layanan VPN Multiservice ini menggunakan jaringan
MPLS (Multi Protocol Label Switch) yang aman untuk melakukan koneksi dalam Wide
Area Network (WAN). Dengan layanan multiservice (integrasi layanan data dan suara
melalui koneksi VPN), perusahaan dapat mengimplementasikan komunikasi data dan
suara dalam LAN menggunakan koneksi Internet.
Jaringan sharing MPLS memadukan kemampuan label swapping dengan layer network
routing untuk membentuk private network yang aman dan cepat dalam pengiriman paket
informasi. Dengan arsitektur jaringan tersebut menjadikan biaya jaringan lebih kompetitif
sebagai alternatif solusi jaringan komunikasi WAN private.
Implementasi VPN Multiservice ini sangat beragam sesuai kebutuhan dan keinginan
konsumen. Contohnya, konsumen dapat mengelola IP dan router jaringan internalnya dari
mana saja sepanjang ia terhubung ke Internet. Selain itu, konsumen juga dapat
melangsungkan komunikasi suara dalam perusahaan, membangun data center sendiri, dan
mengkoneksikan titik percabangan Intranet-nya secara aman.
Keunggulan VPN Multiservice
1. Fleksibilitas dalam mengatur prioritas pengiriman jenis paket data untuk aplikasi
yang sensitif dan non-sensitive delay (untuk mendukung integrasi layanan voice
dan data).
2. Optimalisasi biaya karena pelanggan tidak memerlukan investasi router karena
PT.Lintasarta telah menyediakannya.
3. Ekonomis karena menggunakan satu saluran fisik untuk beberapa layanan jasa
dan koneksi.
4. Koneksi any-to-any didalam masing-masing VPN.
5. Kompatible dengan publik atau private address.
6. Akses secara langsung (Real Time) NMS (Network Management System)
7. Fully Managed karena jaringan dan router CPE dikelola oleh Lintasarta.
Aplikasi VPN Multiservice
1. Aplikasi dengan trafik data yang tinggi dan dengan beberapa koneksi baik
intranet, ekstranet dan internet berbasis client-server / telnet / terminal emulation
yang terbagi atas :
2. Aplikasi Delay Tolerant : file transfer, e-mail, web intranet, akses Internet
Dedicated.
3. Aplikasi Delay Sensitive : e-commerce, ERP,CRM
4. Aplikasi transaksional dan interaktif
5. Perdagangan saham
6. On line Banking
7. Payment point
8. Reservasi
Spesifikasi Teknis
1.
2.
3.
4.
Kecepatan koneksi : 64 Kbps – 2 Mbps
Berbasis protokol IP sampai ke end user
Interface LAN Ethernet 10 baseT
Didukung dengan teknologi MPLS
VPN dengan MPLS
Salah satu feature MPLS adalah kemampuan membentuk tunnel atau virtual circuit yang
melintasi networknya. Kemampuan ini membuat MPLS berfungsi sebagai platform alami
untuk membangun virtual private network (VPN). VPN yang dibangun dengan MPLS
sangat berbeda dengan VPN yang hanya dibangun berdasarkan teknologi IP, yang hanya
memanfaatkan enkripsi data. VPN dpada MPLS lebih mirip dengan virtual circuit dari
FR atau ATM, yang dibangun dengan membentuk isolasi trafik. Trafik benar-benar
dipisah dan tidak dapat dibocorkan ke luar lingkup VPN yang didefinisikan. Lapisan
pengamanan tambahan seperti IPSec dapat diaplikasikan untuk data security, jika
diperlukan. Namun tanpa metode semacam IPSec pun, VPN dengan MPLS dapat
digunakan dengan baik.
Ref :- http://sinauonline.50webs.com/Cisco/VPN%20IP.html
Download