This chapter introduces several key networking concepts, including the OSI model, and is intended to provide an overview of the technology. It is meant to fill in gaps in your technical experience and to introduce concepts that are key to this book but may not be common in the networking industry.
Chapter Contents
1. THE OSI MODEL
o Layer 1–the Physical Layer
o Layer 2–the Data-Link Layer
o Layer 3–the Network Layer
o Layer 4–the Transport Layer
o Layer 5–the Session Layer
o Layer 6–the Presentation Layer
o Layer 7–the Application Layer
o How the OSI Model Works
2. SORTING OUT THE MOST COMMON NETWORK PROTOCOLS
o NetBEUI
o IPX/SPX
o TCP/IP
3. EXPLORING BASIC ROUTING CONCEPTS
o Routing and Windows NT
o Classes of Routing Protocols
o Common Routing Problems
4. SUMMARY
===================================================
THE OSI MODEL
The Open Systems Interconnection (OSI) model was developed by the International Standards Organization (ISO) in 1983 to provide a conceptual model on which networks could be based. In the process of developing this framework, the ISO established a vocabulary that assisted engineers worldwide by giving them a common set of words to use to describe concepts they already understood and took for granted. The OSI model divides communications functions into seven layers. These layers aid in envisioning the structure of communications between applications and users on a network. They allow vendors and software engineers to work on one piece of the communication model at a time, following clear-cut guidelines.
Each layer of the OSI model has a simple task to perform–to provide services for the layer directly above it. Each layer is aware that the layer below is at its disposal, eagerly awaiting a command. Each layer receives data from the layer above, in a standardized way, and must provide all the services assigned to it. According to this model, each layer behaves as if it could communicate directly with the corresponding layer on the remote computer.
The OSI model uses several important terms that are not commonly used in the networking industry. When layers communicate across a network with their opposing peer, for instance, the data they transfer is called a protocol data unit (PDU). When a layer passes data to the layer below, that data is referred to as a service data unit (SDU). Figure 1-1 illustrates this concept.
It is critical for any network or systems engineer to have a strong understanding of the OSI model. It is not intuitive for most, and it does not make sense to many until they have spent years in the industry. Nonetheless, the vocabulary is extremely common in the real world and is used extensively throughout this book. The layers of the OSI model are outlined in Table 1-1.
The OSI model should not be confused with a protocol–it is simply a theoretical model. Indeed, very few protocols actually conform to any of the OSI specifications. TCP/IP, for example, was designed many years before OSI and is based on an unrelated, four-layer model. A suite of protocols have been designed to conform closely to the OSI model, including a protocol called Connectionless Network Protocol (CLNP), roughly equivalent to IP in function, and a routing protocol called Intermediate System to Intermediate System (IS-IS). You will find few references to these protocols in this book; they are rarely encountered in the industry and are not implemented in Windows NT.
The next sections describe each of these layers in detail. You will find that I have included more detail on some layers, such as the network and transport layers, than on others. This is a reflection of the importance of each layer in the real world, and it reflects what I thought was most critical to understanding the model as a whole. I have also made an effort to teach “conversational OSI,” an important skill for communicating with other engineers.
Layer 1 – the Physical Layer
The physical layer consists of all cabling, electrical properties, pinouts, and connectors on a network. It is commonly referred to as layer 1. If you can touch it or feel it (and that includes electrical shocks!), then it belongs in this layer. This is the layer I will touch on the very least. Physical topologies vary from network to network; the beauty of the OSI model is that I can discuss higher-layer networking without concern for the specific physical implementation of the network.
Layer 2 – the Data-Link Layer
Layer 2, the data-link layer, defines the topology of network connections (for example, star, ring, or bus) and identification of machines on a single network segment. The most common layer-2 protocol in a LAN is Ethernet, but Token Ring and FDDI are also popular. Frame relay is a commonly used data-link-layer WAN protocol and hints at another key vocabulary term.
| Note: Data, when transmitted across a network with a data-link-layer header and footer, is referred to as a frame. When you are using a protocol analyzer to investigate network traffic, you can refer to the data being analyzed as a frame if the data-link-layer header or footer is of significance. For example, if you are troubleshooting the resolution of media access control (MAC) addresses, you are analyzing the frames. |
Though each layer-2 protocol is different, most include a MAC address. The Ethernet MAC address is a flat, 48-bit number assigned to a specific network interface. The assignment of numbers is globally administered by the Internet Assigned Numbers Authority, a practice that ensures that this number is always unique to a network card. Other popular layer-2 fields include a field that indicates the size of the frame and a CRC (cyclical redundancy check) field that is used to verify that no data in the frame header was altered.
The data-link layer includes the capability to address multiple systems. This is accomplished by including a special broadcast address in place of the destination MAC address.
Two common network devices exist at the second layer of the OSI model: bridges and switches. The popularity of bridges has begun to fade in recent years, as routed protocols become more popular than bridged protocols and the cost of layer-3 switching decreases. A bridge connects two physically separate networks, listening for frames transmitted onto one segment that must be forwarded onto another segment. Bridges exist at layer 2 of the OSI model and by definition do not contain the intelligence to analyze traffic at layer 3. This is a limitation, but this simplicity gives bridges the advantage of speed. By decreasing the amount of analysis that must be performed on each frame, the bridge can forward more traffic between networks. Internally, a bridge builds a map of its directly connected networks and the MAC addresses of the hosts attached to each, as Figure 1-2 and Table 1-2 illustrate.
A bridge listens to each frame on a segment and compares the destination MAC address to a table it stores in memory. By consulting the table in RAM, the bridge is able to determine if the destination MAC address is on the correct network segment or not. If it is a broadcast frame or belongs on another segment, the frame is copied.
Switches perform many of the same functions as bridges and have replaced them in many networks. Bridges also forward frames based on the MAC address, but they are characterized by having eight or more network interfaces. Each of these interfaces may connect directly to a host, or it may connect to another switch or hub. The cost per port on switches has decreased in recent years to such a degree that switches are actually replacing hubs, which operate strictly at the physical layer. Windows NT includes only weak bridging capabilities within RAS, the Remote Access Service. Because bridging is not a critical component of NT, it will not be a topic of much discussion in this book.
Remember that the entire purpose of stratifying network communications is to make each layer independent of the other layers. Because of this, bridges and switches forwarding frames make no distinction between frames that carry TCP/IP and frames that carry IPX/SPX.
Layer 3 – the Network Layer
Layer 3 of the OSI model, the network layer, defines how traffic gets across networks. It defines an addressing scheme that includes both network and host addresses, mechanisms for traffic control, and, often, a checksum. Later in the book, several key concepts of the network layer will be discussed in detail: addressing (Chapter 2), routing (Chapters 2 and 13), and flow control (Chapters 2 and 9).
The most well-known examples of layer-3 protocols are Internet Protocol (IP), Internet Control Message Protocol (ICMP), Internetwork Packet Exchange, X.25 (IPX), and Asynchronous Transfer Mode (ATM).
The network layer includes an addressing scheme that allows for greater robustness than is provided by the data-link layer. The network layer allows any two systems to address each other, regardless of whether or not they are directly connected. In order to accomplish this, the network layer includes routing protocols such as IS-IS, RIP, and OSPF. It also includes packet fragmentation and reassembly, which allows packets to traverse networks with different maximum packet sizes, also called MTUs, or maximum transfer units.
Network components that connect different networks and switch packets are called routers. The OSI model refers to them as Intermediate Systems (ISs), hence the routing protocol name IS-IS. You will also hear the term gateway. The two words, “router” and “gateway,” are usually synonymous. Routers, by definition, exist at the network layer. As network technology evolves, the distinct capabilities of bridges, routers, and switches merge into single devices. Modern routers commonly include bridging functions (occasionally called brouters). Modern switches often include layer-3 routing capabilities.
Network-layer addresses are different from data-link-layer addresses in that they are hierarchical. They include an address for the network, which aids routers in finding the destination. They include a distinctly different address for the host, which allows a computer to identify itself within a specific network. IP has 32 bits to be shared between both the network and host addresses, with a variable number of bits dedicated to each. In contrast, IPX has a 32-bit network address and uses the MAC address as the host portion of the address.
Layer 4 – the Transport Layer
The fourth layer of the OSI model, the transport layer, is responsible for maintaining a conversation between two nodes on a network. It provides for error correction and for data fragmentation and reassembly.
Transport layer protocols for the IP protocol suite include TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). SPX (Sequenced Packet Exchange) is a common layer-4 protocol for the IPX layer-3 protocol.
Layer-4 protocols come in two distinct flavors: connection-oriented and connectionless. Connection-oriented protocols allow two-way conversations to take place between hosts. They provide for guaranteed delivery and order. TCP is the connection-oriented transport protocol in the TCP/IP stack. Common uses of TCP are World Wide Web requests, Windows NT file transfers, and Telnet traffic.
Connectionless layer-4 protocols have the advantage of requiring less overhead. They allow for “fire and forget” communications, where a message must be sent but the sender does not need to be notified if the packet is not transmitted correctly. Connectionless protocols are more efficient because they do not need to maintain header fields for order and the sender has no need to wait for an acknowledgment from the destination. However, they are only suited to traffic for which delivery is not critical. UDP is the connectionless transport protocol in the TCP/IP stack. Common uses of UDP are DNS queries, Windows NT browser notifications, and network broadcasts.
Layer 5 – the Session Layer
Layer 5, the session layer, provides for complex conversation controls. It allows for the management and synchronization of communications between hosts. The session layer is also responsible for user authentication.
In reality, the session layer is one of the least practical of the OSI layers and is rarely referred to. Indeed, there is no corresponding layer in the Department of Defense model on which TCP/IP is based. I will spend very little time on the session and presentation layers simply because this book is centered around TCP/IP and these two layers have no direct correlation. One of the few examples of a session-layer protocol implemented over TCP/IP is NetBIOS over TCP/IP, which is covered in detail in Chapter 10.
Layer 6 – the Presentation Layer
The presentation layer, layer 6 of the OSI model, provides a layer of abstraction to the application layer of the OSI model. This allows applications to agree on standardized representations for data. Network redirectors such as the Workstation service typically work with the presentation layer.
The ISO intended this layer to provide conversion between different formats, such as converting carriage returns to carriage return/line feed combinations when necessary. Tasks such as compression and encryption should be implemented here, though they are often implemented in protocols at other layers. Like the session layer, the presentation layer is not a common topic of conversation at dinner parties.
Layer 7 – the Application Layer
The top of the OSI food chain is the seventh layer, the application layer. The application layer does not describe applications; instead, it provides an interface to the network for applications. In this way, applications have a simple way to communicate across a network, without prior knowledge of the physical topology, the network architecture, or the network protocol. Based on input from applications, the application layer makes use of the layers beneath it to communicate across a network and exchange useful data between hosts.
Protocols that are commonly used and exist at layer 7 of the OSI model are HTTP (Web requests), FTP (Internet file transfers), and Telnet (remote consoles).
==============================================================
How the OSI Model Works
To tie things together, let’s go through an example of network communications and consider how each layer of the OSI model is used. If you launch a Web browser and visit a Web site, the Web browser makes requests with an application-layer protocol, HTTP. In theory, HTTP communicates directly with the Web server’s HTTP service, also at the application layer. Think back to Figure 1-1, which showed protocol data units being passed horizontally from the application layer of the client directly to the application layer of the server–the HTTP protocol is an example of how this theory works in practice.
When sending a request to retrieve a Web page, the protocol is not concerned about the network topology in any way–it relies on the lower layers to take care of those details. HTTP creates a request that it wants the HTTP server to receive, something like, “GET /.” It passes this data to the transport-layer protocol. In this case, the transport-layer protocol is TCP. (TCP/IP does not include the session and presentation layers, so they are not present in this example.)
As shown in Figure 1-3, TCP adds a header and passes its SDU to the network-layer protocol, IP. IP, in turn, pads the data it received from TCP with a header and passes it to the layer-2 protocol, which may be Ethernet, Token Ring, FDDI, or something else. The data-link-layer protocol passes it to the layer-1 protocol (which is generally dependent on the layer-2 protocol), and the layer-1 protocol converts it into actual electrical signals that can be received by the destination host’s network interface card.
In summary, the OSI model’s greatest value to most network engineers comes from providing a convenient method of describing protocols in conversation. For example, as a network engineer armed with a strong knowledge of the OSI model, you can use catch phrases in conversation such as, “Of course TCP isn’t responsible for getting the traffic through the routers! It’s a layer-4 protocol!” Rest assured you will soon be the life of any party.
The purpose of the OSI model is to provide entirely separated layers so that protocols residing at a particular layer may be “mixed and matched” with protocols at other layers. In reality, however, layer-3 protocols are used only with specific layer-4, -5, -6, and -7 protocols. For example, you cannot use the transport-layer TCP protocol with the network-layer IPX protocol. TCP is only used with the network-layer IP protocol. This grouping of protocols at multiple layers has led to the development of protocol suites. The next section describes the protocol suites supported by Windows NT.
SORTING OUT THE MOST COMMON NETWORK PROTOCOLS
As networks evolved over the years, different vendors developed different ways of communicating. For communication to occur successfully and reliably, all hosts on a network must be speaking the same language, with no dialects. Though people from England and people from the United States use the English language differently, we are still able to exchange ideas. Computers are never that flexible, so strict standards have been developed to define every bit of every byte of every packet sent between hosts. These standards arose from the efforts of groups of organizations, all putting their heads together for the common cause of communication.
Many protocols were developed, but few remain. Those that did not make the cut failed for different reasons–poor design, poor implementation, or lack of support. Those that remain today have withstood the test of time and have proved an effective method of communicating. The three most common protocols in today’s local area networks are Microsoft’s NetBEUI, Novell’s IPX/SPX, and the cross-platform TCP/IP.
NetBEUI
NetBEUI was developed for IBM as a nonroutable protocol to carry NetBIOS traffic. NetBEUI’s lack of support for routing and network-layer addresses is the reason for its greatest advantage and disadvantage. Because it does not require the additional overhead of network addresses and a network-layer header and footer, it is fast and efficient. This makes it well suited to small workgroup environments where there is a single network or the entire environment is bridged.
NetBEUI will never be the primary protocol in enterprise networking because it does not support routing. The only address included in a NetBEUI frame is the data-link-layer media access control (MAC) address, which identifies an interface card but does not identify a network. Routers depend on network addresses to forward packets to their final destination, and NetBEUI frames lack that information entirely.
Bridges are capable of forwarding traffic between networks based on the data-link-layer address, but bridges have many drawbacks. Bridges do not scale well, because all broadcast traffic must be forwarded to every network. NetBEUI in particular includes a significant amount of broadcast traffic and depends on it for name resolution. Your mileage may vary, but bridged NetBEUI networks rarely scale above 100 hosts.
In recent years, networks based on a hierarchy of layer-2 switches have become popular. Entirely switched environments reduce network utilization, although broadcasts must still be forwarded to each host on the network. This fact, combined with the adoption of 100-base-T Ethernet, allows switched NetBIOS networks to scale as high as 350 nodes before broadcast traffic becomes overwhelming.
IPX/SPX
Adopted by Novell for their NetWare client/server software, the IPX protocol suite does not suffer from the weaknesses of NetBEUI. Instead, it introduces new, different weaknesses.
IPX is fully routable, allowing it to be used in large enterprise networks. It includes a 32-bit network address, permitting an incredible number of routed networks in a single environment.
The scalability of IPX is hampered by its high level of broadcast traffic and extremely high overhead. The Service Advertising Protocol (SAP), in particular, limits the number of hosts on a routed network to several thousand. While the limitations of SAP have been overcome in part by intelligent routers and conservative server configurations, management of large-scale IPX networks has proved to be an extremely difficult task.
TCP/IP
Every network protocol has its advantages, but only TCP/IP allows full connectivity to the Internet. TCP/IP was developed by persons at the Massachusetts Institute of Technology and several commercial organizations for the Department of Defense in the late 1960s, as a network protocol resilient enough to continue communications in the event a nuclear attack were to destroy large sections of the network. Gradually, the ARPANET, which developed around this protocol, evolved into the Internet, a medium of communication for scientists and engineers.
TCP/IP was designed for scalability and reliability, and it meets both of these requirements extremely well. Unfortunately, speed and efficiency were sacrificed. (Remember: development was funded by the government!)
After the Internet became public, people began to discover the power of world-wide networking. The resulting popularity of the Internet is the primary reason TCP/IP is still used today. Often without realizing it, users have installed TCP/IP stacks onto their home PCs, making this network protocol the most widely used in the world.
TCP/IP’s 32-bit addressing scheme is not sufficient to support the number of hosts and networks that will soon participate in the Internet. The most likely standard to replace the current implementation is IPv6, also referred to as IPng (IP, the Next Generation, a reference anyone reading this book probably understands). You will find more information on IPv6 in Chapter 2, which covers TCP/IP-specific topics in detail.
EXPLORING BASIC ROUTING CONCEPTS
When traveling through unfamiliar territory, people must rely on directions to guide them to their final destination. These directions come in several forms. People may refer to a map containing streets and landmarks, or they may remember verbal directions, describing the path as a series of left and right turns. Or they may simply follow the road signs.
Despite the fact that I have a map, directions, and signs to follow, I still get lost. In fact, I get lost all the time! So how do packets, mere electrical signals, make it through the many turns in a network? When a router receives a packet, how does it know which interface to forward the packet to? When a section of a network fails, how do the other routers know to reroute traffic?
The answers to the first and second questions are routing tables. Routing tables each contain a database of information about each of the networks a particular router knows the path to. So when a router receives a packet that it must forward, it compares the network number of the packet to the network numbers listed in its routing table and forwards the packet toward the destination.
The example routing table shown in Table 1-3 includes a basic set of information. Each row in a routing table contains, at a minimum, a network address, a distance, and the address of the next router to receive a packet. By comparing the network address of an incoming packet to this table, the router is able to determine where it should forward the packet.
The answer to the third question (When a section of a network fails, how do the other routers know to reroute traffic?) is routing protocols. Routing protocols are network-layer protocols that routers use to communicate with each other. Routers rely on these protocols to exchange the information contained in their routing tables: where a specific network is, how fast the connection is, and whether or not it is working at all. By exchanging this information, a router can add a new network and all other routers will know the best route to that destination. Similarly, if a router or network segment fails, the routing protocol will propagate news of the failure throughout the rest of the network.
When all routers on a network have exchanged the information they have in their routing tables and no changes are being made, the routers are said to have converged. The time it takes for a network to converge after a change is made is called the convergence delay. This is an important consideration when choosing a routing protocol because it allows changes to be made more quickly. It also makes troubleshooting easier by decreasing the time it takes for problems to manifest themselves and for the corrected information to be propagated. In large networks such as the Internet, routers have a great deal of information to exchange to keep their routing tables up to date, and they may never reach a state of convergence.
This section provides a general background in routing protocols. Chapter 13 provides information about specific routing protocols commonly used with the TCP/IP protocol suite and details on Microsoft’s implementation of the Routing and Remote Access Service.
Routing and Windows NT
Systems administrators and systems engineers typically focus on the individual hosts and think of networks as a transparent way of connecting those hosts. With the introduction of static and RIP routing in Windows NT 3.51, NT systems could be more than just nodes on a network–they could be the network. An NT server could now forward traffic between network segments using either IPX/SPX or TCP/IP. It could share a network with traditional dedicated network hardware and communicate with it. These new forms of routing now offered an inexpensive way for small networks with an NT server to segment their traffic without sacrificing connectivity.
Shortly after Windows NT 4.0 was released, Microsoft released an add-on package called the Routing and Remote Access Service (RRAS). With this package, routing in Windows NT becomes more robust and flexible. Windows NT now includes support for RIP v2 and can interoperate with another modern routing protocol, OSPF. More important, Microsoft has provided an open application programming interface to allow third-party vendors to develop routing protocols that plug into the RRAS.
As Microsoft continues scaling its operating systems both up and down, it will introduce systems that are dedicated routers running a simplified version of the Windows NT or Windows CE operating system, and it will take traditional vendors such as Cisco and 3-Com head on.
Adding routing for NT provides an excellent opportunity for you as a systems engineer to expand your career and build your skills as a network engineer. For this reason, routing concepts are a focus within this book–they will be required knowledge for NT systems engineers in the future.
Classes of Routing Protocols
Just as every network is different, different routing protocols are better suited to one network configuration or another. There are many different types of routing protocols, but they all fall into one of two categories: interior gateway protocols (IGPs) and exterior gateway protocols (EGPs).
Exterior gateway protocols describe the flow of traffic between autonomous systems (ASs). An AS, covered in more detail in Chapter 13, is a group of routers that are administered and owned by a single organization. The most widespread use of EGPs is on the Internet–it allows ISPs and other organizations with an Internet connection to describe the location of their network to everyone else on the Internet. EGPs are not currently supported in Windows NT and so will not receive much attention in this book.
Interior gateway protocols provide information to neighboring routers about the flow of traffic within an autonomous system. For example, if a network administrator adds an IP network to a router located on the fourth floor of a building, routers on the first, second, and third floors must learn about it before they can forward traffic. Several IGPs are supported by Windows NT and RRAS and are described in detail in Chapter 13, on the Routing and Remote Access Service.
Interior gateway protocols are further subdivided by the method they use to exchange information. Distance-vector routing protocols are the simpler of the two kinds, exchanging information only with routers on directly connected networks. Each router, in turn, passes this information on to other directly connected routers. In this way, information is propagated through a network step by step, router by router, as Figure 1-4 illustrates. The name “distance-vector” comes from the two components that are typically exchanged: the distance (number of hops) and the vector (direction, or next hop). Routers typically exchange information on a regular, timed basis using broadcast frames on each active network interface.
==========================================================
The primary advantage of this method is simplicity: routers only communicate through broadcasts to directly connected neighbors. The drawbacks are many: convergence time is very slow, problems such as routing loops are common, and traffic overhead is high because the entire routing table is typically exchanged.
The other, more modern, method of exchanging routing information is the link-state routing protocol. Link-state routing protocols are protocols in which a router exchanges its routing table with every individual router on a network. Additional advantages over distance-vector protocols include the ability to exchange information immediately as a change takes place, reducing convergence time. To further reduce convergence time, information is sent directly to every affected gateway, rather than to one router at a time, as with distance-vector routing protocols. This concept is illustrated in Figure 1-5.
Common Routing Problems
Routing protocols do not get the credit they deserve. The fact of the matter is that everything that happens on the Internet is entirely dependent on the functions of these routing protocols, which very few people really understand well. If you have ever noticed that large sections of the Internet disappear from time to time, chances are good it was because a routing table had been misconfigured.
These problems are not confined to the public Internet, however. Even experienced network administrators have brought down an entire company network because of a mistake configuring a routing protocol or a routing table. Worse yet, these problems often take several hours to fully manifest themselves. Because routers exchange information among themselves, misinformation in a routing table spreads like a computer virus, making this kind of bug a very difficult process to troubleshoot. Once a problem is isolated and corrected, the correction must be passed from router to router, and the problem may not disappear completely for several hours.
Probably the most common source of routing problems stems from human error. If someone mistakenly adds a network to a router’s routing table, and that network exists somewhere else already, traffic may not get to the correct location. Routers will forward traffic to whichever occurrence of the network is closer to them. The root cause of a problem such as this may be as simple as a typographical error, but finding and resolving the problem can take hours. The most effective way to reduce human error is through education; make sure that everyone who has access to routing tables has the knowledge necessary to really understand the effects a change may have. Another method is to have an approval system such that two people must always verify that a change is accurate before it is implemented.
Routing loops commonly occur with distance-vector routing protocols. The router connected to the failed network notifies its neighbor routers of the failed network and asks them to remove it from their routing tables. Ideally, each router would remove the entry in its routing table for the failed network and no longer attempt to forward traffic to it. A routing loop occurs when a router that has not yet been notified of the failed network broadcasts its own routing table, which includes a path to the failed network through the router that originally advertised its failure. At this point, the router attached directly to the failed network will add the network back into its routing table and attempt to forward traffic through the router that advertised it.
This is a difficult concept to describe and is best appreciated through an example. For example, suppose a simple network uses the RIP routing protocol, a distance-vector protocol. This network has five routers (A, B, C, D, and E) and five networks, and it is in a completely converged state. Figure 1-6 shows the network, and Table 1-4, Table 1-5, Table 1-6, Table 1-7, and Table 1-8 show the routing tables of each of the five routers.
Suddenly, disaster strikes. While looking for paper for the fax machine, the receptionist accidentally unplugs the hub for Network 1. Now, in a perfect world, traffic going through Network 1 (for example, traffic from Router A bound for Network 3) would simply be rerouted and only connectivity to Network 1 would be lost. In that same perfect world, all the routers would instantly know that Network 1 was temporarily down and would drop packets bound for that network.
Routers A and B have a direct connection to the network, so they will recognize that it can no longer receive traffic. The problem begins because of a serious weakness in some distance-vector routing protocols (like RIP): they send updates on a timed interval, not immediately when something fails. In this example, Router A’s timed interval occurs immediately after the change, and it notifies Router D that Network 1 is down. Unfortunately, Router B sent an update just before the network failed, so it will have to wait until its next scheduled update to notify Router C. At this point, only Routers A, B, and D have updated routing tables, as illustrated in Table 1-9, Table 1-10, and Table 1-11.
Now, if Router C really did have another connection to Network 1, everything would begin to work. Traffic would be neatly rerouted, and the network administrator would have no reason to panic. Unfortunately for the network administrator, Router C has just told the adjoining routers that it has a path to a failed network, and now those routers will begin to propagate false information.
Everything is going well until Router C transmits its timed update. Router C still has an entry in its routing table for Network 1, and it includes that network in its scheduled update, which it broadcasts to Router D and Router B. Both routers receive this update and are happy to add the entry to their own routing tables under the assumption that Router C has some way to get to the network. Unfortunately, Router C’s path to the network is through Router B. So it still thinks it has a clean path to Network 1 only because it hasn’t heard the news of the failure from Router B.
After Router C’s update, Routers D and B have updated routing tables, as illustrated in Table 1-12 and Table 1-13. This update removes Network 1 from the routing table.
| Note: Remember that the distance between a router and the destination network is always equal to the distance from the next-hop router plus one to count the extra link. |
The time finally comes for Router B to perform its scheduled update. It broadcasts an update to the only neighbor it can currently reach, Router C. This update includes the connection to Network 1 with a distance of 3. Router C will receive this and, because Router B is listed as the next hop in its routing table to Network 1, will update its own routing table with the new distance information. Remember that Router C automatically adds one to the distance to account for the link between Routers B and C. After this update, Router C’s routing table has removed the path to Network 1. This change is reflected in Table 1-14.
By now the trend of the routing loop should be becoming clear to you: the routers will continue to propagate misinformation. As Routers C and B transmit their scheduled updates, the distance they think it is to Network 1 will increment by one. Eventually, the distance will increase to 16, which in RIP means the network is unreachable. At this point, the route will be dropped from the routing tables and the network will be able to converge. The time to convergence is painfully slow, however, with updates occurring only every thirty seconds.
Until the network is converged, the network’s ability to forward traffic will be reduced. When Router B receives a packet from a host on Network 3 that is bound for Network 1, it will forward it to the next hop listed in its routing table for Network 1–Router C. Router C will receive the packet and forward it to the listed next hop in its routing table–Router B. In turn, Router B will forward the packet to Router C, and so on until the time to live (TTL) listed in the packet decrements to zero. (See the sidebar that accompanies this section for more information on TLLs.)
Several methods exist to reduce the chances for routing loops to occur. These include hold-down times, triggered updates, and split horizons.
A hold-down time specifies an amount of time that must pass before a route that was removed will be readded. This reduces the chance that a routing loop will occur because a router will not accept an alternate path to a failed network until after the hold-down time, which should be long enough to ensure that the network converges completely after any change. In the example, Router D would not have accepted the misinformation from Router C because it had been recently updated by Router A. Further, Router B would have ignored Router C because Router B had just updated its routing table.
| TTLs and Looping Traffic |
| Time to Live (TTL) is a field in the IP header of a packet that keeps track of how many routers a packet has passed through. This field is filled in by the host sending the packet with a value that is configurable. In the Windows NT operating system, the value is 32 by default. Each router in a network decrements the value in the TTL field by one before retransmitting it, and when it reaches 0, the packet is dropped. This method ensures that no packet will ever loop forever between two routers that are involved in a routing loop. However, with a high TTL of 32, that packet could bounce between two routers 32 times! This means that a single packet would generate 32 times the amount of traffic it normally would. This can cripple a network. On the plus side, a routing loop that cripples the network means that the network administrator discovers it more quickly than he or she would otherwise. On the down side, network downtime is highly visible and extremely expensive. The TTL in Windows NT can be adjusted–simply add the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Default TTL and set the value to the desired default TTL. |
Triggered updates reduce the chances of a routing loop and improve the time to convergence. Instead of being withheld until the next timed update, changes to the routing table are broadcast immediately. This translates to additional traffic when a network fails, but the quicker response time is generally worth the trouble.
A split horizon prevents two-node routing loops from occurring by disallowing a route to be advertised over the same interface it was learned from. In this way, a router that learns it has a failed route will not immediately learn from a neighboring router that an active route exists. I have covered the split-horizon concept in great detail in Chapter 13, covering the Routing and Remote Access Service.
SUMMARY
This chapter discussed the OSI model, which was developed to organize work being done in the networking industry. It became a critical aspect of all networking and continues to be an important concept today. This chapter also covered one of the most important topics in networking–routing. Among systems engineers, routing is generally misunderstood, and yet routing is a critical concept because all network communications depend on it. Windows NT now has significant routing capabilities, and you should become proficient in routing concepts before moving on in this text.
In this chapter you learned that:
- The OSI model breaks network communications into seven distinct layers: the application layer, the presentation layer, the session layer, the transport layer, the network layer, the data-link layer, and the physical layer.
- Each layer of the OSI model has a separate, distinct set of responsibilities and provides services to the layer directly above it.
- Routers forward packets between physically separate network segments, allowing hosts on different segments to communicate.
- Routers communicate with each other using routing protocols. There are many different kinds of routing protocols, including link-state protocols, distance-vector protocols, IGPs, and EGPs.
| Note: I remember a basketball coach I had in grade school who felt I could never be a successful basketball player until I mastered the fundamentals of the game. So I practiced dribbling, passing, and shooting hour after hour after hour. If I never became a good basketball player, it was not because I did not focus on the fundamentals—it was because I had no talent. Nonetheless, it is important to build a strong foundation of knowledge before attempting to master more complex concepts. If you have read and understood this first chapter, then you have the basic knowledge you need to make this book a useful tool. |
The next chapter continues building a foundation of basic networking knowledge. The scope, however, is narrowed to the TCP/IP protocol suite. You will learn the history, the present status, and the future of the most common network protocol in the world.
