Jan 21, 2009

Notes on Networking

Ethernet

  1. What is Ethernet?
    Ethernet is a Local Area Network (LAN) cabling and signaling specification for base band networks. Ethernet uses a bus or star topology for connecting different nodes in a network.
  2. To which OSI layer does Ethernet belong?
    Ethernet belongs to both the Physical Layer (Layer 1) and the Data Link layer (Layer 2) in the OSI architecture.
  3. What are the standard data rates for Ethernet?
    The standard data rates for Ethernet are 10 Mbps, 100 Mbps, and 1 Gbps
  4. What are the IEEE standards that cover Ethernet?
    The following IEEE standards define Ethernet:
  5. How two systems in an Ethernet network communicate?
    In a Ethernet network, a system broadcasts the data using a Ethernet frame. The destination system is specified in the Ethernet frame using its Ethernet address. All the systems in the network listen for an Ethernet frame with their Ethernet address in it. When a system receives an Ethernet frame with its address in it, it processes the frame and sends it to the higher layers (like IP) for further processing.
  6. What is a "collision"?
    At any one instance, in an Ethernet network, only one device can transmit. If two devices transmit at the same instance, then the signals from both devices will collide and a "collision" will occur. When a "collision" occurs, the signals will get distorted and the frame will be lost. Collisions are very common in a Ethernet network.
  7. How is "collision" handled in Ethernet networks?
    Ethernet uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control mechanism to detect and recover from a collision.
  8. What is CSMA/CD?
    CSMA/CD is a media access control mechanism used in Ethernet to recover from frame collision. The following steps are followed to recover from a collision.

Step 1: Before an Ethernet device sends a frame on the Ethernet cable, it listens to find if another device is already transmitting a frame (Carrier Sense).
Step 2: Once the device finds that other devices are not transmitting any frame, it starts transmitting the frame. If two devices detect that the Ethernet cable is free at the same time, then both will start transmitting the frames (Multiple Access). This will result in collision.
Step 3: The Ethernet devices while transmitting the frames, also listen for the collision. (Collision Detect).
Step 4: If they detect a collision, both the devices stop sending the frame (back off).
Step 5: They retry the transmission after a logarithmic time-out period. This process is repeated till the frame is transmitted successfully, for a maximum of 16 times. The frame is discarded after the 16th retry.

  1. What is "late collision"?
    An Ethernet device will detect a collision, while it is transmitting, only if the collision reaches it before it completes transmitting the entire frame. If the collision reaches the transmitter, after it completed sending the entire frame, then the transmitter will not detect the collision; it will assume the collision occurred because of some other frame. This is called "late collision". Late collision will occur, if the length of the Ethernet network segment is greater than the standard allowed length.
  2. How "late collision" is avoided in Ethernet?
    Late collision can be avoided, if the maximum length of the Ethernet network segment is restricted, such that if a collision occurs, it will reach the transmitter before the transmitter completed transmitting the entire frame. In a typical 10 Mbps network, the minimum length of an Ethernet frame is 576 bits (72 bytes) and the maximum length of a single Ethernet network segment is 2.5 kms.
  3. What is an Ethernet address?
    Each device in an Ethernet network is uniquely identified by a 48 bit (6 bytes) address called Ethernet address. Ethernet address is also known as Media Access Control (MAC) address. Ethernet addresses are represented as six pairs of hexadecimal digits separated by a colon. Ethernet address are buried in the network adapter by the manufacturer. A Ethernet address of a device cannot be changed. Example: 00:60:08:11:B1: AB, 00:00:c0: 5e: 83:0e
  4. What is a broadcast address?
    The Ethernet address in which all the bits are 1 is known as a broadcast address. It is represented as FF: FF: FF: FF: FF: FF. A frame with this address is received and processed by all the nodes in the network.
  5. What are the different Ethernet frame formats?
    The different Ethernet frame formats are listed below: Ethernet II and IEEE 802.3
  6. Why there are different Ethernet frame formats?
    Xerox developed the first version of Ethernet, Ethernet I. The second version of Ethernet, Ethernet II, was developed by DEC, Intel and Xerox. After this IEEE standardized the Ethernet and the new format is known as 802.3 formats. To provide backward compatibility with Ethernet II, 802.2 SNAP format was developed.
  7. How is the length of an Ethernet II frame calculated?
    The length of an Ethernet II frame is not present in the frame itself. It depends on the Ethernet network interface used. When the interface sends a frame to the network device driver, it supplies the length of the received frame.
  8. What is the minimum and maximum size of an Ethernet frame?
    The minimum size of an Ethernet frame is 64 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (46 bytes) + CRC Checksum (4 bytes). The minimum number of bytes passed as data in a frame must be 46 bytes. If the size of the data to be passed is less than this, then padding bytes are added. The maximum size of an Ethernet frame is 1518 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (1500 bytes) + CRC Checksum (4 bytes). The maximum number of bytes of data that can be passed in a single frame is 1500 bytes.
  9. What is a SAP?
    SAP, Service Access Point, is the logical point at which services are provided by an OSI layer. Typically, the protocols in the network layer (like IP) bind at specific SAP in the Logical Link Control Layer (LLC) for accessing the services provided by it.
  10. Why Sub Network Access Protocol (SNAP) header is required?
    The 802.2 LLC headers replaces the 'protocol type' of the Ethernet II format with two SAP fields, Source SAP and Destination SAP. The value of the SAP field in the 802.2 header is equivalent to the 'protocol type' field in the Ethernet II header. The value of the SAP field will be between 1 and 255, since it is an 8 bit field. On the other hand, the 'protocol type' value for the standard protocols like IP, ARP, etc is grater than 1500. Obviously, these values cannot be represented in the SAP fields. So to provide compatibility with Ethernet II, SNAP header was added to the 802.2 LLC header. In a SNAP frame, both the SAP values will be 0xAA and the first 5 bytes of the data will give the protocol ID. Out of the 5 bytes of data, the last 2 bytes are same as the protocol type field of the Ethernet II frame. The first 3 bytes are called as 'Organizationally Unique Identifier' (OUI) and are allocated as a vendor identifier. Typically, OUI will be zero.
   
  1. How to differentiate between an 802.3 frame and an Ethernet II frame?
    The value of 'length' field in an 802.3 frame must be less than 1500 and in a Ethernet II frame the value of 'type' field must be more than 1500. Since the 802.3 frame 'length' field and the Ethernet II frame 'type' field are at the same offset from the header, depending on the value present, the frame can be differentiated.
  2. What is promiscuous mode?
    Normally, a Ethernet network interface will pass a frame to the above network layers only if it is addressed to that interface. If the network interface is put in the promiscuous mode, the Ethernet network interface will send all the frames (frames addressed to any host in the network), regardless of their destination address to the above network layers. This mode is used by network analyzers to capture all the frames.
  3. What is MTU?
    Maximum Transmission Unit (MTU) is the maximum number of bytes that can be transmitted in a single transmission unit. Every communication medium has a MTU. For Ethernet, the MTU of a frame is 1500.

ARP

  1. What is ARP?
    Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address.
  2. To which OSI layer does ARP belong?
    ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted.
  3. Which RFC specify the requirements for ARP?
    RFC 826 specifies the ARP packet format and other details.
  4. What is the use of ARP?
    A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network.
  5. Why a IP address needs to be mapped to a MAC address, why can't the MAC address itself is represented using the IP address?
    The length of a MAC address is 6 bytes and the length of an IP address is 4 bytes. Obviously, the MAC address cannot be represented using the IP address. So an IP address must be mapped to the corresponding MAC address.
  6. Can ARP be used in a network other than Ethernet?
    ARP is a general protocol, which can be used in any type of broadcast network. The fields in the ARP packet specifies the type of the MAC address and the type of the protocol address. ARP is used with most IEEE 802.x LAN media. In particular, it is also used with FDDI, Token Ring, and Fast Ethernet, in precisely the same way as it is with Ethernet.
  7. How does ARP resolve an IP address to an Ethernet MAC address?
    When ARP needs to resolve a given IP address to Ethernet address, it broadcasts an ARP request packet. The ARP request packet contains the source MAC address and the source IP address and the destination IP address. Each host in the local network receives this packet. The host with the specified destination IP address, sends an ARP reply packet to the originating host with its IP address.
  8. What is an ARP cache?
    ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. The entries in this table are dynamically added and removed.
  9. When is an ARP request packet generated?
    The following steps results in the generation of an ARP request packet:
    1. The IP module sends a packet, destined for another host in the network, to the ARP module.
    2. The ARP module looks up the ARP table (cache) to resolve the IP address.
    3. If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address.
    4. If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address.
    5. After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for transmission.
  10. What happens when a host receives an ARP request packet?
    The ARP request is received and processed by all the hosts in the network, since it is a broadcast packet. The following steps are carried out when a ARP request packet is received by a host:
    1. If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet with its Ethernet MAC address.
    2. If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with the source Ethernet MAC address to source IP address mapping present in the ARP request packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is added.
    3. If the IP address to be resolved is not for this host, then the ARP module discards the ARP request packet.
  11. Will a host update its ARP cache upon receiving any ARP request?
    A host will update its ARP cache, only if the ARP request is for its IP address. Otherwise, it will discard the ARP request.
  12. What is the disadvantage if a host updates its ARP cache upon receiving any ARP request?
    The host will exhaust the ARP cache with a lot of unused ARP entries, if it updates the ARP cache for any ARP request.
  13. What happens when a host receives an ARP reply packet?
    The ARP reply packet is received only by the host, which transmitted the ARP request packet. The ARP module adds the Ethernet hardware address to IP address mapping present in the ARP reply packet to the ARP cache.
  14. Is there a separate packet format for ARP request and ARP reply?
    No. Both the ARP request and ARP reply packets use the same format.
  15. Which MAC address is an ARP request directed to?
    All ARP request packets are transmitted with the Ethernet broadcast address, so that all hosts in the network will receive the request.
  16. To which MAC address is an ARP reply packet directed to?
    ARP reply packet is directed to the host, which transmitted the ARP request packet.
  17. If a host is not able to get the MAC address of a host, how it knows about its IP address?
    A host will either use a static file like /etc/hosts or DNS protocol to get the IP address of another host.
  18. What will happen if an ARP reply is not received for an ARP request?
    If an ARP reply is not received, then that IP address cannot be resolved to an Ethernet address. Without a Ethernet address, the packets cannot be transmitted.
  19. When is an entry added to the ARP cache?
    A new entry is added to the ARP cache when an IP address is successfully mapped to a MAC address. Usually, entries are added dynamically to the ARP cache. Static entries can also be added.
  20. What will happen if a new ARP request packet is received, but the MAC address to IP address is already present in the ARP cache?
    If a ARP request packet is received and the mapping already exists in the ARP cache, it will be overwritten with the values present in the request.
  21. When is an entry removed from an ARP cache?
    An entry in an ARP cache is removed after a pre-determined timeout period (e.g. 20 minutes).
   
  1. What is the size of an ARP request and reply packet?
    The size of an ARP request or reply packet is 28 bytes.
  2. How to differentiate between a ARP request packet and a ARP reply packet, as the Ethernet type field is same on both the packets?
    An ARP request packet can be differentiated from an ARP reply packet using the 'operation' field in the ARP packet. For a ARP request it is 1 and for an ARP reply it is 2.
  3. Why is the hardware MAC address present in both the Ethernet header and the ARP packet (request and reply)?
    The Ethernet header is processed by the data link driver and removed from the packet. When the ARP layer gets the packet, it needs to know the hardware and protocol addresses in order to update the table. That is why the hardware MAC address is present in both the Ethernet header and the ARP packet.
  4. What is proxy ARP?
    Proxy ARP is the process in which one system responds to the ARP request for another system. For example, host A sends an ARP request to resolve the IP address of host B. Instead of Host B, Host C responds to this ARP request.
  5. What is the use of proxy ARP?
    When routers receive ARP requests from one network for hosts on the network, they will respond with a ARP reply packet with their MAC address. For example, let us say host A is in one network, host B is in another network and router C connects these two networks. When host A sends an ARP request to resolve the IP address of host B, the router C receives this packet. The router C sends an ARP reply with its MAC address. So host A will send all the packets destined for host B to the router C. Router C will then forward those packets to host B. Proxy ARP is also used if a host in a network is not able to understand subnet addressing. For example, if host A and host B are actually in two different subnets, but host A cannot understand subnet addressing. So host A assumes that host B is present in the same network. In this case a router, host C, can use proxy ARP to route packets between host A and host B.
  6. What is gratuitous ARP?
    When a host sends an ARP request to resolve its own IP address, it is called gratuitous ARP. In the ARP request packet, the source IP address and destination IP address are filled with the same source IP address itself. The destination MAC address is the Ethernet broadcast address (FF:FF:FF:FF:FF:FF).
  7. What is the use of gratuitous ARP?
    Gratuitous ARP is used for the following:
    1. In a properly configured network, there will not be an ARP reply for a gratuitous ARP request. But if another host in the network is also configured with the same IP address as the source host, then the source host will get an ARP reply. In this way, a host can determine whether another host is also configured with its IP address.
    2. When the network interface card in a system is changed, the MAC address to its IP address mapping is changed. In this case, when the host is rebooted, it will send an ARP request packet for its own IP address. As this is a broadcast packet, all the hosts in the network will receive and process this packet. They will update their old mapping in the ARP cache with this new mapping.

RARP

  1. What is RARP?
    Reverse Address Resolution Protocol (RARP) is a network protocol used to resolve a data link layer address to the corresponding network layer address. For example, RARP is used to resolve a Ethernet MAC address to an IP address.
  2. To which OSI layer does RARP belong?
    RARP belongs to the OSI data link layer (layer 2).
  3. Which RFC specifies the requirements for RARP?
    RFC 903 specifies the RARP packet format and other details.
  4. Why is RARP needed?
    Normally, the IP address of a system is stored in a configuration file in the local disk. When the system is started, it determines its IP address from this file. In the case of a diskless workstation, its IP address cannot be stored in the system itself. In this case, RARP can be used to get the IP address from a RARP server.
  5. What is a RARP server?
    All the mappings between the hardware MAC addresses and the IP addresses of the hosts are stored in a configuration file in a host in the network. This host is called the RARP server. This host responds to all the RARP requests.
  6. Where is the mapping between the MAC address and IP addresses stored in a RARP server?
    The mapping between MAC addresses and IP addresses is usually stored in a configuration file in the local hard disk in the RARP server.
  7. Can RARP be used in a network other than Ethernet?
    Yes. RARP is a general protocol, which can be used to map any type of hardware MAC address to any type of network layer protocol address.
  8. How does RARP resolve an Ethernet MAC address to an IP address?
    When a diskless system is booted up, it broadcasts a RARP request packet with its MAC address. This packet is received by all the hosts in the network. When the RARP server receives this packet, it looks up this MAC address in the configuration file and determines the corresponding IP address. It then sends this IP address in the RARP reply packet. The diskless system receives this packet and gets its IP address.
  9. When is a RARP request packet generated?
    A RARP request packet is usually generated during the booting sequence of a host. A host must determines its IP address during the booting sequence. The IP address is needed to communicate with other hosts in the network.
  10. What happens when a RARP server receives a RARP request packet?
    When a RARP server receives a RARP request packet it performs the following steps:
    1. The MAC address in the request packet is looked up in the configuration file and mapped to the corresponding IP address.
    2. If the mapping is not found, the packet is discarded.
    3. If the mapping is found, a RARP reply packet is generated with the MAC and IP address. This packet is sent to the host, which originated the RARP request.
  11. What happens when a host receives a RARP reply packet?
    When a host receives a RARP reply packet, it gets its IP address from the packet and completes the booting process. This IP address is used for communicating with other hosts, till it is rebooted.
  12. What is the length of a RARP request and reply packet?
    The length of a RARP request or a RARP reply packet is 28 bytes.
 
  1. Does RARP use the same packet format as ARP?
    Yes. RARP uses the same packet format as ARP.
  2. How is a RARP packet differentiated from an ARP packet?
    The frame type in the Ethernet header is used to differentiate a RARP packet from an ARP packet. The value of the opcode field in the RARP header can also be used.
  3. Is the format of a RARP request packet the same as that of a RARP reply packet?
    Yes. The packet format of a RARP request packet is same as that of a RARP reply packet.
  4. How is a RARP request differentiated from a RARP reply packet?
    The 'operation' field in the RARP packet is used to differentiate between a RARP request and a RARP reply packet.
  5. What are the values for the source and destination IP address fields in a RARP request packet?
    In an RARP request packet, the source and destination IP address values are undefined.
  6. What are the values for the source and destination IP address values in a RARP reply packet?
    In a RARP reply packet, the source IP address is the IP address of the RARP server responding to the RARP request and the destination IP address is the IP address of the host that sent the RARP request.
  7. Do all the hosts in a network process a RARP packet?
    Since a RARP request packet is a broadcast packet, it isd received by all the hosts in the network. But only a RARP server processes a RARP request packet, all the other hosts discard the packet. The RARP reply packet is not broadcast, it is sent directly to the host, which sent the RARP request.
  8. What will happen if more than one RARP server in a network responds to a RARP request?
    If more than one RARP server respond to a RARP request, then only the first RARP reply received is used. All other replies are discarded.
  9. What will happen if a RARP reply is not received for a RARP request?
    If a RARP reply is not received within a reasonable amount of time, the host, which sent the RARP request, will not be able to complete its booting sequence. Usually the host will again retry sending the RARP request after a timeout period.
  10. Are there any alternative protocols to RARP?
    The BOOTP and DHCP protocols can be used instead of RARP to get the IP address from the MAC address.

Internet Protocol

  1. What is IP?
    Internet Protocol (IP) is an unreliable, best effort delivery, connection-less protocol used for transmitting and receiving data between hosts in a TCP/IP network.
  2. To which OSI layer does IP belong?
    IP belongs to the Network Layer (layer 3) in the OSI model.
  3. Which RFC discusses IP?
    RFC 791 discusses about the IP protocol version 4.
  4. Which version of IP is discussed in this document?
    IP version 4 (IPv4) is discussed in this document.
  5. What do you mean by IP is an unreliable protocol?
    IP is a unreliable protocol because it does not guarantee the delivery of a datagram to its destination. The reliability must be provided by the upper layer protocols like TCP. IP does not support flow control, retransmission, acknowledgement and error recovery.
  6. What do you mean by IP is a best-effort protocol?
    IP is a best-effort protocol, because it will make every effort to always transmit a datagram and also datagrams will not be just discarded. However, the delivery of the datagram to the destination is not guaranteed.
  7. What do you mean by IP is a connection-less protocol?
    IP is a connection-less protocol because it does not maintain state information about the connection to a destination host. Each datagram is handled independent of other datagrams and also each datagram may reach the destination through different network routes.
  8. What is the role of IP in the TCP/IP protocol suite?
    IP is used for
    1. Transmitting data from higher-level protocols like TCP, UDP in IP datagrams, from one host to another host in the network.
    2. Identifying individual hosts in a network using an IP address.
    3. Routing datagrams through gateways and
    4. Fragmenting and reassembling datagrams based on the MTU of the underlying network.
  9. What is an IP Datagram?
    An IP datagram is a basic unit of information used by the IP layer to exchange data between two hosts. A IP datagram consists of an IP header and data.
  10. How higher-level data is carried by IP to a destination host?
    The data from higher-level protocols like TCP, UDP is encapsulated in an IP datagram and transmitted to the destination host. IP will not modify the higher-level data.
  11. What is the minimum and maximum size of an IP datagram?
    The minimum size of an IP datagram is 576 bytes and the maximum size is 65535 bytes.
  12. What is the minimum and maximum size of an IP datagram header?
    The minimum size of an IP datagram header is 20 bytes. The maximum IP datagram header size is 60 bytes.
  13. Is there a limitation on the minimum size of a IP datagram a network can handle?
    Yes. All IP networks must be able to handle datagrams of at least 576 bytes in length.
    
  1. What is the byte order used for transmitting datagram headers in the TCP/IP protocol suite?
    All the datagram headers in the TCP/IP protocol suite are transmitted in the "big endian" byte order. i.e. The most significant byte is transmitted first. This is also called as "network byte order".
  2. Why there are two length fields (IP header length, IP datagram length) in the IP header?
    The size of the IP header is not fixed. Depending on the IP options present, the size of the IP header will vary. A separate field for the IP header length is added, so that the destination system can separate the IP datagram header from the payload.
  3. How is the value for datagram identifier calculated?
    The IP datagram identifier is just a sequence number assigned by the transmitting host. The algorithm for assigning value to this field is not specified by the IP protocol.
  4. What is the use of datagram identifier field?
    The IP datagram identifier field is used to uniquely identify and assemble the different fragments of an IP datagram.
  5. Is the datagram identifier field unique for each IP datagram?
    Yes. The IP datagram identifier field is different for each IP datagram transmitted. The fragments of an IP datagram will have the same identifier value.
  6. What is the use of Type Of Service field in the IP header?
    The Type Of Service (TOS) field is used TCP to describe the desired quality of service for an IP datagram by upper layer protocols like TCP. This field can be used to specify the nature and priority of a IP datagram (like Network Control, Immediate, Critical, etc) and the criteria for selecting a path for forwarding a datagram by a gateway.
  7. What are the different types of criteria can be specified using the TOS field?
    The different types of criteria that can be specified by the TOS field in an IP datagram are:
    1. Minimize delay,
    2. Maximize throughput
    3. Maximize reliability
    4. Minimize cost and
    5. Normal service.
  8. Which RFC discusses the Type Of Service (TOS) field?
    RFC 1349 discusses the Type Of Service (TOS) field.
  9. What is the use of the Time To Live (TTL) field in the IP header?
    The TTL field is used to limit the lifetime of a IP datagram and to prevent indefinite looping of IP datagrams.
  10. How is the TTL field used to prevent indefinite looping of IP datagrams?
    The TTL field contains a counter value set by the source host. Each gateway that processes this datagram, decreases the TTL value by one. When the TTL value reaches zero, the datagram is discarded.
  11. What is the typical value for the TTL field?
    The typical value for a TTL field is 32 or 64.
  12. When is a datagram considered undeliverable?
    If a datagram cannot be delivered to the destination host due to some reason, it is considered an undeliverable datagram.
  13. How a datagram becomes an undeliverable datagram?
    A datagram may become undeliverable, if
    1. The destination host is down.
    2. The route for the destination host is not found.
    3. A network in the route to the destination host is down.
    4. The Time To Live (TTL) value of the datagram becomes zero.
  14. What happens to an undeliverable datagram?
    An undeliverable datagram is discarded and an ICMP error message is sent to the source host.
  15. Is it possible for an IP datagram to be duplicated?
    Yes. A host may receive the same copy of an IP datagram twice. It is upto the higher layer protocols to discard the duplicate copy of the datagram.
  16. Which part of the IP datagram is used for calculating the checksum?
    The checksum field in the IP header covers only the IP header. The payload data is not used for calculating this checksum.

IP Subnetting

  1. What is an IP sub-network?
    A single IP class A, B, or C network is further divided into a group of hosts to form an IP sub-network.
  2. What is the use of sub-networks?
    Sub-networks are created for manageability, performance, and security of hosts and networks and to reduce network congestion.
  3. Which RFC specifies IP subnetwork addressing?
    RFC 950 specifies IP subnetwork addressing protocol.
  4. How sub-networks are formed?
    The host ID portion of an IP address is further divided into a sub-network ID part and a host ID part. The sub-network ID is used to uniquely identify the different sub-networks within a network.
  5. What is a subnet mask?
    Subnet mask is a 4 byte (32 bit) number used to identify the sub-network ID and the host ID from an IP address. All the hosts in a sub-network will have the same subnet mask. E.g. 255.255.255.0, 255.255.127.0, 255.255.0.0
  6. How a host determines its subnet mask?
    A host determines its subnet mask during the boot-up sequence either from a configuration file stored in the local hard disk or from a server in the network using a network protocol like BOOTP, ICMP.
  7. How is a subnet mask formed?
    For all the bits in the IP address which are used to represent the network ID, and the sub-network ID, the corresponding bits in the subnet mask will be one. For all the bits in the IP address which are used to represent the host ID, the corresponding bit in the subnet mask will be zero. For example, if the first two bytes of the IP address are used to represent the network (class B address) and the third byte is used to represent the sub-network, and the last byte is used to represent the host, then the subnet mask will be 255.255.255.0
  8. Why a host needs to know about its subnet mask?
    When a host "A" needs to communicate with another host "B", it must know whether host "B" is in the same network or in a different network. If the host "B" is in the same network then host "A" can send the datagram directly to host "B". But if the host B is in a different network, then host "A" must send the datagram to a proper router. By determining the network class of the IP address of host "B", host "A" can determine whether host "B" is in the same network or in a different network. By using the subnet mask host "A" can find out whether host "B" is in the same subnet or in a different subnet.
  9. How to determine to the network ID, sub-network ID and the host ID, given the IP address and the subnet mask?
    The network class (A or B or C) of a given IP address can be easily determined by looking at the value of the first 4 bits of the first byte. From the network class, the number of bytes used to represent the network can be determined and hence the network ID can be determined. By performing a "AND" logical operation of the IP address and the subnet mask, the sub-network ID can be determined. In the value resulting from the "AND" operation, by removing the bytes used for the network ID, the remaining bits for which the corresponding bit in the subnet mask is one, represents the sub-network ID.
  10. Is it possible to form a subnet mask by using bits in non-contiguous positions in the IP address?
    Yes. It is possible to use non-contiguous bits in the host portion of an IP address to form the subnet field according to the standard. Only contiguous fields are usually used to form a subnet field.
  11. Is it possible to determine whether the network is subnetted by using the IP address of a host alone?
    No. It is not possible to determine whether a network is subnetted just by using the IP address alone. The subnet mask is needed to determine this.
12.   
  1. What are the possible values for a sub-net mask?
    All the possible values for a sub-net mask are shown below:
 
  1. What are the two types of subnetting?
    The two types of subnetting are:
    1. Static length
    2. Variable length
  2. What is 'Static Length' subnetting?
    If all the subnetworks in a single network use the same subnet mask, it is called as 'Static Length' subnetting.
  3. What is 'Variable Length' subnetting?
    If the different subnetworks in a single network use different subnet masks, it is called as 'Variable Length' subnetting.
  4. What is the disadvantage in using 'Static Length' subnetting?
    In the case of a 'Static Length' subnetwork, irrespective of the number of hosts in the subnetwork, a single subnet mask is used for all the subnetworks. Because of this, a large number of IP addresses will be wasted. For example, let us say, we have a class C IP network address 192.9.205.0 subnetted using a subnet mask 255.255.255.192. The total number of possible subnetworks is 4 and the total number of possible hosts per subnetwork is 32. Even if a subnetwork has just 4 hosts, it will be allocated the above subnetwork IP address, in this case 28 host IP addresses will be wasted.
  5. What is the advantage in using 'Static Length' subnetting?
    It is easy to configure a network using 'Static Length' subnetting. In addition, native IP routing understands only static subnetting.
  6. What is the advantage is using 'Variable Length' subnetting?
    In the case of 'Variable Length' subnetwork, IP addresses are allocated depending on the number of hosts present in the subnetwork. So available host IP addresses are efficiently used and are not wasted.
  7. What is the disadvantage in using 'Variable Length' subnetting?
    All the routers in a 'Variable Length' subnetted network must understand this type of subnetting.
  8. What are the special subnetwork IP addresses?
    The subnet addresses in which all the bits are zero or one are special subnet IP addresses. The subnet address in which all the bits are zero, represents the local subnetwork in which the datagram originated. The subnet address in which all the bits are one represents a subnet broadcast address. In the broadcast address, all the other bits including the network and host ID must be one.

CIDR

  1. What are the limitations of IPv4 address classes?
    The limitations of IPv4 address classes are:
    1. A large number of IP addresses are wasted because of using IP address classes.
    2. The routing tables will become large. A separate routing table entry is needed for each network resulting in a large number of routing table entries.
  2. How a large number of IP addresses are wasted using IPv4 address classes?
    If a network has slightly more number of hosts than a particular class, then it needs either two IP addresses of that class or the next class of IP address. For example, let use say a network has 300 hosts, this network needs either a single class B IP address or two class C IP addresses. If class B address is allocated to this network, as the number of hosts that can be defined in a class B network is (2^16 - 2), a large number of host IP addresses are wasted. If two class C IP addresses are allocated, as the number of networks that can be defined using a class C address is only (2^21), the number of available class C networks will quickly exhaust. Because of the above two reasons, a lot of IP addresses are wasted and also the available IP address space is rapidly reduced.
  3. What are the possible solutions to the limitations of IP addressing?
    The possible solutions to the limitation of IPv4 addressing are:
    1. IP version 6 (IPv6) or IP next generation (IPng). This is the latest version of IP. This solves a lot of problems in IPv4. This document doesn't discuss about IPv6.
    2. Classless Inter Domain Routing (CIDR).
  4. What is CIDR?
    Classless Inter Domain Routing (CIDR) is a method for assigning IP addresses without using the standard IP address classes like Class A, Class B or Class C. In CIDR, depending on the number of hosts present in a network, IP addresses are assigned.
  5. Which RFCs discuss about CIDR?
    RFCs 1517, 1518, and 1519 discusses about CIDR.
  6. What is the difference between classful IP addressing and classless IP addressing?
    The difference between classful IP addressing and classless IP addressing is in selecting the number of bits used for the network ID portion of an IP address. In classful IP addressing, the network ID portion can take only the predefined number of bits 8, 16, or 24. In classless addressing, any number of bits can be assigned to the network ID.
  7. How is a network ID assigned in a CIDR IP address?
    In CIDR IP addressing, the first 'n' bits of an IP address are assigned to identify the network and the remaining bits are used to identify the host, where the value of 'n' may be between 1 to 31. The value of 'n' depends on the number of hosts in the network.
  8. How is an IP address represented in CIDR notation?
    In CIDR notation, an IP address is represented as A.B.C.D /n, where "/n" is called the IP prefix or network prefix. The IP prefix identifies the number of significant bits used to identify a network. For example, 192.9.205.22 /18 means, the first 18 bits are used to represent the network and the remaining 14 bits are used to identify hosts.
  9. What are the advantages of CIDR?
    The advantages of CIDR over the classful IP addressing are:
    1. CIDR can be used to effectively manage the available IP address space.
    2. CIDR can reduce the number of routing table entries.
  10. How CIDR can be used to effectively manage the IP address space?
    Using CIDR IP addressing, any number of contiguous bits can be assigned to identify networks, depending on the number of hosts it needs to support. This will greatly reduce the number of wasted IP addresses. For example, let us say a network has 900 hosts. If classful IP addressing is used, this network needs 4 class C IP addresses or one class B IP address. If a class B IP address is used, as the maximum number of hosts in a class B network is 65534, a very large number (65534 - 900) of host IP addresses will be wasted. As the number of class C IP networks is limited (2097152), it is not preferable to assign 4 class C IP addresses to this network. On the other hand, if CIDR is used, then this network can be assigned an IP address with a network prefix of 22 (i.e. /22). This means, 10 bits are available for hosts, resulting in 1024 available host IP addresses, satisfying the exact requirements of the network. So CIDR the IP address space can be effectively used.
  11. How CIDR reduces the number of entries in a routing table?
    Using classful IP addressing, a separate entry is needed in the routing table of a router for each network. This results in a routing table with a large number of entries due to the existence of a large number of networks. As each router has its own limitation, this large routing table will lead to reduced performance and eventual breakdown of the router. If CIDR addressing is used, a single entry can be used to represent a group of networks. This will reduce the number of entries in the router. This is known as route aggregation. The routes for the individual networks will be present in another router down the path. Each entry in the router will have a network prefix associated with it. The network prefix is used to identify the correct network from the given IP address.
  12. Will CIDR completely eliminate IP address crunch problem?
    No. Even using CIDR, all the available IP addresses will get used at some point in time. The final solution to this problem is to use the next version of IP (IPv6).

IP Fragmentation

  1. What is meant by IP fragmentation?
    The breaking up of a single IP datagram into two or more IP datagrams of smaller size is called IP fragmentation.
  2. Why is an IP datagram fragmented?
    Every transmission medium has a limit on the maximum size of a frame (MTU) it can transmit. As IP datagrams are encapsulated in frames, the size of IP datagram is also restricted. If the size of An IP datagram is greater than this limit, then it must be fragmented.
  3. Which RFCs discuss IP fragmentation?
    RFC 791 & RFC 815 discusses about IP datagrams, fragmentation and reassembly.
  4. Is it possible to select an IP datagram size to always avoid fragmentation?
    It is not possible to select a particular IP datagram size to always avoid fragmentation, as the MTU for different transmission It is possible, though, for a given path to choose a size that will not lead to fragmentation. This is called Path MTU Discovery and is discussed in the RFC 1191. The TCP transport protocol tries to avoid fragmentation using the Maximum Segment Size (MSS) option.
  5. Where an IP datagram may get fragmented?
    An IP datagram may get fragmented either at the sending host or at one of the intermediate routers.
  6. Where are the IP datagram fragments reassembled?
    The IP fragments are reassembled only at the destination host.
  7. How to prevent an IP datagram from being fragmented?
    A IP datagram can be prevented from fragmentation, by setting the "don't fragment" flag in the IP header.
  8. What happens when a datagram must be fragmented to traverse a network, but the "don't fragment" flag in the datagram is set?
    The datagram whose "don't fragment" flag is set is discarded, if it must be fragmented to traverse a network. Also, a ICMP error message is sent back to the sender of the datagram.
  9. Will all the fragments of a datagram reach the destination using the same path?
    The different fragments of the same IP datagram can travel in either in the same path or in different paths to the destination.
  10. Will all the fragments of a datagram arrive at the destination system in the correct order?
    The different fragments of a single IP datagram can arrive in any order to the destination system.
  11. What happens to the original IP datagram when one or more fragments are lost?
    When one or more fragments of an IP datagram are lost, then the entire IP datagram is discarded after a timeout period.
  12. What is the minimum size of an IP fragment?
    The minimum size of an IP fragment is the minimum size of an IP header plus eight data bytes. Most firewall-type devices will drop an initial IP fragment (offset 0) that does not contain enough data to hold the transport headers. In other words, the IP fragment normally need 20 octets of data in addition to the IP header in order to get through a firewall if offset is 0.
  13. What are the limitations on the size of a fragment?
    The size of an IP datagram fragment is limited by
    1. The amount of remaining data in the original IP datagram
    2. The MTU of the network and
    3. Must be a multiple of 8, except for the final fragment.
  14. How is an IP datagram fragment differentiated from a non-fragmented IP datagram?
    A complete IP datagram is differentiated from an IP fragment using the offset field and the "more fragments" flags. For a non-fragmented IP datagram, the fragment offset will be zero and the "more fragments" flag will be set to zero.
  15. How are the fragments of a single IP datagram identified?
    The "identification" field in the IP header is used to identify the fragments of a single IP datagram. The value of this field is set by the originating system. It is unique for that source-destination pair and protocol for the duration in which the datagram will be active.
  16. How is the last fragment of an IP datagram identified?
    The last fragment of an IP datagram is identified using the "more fragments" flag. The "more fragment" flag is set to zero for the last fragment.
  17. How is the length of a complete IP datagram calculated from the received IP fragments?
    Using the fragment offset field and the length of the last fragment, the length of a complete IP datagram is calculated.
  18. How is an IP datagram fragmented?
    In the following example, an IP datagram is fragmented into two. This same algorithm can be used to fragment the datagram into 'n' fragments.
    1. The IP layer creates two new IP datagrams, whose length satisfies the requirements of the network in which the original datagram is going to be sent.
    2. The IP header from the original IP datagram is copied to the two new datagrams.
    3. The data in the original IP datagram is divided into two on an 8 byte boundary. The number of 8 byte blocks in the first portion is called Number of Fragment Blocks (NFB).
    4. The first portion of the data is placed in the first new IP datagram.
    5. The length field in the first new IP datagram is set to the length of the first datagram.
    6. The fragment offset field in the first IP datagram is set to the value of that field in the original datagram.
    7. The "more fragments" field in the first IP datagram is set to one.
    8. The second portion of the data is placed in the second new IP datagram.
    9. The length field in the second new IP datagram is set to the length of the second datagram.
    10. The "more fragments" field in the second IP datagram is set to the same value as the original IP datagram.
    11. The fragment offset field in the second IP datagram is set to the value of that field in the original datagram plus NFB.
  19. How a destination system reassembles the fragments of an IP datagram?
    1. When a host receives an IP fragment, it stores the fragment in a reassembly buffer based on its fragment offset field.
    2. Once all the fragments of the original IP datagram are received, the datagram is processed.
    3. Upon receiving the first fragment, a reassembly timer is started.
    4. If the reassembly timer expires before all the fragments are received, the datagram is discarded.
  20. What fields are changed in an IP header due to fragmentation?
    The following IP header fields are changed due to IP fragmentation:
    1. Total Length
    2. Header Length
    3. More Fragments Flag
    4. Fragment Offset
    5. Header Checksum
    6. Options
  21. What happens to the IP options field when an IP datagram is fragmented?
    Depending on the option, either it is copied to all the fragments or to only the first fragment.
  22. Which IP options are copied to all the fragments of an IP datagram?
    If the most significant bit in the option type is set (i.e. value one), then that option is copied to all the fragments. If it is not set (i.e. value zero), it is copied only to the first fragment.

No comments:

Post a Comment

Popular Posts