handout package · technology for those pursuing the sbe cert ified broadcast networking...

Handout Package

“Advanced IP Networking for Broadcast

Engineers“

and “CBNE Study Topics”

Wayne M. Pecena, CPBE, CBNE Texas A&M University

Educational Broadcast Services – KAMU

1

“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics

“Advanced IP Networking for Broadcast Engineers“

and “CBNE Study Topics”May 2, 2016

Wayne M. Pecena, CPBE, CBNE

Texas A&M University

Educational Broadcast Services ‐ KAMU

Certification ExamsMY DISCLAIMER

2

This class should not be considered a COMPRENHSIVE certification preparation class.

However the material presented will provide an excellent background in IP networking technology for those pursuing the SBE Certified Broadcast Networking Technologist

(CBNT) or the Certified Broadcast Networking Engineer (CBNE) certifications.

Why Is This NOT a Preparation Class?

1. I have no inclusive knowledge of the SBE certification exam question pools.2. The published CBNE exam scope covers more than just IP networking.

What I Will Do With Regards to the CBNE:

1. Cover IP Networking Technology fundamentals and focus on topics which represents 60-70 % of published exam content scope

2. Tailor network design examples towards possible CBNE “essay” questions3. Provide suggested self-study material sources to address additional exam content

Practical IP Networking Tutorial For those Not Perusing Certification!

2


“Advanced IP Networking for Broadcast Engineers” Tutorial & CBNE Study Topics Agenda for Today

• Networking Fundamentals Review:– Standards Organizations

– Reference Model Review

– Understanding OSI Model Data‐Flow Layers 1‐4

– IP Protocol Review

• Ethernet Switching In‐Depth

• IP Routing In‐Depth

• IP Addressing & Subnetting In‐Depth– IPv4 Addressing

– Introduction to IPv6

• Network Security Concerns

• Practical Network Design & Implementation Exercise

• Bonus Material ‐ CBNE Study Topics

3

Networking Fundamentals Review

4

3


5 Things Required To Build a Network

• Send Host

• Receive Host

• Message or Data to Send Between Hosts

• Media to Interconnect Hosts

• Protocol to Define How Data is Transferred

5

A Network is a Group of Host Devices That Share a Common Addressing SchemeA Host is Any Device That Can Be Connected to That Network

IETF – Internet Engineering Task Force

• Request for Comments – RFC’s

– The “Standards Bible” of the Internet

– Explains in Detail All Aspects of IP Networking

– Nomenclature “RFC xxxx”

• Requirement Levels:

– Required

– Recommended

– Elective

– Limited Use

– Not Recommended

6

www.rfc-editor.org/rfc.html

4


IEEE‐ Institute of Electrical & Electronic Engineers

• Project 802 Ethernet Standards:– 802.1 Bridging

– 802.3 Ethernet

– 802.11 Wireless

7

http://standards.ieee.org/about/get/

ITU – International Telecommunications Union

• ITU‐T Sector Provides Standardization of Global Telecommunications Standards (except radio)

• Key Standards include:– Coding of Audio – G.711 & G.72x series

– Coding of Still Images ‐ JPEG‐2000 / T.800 series

– Video Coding ‐MPEG2 / MPEG‐4 AVC

– ISDN (Integrated Services Digital Network) – Q.931

– Optical Transport Network (OTN) ‐ G.709 series

– Passive optical networks (PON) ‐ G.983 series

– Public Telecommunication Numbering Plan – E.164

– Signalling System 7 ‐ Q.7xx series

– (x) Digital Subscriber Line)

8

www.itu.int

5


The OSI ModelOpen Systems Interconnection (OSI) Model

Developed by the International Organization for Standardization (ISO)Conceptual Model – Abstract in Nature – Modular in Structure

Partitions Communications Functions ‐ Provides “Layer Swapping”Defines How Data Traverses From An Application to the Network

9

NetworkingFocus

“All People Seem To

Need Data Processing”

OR“Please Do Not ThrowSausage

Pizza Away”

Open Systems Interconnection “OSI” Model

10

6


The OSI Model Expanded

11

The Protocol Data Unit

12

“Some People Fear

Birthdays”

7


Encapsulation & De‐Encapsulation

13

TCP/IP Focused ModelsDOD Model Stack or TCP/IP Model Stack Focused on IP

14

8


1 ‐ The Physical Layer

15

Medium defined

Physical interface defined

Places bits onto the physical network medium

Controls the signaling

Takes bits off the physical network medium

Sends / Receives frames to/from the Data Link Layer

Network InterfacesLocal Area Network

• Ethernet

Wide Area Network• Dedicated

– T‐Carrier (T1, T3)

– Optical Carrier (OC‐3, OC‐12, OC‐192)

• Circuit Switched

– ISDN – BRI

– ISDN – PRI

• Packet Switched

– Frame Relay

– ATM

– ADSL / HDSL

– Metro Ethernet

9


Ethernet ‐ IEEE 802.3• The “de facto Standard” of Networking Today!

• Based Upon Contention ‐ Access to the Wire ‐ “CSMA/CD”

• 4 Building Blocks of the Ethernet System

– Physical Medium

– Signaling Components

– Media Access Control Protocol

– The Ethernet Frame• 802.3 Raw Early Novell Netware IPX

• 802.2 LLC Current Novell NetWare IPX

• Ethernet SNAP IPX, AppleTalk v2

• Ethernet II (DIX) TCP/IP

17

Ethernet Physical Standards

18

10


Ethernet GBIC & SFP Modules

19

“Giga-Bit Interface Converter” - GBIC Transceiver SC Fiber Connector

“Single Form-factor Pluggable” – SFP (mini GBIC) TransceiverLC Fiber Connector

Copper or Optical Based Transceiver to Provide FlexiblePhysical Interface

Optical GuidelinesExample Loss Budget – Actual Levels Dependent Upon Specific Optical TX & RX Devices

20

-3 to -9 dB -9 to -19 dB

1.0 dB / km – 1310nm MM0.5 dB / km – 1310nm SM

0.3 dB / connector0.3 dB / connector

-6 Ideal -14 dB

Too Much RX PowerCan Be Detrimental AsNot Enough - Attenuate

11


Power Over Ethernet ‐ PoE

• Allows Data & DC Power To Be Carried on the Same UTP Cable– Un‐Used Pairs (100‐Base‐T)

– Superimposed (1000‐Base‐T)

• IEEE Standardized: 48 vdc (operating range 44‐57 vdc)– 802.3af 13w device power

– 802.3at “PoE+” 25w device power

• Power Sourcing Equipment:

21

PoE Compliant Switch

PoEInjectors

2 ‐ The Data Link Layer

22

Network Layer Packets Encapsulated or De-Encapsulated Into/From into Frames

Physical or Hardware Addressing Implemented

Defines Network Topology

Unique

12


Layer 1 & Layer 2 Integration at the NIC

23

The Layer 2 Ethernet Frame

24

Do Not Confuse a “Giant” Frame With a “Jumbo” Frame

13


Jumbo Frames & Overhead

25

1500 Byte Frame Overhead: 38/1500 = 3%

Jumbo Frame: 9000 Bytes9000 Byte Frame Overhead: 38/9000 = 0.4%

But, Jumbo Frames May Impose Challenges!

Ethernet Network Physical Addressing

• MAC Address – 6 Bytes – Hexadecimal Notation ‐ 00:12:3F:8D:4D:A7

– Layer 2 Physical Address

– Fixed “Burned‐in‐Address” – Assigned by NIC Mfg.

– Local in Scope

26

14


MAC Address FormatsAlways 48 Bits – Expressed as Hexadecimal

28

Can Be Represented in Several Formats:

00:A0:C9:14:C8:29

00-A0-C9-14-C8-29

00A0.C914.C829

15


3 ‐ The Network Layer

29

Internetwork Communications Focused:

Packet Delivery from Source HostTo Destination Host

Logical Addressing Scheme Implementation

Routing Decisions via Routing Protocols

IP Network Virtual Addressing

• IPv4 Address – 4 Bytes – Doted Decimal Notation ‐ 172.15.1.1

– Layer 3 Logical Address

– Can Change – Determined by Network ‐ Assigned by User

– Global in Scope

30

16


IPv4 Packet – Layer 3RFC 791

31

4 ‐ The Transport Layer

32

Implements Reliable End-End Data Transport

Implements Error Detection / Correction

Establishes Virtual Connect Between Hosts

Provides Segmentation, Sequencing, Flow Control

17


TCP 3‐Way Handshake

33

TCP BasicsTransmission Control ProtocolRFC 675 and later v4 in RFC 793

• “Connection – Oriented” Protocol– Connection Establishment

– Segmentation & Sequencing

– Acknowledgement

– Flow Control or Windowing

• Guaranteed Or Reliable Data Delivery– Acknowledgment of Packet Receipt

– Retransmission Occurs if Packet Not Received

• High Overhead

• Requires Establishment of a “Session”

• TCP Windowing Feature– Dynamic Window Sizing

– “Slow‐Start”

34

18


TCP Sequencing

35

TCP Connection Termination

36

19


The TCP Session Summary

37

SYN + ACK

Time

Network

SYN

ACK

FIN

FIN

ACK

ACK

ACK

ConnectionClosed

Listen

SYN Sent

SYN Received

ConnectionEstablished Connection

Established

ConnectionClosed

FIN Wait 1

FIN Wait 2

CLOSE Wait

Last ACK

ACK

ACK

Data Segment 1

Data Segment 2

Data Segment 3

TCP Congestion ControlRFC 5681

• Control Mechanisms Based Upon Changing Network Environment:– Slow Start

– Fast Retransmit

• TCP Window– Defines Amount of Data a Host Can

38

20


UDP BasicsUser Datagram Protocol

RFC 768

• “Connectionless” Protocol

• Simple or Lightweight, but Inherently Unreliable

• “Best Effort” Data Delivery

• Low Overhead, Thus Low Latency

• Why Use?

– Required for Real‐Time Applications:• VOIP or “Video Over IP” or “Voice Over IP”

• AOIP or Audio Over IP”

– Latency More Detrimental Than Data Loss

39

UDP Session

40

Network

SYN

SYN + ACK

ACK

Data

Data

Data

Time

Data

Data

TCP Used toEstablish UDPSession

21


TCP and UDP Headers

41

TCP vs UDP

TCP• Connection Oriented

• Guaranteed Delivery

• Acknowledgments Sent

• Reliable, But Higher Latency

• Segments & Sequences Data

• Resends Dropped Segments

• Provides Flow Control

• Performs CRC

• Uses Port Numbers for Multiplexing

UDP• Connectionless

• Not Guaranteed

• No Acknowledgements

• Unreliable, But Low Latency

• No Sequencing

• No Retransmission

• No Flow Control

• Performs CRC

• Uses Port Numbers for Multiplexing

42

22


Primary IP System Protocols:

• ARP – Address Resolution Protocol

• DHCP – Dynamic Host Configuration Protocol

• DNS – Domain Name System

• ICMP – Internet Control Message Protocol

43

ICMPInternet Control Message Protocol

• Network Layer Based – RFC 1256 – The “Tattle Tale” Protocol

• Common Messages:– Destination Unreachable

– Buffer Full

– Hops or Time Exceeded (TTL)

• Common Uses:– Ping

– Traceroute

Basic “ping” Operation

23


ICMPMessages:• Platform Utilized

by Ping & Traceroute

Utilities

45

“ping”Packet Internet Groper

46

Send Hosts Sends ICMP “echo request”Destination Host Replies ICMP “echo reply”

Round-Trip Times Returned

Be Aware of Command Line Options

24


“traceroute”RFC 1812

• The Most Widely Used Network Diagnostic Tool / The Most Widely Misunderstood Network Diagnostic Tool

• How?– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 1 (port typical 33434)

– First Hop Router Sends icmp TTL Exceeded

– Send Host Transmits 3 UDP Packets to Receive Host With TTL = 2

– Second Hop Router Sends icmp TTL Exceeded


– Third Hop Router Sends icmp TTL Exceeded


47

icmp TTL exceeded

icmp TTL exceeded

icmp TTL exceeded

icmp destination port unreachable

TTL=1 TTL=4TTL=3TTL=2

Understanding “traceroute”

48

WindowsCommand

Screen“tracert”

PingPlotter

What IsUp?

25


Limitations of “ping” & “traceroute”• ICMP May Be Blocked Within Networks

• Routers May Limit ICMP Processing (interfaces limited)

• Realize Layer 2 Devices Will Not Be Seen

• Understand Traceroute Information Displayed:– traceroute Dispalys Forward Path Route (return path may be different)

– traceroute Returns Round‐Trip Latency

• Understand Traceroute Latency Results:– Latency Increase May Not Be Significant

– Latency Increase Must Continue Increasing for Additional Hops To Be of Concern

49

Sockets

• A “Socket” Is a Combination of an IP Address & A Port Number

• Allows Multiple Network Services to Exist on the Same Host (IP Address)

• IP Address + Port Number = Socket

50

IP Address: 192.168.100.10Port Number: 8080YieldsSocket: 192.168.100.10:8080

26


Port NumbersRFC 1700

• Applications Are Indexed by a “Port Number”

• Allows Differentiation of Multiple Applications

• Port Numbers Can Be Between 0 ‐ 65535

– 0–1023 Are Considered Reserved

– 1024–49151 Can Be Registered

– 49152–65535 Are Considered Dynamic or Private

• 65,535 TCP and 65,535 UDP Port Numbers

51

Registered Ports Numbers:http://www.iana.org/assignments/port‐numbers

Examples:“Well Known” System Port Numbers”

Port 20 / 21 – FTP “File Transfer Protocol”Port 23 – TELNETPort 53 – DNS “Domain Name Service”Port 80 – HTTPPort 110 – POP3 “Post Office Protocol”Port 123 – NTP “Network Time Protocol”Port 161 – SNMP “Simple Network Management Protocol” (UDP)Port 443 - HTTPS

27


Port Number Application Multiplexing

54

Layer 2Device

Layer 2DeviceLayer 3

Device

28


Frame & Packet Flow Through Network

55

00:06:5B:01:02:03192.168.1.101

00:06:5B:11:22:33192.168.1.104

00:00:0C:C1:00:01192.168.1.102

00:00:0C:C1:00:30192.168.1.103

00:00:0C:C1:00:20192.168.100.102

00:00:0C:C1:00:10192.168.100.101

Destination MAC00:00:0C:C1:00:20

Source MAC

00:00:0C:C1:00:10Source IP

192.168.1.101Destination IP192.168.1.104 DATA

PRE

CRC

TYPE

Destination MAC00:00:0C:C1:00:01

Source MAC00:06:5B:01:02:03

Source IP192.168.1.101

Destination IP192.168.1.104 DATA

PRE

CRC

TYPE

Destination MAC00:06:5B:11:22:33

Source MAC00:00:0C:C1:00:30

Source IP192.168.1.101

Destination IP192.168.1.104 DATA

PRE

CRC

TYPE

HOST A HOST B

MAC Address Changes As Frame Passes Through the Network

When to Route – When to Switch?

Route to Limit a Broadcast Domain orProvide Interoperability Between Networks

One Host per Switch Portto Create a Zero Collision Domain

29


Ethernet Switching In‐Depth

57

Ethernet Switching FundamentalsOriginally Known as “Bridging”

• Switches Allow Segmentation of Network– Allows Dedicated Bandwidth and Creates Point‐Point Communication

– Increased Throughput Due to Zero or Minimal Collisions

– Provides Full‐Duplex Operation

– Increased Security Capability

• Switches Selectively Forward Individual “Frames” from a Receiving Port to a Destination Port– Builds Internal Table of Destination Address(s) on each Port

– Forwards Ethernet Frame to Specific Port if Address in Table

– Floods Ports if Address Not in Table OR a Broadcast Frame

30


Ethernet Switch Functions• Learn MAC Addresses – Build “Table”

• Filter / Forward Ethernet Frames

• Flood Ethernet Frames

• Provide Loop Avoidance ‐ Redundancy (Avoid loops where redundant links exist)

• Provide Port Security Features

Basic Switch Functions

Simplified Ethernet Switch Internals

60

31


MAC Address Table & Aging

A Real MAC Address Table

NOTEVLAN 1 is Special

Aging Timer(typical 5 minute default)

Virtual Local Area Network – VLAN

• Allows Separation or Segmentation of Networks Across a Common Physical Media

– Creates Subset of Larger Network

– VLAN Controls Broadcast Domain Reach – Each VLAN is a Broadcast Domain

– Architecture Flexibility

– Security

• Static Port Based VLAN(s)– Most Popular

– Manual Configuration

– Switch Port Security Features

• Dynamic Port Based– MAC‐Based VLAN(s)

• Assignment Based Upon MAC Address

– Protocol‐Based VLAN(s)• Assignment Based Upon Protocol

62

What Happens in the VLAN,Stays in the VLAN

32


VLAN Example

63

Switch Port Type Configuration:

Access (Un-Tagged) Link – Member of One VLAN Only Connects to a HostTrunk (Tagged) Link – Carries Traffic From Multiple VLANS Between Switches

Cisco (HP-ComWare-3COM) Terminology

Broadcast Domains

64

RedVLAN

GreenVLAN

BlueVLAN

Broadcast Domains

No Connectivity Exists Between Broadcast Domain, Networks, or Subnets!

33


Switch Interface Configuration

65

Tag Inserted Tag Removed

Tag added to frame at Egress trunk interface / Tag stripped at Ingress trunk interface

Adding the VLAN Tag

66

Double & Triple Tagging Can Occur

34


The 802.1Q Tag in Detail

67

32 bits or 4 bytes

Be Aware – Proprietary VLAN Tags Exist (ie Cisco “VTP & ISL”)

VLAN Configurations

VLAN#1

VLAN#2

VLAN#1

VLAN#2

“Trunk” or “Tagged”Inter-Switch

Links

“Trunk” or “Tagged” VLAN #1 & #2

35


Spanning Tree Protocol “STP”Prevents a “Broadcast Storm” With Redundant Links

70

Switch A

Switch E

Switch D

Switch BSwitch C

Switch A

Switch E

Switch D

Switch B

Switched Topology ExampleActive Topology After

Spanning Tree Example

Switch C

STP Operation:1 - Determine Root Bridge2 - Select Root Port3 - Select Designated Ports4 - Block Ports with Loops

36


What Is A “Layer 3” Switch?• “Marketing Terminology” Applied to a One Box Solution:

– Layer 2 Switching

– Layer 3 Routing

• Layer 3 Switch Performs Both!

• Multilayer Switch Port Types:

– Switchport: Layer 2 Port – MAC Addresses Learning

– Layer‐3 Port: Routing Port

– Switched Virtual Interface: VLAN Virtual Interface

• Not for All Environments:

– Limited to Ethernet Ports/Interfaces

– Limited to OSPF and RIP Protocols

71

Layer 3 Switch Internals

37


IP Routing In‐Depth

73

Routing

• Routing is Simply the Moving of Information Between Networks (Subnets or Broadcast Domains)

• OSI Model Layer 3 Process

• Routing Types:

– Static Routing

– Dynamic Routing

• Routing Protocol Classes:

– Interior Gateway Protocol (IGP)

– Exterior Gateway Protocols (EGP)

74

38


Dynamic Routing Categories

• Distance Vector Routing Protocol– Periodic Routing Table Updates

– “Distance” Used as a Metric

– Neighbors “Trust” Neighbors

– Slow Convergence

• Link State Routing Protocol– Maintains Neighbor, Topology, & Shortest‐Path Tables

– Each Router Updates From All Others

– “Cost” Used as a Metric

75

The Routing Protocol

• Learn the route to each subnet in the internetwork (build routing table)

• Determine the “best’ route (one route)

• Remove routes that are no longer valid

• Update routing table to reflect changes

• Perform updates quickly

• Prevent routing loops

39


Routing Metrics & Administrative DistanceDetermines The Best Path to Target Host

• Cost Metrics:

– Hop Count The Number of Routers in a Path

– Bandwidth Throughput (bps)

– Load Traffic Flowing Through a Router

– Delay Network Latency (distance or congestion)

– Reliability Amount of Downtime of a Network Path

• Administrative Distance

– Indicates Believability of the Route

– Often Used When Multiple Protocols Are Used

– Often Used to Prefer A Certain Path When Multiple Paths Exist

– Routing Protocols Have Default Administrative Distances

77

Smaller Metrics = Best RouteLower Administrative Distance = More Believed

IGP and EGP Protocols

78

IS-ISBGP

RIPIGRP

EIGRPOSPF

RIPIGRP

EIGRPOSPF

Route Source:

Administrative Distance (default)

Direct 0

Static 1

EIGRP 90

OSPF 110

RIP 120

Unknown 255

40


Distance‐Vector Routing Protocols

• “Routing by Rumor” – The Overall Network is Unknown, Only Directly Connected Neighbors Are Known by Each Router

• Routing Decision Based Upon a “Distance” or Metric and “Direction” or Vector to Describe

the “Next‐Hop”

79

Link‐State Routing Protocols

• Network Topology Information is Flooded Throughout the Network

• Each Router Determines its Own “Best Path”

80

41


Practical Routing Protocol Choices“Common” IGP Protocols – VLSM Support

81

RIP v2 EIGRP (Cisco) OSPF v2

Type: Distance Vector Hybird Link‐State

Metric: Hop Count Bandwidth/Delay Cost

Administrative Distance:

120 90 110

Hop Count Limit: 15 224 None

Convergence: Slow Fast Fast

Updates: Full Table Every 30 Seconds

Send Only Changes When Change Occurs

Send Only When Change Occurs, But Refreshed Every 30m

RFC Reference: RFC 1388 N/A RFC 2328

RIP v2Routing Information Protocol

RFC 1388

• Advantages:– Simple – Easy to Configure

– Low Maintenance

– General Understanding Of

• Disadvantages:– Higher Router CPU Utilization

– High Bandwidth Use for Routing Updates

– No Knowledge of Link Bandwidth

– Slow Convergence

– Limited Network Size (hop count = 15)

82

42


OSPF v2Open Shortest Path First

RFC 2328

• Advantages:– Fast Convergence

– Routing Updates Are Small

– Scales to Varying Network Sizes

– Considers Link Bandwidth Into Metric Calculation

• Disadvantages:– More Knowledge Required – A lot of Options

– Complex to Configure

83

EIGRP v4Enhanced Interior Gateway Routing Protocol

CISCO Proprietary

• Advantages:– Fast Convergence

– No OSPF Area Assignments = Less Complex

– Complex Cost Metric:• Bandwidth

• Delay

• Reliability

• Utilization

• Disadvantages:– More Knowledge Required – A lot of Options

– Need “Cisco” Environment

84

43


Hop Count May Not Be The Best Metric!

85

IP Addressing & Subnetting In‐Depth

86

44


The IP Addressing “Rules”• Each Network MUST Have a Unique Network ID

• Each Host MUST Have a Unique Host ID

• Every IP Address MUST Have a Subnet Mask– Implied for a Classful Network

– Explicit Stated for Classless Network

• An IP Address Must Be Unique Globally If Host on the Public Internet

• The First & Last IP Address Of a Network is Not Assignable!

87

The IPv4 Address

• 32 Bit Binary Address and 32 Bit Binary Mask

• 232 Yields 4,294,967,296 Addresses

• 32 Bits Divided Into Four (4) Octets or Bytes

• Expressed in “Dotted Decimal” Notation

88

45


2‐Part IPv4 Address

89

IPv4 Address Classes

90

NETWORK HOST HOST HOST

NETWORKNETWORK

NETWORKNETWORKNETWORK

HOSTHOST

HOST

Class A

Class D

Class C

Class E

Class B

Experimental

Multicast

32 bits

8 bits 8 bits8 bits8 bits

46


IPv4 “Default” Mask

91

Classful IPv4 Addressing

What Happenedto the 127 network?

47


VLSMRFC 1009

• Variable Length Subnet Masking (VLSM)

– Host Addressing & Routing Inside a Routing Domain

– Allowed “Classless” Subnetting• Mask Information is Explicit – Must Be Specified

– Allows More Efficient Use of Address Space – Taylor Address Space to Fit Network Needs

– Allows You to Subnet a Subnet• Subnetting “Borrows” Host Bits to Create More Networks

93

VLSMAllows MaskTo Be Moved

VLSM• Allows Mask to Be Determined on a “Bit Basis”

– Remember: Classful Addressing Specified Network/Host Boundary

– Classless Addressing Allows Network/Host Boundary to Be Specified at an Individual Bit

94

Octet 1 Octet 2 Octet 3 Octet 4

Octet 1 Octet 2 Octet 3 Octet 4

A B C

19 Subnet Mask Bits = 255.255.224.0

Network Host

Network Host

48


CIDRRFC 1517, 1518, 1519, 1520

• Classless Interdomain Routing (CIDR)

– Class System No Longer Applies

– Routing Between Routing Domains

– Allows “Supernets” To Be Created

• Combining a Group of Class C Addresses Into a Single Block

– CIDR Notation (slanted notation): 192.168.100.254 /19

95

Mask:

11111111.11111111.11100000.00000000

255.255.224.0

IP Address Mask Formats

96

Classful Addressing:192.168.100.254(Implied Mask 255.255.255.0)

VLSM Addressing:192.168.100.254 255.255.224.0(Explicit Mask 255.255.224.0

CIDR Notation:192.168.100.254 /19 Number of Mask Bits

1 1 1

49


IP Address Block SizeBased Upon 2n

97

2n

128

64

32

16

8

4

2

1LSB

Private vs Public IP Addresses

• RFC 1918 Established “Private” Address Space– Class A: 10.0.0.0 to 10.255.255.255

– Class B: 172.16.0.0 to 172.31.255.255

– Class C: 192.168.0.0 to 192.168.255.255

• Key Points:– Private IP Addresses Are NOT Routable Over the Public Network

– Note – Can Be Routed Over a Private Network

– Often Translated With NAT At An Edge Router

• Map Private Address Space to Public Address Space

98

50


Why Subnetting?

• Creates Smaller Network(s) of a Larger Network

• Reduces Network Traffic – Creates Smaller Broadcast Domains

• Improves Network Performance

• Allows Geographic Separation

• Isolates Network Anomalies

• Enhances Network Management

99

SubnetsHow Many Networks (subnets) Are Shown?

Network 1

Network 3

Network 2

Broadcast Domain

Broadcast Domain

Broadcast Domain

CollisionDomain

CollisionDomain

CollisionDomain

CollisionDomain

51


Network Address Translation – NATRFC 3022

• NAT Allows a Host Without a Valid Public IP Address to Communicate With a Host That Has a Public IP Address

• HOW?

– Simply Changes the IP Addresses as Packet Passes Through the NAT Device

• WHY?

– Conserve Public IP Address Space

– Security by Obscurity (hide actual host IP address)101

NAT• Types of NAT:

– Static – One‐to‐One Translation

– Dynamic – Pool of Public Addresses Made Available to Outbound Traffic Client Traffic

– NAT Overloading or Port Address Translation (PAT) – Translates to a Single Public IP by Use of a Unique Port Number

• NAT Addressing Terminology:– Inside Local or Inside Private

– Inside Global or Inside Global

– Outside Global or Outside Public

– Outside Local or Outside Private

102

In General:Inside Addresses Are LocalGlobal Addresses Are Public

52


Static NAT

103

Special Use “Reserved” IPv4 Address SpaceRFC 5735

• 0.0.0.0/8 Network Address “This Network or Wire Address”

• 10.0.0.0/8 Private IP Address Space (RFC 1918)

• 127.0.0.0/8 Loopback Address

• 169.254.0.0/16 IETF Zero Configuration Address Space (RFC 3927)



• 224.0.0.0/4 Multicast Address Space

• 240.0.0.0/4 Experimental Address Space

• 255.255.255.255/32 Broadcast Address

104

Yields About 3.7 Billion “Useable” IPv4 Addresses

53


The IPv4 Loop Back Address

• What is Special About 127.0.0.1 ?

– Actually Any 127.0.0.0/8 Address Works OR the Range of127.0.0.1 to 127.255.255.255

• Known as a “Loop‐Back” Address

• Useful For:

– Test Local IP Stack and Network Adapter Test

– May Be Used by Client‐Server Ap on Host

105

An Introduction to IPv6

106

54


IPv4 Address Depletion

• As of February 2011 ALL ICANN IPv4 Address Space Assigned!

• Regional Registries Now Have Their Last Allocation!

http://www.potaroo.net/tools/ipv4/plotend.pngUpdated:

4-26-16

IPv6 Address SpaceIETF ‐ RFC 2460

IPv6 Provides Expanded IP Address Space2128 =

340,282,366,920,938,463,463,374,607,431,768,211,456(three hundred forty UNDECILLION addresses)

3.4 x 1038

• But, IPv6 is More Than Expanded Address Space:

– An Opportunity to Re‐Engineer IPv4• Improved Support for Multicasting, Security, & Mobile Aps

• Multiple Addresses per Interface

• Host Auto‐Configuration Capability

• Security Incorporated

• MTU Discovery Incorporated

• Traffic Engineering Provisions Incorporate

55


The IPv6 Address

128‐Bit Address Binary Format:001001100000011110111000000000001111101010100000000000110010000110010101100110001000011110111100010010000010100011110001

Subdivide Into Eight (8) 16‐bit Groups (quads or chunks):0010011000000111 1011100000000000 0000111110101010 0000000000000011 0010000110010101 1001100010000111 1011110001001000 0010100011110001

Convert Each 16‐bit Group to Hexadecimal:(separate with a colon)

2607:b800:0faa:0003:2195:9887:bc48:28f12607:b800:faa:3:2195:9887:bc48:28f1

Address Summarization

110

128‐Bit Address Represented as a 32 Hexadecimal DigitsSubdivided Into Eight Groups (Chunks, Quads) of Four Hexadecimal Digits

(separated by colon)

2001:0000:0000:0000:0DB8:8000:200C:417Aor

2001:0:0:0:DB8:8000:200C:417A or

2001::DB8:8000:200C:417A

110

56


Remember:IPv6 Is More Than Address Space

“An Opportunity to Re‐Engineer IPv4”

• Header Simplification for Performance Increase

• Improved Authentication and Security

• Host Auto‐Configuration

• Mobility Incorporated

111

IPv6 Address AssignmentRecommendations

• Service Provider: /32 232 /64 subnets

• Large End User: /48 65,536 /64 subnets

• Small End User: /56 256 /64 subnets

• SOHO: /64 1 /64 subnets

Recognize:A /64 IPv6 subnet = 18,446,744,073,709,552,000

hosts

57


Implementing IPv6?

Want to Learn More?

IPv6 Enable Your Home Network

But, My Provider is Not IPv6 Enabled!

Then “Tunnel” to an IPv6 Provider:

http://www.tunnelbroker.net/

58


115

IPv6 Test Sites

http://ipv6‐test.com/

http://v6.testmyipv6.com/

www.ARIN.net

59


An Ipv6 Address You Can Remember

The IPv6 Loopback Address

::1

Summarized from:0:0:0:0:0:0:0:1

Some Final IPv6 Trivia

What Happened to Version 5 or IPv5 of the Internet Protocol?

“IPv5 Simply Does Not Exist!”Version 5 was intentionally skipped to avoid confusion, or at least to rectify it. The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally defined in RFC 1190. This protocol was originally seen by some as being a peer of IP at the Internet Layer in the TCP/IP architecture and these packets were assigned IP version 5 to differentiate them from “normal” IPv4 packets. This protocol never went anywhere, but to be absolutely sure that there would be no confusion, version 5 was skipped over in favor of version 6.”

60


IPv4 and IPv6Comparison Summary

IPv4Developed: 1973-1977Deployed: 1981232 or 4.3 Billion Addresses

“More Than Anyone Could Possibly Use”

Address Based Assignment Unit /32

IPv6Developed: mid 1990’sDeployed: 19992128 or 340 Undecillion Addresses

“More Than Anyone Could Possibly Use”

Network Based Assignment Unit /64

Vinton Cerf“One of the Fathers of the Internet”

"Who the hell knew how much address space we needed for an experiment?““The experiment has not ended”

“Vint” Cerf comments on his & colleagues 1977 decision to use 32‐bit IP Numbers

61


Network Security

121

The Challenge

122

SECURITY USEABILITY

62


Network Security Concerns

• Focused on Protecting the “Network Infrastructure”

• Common Threats:– DHCP Snooping

– ARP Spoofing (IP Spoofing)

– Rogue Routers Advertisements

– Denial of Service Attacks

– Application Layer Attacks

• Implementation Considerations:– Know Your Enemy

– Cost

– Human Factors

– Understand Your Network

– Limit Scope of Access

– Don’t Overlook Physical Security

123

Network Infrastructure Threats

• Denial of Service “DoS”

• Spoofing

• Hijacking

• Authentication Bypass or “Back Door” Access

• Physical Access

• And the list goes on & on…..

124

63


Common Policy Terminology

• Asset – Any object of value

• Vulnerability – A system weakness to be exploited

• Threat ‐ Possible danger to a system or its information

• Risk – The feasibility that a vulnerability might be exploited

• Exploit ‐ An attack directed at a vulnerability

• Countermeasure ‐ An action or mitigation of a risk

125

Common Policy Attributes

• What Does a Security Policy Define?

– Company Objectives

– System Requirements

– User Rules & Regulations

• Who is the Security Policy Audience?

– “Anyone” Who Has Network Access!126

64


Security Policy Lifecycle

127

Planning

PolicyCreation

Management & Monitoring

Assessment

Policy Implementation & Enforcement

Detection

ThreatAnalysis

Goals of Network Security

• Provides Confidentiality– Maintain Privacy – Prevent Use by Those Unauthorized

• Provides Authentication– Verify That User’s Are Who They Say They Are

• Maintains Data Integrity– Data Has Not Changed

128

65


Attributes of a Secure Network

• Layered Approach (“Defense in Depth” NOTE 1)– Different Security Controls Within Different Groups

• Security Domains– Segmentation of Network Into Areas or Groups

• Privileges– Restrict to “Need – To – Access”

– “Deny by Default”

• Access– Restrict by Firewalls, Proxies, etc.

• Logging– Accountability , Monitoring, & Activity Tracking

129

NOTE 1 – Cisco Security Terminology

Apply Layered Network Design

• Separate Networks into “Layers” or Zones or Groups With Different Security Access & Control– External / “DMZ” Perimeter / Internal Zones

– Apply Access Control Between Internal Networks!

130

Non-Secure

Secure

66


Network Security Tools

• Access Control List

• Firewall– Used to Create a “Trusted” Network Segment by Permitting or Denying

Network Packets

– Types of Firewalls:

• Stateless Packet Filtering – Single Packet Inspection

• Stateful Packet Filtering – Flow or Conversation Inspection

• Ethernet Switch Port Security

• VPN

131

The Access Control List “ACL”Stateless Firewall Functionality

• Simply a “Set of Rules” That Provides a “Permit” or “Deny” Based Upon:

– Layer 3 IP Address

– Layer 4 Port Number

• An ACL is:

– A Table (with explicit DENY)

– Applied to a Specific Switch / Router Interface

132

67


The “ACL” Rules continued…..

• ACL’s can be Numbered or Named

• Numbered ACL’s Structure:– 1‐99 IP Standard Access List

– 100‐199 IP Extended Access List

– 200‐299 Protocol Access List

– 1300‐1999 IP Standard Access List‐Expanded

– 2000‐2999 IP Extended Access List‐Expanded

• Named ACL Structure:– Standard Named

– Extended Named

133


• Standard Access List– Can Only Permit or Deny The Source Host IP Address

– Placed Closest to Destination Host

• Extended Access List– Can Permit or Deny Based Upon:

• Source IP Address

• Destination IP Address

• TCP Port #

• UDP Port #

• TCP/IP Protocol

– Placed Closest to Source Network

134

68



• One “ACL” per Interface per Direction– Ingress

– Egress

• An ACL Only Acts of IP Traffic Passing Through Router

• Organize Structure of ACL:– More specific statements placed first

– Process Sequentially

135

ACL Example(s):

access-list 110 deny ip any host 192.168.100.110

access-list 123 deny ip any host 192.168.100.110 eq 23

Standard IP List Example:Prevent Host 192.168.30.30 from Accessing Host 192.168.10.10

136

Create Access List on Router 1:access list 101 192.168.30.30 0.0.0.0access-list 101 permit any

Apply Access List to Interface:interface E1ip access-group 101 in

Configuration Disclaimer:Exact configuration commands may vary based upon specific equipment models and software version.Generic “Cisco” commands utilized for illustration purposes.

69


Extended IP List Example:Allow Only http Access to Host 192.168.10.10 from 192.168.30.0 /24

137

Create Access List on Router 2:Access-list 101 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.10 eq 80access-list 101 permit ip any any



A “Practical” ACL ExampleBlock External Users From “Pinging” Inside Hosts

138

Create Access List on Router 1:access list 101 deny icmp any anyaccess-list 101 permit ip any any



70


Firewall• Determines What IP Traffic Can Enter or Exit a Network

Based Upon Pre‐Defined Rules

• Firewall Types:

– Stateless Packet Filtering – Single Packet Inspection

– Access Control List “ACL” – Ingress or Egress Filtering

• No knowledge of flow

• Filters on IP Header info – Layers 1‐3

– Stateful Packet Filtering – Flow or Conversation Inspection

• Filters on IP Header info – Layers 1‐4

• Records conversations – then determines context:

139

Firewall Types:

140

Packet Filtering - “Stateless” Packet Filtering - “Stateful”

Filtering Parameters:IP Source Address

IP Destination AddressProtocol

TCP TrafficUDP Traffic

Port Number

71


Firewall Implementation

141

Switch Port Security Actions

• Port Security Options:– Specific MAC Address/Port

– Limits on Learned MAC’s

– “Sticky” MAC Learning

• Port Security Violations:– Discards Frame if Disallowed

– Discards Frame if Disallowed and Sends Notification

– Shutdown

142

72


Implementing Switch Port Security

143

“Shutdown” ports that are un-usedInsure ports are configured as “Access” ports

Assign port to an Un-Used VLAN (do not use VLAN 1)

Configure“Trunk”PortsOnlyWhenrequired

Insure port is configured as “Access” portsAssign port to VLAN (do not use VLAN 1)

Enable Port Security:Specific MAC address

Limit number of MAC addresses / portUse “Sticky Learning” with cautionSpecify the violation response

The IPSec VPN• The Virtual Private Network – “VPN” is a private network built across a public

infrastructure.

• VPN Advantages:

– Provides Confidentiality

– Provides Authentication

– Maintains Data Integrity

– Prevents “Man‐in‐the‐Middle” Scenarios

• VPN’s Built Between:

– Routers

– VPN Appliances

– Soft Clients

• VPN Types:

– IPsec Based

– SSL Based

– GRE Tunnel

144

73


Conceptual VPN

145

A VPN is NOT a VLANA VPN is a Secure Tunnel Through an Unsecure Network

146

Don Not Confuse VLAN’s and VPN’s

74


Security “Best Practices” to Consider

• Recognize Physical Security

• Change Default Logins

• Utilize Strong Passwords

• Disable Services Not Required

• Adopt a Layered Design Approach

• Segregate Network(s)

• Separate Networks via VLANS

• Implement Switch Port Security

• Utilize Packet Filtering in Routers & Firewalls

• Do Not Overlook Egress Traffic

• Deny All Traffic – Then Permit Only Required

• Keep Up With Equipment “Patches”

• Utilize Access Logging on Key Network Devices

• Utilize Session Timeout Features

• Encrypt Any Critical Data

• Restrict Remote Access Source

• Understand & Know Your Network Baseline

• Actively Monitor and Look for Abnormalities

• Limit “Need‐to‐Know”

• Disable External “ICMP” Access

• Don’t Use VLAN 1

147

Practical Network Design & Implementation Exercise

148

75


The Building Blocks: Hubs, Switches, & Routers

• Hub– Layer 1 Device– Acts as a Repeater ‐ All Incoming Frame FWD Out Every Other Port– Half‐Duplex Based – CSMA/CD Algorithm Controlled– No Intelligence – Collision & Broadcast Domain Across All Ports

• Switch– Layer 2 Device – Originally Called “Forwarding”‐ Then “Bridging” ‐ Now Called

“Switching”– Full Duplex Based– Intelligence Based – Selectively Forwards Frame to a Port– Each Port is a Collision Domain (assuming one device per port)– Each Switch is Within a Broadcast Domain

• Router– Layer 3 Device– Forwards Packets Between Different Networks– Creates Broadcast Domains– Each Interface is a Broadcast Domain

149

X

The Flat Network“Legacy Network Architecture”

150

A Single Broadcast DomainCommon Addressed Subnet

Challenges:Manageability, Security, Scalability, Reliability

76


The Hierarchical Network

151

Organize By:GeographicPolicy / RegulationSecurityPerformance

Logical Networks

152

77


Network Design Considerations

• Understand “Your” Environment – Each Network is Different!

• IP Addressing Considerations

• VLAN Configuration

• Routing Protocol Selection

• Network Service(s) Selection (DNS, DHCP, etc)

• Security Aspects

• Access, Management, Documentation, & Monitoring

• Physical Layer Scheme

• Hardware (Switch & Router) Selection

Network Architecture Considerations

Core or Backbone

Distribution

Access

“Classic”Layered

Approach

78


Ethernet Switch Considerations

• Network Role & Location– Self‐Contained– “Stackable”– Modular (chassis + cards)

• Interface Requirements – Capabilities ‐ Range• Interface Density• Layer 3 Capability?• Processor/Memory/MAC Addresses Supported/Multicast IGMP• Backplane Fabric Throughput /Forwarding Rate (Gbps)• Redundancy (power, processor, interfaces)• PoE Requirements / Switch Capacity: (48vdc nominal)

– 802.af (15w) “Class 3”– 802.at (25w) “PoE+”

Router Considerations

• Network Role & Location– Self‐Contained– Modular (chassis + cards)

• Interface Requirements – Capabilities (LAN/WAN)• Processor/Memory/Route Capacity• Fabric/Backplane Throughput (packets per second “PPS”)• Redundancy (power, processor, interfaces)• Required Feature Set:

– Security / IDS– QoS– MPLS– VOIP– NetFlow

79


IP Addressing Considerations

• IP Address Planning (range)– Current Needs

– Scalability

– Organize Subnets (Hierarchical)

• IP Address Host Allocation– Public vs Private (RFC 1918)

– Static vs Dynamic Policy

– Assignment Documentation (IPAM sys)

• What About IPv6?– Implementation Factors

– Migration Plan

Switch Access Methods

“User” Mode

“Privilege” Mode

“Global” Configuration Mode

“Interface” Configuration Mode

80


Practical VLAN Configuration – 1Cisco to Cisco Switch

160

Conceptual Configuration:define vlan 100 & 200 in switchset port 2 mode to accessset port 14 mode to accessset port 23 mode to trunkallow vlan 100 & 200 on trunk port

Exact configuration command will vary by switch model / IOS version


81


Configuration DetailSwitch A

Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/2Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 100Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#exit

Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/14Switch(config-if)#switchport mode accessSwitch(config-if)#switchport access vlan 200Switch(config-if)#no shutSwitch(config-if)#exitSwitch(config)#exitSwitch#

Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#interface Fa0/23Switch(config-if)#switchport mode trunkSwitch(config-if)#switchport trunk vlan 100

^% Invalid input detected at '^' marker.

Switch(config-if)#switchport trunk allowed vlan 100,200Switch(config-if)#exitSwitch(config)#exit

Configuration DetailSwitch B

Switch B(config)#interface fa0/4Switch B(config-if)#switchport mode accessSwitch B(config-if)#switchport accss vlan 100 Switch B(config-if)#no shutSwitch B(config-if)#exitSwitch B(config)#exit

Switch B(config)#interface fa0/23Switch B(config-if)#switchport mode trunkSwitch B(config-if)#switchport trunk allowed vlan 100,200Switch B(config-if)#exitSwitch B(config)#exitSwitch B#

Switch B#config tEnter configuration commands, one per line. End with CNTL/Z.Switch B(config)#interface fa0/24Switch B(config-if)#switchport mode accessSwitch B(config-if)#switchport access vlan 200Switch B(config-if)#no shutSwitch B(config-if)#exitSwitch B(config)#exitSwitch B#

82


Router Configuration:

163


Blue Network:192.168.100.0 /24

Green Network:192.168.200.0 /24

Red Network:192.168.300.0 /24

Assign Network to an Interface:interface ge0 ip address 192.168.100.1 255.255.255.0no shutdowninterface ge1 ip address 192.168.200.1 255.255.255.0no shutdowninterface ge2 ip address 192.168.300.1 255.255.255.0no shutdown

Enable RIP Routing:router ripnetwork 192.168.100.0network 192.168.200.0network 192.168.300.0

Cisco vs HP Terminology

Function Cisco HP

Switch Port Access Port Untagged Port

VLAN Switch Port

Trunk Port Tagged Port

Aggregated Links

Ether Channel Trunk Group

83


Practical VLAN Configuration – 2Cisco to HP Switch

165


Conceptual Configuration:define vlan 100 & 200 in switchset port 7 as untagged vlan 100set port 24 as untagged vlan 200set port 18 as tagged vlan 100 & 200

Cisco Terminology HP TerminologyAccess Mode UntaggedTrunk Mode Tagged

84


8

12

14

4

Consider Growth – 20%

10

15

17

5

85


IP Address Block SizeBased Upon 2n

169

2n

128

64

32

16

8

4

2

1LSB

IP Addressing PlanBase Network: 192.168.100.0 /25

Use a “VLSM” Subnet Calculator:http://subnettingpractice.com/vlsm.html

1632

32

8

86


IP Configuration Plan

IP Configuration Plan ‐ 2

87


“EngRack” Switch to “Ennes” Router Interface

“Trunk”Interface “Sub-Interface”

802.1Q Trunk Link

88


What is Wrong With This Design?

Why a 100 Mbps Link Here?GigE

100Mbps

Let’s Fix It!

Then Re-Configure Ports:Switch & Router

89


Another Approach!

“Use a Layer 3 Switch”

Handout Package Contains All Configuration Details

178

90


Useful Reference Sources:• IEEE Ethernet References: http://standards.ieee.org/about/get/

• IETF Resources: http://www.ietf.org/

• RFC References: www.rfc‐editor.org/rfc.html

• MAC OUI Look‐Up: https://www.wireshark.org/tools/oui‐lookup.html

• IPv4 Address Block Size: http://packetlife.net/media/library/15/IPv4_Subnetting.pdf

• Cisco Oriented Guides: http://routeralley.com/guides.html

• PacketLife “Cheat Sheets”: http://packetlife.net/library/cheat‐sheets/

• On‐Line Subnet Calculator: http://www.subnet‐calculator.com/

• Standalone Subnet Calculator: http://www.solarwinds.com/freetools/advanced‐subnet‐calculator.aspx

179

The “Mask” ios Subnet Calculator:http://www.cylineapro.com/cylsoft‐portfolio/the‐mask‐ipv4‐ipv6‐calculator

My Favorite Reference Texts:

180

91


The Real – World OSI ModelRFC 2321 ‐ The Reliable Internetwork Troubleshooting Agent

“A Description of the Usage of Nondeterministic Troubleshooting and Diagnostic Methodologies”

181

ID10T Errors

182

92


Thank You for Attending!

Wayne M. PecenaTexas A&M Universityw‐[email protected]@tamu.edu

979.845.5662

183

? Questions ?

* BONUS MATERIAL *CBNE Study Topics

184

93


Cable Category Types

185

Category Maximum Speed Application

1 1 Mbps Voice (not for ethernet)

3 10 Mbps Ethernet 10BaseT

5 100 Mbps Ethernet 100BaseT

5e 1 Gbps Ethernet 1000BaseT

6 10 Gbps Ethernet 10GbE

6a 10 Gbps Ethernet 10GbE

For More Information:http://www.lanshack.com/cat5e-tutorial.aspx/

Ethernet Cable Wiring ‐ Straight

186

94


Ethernet Cable Wiring ‐ Cross

187

Ethernet Cable Types

Cable Type Legend

Straight-Through

Cross-Over

Router 1 Router 3Router 2

Ethernet 0

Ethernet 0 Ethernet 0

Ethernet 1

Ethernet 1

Ethernet 3

Ethernet 1

EIA/TIA-568A EIA/TIA-568B

EIA/TIA-568B EIA/TIA-568B

MDI

MDIXMDIXMDIX

MDI

MDI

MDI

188

95


DTEDevice

DCEDevice

12

36

12

36

Straight – Through Cable

DCEDevice

TX

RX

RX

TX

DCEDevice

36

12

12

36

Cross - Over Cable

TX

RX

RX

TX

Switch

Hub

RouterCross-Over Cable

Straight-Through Cable

Typical Cable Selection(non auto-mdix devices)

MDI

MDI

MDI-X

MDI-X

MDI-X

MDI

MDI


190

IEEE Standard Physical Standard

Cable Type Speed Maximum Length

802.3a 10‐Base‐2 Coax (thin‐net) 10 Mbps 185m

802.3 10‐Base‐5 Coax (thick‐net) 10 Mbps 500m

802.3i 10‐Base‐T Twisted Pair 10 Mbps 100m

802.3u 100‐Base‐TX Twisted Pair 100 Mbps 100m

802.3u 100‐Base‐T4 Twisted Pair 100 Mbps 100m

802.3u 100‐Base‐FX MM Fiber 100 Mbps 400‐2000m

802.3u 100‐Base‐SX MM Fiber 100 Mbps 500m

96



191

IEEE Standard Physical Standard

Cable Type Speed Maximum Length

802.3ab 1000‐Base‐T Twisted Pair 1 Gbps 100m

802.3z 1000‐Base‐SX MM Fiber 1 Gbps 500m

802.3z 1000‐Base‐LX MM Fiber 1 Gbps 500m

802.3z 1000‐Base‐LX SM Fiber 1 Gbps Several Km

802.3an 10G‐Base‐T Twisted Pair 10 Gbps 100m

802.3ae 10G‐Base‐SR MM Fiber 10 Gbps 300m

802.3ae 10G‐Base‐LR SM Fiber 10 Gbps Several Km

and 20 Gigabit, 40 Gigabit, & 100 Gigabit Ethernet are emerging ……

Fiber Optic Connector Types

192

97


WAN Technology• Generally Categorized as Dedicated, Circuit Switched , or Packet Switched:

• Dedicated

– T‐Carrier (data)

– Optical Carrier

• Circuit Switched

– ISDN – BRI

– ISDN – PRI

– T‐Carrier (voice)

• Packet Switched

– X.25

– Frame Relay

– ATM

– ADSL / HDSL

– Metro Ethernet Offerings

193

WAN Link Types

194

Line Type: Signaling Type: Bit Rate

64 DS0 64 kbps

T1 or DS1 DS1 1.544 Mbps

T3 or DS3 DS3 44.735 Mbps

SONET OC:

SONET STS:

Bit Rate

OC‐1 STS‐1 52 Mbps





98


DS1 Configuration

• DS1 or T1 Types:

– Channelized (voice)

– PRI (ISDN) (voice or data)

– Clear Channel (data)

• Encoding

– AMI (voice)

– B8ZS (data)

• Framing

– D4 Super Frame (voice)

– Extended Super Frame (data)

• Timing– Must specify source

195

WAN Component ExamplePoint – Point T‐1 or DS‐1

196

Possible Interfaces That Might Be Found

99


WAN Component ExampleIntegrated Services Digital Network

• ISDN ‐ Integrated Services Digital Network– ISDN – BRI 2 “B Channels” + “D Channel”

– ISDN – PRI 23 “B Channels” + “D Channel”

• “B” Channel – Bearer Channel – 64k

• “D” Channel – Signaling Channel – 16k / 64k

197

ISDN Reference Devices• TE1 – Terminal Equipment Type 1

– ISDN Telephone Set or Computer Device

• TE2 – Terminal Equipment Type 2– POTS Deskset

• TA – Terminal Adapter– Interfaces analog devices

• NT1 – Network Termination Type 1– TELCO termination Point (Home)

• NT2 – Network Termination Type 2• TELCO termination Point (PBX)

• LT – Line Termination

• ET – Exchange Termination

198

Telco Central Office

100


Frame Relay Basics• Standardized Packet Switched Network Technology

• Physical & Data Link Layer Based

• Local and Nationwide Scope Reach

• Frame Relay Switches Create Virtual Circuits Between Customer Endpoints

• Permanent Virtual Circuit (PVC) Provided to Customer

• Delivered via Leased Line Facilities – Often Fractional T1 (< 1.5 Mbps)– 56 kbps or 64 kbps increments

• Data Link Connection Identifier – DLCI:

– Identifies the Virtual Connection

– Physical Link Can Accommodate Multiple DLCI’s

– Unique Only To The Endpoint

• Committed Information Rate – CIR

• Extended Information Rate ‐ EIR

199

Frame Relay Architecture

200

PVC’sCreated

Between CustomerEndpoints

Local or Nationwide ScopeFrame Relay Cloud

101


Wireless Fidelity Networking

• 802.11 Standards– 802.11 2.4 Ghz 2 Mbps (maximum)

– 802.11b 2.4 Ghz 11 Mbps

– 802.11a 5 Ghz 54 Mbps

– 802.11g 2.4 Ghz 54 Mbps

– 802.11n 2.4 “MIMO” 300 Mbps

– 802.ac 2.4 / 5 Ghz 450 / 1300 Mbps

• Frequency Bands (ISM):– 2.4 Ghz 2.4‐2.497 Ghz

– 5 Ghz 5.15 – 5.875 Ghz

201

IEEE 802.11 Wi‐Fi

202

802.11 802.11a 802.11b 802.11g 802.11n

Standardized 1997 1999 1999 2003 2010

Frequency 2.4 Ghz 5 Ghz 2.4 Ghz 2.4 Ghz 2.4/5 Ghz

Channels 3 <24 3 3 Variable

Modulation IR, FHSS, DSSS

OFDM DSSS DSSS/OFDM

DSSS, CCK, OFDM

Mbps 1,2 6,9,12,18,24,36,48,64

1,2,5.5,11 1,2,5.5,116,9,12,18,24,36,48,64

>100(MIMO

supported)

Modulation Legend:IR – Infrared RadiationFHSS – Frequency Hoping Spread SpectrumDSSS- Direct Sequence Spread SpectrumOFDM – Orthogonal Frequency Division Multiplexing

102


2.4 gHz Channels

203

5 gHz Channels

204

103


Wireless Security

• Wireless Equivalent Privacy ‐WEP

• Wi‐Fi Protected Access – WAP

• Wi‐Fi Protected Access 2– WAP2 (802.11i)

• IEEE 802.1x

205

206

http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf

104


Broadcast Digital Content Management & Workflow

207

Content Management & Workflow

• Workflow:

The decisions and processes that occur in the broadcast plant when a

Media Asset enters the system to the distribution of the Media Asset at the output of the system.

• Media Asset (SMPTE definition):

208

Essence Metadata

Content Rights

Media Asset

105


Wrapper Types:

Wrappers

GXF – General Exchange Format

MXF – Material Exchange Format

AAF – Advanced Authoring Format

QT – Quick Time

LXF – Leitch Exchange Format

WMF – Windows Media Format

and others ……….

209

Metadata Essence

Wrapper

General Server Storage

• Hard Disk Interface Types

– SCSI

– IDE

– SATA

– Fiber Channel (FC)

• RAID Basics

• NAS Fundamentals

• SAN Architecture

210

106


Hard Disk Interface TypesData Transfer Rate (maximum)

• SCSI 160 Mbps – 320 Mbps

• IDE/ATA 100 Mbps – 133 Mbps

• SATA 150 Mbps – 300 Mbps

• Fibre Channel 400 Mbps

211

RAID Level BasicsRedundant Array of Independent (Inexpensive) Disks

• RAID Technology:

– Striping

– Mirroring

– Parity

• Choosing a RAID Level:

– Cost

– Data Availability (protection)

– Performance (read/write)

• Levels:

– RAID 0

– RAID 1

– RAID 5

– RAID 10 (RAID 1 + 0)

– And many more……….

212

107


RAID Level Overview:

213

RAID Level 0

Data Blocks StrippedNo Redundancy

High Performance

BA

C

E

D

F

RAID Level 1

Data Blocks MirroredHigh RedundancyGood Performance

AA

B

C

B

C

2 disks minimumUsable Capacity = 100%

2 disks minimumUsable Capacity = 50%

RAID Level Overview:

214

108


NAS & SAN Architecture• Network Attached Storage

NAS – Provides File System & Storage (stand alone)File Level Based ‐ Shared Storage Over Shared Network

• Storage Area NetworkSAN – Provides Storage OnlyBlock Level Based ‐ Shared Storage Over Dedicated Network

215

Audio & Video Digital Signal Standards

• Digital Audio– AES3

• 32/44.1/48/96 kHz Sampling

• 16 – 24 bits

• Mono or Stereo

• Balanced 110 ohm

• Unbalanced 75 ohm

– AC3• Compressed

• 5.1 channel based (6 channels)

• AC3 Metadata

– Dolby E• Compressed

• 8 channel

• Bound to Video Frame

• Digital Video:– SMPTE 259M SD‐SDI 270 Mbps

– SMPTE 344M ED‐SDI 540 Mbps

– SMPTE 292M HD‐SDI 1.485 Gbps

– SMPTE 372M Dual Link HD‐SDI 2.97 Gbps

– SMPTE 424M 3G‐SDI 2.970 Gbps

216

109


SBE Networking Certifications

CBNTCertified Broadcast Networking Technician

• This certification is designed for persons who wish to demonstrate a basic familiarity with networking hardware as utilized in business and audio/video applications in broadcast facilities.

• Exam Focus:– Network topologies and layouts

– Common network protocols

– Wiring standards and practices

– Maintenance, troubleshooting and connectivity issues

– Challenges unique to broadcast‐based networks

CBNECertified Broadcast Networking Engineer• This certification is an “Advanced” level

that reflects the skill and knowledge that will be required in today's world of converged IT and broadcast engineering.

• Exam Focus:

– Audio/Video over IP

– Digital Content Management

– Video Systems in an IT World

– Data Transmission Systems

– General IT Hardware

217

CBNE Recommended Study:

218

110


My Favorites:

219

Thank You for Attending!

Wayne M. PecenaTexas A&M Universityw‐[email protected]@tamu.edu

979.845.5662

220

? Questions ?

Internet

Ennes

Router

EngRack

Switch

Prod

Switch

Admin

Switch

The “Ennes” Network Architecture for KSBE

VLAN IP Address Configuration:

VLAN: Network: Mask: Default Gateway:

100 – Administration 192.168.100.64 255.255.255.240 192.168.100.65

200 – Production 192.168.100.32 255.255.255.224 192.168.100.33

300 – Engineering 192.168.100.0 255.255.255.224 192.168.100.1

400 - NetMgmt 192.168.100.80 255.255.255.248 192.168.100.81

DHCP

Enabled VLANS:

200 – Production (4 hosts)

300 – Engineering (2 hosts)

400 - NetMgmt

Enabled VLANS:

100 – Administration (2 hosts)

200 – Production (8 hosts)

300 – Engineering (12 hosts)

400 – NetMgmt (1 host)

Enabled VLANS:

100 – Administration (6 hosts)

400 - NetMgmt

Cisco 1841

Cisco C2960GCisco C2960G

Cisco C3750G

Management:

192.168.100.82

Management:

192.168.100.83

Management:

192.168.100.84

Management:

192.168.100.85

Gi1/0/1

Gi1/0/27 Gi1/0/28

Fa0/1Trunk - VLAN(s):

100,200,300,400

Fa0/0

Trunk - VLAN(s): 100,400Trunk - VLAN(s): 200,300,400

Gi0/7 Gi0/7

Configuration Details:

EngRack_SW

EngRack>

EngRack>enable

EngRack#show runnin

EngRack#show running-config

Building configuration...

Current configuration : 3064 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname EngRack

!

!

no aaa new-model

switch 1 provision ws-c3750g-24ts-1u

system mtu routing 1500

ip subnet-zero

!

!

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 100,200,300,400

switchport mode trunk

!


switchport access vlan 100

switchport mode access

!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!




!


!


!



switchport trunk allowed vlan 200,300,400


!



switchport trunk allowed vlan 100,400


!

interface Vlan1

no ip address

!

interface Vlan400

ip address 192.168.100.82 255.255.255.248

!

ip classless

ip http server

ip http secure-server

!

!

!

control-plane

!

!

line con 0

line vty 0 4

login

length 0

line vty 5 15

login

!

end

EngRack#


Ennes Router

Ennes>

Ennes>enable

Password:

Ennes#show runni

Ennes#show running-config



!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec


!

hostname Ennes

!

boot-start-marker

boot-end-marker

!

enable password sbe

!

no aaa new-model

dot11 syslog

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address dhcp client-id FastEthernet0/0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 100

ip address 192.168.100.65 255.255.255.240

!



ip address 192.168.100.33 255.255.255.224

!



ip address 192.168.100.1 255.255.255.224

!



ip address 192.168.100.81 255.255.255.248

!

router rip

network 192.168.100.0

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

Ennes#


Prod_SW

Prod_SW>

Prod_SW>enable

Prod_SW#show runni

Prod_SW#show running-config



!

version 12.2

no service pad




!

hostname Prod_SW

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model


ip subnet-zero

!

!

!

!

!

!

!

!

!

!



!


!

!

!

interface GigabitEthernet0/1



!




!




!




!


!




!




!


description Trunk to EngRack_SW


!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

ip http secure-server

!

control-plane

!

!

line con 0

line vty 5 15

!

end

Prod_SW#


Admin_SW

Admin_SW>

Admin_SW>enable

Admin_SW#show runnin

Admin_SW#show running-config



!

version 12.2

no service pad




!

hostname Admin_SW

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model


ip subnet-zero

!

!

!

!

!

!

!



!


!

!

!




!




!




!




!




!




!


!




!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

!

control-plane

!

!

line con 0

line vty 5 15

!

end

Admin_SW#

handout package · technology for those pursuing the sbe cert ified broadcast networking...

Documents