Network Layer

- Addressing end devices IPv4 Routing Table

- Encapsulation
- Routing Directly Connected:
- De-encapsulation
- L - Directly connected local interface IP address
IPv4 has three major limitations: - C – Directly connected network

- IPv4 address depletion – We have basically run out of Default Routes

IPv4 addressing.
- S – Static route was manually configured by an
- Lack of end-to-end connectivity – To make IPv4
administrator
survive this long, private addressing and NAT were
created. Remote Routes
- Increased network complexity – NAT was meant as
temporary solution and creates issues on the network - O – OSPF
as a side effect of manipulating the network headers - D – EIGRP
addressing. NAT causes latency and troubleshooting
issues.

IPv4 Packet Header Address Solution:

- The header is fixed at 40 Bytes or octets long. - Layer 2 physical address (the MAC address) – Used for
NIC to NIC communications on the same Ethernet
IPv6: network.
- Layer 3 logical address (the IP address) – Used to send
- Increased address space – based on 128 bit address, the packet from the source device to the destination
not 32 bits device.
- Improved packet handling – simplified header with
fewer fields Address Resolution Protocol (ARP) - a protocol or procedure
- Eliminates the need for NAT – since there is a huge that connects an ever-changing Internet Protocol (IP) address to
amount of addressing, there is no need to use private a fixed physical machine address, also known as a media access
addressing internally and be mapped to a shared public control (MAC) address, in a local-area network (LAN).
address
Internet Control Message Protocol version 6 (ICMPv6) - the
Routing implementation of the Internet Control Message Protocol (ICMP)
for Internet Protocol version 6 (IPv6). ICMPv6 is an integral part of
- Local Hosts – destination is on the same LAN IPv6 and performs error reporting and diagnostic functions.
- Remote Hosts – devices are not on the same LAN
ARP request - establishes communication between devices on
Method of determination: the network
- IPv4 – Source uses its own IP address and Subnet show ip arp command displays the ARP table on a Cisco router.
mask, along with the destination IP address
- IPv6 – Source uses the network address and prefix arp –a command displays the ARP table on a Windows 10 PC.
advertised by the local router
ARP spoofing(ARP poisoning) - a Man in the Middle
3 types of routes in a router’s routing table: (MitM) attack that allows attackers to intercept communication
between network devices.
- Directly Connected – These routes are automatically
added by the router, provided the interface is active and ARP Poisoning - a type of cyber attack carried out over a Local
has addressing. Area Network (LAN) that involves sending malicious ARP
- Remote – These are the routes the router does not have packets to a default gateway on a LAN in order to change the
a direct connection and may be learned: pairings in its IP to MAC address table.

Manually – with a static route show ip interface brief/show ipv6 interface brief

Dynamically – by using a routing protocol to have the routers - show ip interface brief command can be used to view
share their information with each other a summary of the router interfaces.

- Default Route – this forwards all traffic to a specific

direction when there is not a match in the routing table

Static Routing

- configured manually
- Must be adjusted manually by the administrator when
there is a change in the topology
- Good for small non-redundant networks
- Often used in conjunction with a dynamic routing
protocol for configuring a default route
An IPv4 address is a 32-bit hierarchical address that is made up
Dynamic Routing of a network portion and a host portion.
- Discover remote networks The prefix length is the number of bits set to 1 in the subnet
- Maintain up-to-date information mask. It is written in “slash notation” therefore, count the number
- Choose the best path to the destination of bits in the subnet mask and prepend it with a slash.
- Find new best paths when there is a topology change
- Unicast transmission is sending a packet to one
destination IP address.
 - Broadcast transmission is sending a packet to all other - IPv6 addresses are 128 bits in length and written in
destination IP addresses. hexadecimal.
- Multicast transmission is sending a packet to a - IPv6 addresses are not case-sensitive and can be
multicast address group. written in either lowercase or uppercase.
- The preferred format for writing an IPv6 address is
x:x:x:x:x:x:x:x, with each “x” consisting of four
hexadecimal values.
Request for Comment RFC 1918,
- In IPv6, a hextet is the unofficial term used to refer to a
- Public IPv4 addresses are globally routed between segment of 16 bits, or four hexadecimal values.
internet service provider (ISP) routers.
Rules:
- Private addresses are common blocks of addresses
used by most organizations to assign IPv4 addresses to The first rule to help reduce the notation of IPv6 addresses is to
internal hosts. omit any leading 0s
- Private IPv4 addresses are not unique and can be used
internally within any network. Second, a double colon (::) can replace any single, contiguous
string of one or more 16-bit hextets consisting of all zeros.
Edge router - is a specialized router located at a network
boundary that enables an internal network to connect to external - Unicast – Unicast uniquely identifies an interface on an
networks. IPv6-enabled device.
- Multicast – Multicast is used to send a single IPv6
Loopback addresses packet to multiple destinations.
- Anycast – This is any IPv6 unicast address that can be
- Commonly identified as only 127.0.0.1
assigned to multiple devices.
- Used on a host to test if TCP/IP is operational.
Global Unicast Address (GUA) – These are globally unique,
Link-Local addresses
internet-routable addresses.
- Commonly known as the Automatic Private IP
Link-local Address (LLA) - Required for every IPv6-enabled
Addressing (APIPA) addresses or self-assigned
device and used to communicate with other devices on the same
addresses.
local link.
- Used by Windows DHCP clients to self-configure when
no DHCP servers are available. Unique local addresses:
RFC 790 (1981) allocated IPv4 addresses in classes - are used for local addressing within a site or between a
limited number of sites.
- Class A (0.0.0.0/8 to 127.0.0.0/8)
- can be used for devices that will never need to access
- Class B (128.0.0.0 /16 – 191.255.0.0 /16)
another network.
- Class C (192.0.0.0 /24 – 223.255.255.0 /24)
- are not globally routed or translated to a global IPv6
- Class D (224.0.0.0 to 239.0.0.0)
address.
- Class E (240.0.0.0 – 255.0.0.0)
GUA STRUCTURE:
Internet Assigned Numbers Authority (IANA) - manages and
allocates blocks of IPv4 and IPv6 addresses to five Regional Global Routing Prefix: The global routing prefix is the prefix, or
Internet Registries (RIRs). network, portion of the address that is assigned by the provider,
such as an ISP, to a customer or site.
Intranet - A company’s internal network typically using private
IPv4 addresses. Subnet ID: The Subnet ID field is the area between the Global
Routing Prefix and the Interface ID.
DMZ – A companies internet facing servers.
Interface ID: The IPv6 interface ID is equivalent to the host
- End user clients – Most use DHCP to reduce errors and
portion of an IPv4 address.
burden on network support staff. IPv6 clients can obtain
address information using DHCPv6 or Stateless IPv6 Commands:
Address Autoconfiguration (SLAAC).
- Servers and peripherals – These should have a ipv6 address ipv6-address/prefix-length
predictable static IP address.
- Servers that are accessible from the internet – SLAAC allows a device to configure a GUA without the services of
Servers must have a public IPv4 address, most often DHCPv6.
accessed using NAT.
EUI-64 (Extended Unique Identifier) - a method we can use to
- Intermediary devices – Devices are assigned
automatically configure IPv6 host addresses
addresses for network management, monitoring, and
security. IPv6 multicast addresses have the prefix ff00::/8. There are two
- Gateway – Routers and firewall devices are gateway for types of IPv6 multicast addresses:
the hosts in that network.
- Well-Known multicast addresses
Migration Techniques - Solicited node multicast addresses
- Dual stack -The devices run both IPv4 and IPv6 protocol 2 common IPv6 Assigned multicast groups:
stacks simultaneously.
- Tunneling – A method of transporting an IPv6 packet - ff02::1 All-nodes multicast group - A packet sent to
over an IPv4 network. The IPv6 packet is encapsulated this group is received and processed by all IPv6
inside an IPv4 packet. interfaces on the link or network.
- Translation - Network Address Translation 64 (NAT64) - ff02::2 All-routers multicast group - A router becomes
allows IPv6-enabled devices to communicate with IPv4- a member of this group when it is enabled as an IPv6
enabled devices using a translation technique similar to router with the ipv6 unicast-routing global
NAT for IPv4. configuration command.

IPv6 Solicited-node multicast address is mapped to a special

Ethernet multicast address.
 Transport Layer - responsible for logical communications
• Allows 65,536 /64 subnets between applications running on different hosts.
• The global routing prefix is the same for all subnets.
• Tracking individual conversations
• Segmenting data and reassembling segments
• Adds header information
• Identify, separate, and manage multiple conversations
• Uses segmentation and multiplexing to enable
different communication conversations to be
interleaved on the same network
Transport layer protocols specify how to transfer messages
between hosts, and are responsible for managing reliability
requirements of a conversation.
Internet Control Message Protocol (ICMP) provides feedback
about issues related to the processing of IP packets under certain TCP provides reliability and flow control
conditions.
ICMPv4 is the messaging protocol for IPv4. ICMPv6 is the User Datagram Protocol(UDP) provides the basic functions for
messaging protocol for IPv6 and includes additional functionality. delivering datagrams between the appropriate applications, with
The ICMP messages common to both ICMPv4 and ICMPv6 very little overhead and data checking.
include:
- Host reachability TCP Features
- Destination or Service Unreachable - Establishes a Session - TCP is a connection-oriented
- Time exceeded protocol that negotiates and establishes a permanent
ICMP Echo Message - used to test the reachability of a host on connection (or session) between source and
an IP network. destination devices prior to forwarding any traffic.
ICMP Destination Unreachable message - used to notify the - Ensures Reliable Delivery - For many reasons, it is
source that a destination or service is unreachable. possible for a segment to become corrupted or lost
completely, as it is transmitted over the network.
Destination Unreachable codes for ICMPv4 are as follows: - Provides Same-Order Delivery - Because networks
- 0 - Net unreachable may provide multiple routes that can have different
- 1 - Host unreachable transmission rates, data can arrive in the wrong order.
- 2 - Protocol unreachable - Supports Flow Control - Network hosts have limited
- 3 - Port unreachable resources (i.e., memory and processing power).
Destination Unreachable codes for ICMPv6 are as follows: The UDP header is far simpler than the TCP header because it
- 0 - No route to destination only has four fields and requires 8 bytes
- 1 - Communication with the destination is
- administratively prohibited (e.g., firewall)
- 2 – Beyond scope of the source address
- 3 - Address unreachable
- 4 - Port unreachable

Time to live (TTL) or hop limit - a mechanism which limits the

lifespan or lifetime of data in a computer or network

Messaging between an IPv6 router and an IPv6 device, including

dynamic address allocation are as follows:
- Router Solicitation (RS) message
- Router Advertisement (RA) message
Messaging between IPv6 devices, including duplicate address
detection and address resolution are as follows:
- Neighbor Solicitation (NS) message
- Neighbor Advertisement (NA) message
-
RA messages are sent by IPv6-enabled routers every 200(4.25
minutes (255 seconds)) seconds to provide addressing
information to IPv6-enabled hosts.
- Domain Name System (DNS) is the phonebook of the
Internet.
- Stateless Address Auto-Configuration (SLAAC) can Three-Way Handshake - It establishes that the destination
automatically configure IPv6 host parameters on an device is present on the network.
IPv6 host without the need for manual configuration or a
DHCP server. 6 Control Bit Flags:
duplicate address detection (DAD) to ensure that the IPv6 • URG - Urgent pointer field significant
address is unique • ACK - Acknowledgment flag used in
connection establishment and session
RFC 4861 – specifies the Neighbor discovery for IP version 6 termination
• PSH - Push function
IPv6 nodes on the same link use Neighbor Discovery to discover
• RST - Reset the connection when an error or
each other's presence
timeout occurs
• SYN - Synchronize sequence numbers used in
- ping command can be used to test the ability of a host
connection establishment
to communicate on the local network.
• FIN - No more data from sender and used in
- Traceroute (tracert) is a utility that is used to test the
session termination
path between two hosts and provide a list of hops that
Flow control is the amount of data that the destination can
were successfully reached along that path.
receive and process reliably.
Maximum Segment Size (MSS) is the maximum amount of data
that the destination device can receive.
- A common MSS is 1,460 bytes when using IPv4.
- maximum transmission unit (MTU), which is 1500 bytes
be default.
- 1500 minus 60 (20 bytes for the IPv4 header and 20
bytes for the TCP header) leaves 1460 bytes.

Application layer provides the interface between the

applications used to communicate, and the underlying network
over which messages are transmitted.

Presentation layer has three primary functions:

- Formatting, or presenting, data at the source device
into a compatible format for receipt by the destination
device
- Compressing data in a way that can be decompressed
by the destination device
- Encrypting data for transmission and decrypting data
upon receipt
The session layer functions:
- It creates and maintains dialogs between source and
destination applications.
- It handles the exchange of information to initiate
dialogs, keep them active, and to restart sessions that
are disrupted or idle for a long period of time.
Peer-to-peer (P2P) network, two or more computers are
connected via a network and can share resources (such as
printers and files) without having a dedicated server.

HTTP is a request/response protocol that specifies the message

types used for that communication.
- GET - This is a client request for data.
- POST - This uploads data files to the web server, such
as form data.
- PUT - This uploads resources or content to the web
server, such as an image.
POP is used by an application to retrieve mail from a mail server.
IMAP is another protocol that describes a method to retrieve
email messages.

Domain names were created to convert the numeric IP

addresses into a simple, recognizable name.
DNS protocol defines an automated service that matches
resource names with the required numeric network address.

Some of these record types are as follows:

- A - An end device IPv4 address
- NS - An authoritative name server
- AAAA - An end device IPv6 address (pronounced quad-
A)
- MX - A mail exchange record
Nslookup is a computer operating system utility that allows a
user to manually query the DNS servers configured on the device
to resolve a given host name.
Dynamic Host Configuration Protocol (DHCP) for IPv4 service
automates the assignment of IPv4 addresses, subnet masks,
gateways, and other IPv4 networking parameters.

FTP was developed to allow for data transfers between a client

and a server.
FTP client is an application which runs on a computer that is
being used to push and pull data from an FTP server.

The Server Message Block (SMB) is a client/server, request-

response file sharing protocol