Collison domain: Only one device in the collision domain may transmit at any one time and other devices in the domain listen to the network in order to avoid data collisions. E.g an Ethernet Segment i.e CSMS/CD LAN
If 5 devices connected to a hub/repeater (L1 device), there is 1 collision domain
If 5 devices connected to a switch/bridge(L2 device), there are 5 collision domain
If router(L3 device) stands between all the devices, we have two broadcast domains
Broadcast domain: Broadcasting sends a message to everyone on the local network(subnet). e.g DHCP Request from client PC . Broadcast domain can also be referred as subnet or VLAN.
Switches Vs Hub:
Hub has one single collision domain
Switch increases the number of collision domains in the network. Switch configured with VLAN reduces the size of the collision domain
Switch forward broadcast and multicast by default to all ports within the same VLAN. Only routers block all broadcast traffic by default
Bridges vs Switches:
Switch is a multipart bridge that allow to create multiple broadcast domains. Each broadcast domain is like a distinct virtual bridge within a switch.
Bridge and Switch learn MAC address by listening to incoming frames and examining the source MAC address in the frame i.e supports ARP (ARP helps switch to increase collision domains. Guess how? )
Switches usually have a higher number of ports than most bridges
L2 devices allows simultaneous frame transmissions i.e full duplex
If you have 100Mb full duplex connection, you can effectively get 200Mb (100Mb tx, 100Mb rx)
L2 devices can filter frames based on MAC addresses thus can be helpful in dealing with unnecessary broadcast and multicast packets
Router
Internetwork communication
it segments LANs into smaller broadcast domains
it does not forward broadcast and multicast traffic by default, unless bridging or IP helpers are configured on the router, LAN broadcasts are blocked at the router level.
Basic function: Packet Switching and Path Selection
Why CDP?
Cisco Discovery Protocol gather hardware and protocol information about neighbor devices
#show cdp neighbor
#show cdp neighbor details
It can verify L2 connectivity (which is helpful to troubleshoot while L3 fails)
Any LAN interface, HDLC, Frame Relay and ATM support CDP. To support forwarding CDP messages over an interface, that interface most support SNAP headers
CDP is not dependent on any L3 protocol, but can pull L3 addressing details
CDP can pull following information from the neighboring device:
Device ID - hostname
Address list - Network and data link address
Port ID - port i.e another name of an interface
Capabilities list - function of device, for instance a router or switch
Platform - model and OS level running in the device
Fiber optic cable is independent of voltage potential difference.
Straight-through cable is used to connect to two different network devices
Only router can terminate a leased T1 access circuit, and only a router can connect two different IP networks. *Serial connection is required for the T1.
WAN generally function at the Physical and Data link layer of the OSI model. Occasionally it also operate at Network layer.
Transport layer ensures end-to-end data delivery, flow control, error recovery, packet reordering, multiplexing data for different flows to applications on the same host and more. Network layer is just 'best effort' communications
Layer 2(data link/ mac) address represents just the next hop address on the way to the sender. It is changed on each hop. However, network address remains the same. Thus network address is used to create a logical path between two host in network.
LAYER : PROTOCOL DATA UNIT(PDU)
--------------------------------------------
Application layer: Data
Transport Layer: Segment
Network Layer: Packet
Data Link Layer: Frame
Physical Layer: Bits/Signals/voltage/light on or off (based on the hardware)
TL segments and reassembles data into a data stream. Sequence number in the TCP header is used to reassemble the segments to reconstruct the original file.
MTU handles the regulation of maximum frame size.
SAR(Segmentation and Reassembly) handles reassembly portion.
Flow control provides a mechanism for the receiver to control the transmission speed. Types of flow control: Congestion avoidance, Windowing, Buffering
TCP window is the amount of outstanding data (unacknowledged by the recipient) a sender can send on a particular connection before it gets an acknowledgement back from the receiver. Example. Over a TCP communicationTCP window size is 100KB, then sender can only send 100KB of data and then it must stop and wait for an acknowledgment from the receiver before it can send another 100KB of data.
TCP packet has:
Source Port, Destination Port
Sequence Number
Ack Number
Flags, Window Size
Checksum
Data
UDP Packet has:
Source Port, Destination Port
Length, Checksum
Data
UDP is used in NFS, SNMP, DNS, TFTP. UDP is used when reliability mechanism of TCP is not needed as there might be a higher-layer protocol providing error and flow control.
NL: Routing (RIP, IGRP, EIGRP, OSPF, BGP) and Routed protocols (IP, IPX)
Application Layer Protocol : Port used in Layer 4
----------------------------------------------------------------
TFTP : UDP port 69
SNMP: UDP port 161, 162
Telnet : TCP port 23
SMTP : TCP port 25
HTTPS : TCP port 443
SSH: TCP port 22
FTP : TCP port 20,21
DNS : both TCP and UDP port 53
HTTP (Note: HTML is not a protocol) : TCP port 80
SIP : TCP/UDP port 5060
Source and Destination ports are used to demultiplex datagrams for receiving application layer processes.
Note: Ping is NOT based on Layer 7. It used ICMP protocol instead of TCP/IP and UDP/IP. It's Layer 3 based thus it is IP protocol. ICMP packets are encapsulated within IP datagrams and can provide hosts with information about network problems. No source and destination ports are included in its packets. Message type is included for representing the purposes of ICMP packet. Message type: 0 echo reply, 3 destination unreachable, 4 source quench, 5 redirect, 8 echo request, 11 time exceeded, 12 parameter problem.
Note: ARP is L2 function , IP is used at L3. ARP finds the hardware address of a host from a known IP address. Network Access Protocols like Ethernet or Token Ring i.e IP looks for destination host's address in the ARP cache. If it's not there, then it uses ARP to find that information. ARP broadcast resolves the MAC address of destination device and keeps it in ARP cache for certain amount of time.
Tricky Question:
While using FTP application, what is the highest layer used during the FTP sessions?
Answer is NOT the SESSION layer. It's an APPLICATION layer
If 5 devices connected to a hub/repeater (L1 device), there is 1 collision domain
If 5 devices connected to a switch/bridge(L2 device), there are 5 collision domain
If router(L3 device) stands between all the devices, we have two broadcast domains
Broadcast domain: Broadcasting sends a message to everyone on the local network(subnet). e.g DHCP Request from client PC . Broadcast domain can also be referred as subnet or VLAN.
Switches Vs Hub:
Hub has one single collision domain
Switch increases the number of collision domains in the network. Switch configured with VLAN reduces the size of the collision domain
Switch forward broadcast and multicast by default to all ports within the same VLAN. Only routers block all broadcast traffic by default
Bridges vs Switches:
Switch is a multipart bridge that allow to create multiple broadcast domains. Each broadcast domain is like a distinct virtual bridge within a switch.
Bridge and Switch learn MAC address by listening to incoming frames and examining the source MAC address in the frame i.e supports ARP (ARP helps switch to increase collision domains. Guess how? )
Switches usually have a higher number of ports than most bridges
L2 devices allows simultaneous frame transmissions i.e full duplex
If you have 100Mb full duplex connection, you can effectively get 200Mb (100Mb tx, 100Mb rx)
L2 devices can filter frames based on MAC addresses thus can be helpful in dealing with unnecessary broadcast and multicast packets
Router
Internetwork communication
it segments LANs into smaller broadcast domains
it does not forward broadcast and multicast traffic by default, unless bridging or IP helpers are configured on the router, LAN broadcasts are blocked at the router level.
Basic function: Packet Switching and Path Selection
Why CDP?
Cisco Discovery Protocol gather hardware and protocol information about neighbor devices
#show cdp neighbor
#show cdp neighbor details
It can verify L2 connectivity (which is helpful to troubleshoot while L3 fails)
Any LAN interface, HDLC, Frame Relay and ATM support CDP. To support forwarding CDP messages over an interface, that interface most support SNAP headers
CDP is not dependent on any L3 protocol, but can pull L3 addressing details
CDP can pull following information from the neighboring device:
Device ID - hostname
Address list - Network and data link address
Port ID - port i.e another name of an interface
Capabilities list - function of device, for instance a router or switch
Platform - model and OS level running in the device
Fiber optic cable is independent of voltage potential difference.
Straight-through cable is used to connect to two different network devices
Only router can terminate a leased T1 access circuit, and only a router can connect two different IP networks. *Serial connection is required for the T1.
WAN generally function at the Physical and Data link layer of the OSI model. Occasionally it also operate at Network layer.
Transport layer ensures end-to-end data delivery, flow control, error recovery, packet reordering, multiplexing data for different flows to applications on the same host and more. Network layer is just 'best effort' communications
Layer 2(data link/ mac) address represents just the next hop address on the way to the sender. It is changed on each hop. However, network address remains the same. Thus network address is used to create a logical path between two host in network.
LAYER : PROTOCOL DATA UNIT(PDU)
--------------------------------------------
Application layer: Data
Transport Layer: Segment
Network Layer: Packet
Data Link Layer: Frame
Physical Layer: Bits/Signals/voltage/light on or off (based on the hardware)
TL segments and reassembles data into a data stream. Sequence number in the TCP header is used to reassemble the segments to reconstruct the original file.
MTU handles the regulation of maximum frame size.
SAR(Segmentation and Reassembly) handles reassembly portion.
Flow control provides a mechanism for the receiver to control the transmission speed. Types of flow control: Congestion avoidance, Windowing, Buffering
TCP window is the amount of outstanding data (unacknowledged by the recipient) a sender can send on a particular connection before it gets an acknowledgement back from the receiver. Example. Over a TCP communicationTCP window size is 100KB, then sender can only send 100KB of data and then it must stop and wait for an acknowledgment from the receiver before it can send another 100KB of data.
TCP packet has:
Source Port, Destination Port
Sequence Number
Ack Number
Flags, Window Size
Checksum
Data
UDP Packet has:
Source Port, Destination Port
Length, Checksum
Data
UDP is used in NFS, SNMP, DNS, TFTP. UDP is used when reliability mechanism of TCP is not needed as there might be a higher-layer protocol providing error and flow control.
NL: Routing (RIP, IGRP, EIGRP, OSPF, BGP) and Routed protocols (IP, IPX)
Application Layer Protocol : Port used in Layer 4
----------------------------------------------------------------
TFTP : UDP port 69
SNMP: UDP port 161, 162
Telnet : TCP port 23
SMTP : TCP port 25
HTTPS : TCP port 443
SSH: TCP port 22
FTP : TCP port 20,21
DNS : both TCP and UDP port 53
HTTP (Note: HTML is not a protocol) : TCP port 80
SIP : TCP/UDP port 5060
Source and Destination ports are used to demultiplex datagrams for receiving application layer processes.
Note: Ping is NOT based on Layer 7. It used ICMP protocol instead of TCP/IP and UDP/IP. It's Layer 3 based thus it is IP protocol. ICMP packets are encapsulated within IP datagrams and can provide hosts with information about network problems. No source and destination ports are included in its packets. Message type is included for representing the purposes of ICMP packet. Message type: 0 echo reply, 3 destination unreachable, 4 source quench, 5 redirect, 8 echo request, 11 time exceeded, 12 parameter problem.
Note: ARP is L2 function , IP is used at L3. ARP finds the hardware address of a host from a known IP address. Network Access Protocols like Ethernet or Token Ring i.e IP looks for destination host's address in the ARP cache. If it's not there, then it uses ARP to find that information. ARP broadcast resolves the MAC address of destination device and keeps it in ARP cache for certain amount of time.
Tricky Question:
While using FTP application, what is the highest layer used during the FTP sessions?
Answer is NOT the SESSION layer. It's an APPLICATION layer
