ICND1 100-105

ICND1 100-105

Exploring the Packet Delivery Process

We know that layer 1 deals with physical media; it is all about bits, signals, connectors, cabling, and other physical components. Examples are: the serial connections for WAN type connectivity, repeaters for optical networking, and other protocols and the physical specifications of the network interface cards, which could be, for example, an Ethernet.

Layer 2 Devices

At layer 2, we are dealing with access to the media. So, among other things, we will do framing of information to then provide to the physical layer, but also addressing at layer 2 and bridging and switching to overcome the limitations of the physical media and also to aggregate multiple connections from multiple end points. And so, the network interface card of an Ethernet machine, or machine with a connection to the Ethernet network, will have the Ethernet intelligence to access the media. A switch will be able to aggregate and connect multiple devices. And bridges were traditionally used, among other things, to again extend the distance limitations of certain physical media.

Addressing at layer 2 is key because, again, we are talking about peer-to-peer communications from layer to layer at the two endpoints. And so, an example of this would be the media access control address, or MAC address, present in Ethernet networks. All endpoints are assigned a MAC address, and even switches on other network elements will sometimes require MAC addresses.

Layer 3 Devices

Networks may be separate in terms of distance and geography, or you simply may want to break your network into multiple segments, not to overcrowd each segment. At that point, you will require a layer 3 device to perform the routing function and path selection. Hosts and end points will also have a network layer; this is to make decisions in terms of where to send packets. If the destination is in a different segment or network, routers are layer 3 devices by nature, and the layer 3 information on routers will define the actual path across the network and how traffic follows behave.

Layer 3 addresses are necessary not only because of the peer-to-peer communications model, but also to add that hierarchical approach to naming machines and identifying devices. Each network operating system will have its own layer 3 address format.. TCP/IP uses IP addresses. More generic OSI models used NSAP addresses, but the fact is each device will have its own unique IP address, or layer 3 address, and the hierarchy built into each layer 3 address will serve the purpose of allowing devices, end points, and routers to find what the next-hop should be in order to approach and get to the destination.

ARP Process Explained

We know that interaction between layers is a key to any layered model. In fact, in a peer-to-peer communications model, we know that the vertical communication between layers is going to be important. The address resolution protocol in IP will serve the purpose of bridging the gap between layer 3 and 2. When packets are being assembled and communications are being established, devices will eventually need to access a media, and for that, they need to go to layer 2, and for that, they will need a MAC address in the case of Ethernet scenarios. The info coming from above is an IP address, and ARP will translate between the two. So in this example, we have machine A there, trying to send packets to 172.16.3.2. In order to resolve and identify the MAC address, we will use ARP to broadcast into the network asking the question, “Who is 172.16.3.2?” Every machine will receive the request because it is a broadcast, and only the machine with a matching IP will reply with its own MAC address. This is in the form of an ARP reply. The sender will now have the MAC address information and will be able to establish communication at layer 2.

ARP - How it works

It is important that ARP information be cached at each endpoint and device. This is due to the fact that broadcasts are costly in terms of networking, and the information should be kept for a while, especially knowing that it is unlikely to change in a specific conversation or connection. And so, the ARP table or ARP cache will contain the mapping information, and it will be dynamic enough to learn the ARP, keep the mapping there for a while, and then expire it in order to save resources at the machine and in order to accommodate for any changes in the mapping that may go on during the conversation or after the conversation. The time out is typically set to 300 seconds, but this depends on the operating system. In example the command to display the ARP table on Windows operating systems is arp -a.

C:\Users\Administrator>arp -a
Interface: 192.168.0.7 --- 0xe
  Internet Address      Physical Address      Type
  192.168.0.1           a0-f3-c1-05-a4-96     dynamic
  192.168.0.6           e4-ce-8f-9c-19-b3     dynamic
  192.168.0.12          00-26-96-00-18-5e     dynamic
  192.168.0.255         ff-ff-ff-ff-ff-ff     static

Host-Based Tools

One good way to verify connectivity without the need to have an application sending data is to use the various tools available at the network layer. Ping is an example of this. It will use ICMP echo requests to send a probe to a particular IP address or DNS name in example. Obviously, DNS will resolve to an IP address, and in the end, the ping works at layer 3 toward that IP address. If the probe reaches the destination and the destination is able to reply within the ICMP echo reply, then the original sender will see that and be able to determine whether the destination is up and running, it would be a waste of time to do this without measuring how much time it takes to get to the destination back. And so, the ping tool includes the round trip time to the destination. The output of the command also gives you minimum, and maximum, and average round trips, and a percentage of packet loss. Other parameters that go along with the command allow you to define the packet size, number of probes to send, and the timeout to wait for each reply.

Another very useful tool is trace. In the case of Windows, the command is tracert. This one will display all of the routers, and between the sender and the receiver. So, it effectively displays the whole path toward the destination, accounting all of the hops or gateways in the middle. It will also include round trip information to each gateway, and the last line would display round trip to the actual destination. It may be implemented differently in different operating systems: some of them use UDP packets, some of them use ICMP, taking advantage of the time exceeded error message within ICMP. Similar to other commands, it also includes other parameters. You can add to the command-line interface and, for example, set the maximum number of hops to include in the output or define a specific list of gateways to go through in order to reach the destination.