ATM, PPP

ATM:
ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses short fixed length packets called cells which are about 53 bits in length. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps. I recently read that the new standard may be 2Gbps. ATM's speed is derived from the use of short fixed length cells, which reduce delays, and the variance of delay for delay-sensitive services such as voice and video. ATM is capable of supporting a wide range of traffic types such as voice, video, image and data.

PPP:As an improvement to Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP) was mainly for the transfer of data over slower serial interfaces. It is better than SLIP because it provides multiprotocol support, error correction as well as password protection. It is a Data Link Layer protocol used to encapsulate higher protocols to pass over synchronous or asynchronous communication lines. PPP is capable of operating across any DTE/DCE device, most commonly modems, as long as they support duplex circuits. There are 3 components to PPP:
• HDLC(High-level Data Link Control) - Encapsulates the data during transmission and is a link layer protocol which is also the default Cisco encapsulation protocol for synchronous serial links. HDLC is supposed to be an open standard, but Cisco's version is proprietary, meaning it can only function with Cisco routers.
• LCP(Link Control Protocol) - Establishes, tests and configures the data link connection.
NCPs(Network Control Protocols) - Used to configure the different communication protocols, allowing them on the same line simultaneously. Microsoft uses 3 NCPs for the 3 protocols at the Network Layer (IP, IPX and NetBEUI)

PPP communication occurs in the following manner: PPP sends LCP frames to test and configure the data link. Next, authentication protocols are negotiated to determine what sort of validation is used for security. Below are 2 common authentication protocols:
• PAP is similar to a network login but passwords are sent as clear text. It is normally only used on FTP sites.
• CHAP uses encryption and is a more secure way of sending passwords.

Then NCP frames are used to setup the network layer protocols to be used. Finally, HDLC is used to encapsulate the data stream as it passes through the PPP connection.

Point-to-Point Tunneling Protocol(PPTP) provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. There are 3 steps to setup a secure communication channel:
1. PPP connection and communication to the remote network are established.
2. PPTP creates a control connection between the client and remote PPTP server
3. PPTP creates the IP datagrams for PPP to send.
The packets are encrypted by PPP and sent through the tunnel to the PPTP server which decrypts the packets, disassembles the IP datagrams and routes them to the host. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS).

ISDN

ISDN:
ISDN has the following characteristics:
• Works at the Physical, Data Link, and Network Layers.
• Often used in backup DDR Dial on Demand Routing.
• Makes use of existing telephone.
• Supports simultaneous data and voice.
• Max speed at 125 Kbps with PPP Multilink.
• Call setup and data transfer is faster than typical modems.
• BRI has 2 x 64 1Kbps B Channels for data and one 16 Kbps D Channel for control
• PRI has 23 x B Channels and one D Channel in the US, or 30 x B Channel and one D Channel in Europe.
• E protocol specifies ISDN on existing telephone network
• I protocol specifies Concepts, terminology, and Services
• Q protocol specifies switching and signaling
• ISDN Reference Points include R(between non ISDN equipment and TA), S(between user terminals and NT2), T(between NTI and NT2 devices) and U(between NTI devices and Line Termination Equipment in North America)
• router always connected by the U interface into NT1
• BRI interface is considered Terminal Equipment type 1 TE1
• TE1 is built into the ISDN standards
• Needs to have Terminal Adapter TA to use TE2

Frame Relay

Frame Relay:
Frame Relay has the following characteristics:
• successor to X.25
• has less overhead than X.25 because it relies on upper layer protocols to perform error checking.
• Speed in between the range of 56 Kbps to 2.078 Mbps.
• uses Data Link Connection Identifiers(DLCI) to identify virtual circuits, with DLCI number between 16 and 1007.
• uses Local Management Interfaces(LMI) to provide info on the DLCI values as well as the status of virtual circuits. Cisco routers support Cisco(Default), ANSI and Q933a.
• to set up frame relay, we need to set the encapsulation to frame-relay in either the Cisco(Default) mode or the IETF mode, although Cisco encapsulation is required to connect two Cisco devices.
• LMI type is configurable, but by default it is being auto-sensed.
• generally transfer data with permanent virtual circuits (PVCs), although we can use switched virtual circuits (SVCs) as well.
• SVC is for transferring data intermittently.
• PVC does not have overhead of establishing and terminating a circuit each time communication is needed.
• Committed Information Rate(CIR) is the guaranteed minimum transfer rate of a connection

Cisco has a web page that describes the configuration and troubleshooting of Frame relay at http://www.cisco.com/warp/public/125/13.html

WAN Protocols

WAN Protocols:
In general, there are three broad types of WAN access technology. With Leased Lines, we have point-to-point dedicated connection that uses pre-established WAN path provided by the ISP. With Circuit Switching such as ISDN, a dedicated circuit path exist only for the duration of the call. Compare to traditional phone service, ISDN is more reliable and is faster. With Packet Switching, all network devices share a single point-to-point link to transport packets across the carrier network - this is known as virtual circuits.

When we talk about Customer premises equipment(CPE), we are referring to devices physically located at the subscriber?s location. Demarcation is the place where the CPE ends and the local loop begins. A Central Office(CO) has switching facility that provides point of presence for its service. Data Terminal Equipment(DTE) are devices where the switching application resides, and Date Circuit-terminating Equipment(DCE) are devices that convert user data from the DTE into the appropriate WAN protocol. A router is a DTE, while a DSU/CSU device or modem are often being referred to as DCEs.

Bridging/Switching:

Bridging/Switching:
Bridge - A layer 2 device used to connect different networks types or networks of the same type. It maps the Ethernet addresses of the nodes residing on each segment and allows only the necessary traffic to pass through the bridge. Packet destined to the same segment is dropped. This "store-and-forward" mechanism inspects the whole Ethernet packet before making a decision. Unfortunately, it cannot filter out broadcast traffic. Also, it introduces a 20 to 30 percent latency when processing the frame. Only 2 networks can be linked with a bridge.
• Switch - Switches are layer 2 devices that can link up four, six, eight or even more networks. Switches are the only devices that allow for microsegmentation. Cut-through switches run faster because when a packet comes in, it forwards it right after looking at the destination address only. A store-and-forward switch inspects the entire packet before forwarding. Most switches cannot stop broadcast traffic. Switches are considered dedicated data link device because they are close to a 100 % of the bandwidth. While bridging does most of its work by hardware, switches use fabric/software to handle most of its work.

Store-and-forward
- The entire frame is received before any forwarding takes place. The destination and/or the source addresses are read and filters are applied before the frame is forwarded. Latency occurs while the frame is being received; the latency is greater with larger frames because the entire frame takes longer to read. Error detection is high because of the time available to the switch to check for errors while waiting for the entire frame to be received. This method discards frames smaller than 64 bytes (runts) and frames larger than 1518 bytes (giants).

Cut-Through - The switch reads the destination address before receiving the entire frame. The frame is then forwarded before the entire frame arrives. This mode decreases the latency of the transmission and has poor error detection. This method has two forms, Fast-forward and fragment-free.
Fast-forward switching - Fast-forward switching offers the lowest level of latency by immediately forwarding a packet after receiving the destination address. Because fast-forward switching does not check for errors, there may be times when frames are relayed with errors. Although this occurs infrequently and the destination network adapter discards the fault frame upon receipt. In networks with high collision rates, this can negatively affect available bandwidth.
Fragment Free Switching - Use the fragment-free option to reduce the number of collisions frames forwarded with errors. In fast-forward mode, latency is measured from the first bit received to the first bit transmitted, or first in, first out (FIFO). Fragment-free switching filters out collision fragments, which are the majority of packets errors, before forwarding begins. In a properly functioning network, collision fragments must be smaller then 64 bytes. Anything greater than 64 byes is a valid packet and is usually received without error. Fragment-free switching waits until the received packet has been determined not to be a collision fragment before forwarding the packet. In fragment-free, latency is measured as FIFO.
Spanning-Tree Protocol - Allows duplicate switched/bridged paths without incurring the latency effects of loops in the network.

The Spanning-Tree Algorithm, implemented by the Spanning-Tree Protocol, prevents loops by calculating stable spanning-tree network topology. When creating a fault-tolerant network, a loop-free path must exist between all nodes in the network The Spanning-Tree Algorithm is used to calculate a loop-free paths. Spanning-tree frames, called bridge protocol data units (BPDUs), are sent and received by all switches in the network at regular intervals and are used to determine the spanning-tree topology. A switch uses Spanning-Tree Protocol on all Ethernet-and Fast Ethernet-based VLANs. Spanning-tree protocol detects and breaks loops by placing some connections in standby mode, which are activated in the event of an active connection failure. A separate instance Spanning-Tree Protocol runs within each configured VLAN, ensuring topologies, mainly Ethernet topologies that conform to industry standards throughout the network. These modes are as follows:
• Blocking- NO frames forwarded, BPDUs heard.
• Listening ? No frames forwarded, listening for frames
• Learning- No frames forwarded, learning addresses.
• Forwarding- Frames forwarded, learning addresses.
• Disabled- No frames forwarded, no BPDUs heard.
The state for each VLAN is initially set by the configuration and later modified by the Spanning-Tree Protocol process. You can determine the status, cost and priority of ports and VLANs, by using the show spantree command. After the port-to-VLAN state is set, Spanning-Tree Protocol determines whether the port forwards or blocks frames.

ETHERNET

Fast Ethernet
For networks that need higher transmission speeds, there is the Fast Ethernet standard called IEEE 802.3u that raises the Ethernet speed limit to 100 Mbps! Of course, we need new cabling to support this high speed. In 10BaseT network we use Cat3 cable, but in 100BaseT network we need Cat 5 cables. The three types of Fast Ethernet standards are 100BASE-TX for use with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and 100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable.

Gigabit Ethernet
Gigabit Ethernet is an emerging technology that will provide transmission speeds of 1000mbps. It is defined by the IEEE standard The 1000BASE-X (IEEE 802.3z). Just like all other 802.3 transmission types, it uses Ethernet frame format, full-duplex and media access control technology.

Token Ring

Token Ring is an older standard that isn't very widely used anymore as most have migrated to some form of Ethernet or other advanced technology. Ring topologies can have transmission rates of either 4 or 16mbps. Token passing is the access method used by token ring networks, whereby, a 3bit packet called a token is passed around the network. A computer that wishes to transmit must wait until it can take control of the token, allowing only one computer to transmit at a time. This method of communication aims to prevent collisions. Token Ring networks use multistation access units (MSAUs) instead of hubs on an Ethernet network. For extensive information on Token Ring, visit Cisco's website.

Diagnostic Tools

Diagnostic Tools• Network Monitor - Tracks usage of network resources(good for establishing a network baseline).
Performance Monitor - Tracks usage of various resources over time(good for establishing a general baseline).
Tone Generator - Used to test cabling. Identifies which cable or wire is being tested by generating different tones.
TDR (Time Domain Reflectometer): Sends a signal down a cable and measures the distance that the signal travelled before bouncing back(like sonar). Used to find opens and shorts in cables.
Oscilloscope - Tests cable by determining where there are shorts, crimps or attenuation.
Protocol Analyzers - This tool is used to monitor network traffic and display packet and protocol statistics and information.
Optical Testers - A tool used to monitor and troubleshoot the performance of a fiber optic network.
Crimping Tools - Crimping tools are used to connect cabling to their appropriate connectors. There are different crimping tools for different types of connections.
Punch Down Tool - A punch down tool is used to connect cabling such as telephone and ethernet to wall jacks.

Network Management

Network Management
This section discusses network management, storage and recovery concepts:
VLAN - A virtual LAN is a local area network with a definition that maps workstations on some other basis than geographic location (for example, by department, type of user, or primary application). The virtual LAN controller can change or add workstations and manage loadbalancing and bandwidth allocation more easily than with a physical picture of the LAN. Network management software keeps track of relating the virtual picture of the local area network with the actual physical picture.
Fault Tolerance - Fault-tolerance describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately take its place with no loss of service. Fault tolerance can be provided with software, or embedded in hardware, or provided by some combination. This is an important component of disaster recovery which is being included more and more in operating system software. For example, Windows 2000 includes RAID and tape backup functions although additional hardware is required.
Network Attached Storage - Network Attached Storage, or NAS, is a data storage mechanism that uses special devices connected directly to the network media. These devices are assigned an IP address and can then be accessed by clients via a server that acts as a gateway to the data, or in some cases allows the device to be accessed directly by the clients without an intermediary. Some of the big advantages of NAS include the expandability; need more storage space, add another NAS device and expand the available storage. NAS also brings an extra level of fault tolerance to the network. In a direct attached storage environment, a server going down means that the data that that server holds is no longer available. With NAS, the data is still available on the network and accessible by clients. Fault tolerant measures such as RAID can be used to make sure that the NAS device does not become a point of failure.

Remote Access Protocols and Services

Remote Access Protocols and ServicesThis section describes some of the various protocols and services used for remote and secure connections.
RAS - RAS stands for "Remote Access Service", Microsoft's term for modem pools. This service provides dial-in access to networks and to the Internet.
PPP - Point-to-point Protocol (PPP) is a method for connecting a personal computer to the Internet using a standard phone line and a modem. The difference between PPP and other, older dial-up procedures is that a PPP setup will establish a direct Internet connection that allows the PC to use TCP/IP (Internet-based) applications.
PPTP - The Point to Point Tunneling Protocol (PPTP) provides for the secure transfer of data from a remote client to a private server by creating a multi-protocol Virtual Private Network(VPN) by encapsulating PPP packets into IP datagrams. Setting Up PPTP requires a PPTP Client, PPTP Server and a Network Access Server(NAS). PPTP does not support the Appletalk protocol.
IPsec - IPSec is a suite of Internet-standard protocols that allow secure, encrypted communications between two computers over an insecure network. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer.
L2TP - L2TP creates a tunnel through a public network that is authenticated on both ends, uses header compression, and relies on IPSec for encryption of data passed through the tunnel. L2TP works like PPTP in that it creates a "tunnel", but uses IPSec encryption in order to support non-IP protocols and authentication.
SSL - SSL (Secure Sockets Layer) uses a technique called public-key cryptography to provide encrypted connections. This enables you to move information across the Internet with confidence that it will not be intercepted or modified in transit. This is heavily used in e-commerce and can be identified by a URL that begins with HTTPS.
Kerberos - This form of security has been evolving in the Unix world for a long time and is now becoming a standard. Kerberos provides mutual authentication between a client and a server or between servers before a network connection is opened between them. Rather than sharing a password, computers share a cryptographic key, and they use knowledge of this key to verify each other's identities. Kerberos security only works with computers running Kerberos security software.

CCNA NOTES

FDDI - Fiber Distributed Data Interface (FDDI) is an appealing choice for high-speed data networking. Essentially, it is a very high-speed token ring network connected by optical fibers. With a data transfer rate of 100Mbps, the ring can support up to 500 nodes with as much as 2 km of spacing between adjacent nodes.
ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-switching technique that uses short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and WAN connections at speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting a wide range of traffic types such as voice, video, image and data.
Frame Relay - Frame relay is a secure, private network that utilizes a logical path or ?virtual circuit? to allocate bandwidth for high performance transmissions. Frame relay is the premier high-speed packet-switching protocol communicating data, imaging, and voice between multiple locations. Frame relay is available in a range of bandwidths from 56 Kbps to full T1 (1.54 Mbps).