Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Course INF152

Download as pdf or txt
Download as pdf or txt
You are on page 1of 238

Recommendations

 Huawei Learning Website


 http://learning.huawei.com/en

 Huawei e-Learning
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=MW
000001_term1000025144&lang=en

 Huawei Certification
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en

 Find Training
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en

More Information
 Huawei learning APP

版权所有© 2019 华为技术有限公司




HuaweiCertification

HCIA-
Routing&Switching
ENTRY

HuaweiNetworkingTechnologyandDevice



HuaweiTechnologiesCo.,Ltd.
Copyright © Huawei Technologies Co., Ltd. 2019. 


Allrightsreserved.
Huaweiownsallcopyrights,exceptforreferencestootherparties.Nopartofthis
documentmaybereproducedortransmittedinanyformorbyanymeanswithout
priorwrittenconsentofHuaweiTechnologiesCo.,Ltd.


TrademarksandPermissions

 andotherHuaweitrademarksaretrademarksofHuaweiTechnologiesCo.,Ltd. 

Allothertrademarksandtradenamesmentionedinthisdocumentarethepropertyof
theirrespectiveholders.


Notice

Theinformationinthismanualissubjecttochangewithoutnotice.Everyefforthas
beenmadeinthepreparationofthismanualtoensureaccuracyofthecontents,butall
statements,information,andrecommendationsinthismanualdonotconstitutethe
warrantyofanykind,expressorimplied.

HuaweiCertification

HCIA-Routing&SwitchingHuaweiNetworkingTechnology

andDevice 

Entry

Version2.5 
HuaweiCertificationSystem

Relying on its strong technical and professional training and certification system
and in accordance with customers of different ICT technology levels, Huawei
certification is committed to providing customers with authentic, professional
certification,andaddressestheneedforthedevelopmentofqualityengineersthat
arecapableofsupportingEnterprisenetworksinthefaceofaneverchangingICT
industry. The Huawei certification portfolio for routing and switching (R&S) is
comprisedofthreelevelstosupportandvalidatethegrowthandvalueofcustomer
skillsandknowledgeinroutingandswitchingtechnologies.

TheHuaweiCertifiedNetworkAssociate(HCIA)certificationlevelvalidatestheskills
and knowledge of IP network engineers to implement and support small to
medium-sized enterprise networks. The HCIA certification provides a rich
foundation of skills and knowledge for the establishment of such enterprise
networks, along with the capability to implement services and features within
existingenterprisenetworks,toeffectivelysupporttrueindustryoperations.

HCIA certification covers fundamentals skills for TCP/IP, routing, switching and
related IP network technologies, together with Huawei data communications
products, and skills for versatile routing platform (VRP) operation and
management.

The Huawei Certified Network Professional (HCIP-R&S) certification is aimed at
enterprise network engineers involved in design and maintenance, as well as
professionals who wish to develop an in depth knowledge of routing, switching,
networkefficiencyandoptimizationtechnologies.HCIP-R&Sconsistsofthreeunits
including Implementing Enterprise Routing and Switching Network (IERS),
Improving Enterprise Network Performance (IENP), and Implementing Enterprise
Network Engineering Project (IEEP), which includes advanced IPv4 routing and
switchingtechnologyprinciples,networksecurity,highavailabilityandQoS,aswell
asapplicationofthecoveredtechnologiesinHuaweiproducts.

TheHuaweiCertifiedInternetExpert(HCIE-R&S)certificationisdesignedtoimbue
engineerswithavarietyofIPnetworktechnologiesandproficiencyinmaintenance,
forthediagnosisandtroubleshootingofHuaweiproducts,toequipengineerswith
in-depth competency in the planning, design and optimization of large-scale IP
networks.


CONTENTS

IntroductiontoTransmissionMedia..................................................................1 

EthernetFraming.................................................................................................14 

IPAddressing.......................................................................................................34 

InternetControlMessageProtocol..................................................................61 

AddressResolutionProtocol ............................................................................76 

TransportLayerProtocols..................................................................................91 

DataForwardingScenario................................................................................107 

VRPFoundation.................................................................................................124 

NavigatingtheCLI.............................................................................................139 

FileSystemNavigationandManagement.....................................................157 

VRPOperatingSystemImageManagement.................................................176 

EstablishingaSingleSwitchedNetwork........................................................190 

SpanningTreeProtocol....................................................................................202 
RapidSpanningTreeProtocol.........................................................................234 

BasicKnowledgeofIPRouting.......................................................................260 

IPStaticRoutes..................................................................................................274 

LinkStateRoutingwithOSPF..........................................................................290 

DHCPProtocolPrinciples ...............................................................................319 

FTPProtocolPrinciples.....................................................................................336 

TelnetProtocolPrinciples................................................................................347 
 Anetworkcanbeunderstoodtobethecapabilityoftwoormoreentitiesto
communicateoveragivenmedium.Thedevelopmentofanynetworkreliesonthis
sameprincipleforestablishingcommunication.Commonlytheentitieswithina
networkthatareresponsibleforthetransmissionandreceptionofcommunication
areknownasendstations,whilethemeansbywhichcommunicationisenabledis
understoodtobethemedium.Withinanenterprisenetwork,themediumexistsin
avarietyofformsfromaphysicalcabletoradiowaves.
 Thecoaxialcablerepresentsamorehistoricformoftransmissionmediumthat
maytodaybelimitedinusagewithintheenterprisenetwork.Asatransmission
medium,thecoaxialcablecomprisesgenerallyoftwostandards,the10Base2and
10Base5forms,thatareknownasThinnet or Thinwire,andThicknet orThickwire
respectively.

 Thestandardsbothsupportatransmissioncapacityof10Mbpstransmittedas
baseband signals for respective distances of 185 and 500 meters. In today’s
enterprisenetworks,thetransmissioncapacityisextremelylimitedtobeofany
significantapplication.TheBayonetNeill-Concelman (BNC)connectoristhe
commonformofconnectorusedforthin10Base2coaxialcables,whileatypeN
connectorwasappliedtothethicker10Base5transmissionmedium.
 Ethernetcablinghasbecomethestandardformany enterprisenetworksproviding
atransmissionmediumthatsupportsamuchhighertransmissioncapacity.The
mediumsupportsafourcopperwirepaircontainedwithinasheathwhichmayor
maynotbeshieldedagainstexternalelectricalinterference.Thetransmission
capacityisdeterminedmainlybasedonthecategoryofcablewithcategory5
(CAT5)supportingFastEthernettransmissioncapacityofupto100Mbps,whilea
higherGigabitEthernettransmissioncapacityissupportedfromCategory5
extended(CAT5e)standardsandhigher.

 ThetransmissionoverEthernetasaphysicalmediumisalsosusceptibleto
attenuation,causingthetransmissionrangetobelimitedto100meters.TheRJ-45
connectorisusedtoprovideconnectivitywithwirepaircablingrequiringspecific
pinorderingwithintheRJ-45connector,toensurecorrecttransmissionand
receptionbyendstationsoverthetransmissionmedium.
 Opticalmediauseslightasameansofsignaltransmissionasopposedtoelectrical
signalsfoundwithinbothEthernetandcoaxialmediatypes.Theopticalfiber
mediumsupportsarangeofstandardsof10Mbps,100Mbps,1Gbpsandalso
10Gbps(10GBASE)transmission.Singleormulti-modefiberdefinestheuseofan
opticaltransmissionmediumforpropagatingoflight,wheresinglemoderefersto
asinglemodeofopticaltransmissionbeingpropagated,andisusedcommonlyfor
highspeedtransmissionoverlongdistances.

 Multimodesupportspropagationofmultiplemodesofopticaltransmissionthat
aresusceptibletoattenuationasaresultofdispersionoflightalongtheoptical
medium,andthereforeisnotcapableofsupportingtransmissionoverlonger
distances.Thismodeisoftenappliedtolocalareanetworkswhichencompassa
muchsmallertransmissionrange.Thereareanextensivenumberoffiber
connectorstandardswithsomeofthemorecommonformsbeingrecognizedas
theSTconnector,LCconnectorandSC,orsnapconnector.
 Serialrepresentsastandardinitiallydevelopedover50yearsagotosupport
reliabletransmissionbetweendevices,duringwhichtimemanyevolutionsofthe
standardhavetakenplace.Theserialconnectionisdesignedtosupportthe
transmissionofdataasaserialstreamofbits.Thecommonstandardimplemented
isreferredtoas(RecommendedStandard)RS-232butitislimitedsomewhatby
bothdistanceandspeed.OriginalRS-232standardsdefinethatcommunication
speedssupportedbenogreaterthat20Kbps,basedonacablelengthof50ft(15
meters),howevertransmissionspeedsforserialisunlikelytobelowerthan115
Kbps.Thegeneralbehaviorforserialmeansthatasthelengthofthecable
increases,thesupportedbitratewilldecrease,withanapproximationthatacable
ofaround150meters,or10timestheoriginalstandards,thesupportedbitrate
willbehalved.

 Otherserialstandardshavethecapabilitytoachievemuchgreatertransmission
ranges,suchasisthecasewiththeRS-422andRS-485standardsthatspan
distancesofupto4900ft(1200meters)andareoftensupportedbyV.35
connectors that were made obsolete during the late 1980’s but are still often
foundandmaintainedtodayinsupportoftechnologiessuchasFrameRelayand
ATM,whereimplemented.RS-232itselfdoesnotdefineconnectorstandards,
howevertwocommonformsofconnectorthatsupporttheRS-232standard
includetheDB-9andDB-25connectors.Newerserialstandardshavebeen
developed to replacemuch oftheexisting RS-232serial technology,including
bothFireWireandtheuniversalserialbus(USB)standards,thatlatterofwhichis
becomingcommonplaceinmanynewerproductsanddevices.
 Inordertoenablecommunicationoverphysicallinks,signalsmustbetransmitted
betweenthetransmittingandreceivingstations.Thissignalwill varydependingon
themediumthatisbeingused,asinthecaseofopticalandwirelesstransmission.
Themainpurposeofthesignalistoensurethatsynchronization(orclocking)
betweenthesenderandreceiveroveraphysicalmediumismaintained,aswellas
supporttransmissionofthedatasignalinaformthatcanbeinterpretedbyboth
thesenderandreceiver.

 Awaveformiscommonlyrecognizedasapropertyoflineencodingwherethe
voltageistranslatedintoabinaryrepresentationof0and1valuesthatcanbe
translatedbythereceivingstation.Variouslinecodingstandardsexist,with10Base
EthernetstandardssupportingalineencodingstandardknownasManchester
encoding.FastEthernetwithafrequencyrangeof100MHzinvokesahigher
frequencythancanbesupportedwhenusingManchesterencoding.

 AnalternativeformoflineencodingisthereforeusedknownasNZRI,whichin
itselfcontainsvariationsdependant onthephysicalmedia,thussupportingMLT-3
for100Base-TXand100Base-FXtogetherwithextendedlineencodingknownas
4B/5Bencodingtodealwithpotentialclockingissues.100Base-T4forexample
usesanotherformknownas8B/6Textendedlineencoding.GigabitEthernet
supports8B/10Blineencodingwiththeexceptionof1000Base-Twhichreliesona
complexblockencodingreferredtoas4D-PAM5.
 Ethernetrepresentswhatisunderstoodtobeamulti-accessnetwork,inwhichtwo
ormoreendstationsshareacommontransmissionmediumfortheforwardingof
data.Thesharednetworkishoweversusceptibletotransmissioncollisionswhere
dataisforwardedbyendstationssimultaneouslyoveracommonmedium.A
segmentwheresuchoccurrencesarepossibleisreferredtoasasharedcollision
domain.

 Endstationswithinsuchacollisiondomainrelyoncontentionforthetransmission
ofdatatoanintendeddestination.Thiscontentiousbehaviorrequireseachend
stationmonitorforincomingdataonthesegmentbeforemakinganyattemptto
transmit,inaprocessreferredtoasCarrierSenseMultiple-AccessCollision
Detection(CSMA/CD).However,evenaftertakingsuchprecautionsthepotential
fortheoccurrenceofcollisionsasaresultofsimultaneoustransmissionbytwo
endstationsremainshighlyprobable.
 Transmissionmodesaredefinedintheformofhalfandfullduplex,todetermine
thebehaviorinvolvedwiththetransmissionofdataoverthephysicalmedium.

 Halfduplexreferstothecommunicationoftwoormoredevicesoverashared
physicalmediuminwhichacollisiondomainexists,andwithitCSMA/CDis
requiredtodetectforsuch collisions.Thisbeginswiththestationlisteningfor
receptionoftrafficonitsowninterface,andwhereitisquietforagivenperiod,
willproceedtotransmititsdata.Ifacollisionweretooccur,transmissionwould
cease,followedbyinitiationofabackoffalgorithmtopreventfurther
transmissionsuntilarandomvaluetimerexpires,followingwhichretransmission
canbereattempted.

 Fullduplexdefinesthesimultaneousbidirectionalcommunicationoverdedicated
point-to-pointwirepairs,ensuringthatthereisnopotentialforcollisionsto occur,
andthusthereisnorequirementforCSMA/CD.
 GigabitEthernettransmissionissupportedbyCAT5ecablingandhigher,andalso
anyformof1000BaseFiberOpticcablingorgreater.

 Acollisiondomainisanetworksegmentforwhichthesamephysicalmediumis
usedforbi-directionalcommunication.Datasimultaneouslytransmittedbetween
hostsonthesamesharednetworkmediumissusceptibletoacollisionofsignals
beforethosesignalsreachtheintendeddestination.Thisgenerallyresultsin
malformedsignalseitherlargerorsmallerthantheacceptablesizefor
transmission(64bytes– 1500bytes),alsoknowasruntsandgiants,beingreceived
bytherecipient.

 CSMA/CDisamechanismfordetectingandminimizingthepossibility ofcollision
eventsthatarelikelytooccurinasharednetwork.CSMArequiresthatthe
transmittinghostfirstlistenforsignalsonthesharedmediumpriorto
transmission.Intheeventthatnotransmissionsaredetected,transmissioncan
proceed.Intheunfortunatecircumstancethatsignalsaretransmitted
simultaneouslyandacollisionoccurs,collisiondetectionprocessesareappliedto
ceasetransmissionforalocallygeneratedperiodoftime,toallowcollisionevents
toclearandtoavoidfurthercollisionsfromoccurringbetweentransmittinghosts.
 Communication over networks relies on the application of rules that govern how
data is transmitted and processed in a manner that is understood by both the
sending and receiving entities. As a result, multiple standards have been
developed over the course of time with some standards becoming widely adopted.
There exists however a clear distinction between the standards that manage
physical data flow and the standards responsible for logical forwarding and
delivery of traffic.

 The IEEE 802 standards represent a universal standard for managing the physical
transmission of data across the physical network and comprises of standards
including the Ethernet standard 802.3 for physical transmission over local area
networks.

 Alternative standards exist for transmission over wide area networks operating
over serial based media, including Ethernet, PPP and HDLC. TCP/IP has been widely
adopted as the protocol suite defining the upper layer standards, regulating the
rules (protocols) and behavior involved in managing the logical forwarding and
delivery between end stations.
 The TCP/IP reference model primarily concerns with the core principles of the
protocol suite, which can be understood as the logical transmission and delivery of
traffic between end stations. As such the TCP/IP protocol reference model
provides a four layer representation of the network, summarizing physical
forwarding behavior under the network interface layer, since lower layer operation
is not the concern of the TCP/IP protocol suite.

 Primary focus remains on the network (or Internet) layer which deals with how
traffic is logically forwarded between networks, and the transport (sometimes
referred to as host-to-host) layer that manages the end-to-end delivery of traffic,
ensuring reliability of transportation between the source and destination end
stations. The application layer represents an interface through a variety of
protocols that enable services to be applied to end user application processes.
 Although the TCP/IP reference model is primarily supported as the standard model
based on TCP/IP protocol suite, the focus of the TCP/IP reference model does not
clearly separate and distinguish the functionality when referring lower layer
physical transmission.

 In light of this, the open systems interconnection, or OSI reference model is often
recognized as the model for reference to IEEE 802 standards due to the clear
distinction and representation of the behavior of lower layers which closely
matches the LAN/MAN reference model standards that are defined as part of the
documented IEEE 802-1990 standards for local and metropolitan area networks. In
addition, the model that is generally in reference to the ISO protocol suite,
provides an extended breakdown of upper layer processing.
 As upper layer application data is determined for transmission over a network
from an end system, a series of processes and instructions must be applied to the
data before transmission can be successfully achieved. This process of appending
and pre-pending instructions to data is referred to as encapsulation and for which
each layer of the reference model is designed to represent.

 As instructions are applied to the data, the general size of the data increases. The
additional instructions represent overhead to the existing data and are recognized
as instructions to the layer at which the instructions were applied. To other layers,
the encapsulated instructions are not distinguished from the original data. The
final appending of instructions is performed as part of the lower layer protocol
standards (such as the IEEE 802.3 Ethernet standard) before being carried as an
encoded signal over a physical medium.
 As part of the IEEE 802.3 Ethernet standard, data is encapsulated with instructions
in the form of a header and a trailer before it can be propagated over physical
media on which Ethernet is supported. Each stage of encapsulation is referred to
by a protocol data unit or PDU, which at the data link layer is known as a frame.

 Ethernet frames contain instructions that govern how and whether data can be
transmitted over the medium between two or more points. Ethernet frames come
in two general formats, the selection of which is highly dependant on the
protocols that have been defined prior to the framing encapsulation.
 Two frame formats are recognized as standard for Ethernet based networks. The
DIX version 2 frame type standard was originally developed during the early
1980’s, where today it is recognized as the Ethernet II frame type. Ethernet II was
eventually accepted and integrated into the IEEE 802 standards, highlighted as
part of section 3.2.6 of the IEEE 802.3x-1997 standards documentation. The IEEE
802.3 Ethernet standard was originally developed in 1983, with key differences
between the frame formats including a change to the type field that is designed to
identify the protocol to which the data should be forwarded to once the frame
instructions have been processed. In the IEEE 802.3 Ethernet format, this is
represented as a length field which relies on an extended set of instructions
referred to as 802.2 LLC to identify the forwarding protocol.
 Ethernet II and IEEE 802.3 associate with upper layer protocols that are
distinguished by a type value range, where protocols supporting a value less than
or equal to 1500 (or 05DC in Hexadecimal) will employ the IEEE 802.3 Ethernet
frame type at the data link layer. Protocols represented by a type value greater
than or equal to 1536 (or 0600 in Hexadecimal) will employ the Ethernet II
standard, and which represents the majority of all frames within Ethernet based
networks.
 Other fields found within the frame include the destination and source MAC
address fields that identify the sender and the intended recipient(s), as well as the
frame check sequence field that is used to confirm the integrity of the frame
during transmission.
 The Ethernet II frame references a hexadecimal type value which identifies the
upper layer protocol. One common example of this is the Internet Protocol (IP)
which is represented by a hexadecimal value of 0x0800. Since this value for IP
represents a value greater than 0x0600, it is determined that the Ethernet II frame
type should be applied during encapsulation. Another common protocol that relies
on the Ethernet II frame type at the data link layer is ARP, and is represented by
the hexadecimal value of 0x0806.
 For the IEEE 802.3 frame type, the type field is contained as part of the SNAP
extension header and is not so commonly applied the protocols in today’s
networks, partially due to the requirement for additional instructions which results
in additional overhead per frame. Some older protocols that have existed for many
years but that are still applied in support of Ethernet networks are likely to apply
the IEEE 802.3 frame type. One clear example of this is found in the case of the
Spanning Tree Protocol (STP) that is represented by a value of 0x03 within the type
field of the SNAP header.
 Ethernet based networks achieve communication between two end stations on a
local area network using Media Access Control (MAC) addressing that allows end
systems within a multi access network to be distinguished. The MAC address is a
physical address that is burned into the network interface card to which the
physical medium is connected. This same MAC address is retrieved and used as the
destination MAC address of the intended receiver by the sender, before the frame
is transferred to the physical layer for forwarding over the connected medium.
 Each MAC address is a 48 bit value commonly represented in a hexadecimal (base
16) format and comprised of two parts that attempt to ensure that every MAC
address is globally unique. This is achieved by the defining of an organizationally
unique identifier that is vendor specific, based on which it is possible to trace the
origin of a product back to its vendor based on the first 24 bits of the MAC
address. The remaining 24 bits of the MAC address is a value that is incrementally
and uniquely assigned to each product (e.g. a Network Interface Card or similar
product supporting port interfaces for which a MAC is required).
 The transmission of frames within a local network is achieved using one of three
forwarding methods, the first of these is unicast and refers to the transmission
from a single source location to a single destination. Each host interface is
represented by a unique MAC address, containing an organizationally unique
identifier, for which the 8th bit of the most significant octet (or first byte) in the
MAC address field identifies the type of address. This 8th bit is always set to 0
where the MAC address is a host MAC address, and signifies that any frame
containing this MAC address in the destination MAC address field is intended for a
single destination only.

 Where hosts exist within a shared collision domain, all connected hosts will receive
the unicast transmission but the frame will be generally ignored by all hosts where
the MAC address in the destination MAC field of the frame does not match the
MAC value of the receiving host on a given interface, leaving only the intended
host to accept and process the received data. Unicast transmissions are only
forwarded from a single physical interface to the intended destination, even in
cases where multiple interfaces may exist.
 Broadcast transmission represents a forwarding method that allows frames to be
flooded from a single source received by all destinations within a local area
network. In order to allow traffic to be broadcasted to all hosts within a local area
network, the destination MAC address field of the frame is populated with a value
that is defined in hexadecimal as FF:FF:FF:FF:FF:FF, and which specifies that all
recipients of a frame with this address defined should accept receipt of this frame
and process the frame header and trailer.

 Broadcasts are used by protocols to facilitate a number of important network


processes including discovery and maintenance of network operation, however
also generate excessive traffic that often causes interrupts to end systems and
utilization of bandwidth that tend to reduce the overall performance of the
network.
 A more efficient alternative to broadcast that has begun to replace the use of
broadcasts in many newer technologies is the multicast frame type. Multicast
forwarding can be understood as a form of selective broadcast that allows select
hosts to listen for a specific multicast MAC address in addition to the unicast MAC
address that is associated with the host, and process any frames containing the
multicast MAC address in the destination MAC field of the frame.

 Since there is no relative distinction between unicast MAC addresses and multicast
MAC address formats, the multicast address is differentiated using the 8 th bit of
the first octet. Where this bit value represents a value of 1, it identifies that the
address is part of the multicast MAC address range, as opposed to unicast MAC
addresses where this value is always 0.

 In a local area network, the true capability of multicast behavior at the data link
layer is limited since forwarding remains similar to that of a broadcast frame in
which interrupts are still prevalent throughout the network. The only clear
difference with broadcast technology is in the selective processing by receiving
end stations. As networks expand to support multiple local area networks, the true
capability of multicast technology as an efficient means of transmission becomes
more apparent.
 As traffic is prepared to be forwarded over the physical network, it is necessary for
hosts in shared collision domains to determine whether any traffic is currently
occupying the transmission medium. Transmission media such as in the case of
10Base2 provides a shared medium over which CSMA/CD must be applied to
ensure collisions are handled should they occur. If the transmission of a frame is
detected on the link, the host will delay the forwarding of its own frames until such
time as the line becomes available, following which the host will begin to forward
frames from the physical interface towards the intended destination.

 Where two hosts are connected over a medium capable of supporting full duplex
transmission as in the case of media such as 10BaseT, it is considered not possible
for transmitted frames to suffer collisions since transmission and receipt of frames
occurs over separate wires and therefore there is no requirement for CSMA/CD to
be implemented.
 Once a frame is forwarded from the physical interface of the host, it is carried over
the medium to its intended destination. In the case of a shared network, the frame
may be received by multiple hosts who will assess whether the frame is intended
for their interface by analyzing the destination MAC address in the frame header. If
the destination MAC address and the MAC address of the host are not the same,
or the destination MAC address is not a MAC broadcast or multicast address to
which the host is listening for, the frame will be ignored and discarded.

 For the intended destination, the frame will be received and processed, initially by
confirming that the frame is intended for the hosts physical interface. The host
must also confirm that the integrity of the frame has been maintained during
transmission by taking the value of the frame check sequence (FCS) field and
comparing this value with a value determined by the receiving host. If the values
do not match, the frame will be considered as corrupted and will be subsequently
discarded.

 For valid frames, the host will then need to determine the next stage of processing
by analyzing the type field of the frame header and identify the protocol to which
this frame is intended. In this example the frame type field contains a hexadecimal
value of 0x0800 that identifies that the data taken from the frame should be
forwarded to the Internet Protocol, prior to which, the frame header and trailer are
discarded.
 DatalinklayerframescontainaTypefieldthatreferencesthenextprotocolto
whichdatacontainedwithintheframeshouldbeforwarded.Common examples
offorwardingprotocolsincludeIP(0x0800)andARP(0x0806).

 ThedestinationMACaddresscontainedwithintheframeheaderisanalyzedbythe
receivingendstationandcomparedtotheMACaddressassociatedwiththe
interfaceonwhichtheframewasreceived.IfthedestinationMACaddressand
interfaceMACaddressdonotmatch,theframeisdiscarded.
 Prior to discarding the frame header and trailer, it is necessary for the next set of
instructions to be processed to be determined from the frame header. As
highlighted, this is identified by determining the field value in the type field, which
in this instance represents a frame that is destined for the IP protocol following
completion of the frame process.

 The key function of the frame is to determine whether the intended physical
destination has been reached, that the integrity of the frame has remained intact.
The focus of this section will identify how data is processed following the
discarding of the frame headers and propagation of the remaining data to the
Internet Protocol.
 The IP header is used to support two key operations, routing and fragmentation.
Routing is the mechanism that allows traffic from a given network to be forwarded
to other networks, since the data link layer represents a single network for which
network boundaries exist. Fragmentation refers to the breaking down of data into
manageable blocks that can be transmitted over the network.

 The IP header is carried as part of the data and represents an overhead of at least
20 bytes that references how traffic can be forwarded between networks, where
the intended destination exists within a network different from the network on
which the data was originally transmitted. The version field identifies the version of
IP that is currently being supported, in this case the version is known as version
four or IPv4. The DS field was originally referred to as the type of service field
however now operates as a field for supporting differentiated services, primarily
used as a mechanism for applying quality of service (QoS) for network traffic
optimization, and is considered to be outside of the scope of this training.

 The source and destination IP addressing are logical addresses assigned to hosts
and used to reference the sender and the intended receiver at the network layer.
IP addressing allows for assessment as to whether an intended destination exists
within the same network or a different network as a means of aiding the routing
process between networks in order to reach destinations beyond the local area
network.
 Each IPv4 address represents a 32 bit value that is often displayed in a dotted
decimal format but for detailed understanding of the underlying behavior is also
represented in a binary (Base 2) format. IP addresses act as identifiers for end
systems as well as other devices within the network, as a means of allowing such
devices to be reachable both locally and by sources that are located remotely,
beyond the boundaries of the current network.

 The IP address consists of two fields of information that are used to clearly specify
the network to which an IP address belongs as well as a host identifier within the
network range, that is for the most part unique within the given network.
 Each network range contains two important addresses that are excluded from the
assignable network range to hosts or other devices. The first of these excluded
addresses is the network address that represents a given network as opposed to a
specific host within the network. The network address is identifiable by referring to
the host field of the network address, in which the binary values within this range
are all set to 0, for which it should also be noted that an all 0 binary value may not
always represent a 0 value in the dotted decimal notation.

 The second excluded address is the broadcast address that is used by the network
layer to refer to any transmission that is expected to be sent to all destinations
within a given network. The broadcast address is represented within the host field
of the IP address where the binary values within this range are all set to 1. Host
addresses make up the range that exists between the network and broadcast
addresses.
 The use of binary, decimal and hexadecimal notations are commonly applied
throughout IP networks to represent addressing schemes, protocols and
parameters, and therefore knowledge of the fundamental construction of these
base forms is important to understanding the behavior and application of values
within IP networks.

 Each numbering system is represented by a different base value that highlights the
number of values used as part of the base notations range. In the case of binary,
only two values are ever used, 0 and 1, which in combination can provide for an
increasing number of values, often represented as 2 to the power of x, where x
denotes the number of binary values. Hexadecimal represents a base 16 notation
with values ranging from 0 to F, (0-9 and A-F) where A represents the next value
following 9 and F thus represents a value equivalent to 15 in decimal, or 1111 in
binary.
 A byte is understood to contain 8 bits and acts as a common notation within IP
networks, thus a byte represents a bit value of 256, ranging from 0 through to 255.
This information is clearly represented through translation of decimal notation to
binary, and application of the base power to each binary value, to achieve the 256
bit value range. A translation of the numbering system for binary can be seen
given in the example to allow familiarization with the numbering patterns
associated with binary. The example also clearly demonstrates how broadcast
address values in decimal, binary and hexadecimal are represented to allow for
broadcasts to be achieved in both IP and MAC addressing at the network and data
link layers.
 The combination of 32 bits within an IP address correlates to four octets or bytes
for which each can represent a value range of 256, giving a theoretical number of
4’294’967’296 possible IP addresses, however in truth only a fraction of the
total number of addresses are able to be assigned to hosts. Each bit within a byte
represents a base power and as such each octet can represent a specific network
class, with each network class being based on either a single octet or a
combination of octets. Three octets have been used as part of this example to
represent the network with the fourth octet representing the host range that is
supported by the network.
 The number of octets supported by a network address is determined by address
classes that break down the address scope of IPv4. Classes A, B and C are
assignable address ranges, each of which supports a varied number of networks,
and a number of hosts that are assignable to a given network. Class A for instance
consist of 126 potential networks, each of which can support 224, or 16’777’216
potential host addresses, bearing in mind that network and broadcast addresses of
a class range are not assignable to hosts.

 In truth, a single Ethernet network could never support such a large number of
hosts since Ethernet does not scale well, due in part to broadcasts that generate
excessive network traffic within a single local area network. Class C address ranges
allow for a much more balanced network that scales well to Ethernet networks,
supplying just over 2 million potential networks, with each network capable of
supporting around 256 addresses, of which 254 are assignable to hosts.

 Class D is a range reserved for multicast, to allow hosts to listen for a specific
address within this range, and should the destination address of a packet contain a
multicast address for which the host is listening, the packet shall be processed in
the same way as a packet destined for the hosts assigned IP address. Each class is
easily distinguishable in binary by observing the bit value within the first octet,
where a class A address for instance will always begin with a 0 for the high order
bit, whereas in a Class B the first two high order bits are always set as 1 and 0,
allowing all classes to be easily determined in binary.
 Within IPv4, specific addresses and address ranges have been reserved for special
purposes. Private address ranges exist within the class A, B and C address ranges
to prolong the rapid decline in the number of available IP addresses. The number
of actual end systems and devices that require IP addressing in the world today
exceeds the 4’294’967’296 addresses of the 32 bit IPv4 address range, and
therefore a solution to this escalating problem was to allocate private address
ranges that could be assigned to private networks, to allow for conservation of
public network addresses that facilitate communication over public network
infrastructures such as the Internet.

 Private networks have become common throughout the enterprise network but
hosts are unable to interact with the public network, meaning that address ranges
can be reused in many disparate enterprise networks. Traffic bound for public
networks however must undergo a translation of addresses before data can reach
the intended destination.

 Other special addresses include a diagnostic range denoted by the 127.0.0.0


network address, as well as the first and last addresses within the IPv4 address
range, for which 0.0.0.0 represents any network and for which its application shall
be introduced in more detail along with principles of routing. The address
255.255.255.255 represents a broadcast address for the IPv4 (0.0.0.0) network,
however the scope of any broadcast in IP is restricted to the boundaries of the
local area network from which the broadcast is generated.
 In order for a host to forward traffic to a destination, it is necessary for a host to
have knowledge of the destination network. A host is naturally aware of the
network to which it belongs but is not generally aware of other networks, even
when those networks may be considered part of the same physical network. As
such hosts will not forward data intended for a given destination until the host
learns of the network and thus with it the interface via which the destination can
be reached.

 For a host to forward traffic to another host, it must firstly determine whether the
destination is part of the same IP network. This is achieved through comparison of
the destination network to the source network (host IP address) from which the
data is originating. Where the network ranges match, the packet can be forwarded
to the lower layers where Ethernet framing presides, for processing. In the case
where the intended destination network varies from the originating network, the
host is expected to have knowledge of the intended network and the interface via
which a packet/frame should be forwarded before the packet can be processed by
the lower layers. Without this information, the host will proceed to drop the packet
before it even reaches the data link layer.
 The identification of a unique network segment is governed by the
implementation of a mask value that is used to distinguish the number of bits that
represent the network segment, for which the remaining bits are understood as
representing the number of hosts supported within a given network segment. A
network administrator can divide a network address into sub-networks so that
broadcast packets are transmitted within the boundaries of a single subnet. The
subnet mask consists of a string of continuous and unbroken 1 values followed by
a similar unbroken string of 0 values. The 1 values correspond to the network ID
field whereas the 0 values correspond to the host ID field.
 For each class of network address, a corresponding subnet mask is applied to
specify the default size of the network segment. Any network considered to be
part of the class A address range is fixed with a default subnet mask pertaining to
8 leftmost bits which comprise of the first octet of the IP address, with the
remaining three octets remaining available for host ID assignment.

 In a similar manner, the class B network reflects a default subnet mask of 16 bits,
allowing a greater number of networks within the class B range at the cost of the
number of hosts that can be assigned per default network. The class C network
defaults to a 24 bit mask that provides a large number of potential networks but
limits greatly the number of hosts that can be assigned within the default network.
The default networks provide a common boundary to address ranges, however in
the case of class A and class B address ranges, do not provide a practical scale for
address allocation for Ethernet based networks.
 Application of the subnet mask to a given IP address enables identification of the
network to which the host belongs. The subnet mask will also identify the
broadcast address for the network as well as the number of hosts that can be
supported as part of the network range. Such information provides the basis for
effective network address planning. In the example given, a host has been
identified with the address of 192.168.1.7 as part of a network with a 24 bit default
(class C) subnet mask applied. In distinguishing which part of the IP address
constitutes the network and host segments, the default network address can be
determined for the segment.

 This is understood as the address where all host bit values are set to 0, in this case
generating a default network address of 192.168.1.0. Where the host values are
represented by a continuous string of 1 values, the broadcast address for the
network can be determined. Where the last octet contains a string of 1 values, it
represents a decimal value of 255, for which a broadcast address of 192.168.1.255
can be derived.

 Possible host addresses are calculated based on a formula of 2 n where n


represents the number of host bits defined by the subnet mask. In this instance n
represents a value of 8 host bits, where 28 gives a resulting value of 256. The
number of usable host addresses however requires that the network and
broadcast addresses be deducted from this result to give a number of valid host
addresses of 254.
 The case scenario provides a common class B address range to which it is
necessary to determine the network to which the specified host belongs, along
with the broadcast address and the number of valid hosts that are supported by
the given network. Applying the same principles as with the class C address range,
it is possible for the network address of the host to be determined, along with the
range of hosts within the given network.
 One of the main constraints of the default subnet mask occurs when multiple
network address ranges are applied to a given enterprise in order to generate
logical boundaries between the hosts within the physical enterprise network. The
application of a basic addressing scheme may require a limited number of hosts to
be associated with a given network, for which multiple networks are applied to
provide the logical segmentation of the network. In doing so however, a great deal
of address space remains unused, displaying the inefficiency of default subnet
mask application.
 As a means of resolving the limitations of default subnet masks, the concept of
variable length subnet masks are introduced, which enable a default subnet mask
to be broken down into multiple sub-networks, which may be of a fixed length
(a.k.a. fixed length subnet masks or FLSM) or of a variable length known commonly
by the term VLSM. The implementation of such subnet masks consists of taking a
default class based network and dividing the network through manipulation of the
subnet mask.

 In the example given, a simple variation has been made to the default class C
network which by default is governed by a 24 bit mask. The variation comes in the
form of a borrowed bit from the host ID which has been applied as part of the
network address. Where the deviation of bits occurs in comparison to the default
network, the additional bits represent what is known as the subnet ID.

 In this case a single bit has been taken to represent the sub-network for which two
sub-networks can be derived, since a single bit value can only represent two states
of either 1 or 0. Where the bit is set to 0 it represents a value of 0, where it is set to
1 it represents a value of 128. In setting the host bits to 0, the sub-network
address can be found for each sub-network, by setting the host bits to 1, the
broadcast address for each sub-network is identifiable. The number of supported
hosts in this case represents a value of 27 minus the sub-network address and
broadcast address for each sub-network, resulting in each sub-network supporting
a total of 126 valid host addresses.
 In relation to problem of address limitations in which default networks resulted in
excessive address wastage, the concept of variable length subnet masks can be
applied to reduce the address wastage and provide a more effective addressing
scheme to the enterprise network.

 A single default class C address range has been defined, for which variable length
subnet masks are required to accommodate each of the logical networks within a
single default address range. Effective subnet mask assignment requires that the
number of host bits necessary to accommodate the required number of hosts be
determined, for which the remaining host bits can be applied as part of the subnet
ID, that represents the variation in the network ID from the default network
address.
 Classless inter-domain routing was initially introduced as a solution to handle
problems that were occurring as a result of the rapid growth of what is now known
as the Internet. The primary concerns were to the imminent exhaustion of the class
B address space that was commonly adopted by mid-sized organizations as the
most suited address range, where class C was inadequate and where class A was
too vast, and management of the 65534 host addresses could be achieved
through VLSM. Additionally, the continued growth meant that gateway devices
such as routers were beginning to struggle to keep up with the growing number of
networks that such devices were expected to handle. The solution given involves
transitioning to a classless addressing system in which classful boundaries were
replaced with address prefixes.

 This notation works on the principle that classful address ranges such as that of
class C can be understood to have a 24 bit prefix that represents the subnet or
major network boundary, and for which it is possible to summarize multiple
network prefixes into a single larger network address prefix that represents the
same networks but as a single address prefix. This has helped to alleviate the
number of routes that are contained particularly within large scale routing devices
that operate on a global scale, and has provided a more effective means of
address management. The result of CIDR has had far reaching effects and is
understood to have effectively slowed the overall exhaustion rate of the IPv4
address space.
 The forwarding of packets requires that the packet first determine a forwarding
path to a given network, and the interface via which a packet should be forwarded
from, before being encapsulated as a frame and forwarded from the physical
interface. In the case where the intended network is different from the originating
network, the packet must be forwarded to a gateway via which the packet is able
to reach it’s intended destination.

 In all networks, the gateway is a device that is capable of handling packets and
making decisions as to how packets should be routed, in order to reach their
intended destination. The device in question however must be aware of a route to
the intended destination IP network before the routing of packets can take place.
Where networks are divided by a physical gateway, the interface IP address (in the
same network or sub-network) via which that gateway can be reached is
considered to be the gateway address.

 In the case of hosts that belong to different networks that are not divided by a
physical gateway, it is the responsibility of the host to function as the gateway, for
which the host must firstly be aware of the route for the network to which packets
are to be forwarded, and should specify the hosts own interface IP address as the
gateway IP address, via which the intended destination network can be reached.
 The data of forwarded packets exists in many formats and consists of varying sizes,
often the size of data to be transmitted exceeds the size that is supported for
transmission. Where this occurs it is necessary for the data block to be broken
down into smaller blocks of data before transmission can occur. The process of
breaking down this data into manageable blocks is known as fragmentation.

 The identification, flags and fragment offset fields are used to manage reassembly
of fragments of data once they are received at their final intended destination.
Identification distinguishes between data blocks of traffic flows which may
originate from the same host or different hosts. The flags field determines which
of a number of fragments represents the last fragment at which time initiation of a
timer is started prior to reassembly, and to notify that reassembly of the packet
should commence.

 Finally the fragment offset labels the bit value for each fragment as part of a
number of fragments, the first fragment is set with a value of 0 and subsequent
fragments specify the value of first bit following the previous fragment, for
example where the initial fragment contains data bits 0 through to 1259, the
following fragment will be assigned an offset value of 1260.
 As packets are forwarded between networks, it is possible for packets to fall into
loops where routes to IP networks have not been correctly defined within devices
responsible for the routing of traffic between multiple networks. This can result in
packets becoming lost within a cycle of packet forwarding that does not allow a
packet to reach its intended destination. Where this occurs, congestion on the
network will ensue as more and more packets intended for the same destination
become subject to the same fate, until such time as the network becomes flooded
with erroneous packets.

 In order to prevent such congestion occurring in the event of such loops, a time to
live (TTL) field is defined as part of the IP header, that decrements by a value of 1
each time a packet traverses a layer 3 device in order to reach a given network.
The starting TTL value may vary depending on the originating source, however
should the TTL value decrement to a value of 0, the packet will be discarded and
an (ICMP) error message is returned to the source, based on the source IP address
that can be found in the IP header of the wandering packet.
 Upon verification that the packet has reached its intended destination, the network
layer must determine the next set of instructions that are to be processed. This is
determined by analyzing the protocol field of the IP header. As with the type field
of the frame header, a hexadecimal value is used to specify the next set of
instructions to be processed.

 It should be understood that the protocol field may refer to protocols at either the
network layer, such as in the case of the Internet Control Message Protocol (ICMP),
but may also refer to upper layer protocols such as the Transmission Control
Protocol (06/0x06) or User Datagram Protocol (17/0x11), both of which exist as
part of the transport layer within both the TCP/IP and OSI reference models.
 TheIPsubnetmaskisa32bitvaluethatdescribesthelogicaldivisionbetweenthe
bitvaluesofanIPaddress.TheIPaddressisassuchdividedintotwopartsfor
whichbitvaluesrepresenteitheranetworkorsub-network,andthehostwithina
givennetworkorsub-network.

 IPpacketsthatareunabletoreachtheintendednetworkaresusceptibletobeing
indefinitelyforwardedbetweennetworksinanattempttodiscovertheirultimate
destination.TheTimeToLive(TTL)featureisusedtoensurethatalifetimeis
appliedtoallIPpackets,soastoensurethatintheeventthatanIPpacketis
unable to reach it’s destination, it will eventually be terminated. The TTL value
mayvarydependingontheoriginalsource.

 GatewaysrepresentpointsofaccessbetweenIPnetworkstowhichtrafficcanbe
redirected,orroutedintheeventthattheintendeddestinationnetworkvaries
fromthenetworkonwhichthepacketoriginated.
 The Internet Control Message Protocol is an integral part of IP designed to
facilitate the transmission of notification messages between gateways and source
hosts where requests for diagnostic information, support of routing, and as a
means of reporting errors in datagram processing are needed. The purpose of
these control messages is to provide feedback about problems in the
communication environment, and does not guarantee that a datagram will be
delivered, or that a control message will be returned.
 ICMP Redirect messages represent a common scenario where ICMP is used as a
means of facilitating routing functions. In the example, a packet is forwarded to
the gateway by host A based on the gateway address of host A. The gateway
identifies that the packet received is destined to be forwarded to the address of
the next gateway which happens to be part of the same network as the host that
originated the packet, highlighting a non-optimal forwarding behavior between
the host and the gateways.

 In order to resolve this, a redirect message is sent to the host. The redirect
message advises the host to send its traffic for the intended destination directly to
the gateway to with which the destination network is associated, since this
represents a shorter path to the destination. The gateway proceeds however to
forward the data of the original packet to its intended destination.
 ICMP echo messages represent a means of diagnosis for determining primarily
connectivity between a given source and destination, but also provides additional
information such as the round trip time for transmission as a diagnostic for
measuring delay. Data that is received in the echo message is returned as a
separate echo reply message.
 ICMP provides various error reporting messages that often determine reachability
issues and generate specific error reports that allow a clearer understanding from
the perspective of the host as to why transmission to the intended destination
failed.

 Typical examples include cases where loops may have occurred in the network,
and consequentially caused the time to live parameter in the IP header to expire,
resulting in a “ttl exceeded in transit” error message being generated. Other
examples include an intended destination being unreachable, which could relate to
a more specific issue of the intended network not being known by the receiving
gateway, or that the intended host within the destination network not being
discovered. In all events an ICMP message is generated with a destination based
on the source IP address found in the IP header, to ensure the message notifies
the sending host.
 ICMP messages are sent using the basic IP header, which functions together as an
integral part of the ICMP message, such is the case with the TTL parameter that is
used to provide support for determining whether a destination is reachable. The
format of the ICMP message relies on two fields for message identification in the
form of a type/code format, where the type field provides a general description of
the message type, and the code and a more specific parameter for the message
type.

 A checksum provides a means of validating the integrity of the ICMP message. An


additional 32 bits are included to provide variable parameters, often unused and
thus set as 0 when the ICMP message is sent, however in cases such as an ICMP
redirect, the field contains the gateway IP address to which a host should redirect
packets. The parameter field in the case of echo requests will contain an identifier
and a sequence number, used to help the source associate sent echo requests with
received echo replies, especially in the event multiple requests are forwarded to a
given destination.

 As a final means of tracing data to a specific process, the ICMP message may carry
the IP header and a portion of the data that contains upper layer information that
enables the source to identify the process for which an error occurred, such as
cases where the ICMP TTL expires in transit.
 A wide number of ICMP type values exist to define clearly the different
applications of the ICMP control protocol. In some cases the code field is not
required to provide a more specific entry to the type field, as is found with echo
requests that have a type field of 8 and the corresponding reply, which is
generated and sent as a separate ICMP message to the source address of the
sender, and defined using a type field of 0.

 Alternatively, certain type fields define a very general type for which the variance is
understood through the code field, as in the case of the type 3 parameter. A type
field of 3 specifies that a given destination is unreachable, while the code field
reflects the specific absence of either the network, host, protocol, port (TCP/UDP),
ability to perform fragmentation (code 4), or source route (code 5) in which a
packet, for which a forwarding path through the network is strictly or partially
defined, fails to reach its destination.
 The application of ICMP can be understood through the use of tools such as Ping.
The Ping application may be used as a tool in order to determine whether a
destination is reachable as well as collect other related information. The
parameters of the Ping application allow an end user to specify the behavior of the
end system in generating ICMP messages, with consideration of the size of the
ICMP datagram, the number of ICMP messages generated by the host, and also
the duration in which it is expected a reply is received before a timeout occurs.
This is important where a large delay occurs since a timeout may be reported by
the Ping application before the ICMP message has had the opportunity to return
to the source.
 The general output of an ICMP response to a Ping generated ICMP request details
the destination to which the datagram was sent and the size of the datagram
generated. In addition the sequence number of the sequence field that is carried
as part of the echo reply (type 0) is displayed along with the TTL value that is taken
from the IP header, as well as the round trip time which again is carried as part of
the IP options field in the IP header.
 Another common application to ICMP is traceroute, which provides a means of
measuring the forwarding path and delay on a hop-by-hop basis between multiple
networks, through association with the TTL value within the IP header.

 For a given destination, the reachability to each hop along the path is measured by
initially defining a TTL value in the IP header of 1, causing the TTL value to expire
before the receiving gateway is able to propagate the ICMP message any further,
thus generating a TTL expired in transit message together with timestamp
information, allowing for a hop-by-hop assessment of the path taken through the
network by the datagram to the destination, and a measurement of the round trip
time. This provides an effective means of identifying the point of any packet loss
or delay that may be incurred in the network and also aids in the discovery of
routing loops.
 The implementation of traceroute in Huawei ARG3 series routers adopts the use of
the UDP transport layer protocol to define a service port as the destination. Each
hop sends three probe packets, for which the TTL value is initially set to a value of
1 and incremented after every three packets. In addition, a UDP destination port of
33434 is specified for the first packet and incremented for every successive probe
packet sent. A hop-by-hop result is generated, allowing for the path to be
determined, as well as for any general delay that may occur to be discovered.
 This is achieved by measuring the duration between when the ICMP message was
sent and when the corresponding TTL expired in transit ICMP error is received.
When receiving a packet, the ultimate destination is unable to discover the port
specified in the packet, and thus returns an ICMP Type 3, Code 3 (Port
Unreachable) packet, and after three attempts the traceroute test ends. The test
result of each probe is displayed by the source, in accordance with the path taken
from the source to the destination. If a fault occurs when the trace route
command is used, the following information may be displayed:
 !H: The host is unreachable.
 !N: The network is unreachable.
 !: The port is unreachable.
 !P: The protocol type is incorrect.
 !F: The packet is incorrectly fragmented.
 !S: The source route is incorrect.
 ThePingapplicationusestheechorequestmessageoftype8toattemptto
discoverthedestination.Aseparateechoreplymessage,definedbyatypefieldof
0,isreturnedtotheoriginalsourcebasedonthesourceIPaddressintheIP
headerfield.

 IntheeventthattheTTLvalueofanIPdatagramreaches0beforethedatagramis
abletoreachtheintendeddestination,thegatewaydevicereceivingthedatagram
willproceedtodiscarditandreturnanICMPmessagetothesourcetonotifythat
thedatagraminquestionwasunabletoreachtheintendeddestination.The
specificreasonwillbedefinedbythecodevaluetoreflectforexamplewhether
thefailurewasduetoafailuretodiscoverthehost,aportonthehostorwhether
theserviceforagivenprotocolwasnotsupportedetc.
 As data is encapsulated, the IP protocol at the network layer is able to specify the
target IP address to which the data is ultimately destined, as well as the interface
via which the data is to be transmitted, however before transmission can occur, the
source must be aware of the target Ethernet (MAC) address to which data should
be transmitted. The Address Resolution Protocol (ARP) represents a critical part of
the TCP/IP protocol suite that enables discovery of MAC forwarding addresses to
facilitate IP reachability. The Ethernet next hop must be discovered before data
encapsulation can be completed.
 The ARP packet is generated as part of the physical target address discovery
process. Initial discovery will contain partial information since the destination
hardware address or MAC address is to be discovered. The hardware type refers to
Ethernet with the protocol type referring to IP, defining the technologies
associated with the ARP discovery. The hardware and protocol length identifies the
address length for both the Ethernet MAC address and the IP address, and is
defined in bytes.

 The operation code specifies one of two states, where the ARP discovery is set as
REQUEST for which reception of the ARP transmission by the destination will
identify that a response should be generated. The response will generate REPLY for
which no further operation is necessary by the receiving host of this packet, and
following which the ARP packet will be discarded. The source hardware address
refers to the MAC address of the sender on the physical segment to which ARP is
generated. The source protocol address refers to the IP address of the sender.

 The destination hardware address specifies the physical (Ethernet) address to


which data can be forwarded by the Ethernet protocol standards, however this
information is not present in an ARP request, instead replaced by a value of 0. The
destination protocol address identifies the intended IP destination for which
reachability over Ethernet is to be established.
 The network layer represents a logical path between a source and a destination.
Reaching an intended IP destination relies on firstly being able to establish a
physical path to the intended destination, and in order to do that, an association
must be made between the intended IP destination and the physical next hop
interface to which traffic can be forwarded.

 For a given destination the host will determine the IP address to which data is to
be forwarded, however before encapsulation of the data can commence, the host
must determine whether a physical forwarding path is known. If the forwarding
path is known encapsulation to the destination can proceed, however quite often
the destination is not known and ARP must be implemented before data
encapsulation can be performed.
 The ARP cache (pronounced as [kash]) is a table for association of host destination
IP addresses and associated physical (MAC) addresses. Any host that is engaged in
communication with a local or remote destination will first need to learn of the
destination MAC via which communication can be established.

 Learned addresses will populate the ARP cache table and remain active for a fixed
period of time, during which the intended destination can be discovered without
the need for addition ARP discovery processes. Following a fixed period, the ARP
cache table will remove ARP entries to maintain the ARP cache table’s integrity,
since any change in the physical location of a destination host may result in the
sending host inadvertently addressing data to a destination at which the
destination host no longer resides.

 The ARP cache lookup is the first operation that an end system will perform before
determining whether it is necessary to generate an ARP request. For destinations
beyond the boundaries of the hosts own network, an ARP cache lookup is
performed to discover the physical destination address of the gateway, via which
the intended destination network can be reached.
 Where an ARP cache entry is unable to be determined, the ARP request process is
performed. This process involves generation of an ARP request packet, and
population of the fields with the source and destination protocol addresses, as well
as the source hardware address. The destination hardware address is unknown. As
such the destination hardware address is populated with a value equivalent to 0.
The ARP request is encapsulated in an Ethernet frame header and trailer as part of
the forwarding process. The source MAC address of the frame header is set as the
source address of the sending host.

 The host is currently unaware of the location of the destination and therefore must
send the ARP request as a broadcast to all destinations within the same local
network boundary. This means that a broadcast address is used as the destination
MAC address. Once the frame is populated, it is forwarded to the physical layer
where it is propagated along the physical medium to which the host is connected.
The broadcasted ARP packet will be flooded throughout the network to all
destinations including any gateway that may be present, however the gateway will
prevent this broadcast from being forwarded to any network beyond the current
network.
 If the intended network destination exists, the frame will arrive at the physical
interface of the destination at which point lower layer processing will ensue. ARP
broadcasts mean that all destinations within the network boundary will receive the
flooded frame, but will cease to process the ARP request, since the destination
protocol address does not match to the IP address of those destinations.

 Where the destination IP address does match to the receiving host, the ARP packet
will be processed. The receiving host will firstly process the frame header and then
process the ARP request. The destination host will use the information from the
source hardware address field in the ARP header to populate its own ARP cache
table, thus allowing for a unicast frame to be generated for any frame forwarding
that may be required, to the source from which the ARP request was received.
 The destination will determine that the ARP packet received is an ARP request and
will proceed to generate an ARP reply that will be returned to the source, based on
the information found in the ARP header. A separate ARP packet is generated for
the reply, for which the source and destination protocol address fields will be
populated. However, the destination protocol address in the ARP request packet
now represents the source protocol address in the ARP reply packet, and similarly
the source protocol address of the ARP request becomes the destination protocol
address in the ARP reply.

 The destination hardware address field is populated with the MAC of the source,
discovered as a result of receiving the ARP request. For the required destination
hardware address of the ARP request, it is included as the source hardware
address of the ARP reply, and the operation code is set to reply, to inform the
destination of the purpose of the received ARP packet, following which the
destination is able to discard the ARP packet without any further communication.
The ARP reply is encapsulated in the Ethernet frame header and trailer, with the
destination MAC address of the Ethernet frame containing the MAC entry in the
ARP cache table, allowing the frame to be forwarded as a unicast frame back to
the host that originated the ARP request.
 Upon receiving the ARP reply, the originating host will validate that the intended
destination is correct based on the frame header, identify that the packet header is
ARP from the type field and discard the frame headers. The ARP reply will then be
processed, with the source hardware address of the ARP reply being used to
populate the ARP cache table of the originating host (Host A).

 Following the processing of the ARP reply, the packet is discarded and the
destination MAC information is used to facilitate the encapsulation process of the
initial application or protocol that originally requested discovery of the destination
at the data link layer.
 TheARPprotocolisalsoappliedtoothercasessuchaswheretransparentsubnet
gatewaysaretobeimplementedtofacilitatecommunicationacrossdata-link
networks,wherehostsareconsideredtobepartofthesamesubnetwork.Thisis
referredtoasProxyARPsincethegatewayoperatesas aproxyforthetwodata-
linknetworks.WhenanARPrequestisgeneratedforadestinationthatis
consideredtobepartofthesamesubnet,therequestwilleventuallybereceived
bythegateway.Thegatewayisabletodeterminethattheintendeddestination
existsbeyondthedata-linknetworkonwhichtheARPrequestwasgenerated.

 SinceARPrequestscannotbeforwardedbeyondtheboundariesofthebroadcast
domain,thegatewaywillproceedtogenerateitsownARPrequesttodetermine
thereachabilitytotheintendeddestination,usingitsownprotocolandhardware
addressesasthesourceaddressesforthegeneratedARPrequest.Iftheintended
destinationexists,anARPreplyshallbereceivedbythegatewayforwhichthe
destinationssourcehardwareaddresswillbeusedtopopulatetheARPcachetable
ofthegateway.

 Thegatewayuponconfirmingthereachabilitytotheintendeddestinationwillthen
generateanARPreplytotheoriginal source(HostA)usingthehardwareaddress
oftheinterfaceonwhichtheARPreplywasforwarded.Thegatewaywillasaresult
operateasanagentbetweenthetwodata-linknetworkstofacilitatedatalink
layercommunication,withbothhostsforwardingtrafficintendedfordestinations
in different data-link networks to the relevant physical address of the “Proxy”
gateway.
 In the event that new hardware is introduced to a network, it is imperative that the
host determine whether or not the protocol address to which it has been assigned
is unique within the network, so as to prevent duplicate address conflicts. An ARP
request is generated as a means of determining whether the protocol address is
unique, by setting the destination address in the ARP request to be equal to the
host’s own IP address.

 The ARP request is flooded throughout the network to all link layer destinations by
setting the destination MAC as broadcast, to ensure all end stations and gateways
receive the flooded frame. All destinations will process the frame, and should any
destination discover that the destination IP address within the ARP request match
the address of a receiving end station or gateway, an ARP reply will be generated
and returned to the host that generated the ARP request.

 Through this method the originating host is able to identify duplication of the IP
address within the network, and flag an IP address conflict so to request that a
unique address be assigned. This means of generating a request based on the
hosts own IP address defines the basic principles of gratuitous ARP.
 Thehostisrequiredtoinitiallydeterminewhetheritisalreadyawareofalinklayer
forwardingaddresswithinitsownARPcache(MACaddresstable).Ifanentryis
discoveredtheendsystemiscapableofcreatingtheframeforforwardingwithout
theassistanceoftheaddressresolutionprotocol.Ifanentrycannotbefound
however,theARPprocess willinitiate,andanARPrequestwillbebroadcastedon
thelocalnetwork.

 GratuitousARPmessagesarecommonlygeneratedatthepointinwhichanIP
addressisconfiguredorchangedforadeviceconnectedtothenetwork,andat
anytimethatadeviceisphysicallyconnectedtothenetwork.Inbothcasesthe
gratuitousARPprocessmustensurethattheIPaddressthatisusedremains
unique.
 TCP is a connection-oriented, end-to-end protocol that exists as part of the
transport layer of the TCP/IP protocol stack, in order to support applications that
span over multi-network environments. The transmission control protocol provides
a means of reliable inter-process communication between pairs of processes in
host computers that are attached to distinct but interconnected computer
communication networks. TCP relies on lower layer protocols to provide the
reachability between process supporting hosts, over which a reliable connection
service is established between pairs of processes. The connection-oriented
behavior of TCP involves prior exchanges between the source and destination,
through which a connection is established before transport layer segments are
communicated.
 As a means for allowing for many processes within a single host to use TCP
communication facilities simultaneously, TCP provides a set of logical ports within
each host. The port value together with the network layer address is referred to as
a socket, for which a pair of sockets provide a unique identifier for each
connection, in particular where a socket is used simultaneously in multiple
connections. That is to say, a process may need to distinguish among several
communication streams between itself and another process (or processes), for
which each process may have a number of ports through which it communicates
with the port or ports of other processes.

 Certain processes may own ports and these processes may initiate connections on
the ports that they own. These ports are understood as IANA assigned system
ports or well-known ports and exist in the port value range of 0 – 1023. A range of
IANA assigned user or registered ports also exist in the range of 1024 – 49151,
with dynamic ports, also known as private or ephemeral ports in the range of
49152 – 65535, which are not restricted to any specific application. Hosts will
generally be assigned a user port value for which a socket is generated to a given
application.

 Common examples of TCP based applications for which well-known port numbers
have been assigned include FTP, HTTP, TELNET, and SMTP, which often will work
alongside other well-known mail protocols such as POP3 (port 110) and IMAP4
(port 143).
 The TCP header allows TCP based applications to establish connection-oriented
data streams that are delivered reliability, and to which flow control is applied. A
source port number is generated where a host intends to establish a connection
with a TCP based application, for which the destination port will relate to a well-
known/registered port to which a well-known/registered application is associated.

 Code bits represent functions in TCP, and include an urgent bit (URG) used
together the urgent pointer field for user directed urgent data notifications,
acknowledgment of received octets in association with the acknowledgement field
(ACK), the push function for data forwarding (PSH), connection reset operations
(RST), synchronization of sequence numbers (SYN) and indication that no more
data is to be received from the sender (FIN). Additional code bits were introduced
in the form of ECN-Echo (ECE) and Congestion Window Reduced (CWR) flags, as a
means of supporting congestion notification for delay sensitive TCP applications.

 The explicit congestion notification (ECN) nonce sum (NS) was introduced as a
follow-up alteration to eliminate the potential abuse of ECN where devices along
the transmission path may remove ECN congestion marks. The Options field
contains parameters that may be included as part of the TCP header, often used
during the initial connection establishment, as in the case of the maximum
segment size (MSS) value that may be used to define the size of the segment that
the receiver should use. TCP header size must be a sum of 32 bits, and where this
is not the case, padding of 0 values will be performed.
 Whentwoprocesseswishtocommunicate,eachTCPmustfirstestablisha
connection(initializethesynchronizationofcommunicationoneachside).When
communicationiscomplete,theconnectionisterminatedorclosedtofreethe
resourcesforotheruses.Sinceconnectionsmustbeestablishedbetween
unreliablehostsandovertheunreliableInternetdomain,ahandshakemechanism
withclock-basedsequencenumbersisusedtoavoiderroneousinitializationof
connections.
 Aconnectionprogressesthroughaseriesofstatesduringestablishment.The
LISTENstaterepresentsaTCPwaitingforaconnectionrequestfromanyremote
TCPandport.SYN-SENToccursaftersendingaconnectionrequestandbeforea
matchingrequestisreceived.TheSYN-RECEIVEDstateoccurswhilewaitingfora
confirmingconnectionrequestacknowledgment,afterhavingbothreceivedand
sentaconnectionrequest.TheESTABLISHEDstateoccursfollowingthehandshake
atwhichtimeanopenconnectioniscreated,anddatareceivedcanbedeliveredto
theuser.
 TheTCPthree-wayhandshakemechanismbeginswithaninitialsequencenumber
beinggeneratedbytheinitiatingTCPaspartofthesynchronization(SYN)process.
TheinitialTCPsegmentisthensetwiththeSYNcodebit,andtransmittedtothe
intendedIPdestinationTCPtoachieveaSYN-SENTstate.Aspartofthe
acknowledgementprocess,thepeeringTCPwillgenerateaninitialsequence
numberofitsowntosynchronizetheTCPflowintheotherdirection.Thispeering
TCPwilltransmitthissequencenumber,aswellasanacknowledgementnumber
thatequalsthereceivedsequencenumberincrementedbyone,togetherwithset
SYNandACKcodebitsintheTCPheadertoachieveaSYN-RECEIVEDstate.
 ThefinalstepoftheconnectionhandshakeinvolvestheinitialTCPacknowledging
thesequencenumberofthepeeringTCPbysettingtheacknowledgementnumber
toequalthereceivedsequencenumberplusone,togetherwiththeACKbitinthe
TCPheader,allowinganESTABLISHEDstatetobereached.
 Since the TCP transmission is sent as a data stream, every octet can be sequenced,
and therefore each octet can be acknowledged. The acknowledgement number is
used to achieve this by responding to the sender as confirmation of receipt of data,
thus providing data transport reliability. The acknowledgement process however is
cumulative, meaning that a string of octets can be acknowledged by a single
acknowledgement by reporting to the source the sequence number that
immediately follows the sequence number that was successfully received.

 In the example a number of bytes (octets) are transmitted together before TCP
acknowledgement is given. Should an octet fail to be transmitted to the
destination, the sequence of octets transmitted will only be acknowledged to the
point at which the loss occurred. The resulting acknowledgement will reflect the
octet that was not received in order to reinitiate transmission from the point in the
data stream at which the octet was lost.

 The ability to cumulate multiple octets together before an acknowledgement


enables TCP to operate much more efficiently, however a balance is necessary to
ensure that the number of octets sent before an acknowledgement is required is
not too extreme, for if an octet fails to be received, the entire stream of octets
from the point of the loss must be retransmitted.
 The TCP window field provides a means of flow control that governs the amount
of data sent by the sender. This is achieved by returning a "window" with every
TCP segment for which the ACK field is set, indicating a range of acceptable
sequence numbers beyond the last segment successfully received. The window
indicates the permitted number of octets that the sender may transmit before
receiving further permission.

 In the example, TCP transmission from host A to server A contains the current
window size for host A. The window size for server A is determined as part of the
handshake, which based on the transmission can be assumed as 2048. Once data
equivalent to the window size has been received, an acknowledgement will be
returned, relative to the number of bytes received, plus one. Following this, host A
will proceed to transmit the next batch of data.

 A TCP window size of 0 will effectively deny processing of segments, with


exception to segments where the ACK, RST and URG code bits are set for incoming
segments. Where a window size of 0 exists, the sender must still periodically check
the window size status of receiving TCP to ensure any change in the window size is
effectively reported, the period for retransmission is generally two minutes. When
a sender sends periodic segments, the receiving TCP must still acknowledge with a
sequence number announcement of the current window size of 0.
 As part of the TCP connection termination process, a number of states are defined
through which TCP will transition. These states include FIN-WAIT-1 that represents
waiting for a connection termination (FIN) request from the remote TCP, or an
acknowledgment of a connection termination request that was previously sent.
The FIN-WAIT-2 represents waiting for a connection termination request from the
remote TCP following which will generally transition to a TIME-WAIT state. A
CLOSE-WAIT state indicates waiting for a locally defined connection termination
request, typically when a server’s application is in the process of closing.

 The LAST-ACK state represents waiting for an acknowledgment of the connection


termination request previously sent to the remote TCP (which includes an
acknowledgment of its connection termination request). Finally, a TIME-WAIT state
occurs and waits for enough time to pass to ensure that the remote TCP received
the acknowledgment of its connection termination request. This period is
managed by the Max Segment Lifetime (MSL) timer that defines a waiting period
of 2 minutes. Following a wait period equal to two times the MSL, the TCP
connection is considered closed/terminated.
 The User Datagram Protocol, or UDP, represents an alternative to TCP and applied
where TCP is found to act as an inefficient transport mechanism, primarily in the
case of highly delay sensitive traffic. Where TCP is considered a segment, the UDP
is recognized as a datagram form of Protocol Data Unit (PDU), for which a
datagram can be understood to be a self-contained, independent entity of data
carrying sufficient information to be routed from the source to the destination end
system without reliance on earlier exchanges between this source and destination
end systems and the transporting network, as defined in RFC 1594. In effect this
means that UDP traffic does not require the establishment of a connection prior to
the sending of data.

 The simplified structure and operation of UDP makes it ideal for application
programs to send messages to other programs, with a minimum of protocol
mechanism such in the case of acknowledgements and windowing for example, as
found in TCP segments. In balance however, UDP does not guarantee delivery of
data transmission, nor protection from datagram duplication.
 The UDP header provides a minimalistic approach to the transport layer,
implementing only a basic construct to help identify the destination port to which
the UDP based traffic is destined, as well as a length field and a checksum value
that ensures the integrity of the UDP header. In addition the minimal overhead
acts as an ideal means for enabling more data to be carried per packet, favoring
real time traffic such as voice and video communications where TCP provides a 20
byte overhead and mechanisms that influence delays, such as in the case of
acknowledgements, however the lack of such fields means that datagram delivery
is not guaranteed.
 Since UDP datagram transmission is not sent as a data stream, transmission of
data is susceptible to datagram duplication. In addition, the lack of sequence
numbers within UDP means that delivery of data transmission over various paths is
likely to be received at the destination in an incorrect, non-sequenced order.

 Where stream data is transported over UDP such as in the case of voice and video
applications, additional protocol mechanisms may be applied to enhance the
capability of UDP, as in the case of the real time transport protocol (RTP) which
helps to support the inability of UDP by providing a sequencing mechanism using
timestamps to maintain the order of such audio/video data streams, effectively
supporting partial connection oriented behavior over a connectionless transport
protocol.
 The general UDP forwarding behavior is highly beneficial to delay sensitive traffic
such as voice and video. It should be understood that where a connection-
oriented transport protocol is concerned, lost data would require replication
following a delay period, during which time an acknowledgement by the sender is
expected. Should the acknowledgement not be received, the data shall be
retransmitted.

 For delay sensitive data streams, this would result in incomprehensible audio and
video transmissions due to both delay and duplication, as a result of
retransmission from the point where acknowledgements are generated. In such
cases, minimal loss of the data stream is preferable over retransmission, and as
such UDP is selected as the transport mechanism, in support of delay sensitive
traffic.
 TheacknowledgementfieldintheTCPheaderconfirmsreceiptofthesegment
receivedbytheTCPprocessatthedestination.ThesequencenumberintheTCP
headerofthereceivedIPdatagramistakenandincrementedby1.Thisvalue
becomestheacknowledgementnumberinthereturnedTCPheaderandisusedto
confirmreceiptofalldata,beforebeingforwardedalongwiththeACKcodebitset
to1,totheoriginalsender.

 Thethree-wayhandshakeinvolvesSYNandACKcodebitsinordertoestablish
andconfirmtheconnectionbetweenthetwoendsystems,betweenwhich
transmissionofdatagramsistooccur.
 Data forwarding can be collectively defined as either local or remote for which the
forwarding process relies on the application of the protocol stack in order to
achieve end-to-end transmission. End systems may be part of the same network,
or located in different networks, however the general forwarding principle to
enable transmission between hosts follows a clear set of protocols that have been
introduced as part of the unit. How these protocols work together shall be
reinforced, as well as building the relationship between the upper layer TCP/IP
protocols and the lower link layer based Ethernet protocol standards.
 An end system that intends to forward data to a given destination must initially
determine whether or not it is possible to reach the intended destination. In order
to achieve this, the end system must go through a process of path discovery. An
end system should be understood to be capable of supporting operation at all
layers since its primary function is as a host to applications. In relation to this, it
must also be capable of supporting lower layer operations such as routing and link
layer forwarding (switching) in order to be capable of upper/application layer data
forwarding. The end system therefore contains a table that represents network
layer reachability to the network for which the upper layer data is destined.

 End systems will commonly be aware of the network to which they reside, but may
be without a forwarding path in cases where remote network discovery has not
been achieved. In the example given, host A is in possession of a path to the
destined network through the ‘any network’ address that was briefly introduced
as part of the IP Addressing section. The forwarding table identifies that traffic
should be forwarded to the gateway as a next-hop via the interface associated
with the logical address of 10.1.1.1.
 Following discovery of a feasible route towards the intended destination network,
a physical next-hop must also be discovered to facilitate frame forwarding. The
TCP/IP protocol suite is responsible for determining this before packet
encapsulation can proceed. The initial step involves determining whether a
physical path exists to the next-hop identified as part of the path discovery
process.

 This requires that the ARP cache table be consulted to identify whether an
association between the intended next-hop and the physical path is known. From
the example it can be seen that an entry to the next-hop gateway address is
present in the ARP cache table. Where an entry cannot be found, the Address
Resolution Protocol (ARP) must be initiated to perform the discovery and resolve
the physical path.
 When both the logical and physical path forwarding discovery is complete, it is
possible for encapsulation of data to be performed for successful transmission
over IP/Ethernet based networks. Upper layer processes in terms of encryption and
compression may be performed following which transport layer encapsulation will
occur, identifying the source and destination ports via which upper layer data
should be forwarded.

 In the case of TCP, sequence and acknowledgement fields will be populated, code
bits set as necessary with the ACK bit commonly applied. The window field will be
populated with the current supported window size, to which the host will notify of
the maximum data buffer that can be supported before data is acknowledged.

 Values representing the TCP fields are included as part of the checksum, which is
calculated using a ones compliment calculation process, to ensure TCP segment
integrity is maintained once the TCP header is received and processed at the
ultimate destination. In the case of basic TCP code operations, upper layer data
may not always be carried in the segment, as in the case of connection
synchronization, and acknowledgements to received data.
 Following transport layer encapsulation, it is generally required that instructions be
provided, detailing how transmission over one or more networks is to be achieved.
This involves listing the IP source as well as the ultimate destination for which the
packet is intended. IP packets are generally limited to a size of 1500 bytes by
Ethernet, inclusive of the network and transport layer headers as well as any upper
layer data. Initial packet size will be determined by Ethernet as the maximum
transmission unit, or MTU to which packets will conform, therefore fragmentation
will not occur at the source.

 In the case that the MTU changes along the forwarding path, only then will
fragmentation will be performed. The Time to Live field will be populated with a
set value depending on the system, in ARG3 series routers, this is set with an initial
value of 255. The protocol field is populated based on the protocol encapsulated
prior to IP. In this case the protocol in question is TCP for which the IP header will
populate the protocol field with a value of 0x06 as instruction for next header
processing. Source and destination IP addressing will reflect the originating source
and the ultimate destination.
 Link layer encapsulation relies on IEEE 802.3 Ethernet standards for physical
transmission of upper layer data over Ethernet networks. Encapsulation at the
lower layers is performed by initially determining the frame type that is used.

 Where the upper layer protocol is represented by a type value greater than 1536
(0x0600) as is the case with IP (0x0800), the Ethernet II frame type is adopted. The
type field of the Ethernet II frame header is populated with the type value of
0x0800 to reflect that the next protocol to be processed following frame
processing will be IP. The destination MAC address determines the next physical
hop, which in this case represents the network gateway.
 As part of the link layer operation, it is imperative to ensure that the transmission
medium is clear of signals in shared collision domain. The host will first listen for
any traffic on the network as part of CSMA/CD and should the line remain clear,
will prepare to transmit the data. It is necessary for the receiving physical interface
to be made aware of the incoming frame, so as to avoid loss of initial bit values
that would render initial frames as incomplete. Frames are therefore preceded by a
64 bit value indicating to the link layer destination of the frame’s imminent arrival.

 The initial 56 bits represent an alternating 1, 0 pattern is called the preamble, and
is followed immediately by an octet understood as the Start of Frame Delimiter
(SFD). The final two bits of the SFD deviate from an alternating pattern to a 1,1 bit
combination that notifies that the bits that follow represent the first bit values of
the destination MAC address and therefore the start of the frame header.
 As a frame is received by the link layer destination, it must go through a number of
checks to determine its integrity as well as validity. If the frame was transmitted
over a shared Ethernet network, other end stations may also receive an instance of
the frame transmitted, however since the frame destination MAC address is
different from the MAC address of the end station, the frame will be discarded.

 Frames received at the intended destination will perform error checking by


calculating the ones compliment value based on the current frame fields and
compare this against the value in the Frame Check Sequence (FCS) field. If the
values do not match, the frame will be discarded. Receiving intermediate and end
systems that receive valid frames will need to determine whether the frame is
intended for their physical interface by comparing the destination MAC address
with the MAC address of the interface (or device in some cases).

 If there is a match, the frame is processed and the type field is used to determine
the next header to be processed. Once the next header is determined, the frame
header and trailer are discarded.
 The packet is received by the network layer, and in particular IP, at which point the
IP header is processed. A checksum value exists at each layer of the protocol stack
to maintain the integrity at all layers for all protocols. The destination IP is used to
determine whether the packet has reached its ultimate destination. The gateway
however determines that this is not the case since the destination IP and the IP
belonging to the gateway do not match.

 The gateway must therefore determine the course of action to take with regards to
routing the packet to an alternate interface, and forward the packet towards the
network for which it is intended. The gateway must firstly however ensure that the
TTL value has not reached 0, and that the size of the packet does not exceed the
maximum transmission unit value for the gateway. In the event that the packet is
larger than the MTU value of the gateway, fragmentation will generally commence.

 Once a packet’s destination has been located in the forwarding table of the
gateway, the packet will be encapsulated in a new frame header consisting of new
source and destination MAC addresses for the link layer segment, over which the
resulting frame is to be forwarded, before being once again transmitted to the
next physical hop. Where the next physical hop is not known, ARP will again be
used to resolve the MAC address.
 Frames received at the ultimate destination will initially determine whether the
frame has arrived at the intended location. The example shows two servers on a
shared Ethernet network over which both receive a copy of the frame.

 The frame is ultimately discarded by server B since the destination MAC value and
the interface MAC address of server B do not match. Server A however successfully
receives the frame and learns that the MAC fields are the same, the integrity of the
frame based on the FCS can also be understood to be correct. The frame will use
the type field to identify 0x0800 as the next header, following which the frame
header and trailer are discarded and the packet is received by IP.
 Upon reaching the ultimate destination, the IP packet header must facilitate a
number of processes. The first includes validating the integrity of the packet
header through the checksum field, again applying a ones compliment value
comparison based on a sum of the IP header fields. Where correct, the IP header
will be used to determine whether the destination IP matches the IP address of the
current end station, which in this case is true.

 If any fragmentation occurred during transmission between the source and the
destination, the packet must be reassembled at this point. The identification field
will collect the fragments belonging to a single data source together, the offset will
determine the order and the flags field will specify when the reassembly should
commence, since all fragments must be received firstly and a fragment with a flag
of 0 will be recognized as the last fragment to be received.

 A timer will then proceed during which time the reassembly must be completed,
should reassembly fail in this time period, all fragments will be discarded. The
protocol field will be used to identify the next header for processing and the
packet header will be discarded. It should be noted that the next header may not
always be a transport layer header, a clear example of where this can be
understood is in the case of ICMP, which is understood to also be a network layer
protocol with a protocol field value of 0x01.
 In the case where a packet header is discarded, the resulting segment or datagram
is passed to the transport layer for application-to-application based processing.
The header information is received in this case by TCP (0x06).

 In the example it can be understood that a TCP connection has already been
established and the segment represents an acknowledgement for the transmission
of HTTP traffic from the HTTP server to the acknowledging host. The host is
represented by the port 1027 as a means to distinguish between multiple HTTP
connections that may exist between the same source host and destination server.
In receiving this acknowledgement, the HTTP server will continue to forward to the
host within the boundaries of the window size of the host.
 Priortotheencapsulationandforwardingofdata,asourcemusthaveknowledge
oftheIPdestinationoranequivalentforwardingaddresssuchasadefaultaddress
towhichdatacanbeforwarded.Additionallyitisnecessarythattheforwarding
addressbeassociatedwithaphysicalnext-hoptowhichthedatacanbe
forwardedwithinthelocalnetwork.

 Anyframethatisreceivedbyagatewayorendsystem(host)towhichitisnot
intended,issubsequentlydropped,followinginspectionofthedestinationMAC
addressintheframeheader.

 ThedeliveryofdatareliesonthedestinationportnumberintheTCPandUDP
headerstoidentifytheapplicationtowhichthedataisintended.Following
analysisofthisvaluebytheTCPorUDPprotocol,thedataisforwarded.

 ThesourceportoftheTCPheaderfortheHTTPtrafficdistinguishesbetweenthe
differentapplicationsessionsthatareactive.ReturnHTTPtrafficfromtheHTTP
serverisabletoidentifyeachindividualwebbrowsersessionbasedonthissource
portnumber.Forexample,thesourceportoftwoseparaterequestsforHTTP
trafficoriginatingfromIPsource10.1.1.1mayoriginatefromsourceports1028
and1035,howeverthedestinationportinbothcasesremainsasport80,theHTTP
server.
 The Ethernet network until now has been understood to be a collection of devices
communicating over shared media such as 10Base2, through which hosts are able
to communicate with neighboring hosts or end systems. It has been determined
that the Ethernet network is a contentious network, meaning that hosts must
compete for media access which becomes increasingly limited as more and more
devices are connected over this shared media; which causes additional limitations
in scalability and the increasing potential for collisions.

 As a result, the need for collision detection in the form of CSMA/CD is ever present
in such shared Ethernet networks. Following the adoption of switched media such
as that of 100BaseT, data transmission and reception became isolated within
channels (wire pairs), enabling the potential for collisions to occur to be eliminated.
This medium as a form of non-shared Ethernet provides only a means for point-to-
point communication, however used together with other devices such as hubs, a
shared Ethernet network is once again possible, along with the potential for
collisions.

 The switch was introduced as part of the evolution of the bridge, and is capable of
breaking down the shared collision domain into multiple collision domains. The
collision domains operate as a collection of point-to-point links for which the
threat of collisions is removed and link-layer traffic is isolated, to allow higher
transmission rates that optimize traffic flow within the Ethernet network.
 A broadcast domain is capable of being comprised of a single, or multiple collision
domains, and any broadcast transmission is contained within the boundary of a
broadcast domain. The edge of a broadcast domain’s boundary is typically
defined by a gateway that acts as the medium, via which other networks are
reachable, and will restrict the forwarding of any broadcast traffic beyond the
interface on which the broadcast is received.

 Routers are synonymous with the term gateway for which the two are often used
interchangeably. A single IP network can generally be understood to make up a
broadcast domain, which refers to the scope of a link-layer segment. Routers are
generally responsible for routing Internet datagrams (IP packets) to a given
destination based on the knowledge of a forwarding address for the destination
network, found within an internally managed forwarding table.
 The Versatile Routing Platform (VRP) represents the foundation of many of Huawei
products including routers and switches. Its design has been through many
evolutions to enable continuous improvement of data management and
forwarding. The architectural design has resulted in ever enhanced modularity that
allows for greater overall performance. The configuration, management and
monitoring of devices using VRP is based on a standardized and hierarchical
command line system for which a familiarity should be developed to support
navigation and operation of Huawei products managed using VRP software.
 A familiarity with the versions of VRP network operating system (NOS) aids in
ensuring that the version currently being used is up to date and supports certain
features that may be required in an enterprise network. The general trend for most
Huawei devices is to operate using VRP version 5.x currently, where x may vary
depending on the product and VRP release. VRP version 8 is a recent revision of
VRP built with a highly refined architecture for the next generation of technologies
and constructed around the need for greater efficiency, but is not present in all
Huawei products.
 AR series enterprise routers (AR) include the AR150, AR200, AR1200, AR2200, and
AR3200. They are the next-generation of Huawei products, and provide routing,
switching, wireless, voice, and security functionality. The AR series are positioned
between the enterprise network and a public network, functioning as an ingress
and egress gateway for data transmitted between the two networks. Deployment
of various network services over the AR series routers reduces operation &
maintenance (O&M) costs as well as costs associated with establishing an
enterprise network. AR series routers of different specifications can be used as
gateways based on the user capacity of an enterprise.

 The Sx7 Series Ethernet Switch provides data transport functionality, and has been
developed by Huawei to meet the requirements for reliable access and high-
quality transmission of multiple services on the enterprise network. This series of
switch is positioned for access or aggregation layer operation in the enterprise
network, and provides a large switching capacity, high port density, and cost-
effective packet forwarding capabilities.

 Management of the ARG3 series routers and Sx7 series of switch can be achieved
through establishing a connection to the console interface, and in the case of the
AR2200, a connection is also possible to be established via a Mini USB interface.
 A console cable is used to debug or maintain a locally established device such as a
router or switch, and will interface with the console port of such devices. The
console interface of the S5700 series switch and the AR2200 router is an RJ-45
type connection, while the interface to which a host connection is made,
represents an RS-232 form of serial connector. Often such serial connectors are no
longer present on newer devices that can be used for establishing connectivity,
such as laptop computers, and therefore an RS-232 to USB conversion is
performed. For most desktop devices however, an RS-232 based console
connection can be established to a COM port on the host device.
 Console establishment is set up through one of a number of available terminal
emulation programs. Windows users often apply the HyperTerminal application as
shown in the example to interface with the VRP operating system. Following
specification of the COM port that is to be used to establish the connection, port
settings must be defined.

 The example defines the port settings that should be applied, for which the restore
default button will automatically reassign should any change have been made to
these settings. Once the OK button is pressed, a session will be established with
the VRP of the device. If the device is operating using factory default settings, the
user will be prompted for a password, which will be assigned as the default login
password for future connection attempts.
 The Huawei AR2200 router, additionally supports the means for terminal
connectivity via a USB connection. A type B mini USB interface exists on the front
panel of the AR2200 series router through which hosts are able to establish a USB
based connection as a serial alternative to that of RS-232.
 AslightvariationinthesetupprocessrequiresthattheminiUSBfirstlyestablish
driverstoallowUSBfunctionality.TheminiUSBdrivercanbeobtainedbyvisiting
http://support.huawei.com/enterprise,andunderthepathSupport>Software>
EnterpriseNetworking>Router>AccessRouter>AR>AR2200,choosethe
relevantVRPversion&patchpathoption,anddownloadthefilelabeled
AR&SRG_MiniUSB_driver.zip.ItshouldbenotedthattheminiUSBdriversupports
onlyWindowsXP,WindowsVista,andWindows7operatingsystems.

 Whenupgradingthedevicesoftwareorinstallingapatch,theMD5hashvaluecan
becheckedtoconfirmsoftwarevalidity.Inordertopreventthesoftwarefrom
beingmodifiedorreplaced,youareadvisedtoperformthisoperation.

 Installingrequirestheuserto firstlydouble-clickthedriverinstallationfileonthe
PCandclickNext.SecondlyselectIacceptthetermsinthelicenseagreementand
clickNext.ClicktheChangebuttontochangethedriverdirectoryifrequired,and
clickNext.ClickInstallanddecompressthedriver.Whenthesystemfinishes
decompressingthedriver,clickFinish.

 UsersshouldthenfindtheDISK1folderinthespecifieddriverdirectory,and
double-clickthefilesetup.exe.Followingtheopeningofasecondinstallation
windowclickNext.UsersshouldagainselectIacceptthetermsinthelicense
agreementandclickNexttoinstallthedriver.Oncecomplete,clickFinishtofinish
installingthedriver.Right-clickMyComputer,andchooseManage>Device
Manager >Ports(COM&LPT).Thesystem should display theTUSB3410 Device
indicatingthedriverthathasbeeninstalled.
 As with the RS-232 console connection, the Mini USB serial connection requires
establishment to terminal emulation software to enable interaction with the VRP
command line.

 Use the terminal emulation software to log in to the device through the mini USB
port, (for which the Windows HyperTerminal is used as an example). On the host
PC, start the HyperTerminal application, for which the location may vary for each
version of Windows, and create a connection by providing a suitable terminal
connection name and click OK. Select the relevant connection (COM) port and
then set the communication parameters for the serial port of the PC. These
parameters should match the default values that are set when pressing the Restore
Defaults button.

 After pressing Enter, the console information is displayed requesting a login


password. Enter a relevant password and confirmation password, and the system
will save the password.
 Anybroadcastthatisgeneratedbyanendsystemwithinalocalnetworkwillbe
forwardedtoalldestinations.Onceaframeisbroadcasttoarouterordevice
actingasagatewayforthenetwork,theframewillbeanalyzedandshoulditbe
determinedthatthedestinationisforalocallydefinedhostotherthanthe
gateway,theframewillbedropped.Thisassuchdefinestheboundaryofany
broadcastdomain.

 VRPversion5issupportedbyalargenumberofcurrentHuaweiproducts,while
highendproductsmayoftenbesupportedbyVRPversion8.
 The startup/boot process is the initial phase of operation for any administrator or
engineer accessing Huawei based products operating with VRP. The boot screen
informs of the system startup operation procedures as well as the version of the
VRP image that is that currently implemented on the device, along with the
storage location from where it is loaded. Following the initial startup procedure, an
option for auto-configuration of the initial system settings prompts for a response,
for which the administrator can choose whether to follow the configuration steps,
or manually configure the basic system parameters. The auto-configuration
process can be terminated by selecting the yes option at the given prompt.
 The hierarchical command structure of VRP defines a number of command views
that govern the commands for which users are able to perform operations. The
command line interface has multiple command views, of which common views
have been introduced in the example. Each command is registered to run in one or
more command views, and such commands can run only after entering the
appropriate command view. The initial command view of VRP is the User View,
which operates as an observation command view for observing parameter statuses
and general statistical information. For application of changes to system
parameters, users must enter the System View. A number of sub command levels
can also be found, in the form of the interface and protocol views for example,
where sub system level tasks can be performed.

 The command line views can be determined based on the parenthesis, and
information contained within these parenthesis. The presence of chevrons
identifies that the user is currently in the User View, whereas square brackets show
that a transition to the System View has occurred.
 The example demonstrates a selection of common system defined shortcut keys
that are widely used to simplify the navigation process within the VRP command
line interface. Additional commands are as follows:

 CTRL+B moves the cursor back one character.

 CTRL+D deletes the character where the cursor is located.

 CTRL+E moves the cursor to the end of the current line.

 CTRL+F moves the cursor forward one character.

 CTRL+H deletes the character on the left side of the cursor.

 CTRL+N displays the next command in the historical command buffer.

 CTRL+P displays the previous command in the historical command buffer.

 CTRL+W deletes the word on the left side of the cursor.

 CTRL+X deletes all the characters on the left side of the cursor.

 CTRL+Y deletes all the characters on the right side of the cursor.

 ESC+B moves the cursor one word back.

 ESC+D deletes the word on the right side of the cursor.

 ESC+F moves the cursor forward one word.


 Additional key functions can be used to perform similar operations, the backspace
operation has the same behavior as using CTRL+H to delete a character to the left
of the cursor. The left (←) and right (→) cursor keys can be used to perform the
same operation as the CTRL+B and CTRL+F shortcut key functions. The down
cursor key (↓) functions the same as Ctrl+N, and the up cursor key (↑) acts as an
alternative to the CTRL+P operation.

 Additionally, the command line functions support a means of auto completion


where a command word is unique. The example demonstrates how the command
word interface can be auto completed by partial completion of the word to such a
point that the command is unique, followed by the tab key which will provide auto
completion of the command word. Where the command word is not unique, the
tab function will cycle through the possible completion options each time the tab
key is pressed.
 There are two forms of help feature that can be found within the VRP, these come
in the form of partial help and complete help functions. In entering a character
string followed directly by a question mark (?), VRP will implement the partial help
function to display all commands that begin with this character string. An example
of this is demonstrated. In the case of the full help feature, a question mark (?) can
be placed on the command line at any view to display all possible command
names, along with descriptions for all commands pertaining to that view.
Additionally the full help feature supports entry of a command followed by a
question mark (?) that is separated by a space. All keywords associated with this
command, as well as simple descriptions, are then displayed.
 For the majority of industries, it is likely that multiple devices will exist, each of
which needs to be managed. As such, one of the first important tasks of device
commissioning involves setting device names to uniquely identify each device in
the network. The system name parameter on AR2200 series router is configured as
Huawei by default, for the S5720 series of switch the default system name is
HUAWEI. The implementation of the system name takes effect immediately after
configuration is complete.
 The system clock reflects the system timestamp, and is able to be configured to
comply with the rules of any given region. The system clock must be correctly set
to ensure synchronization with other devices and is calculated using the formula:
Coordinated Universal Time (UTC) + Time zone offset + Daylight saving time offset.
The clock datetime command is used to set the system clock following the
HH:MM:SS YYYY-MM-DD formula. It should be noted however that if the time
zone has not been configured or is set to 0, the date and time set are considered
to be UTC, therefore it is recommended that the clock timezone be set firstly
before configuring the system time and date.

 The setting of the local timezone is achieved using the clock timezone command
and is implemented based on the time-zone-name { add | minus } offset formula,
where the add value indicates that the time of time-zone-name is equal to the UTC
time plus the time offset and minus indicates the time of time-zone-name is equal
to the UTC time minus the time offset.

 Certain regions require that the daylight saving time be implemented to maintain
clock synchronization with any change in the clock timezone during specific
periods of the year. VRP is able to support daylight saving features for both fixed
dates and dates which are determined based on a set of predetermined rules. For
example, daylight saving in the United Kingom occurs on the last Sunday of March
and the last Sunday of October, therefore rules can be applied to ensure that
changes occur based on such fluctuating dates.
 The header command provides a means for displaying notifications during the
connection to a device. The login header indicates a header that is displayed when
the terminal connection is activated, and the user is being authenticated by the
device. The shell header indicates a header that is displayed when the session is set
up, after the user logs in to the device. The header information can be applied
either as a text string or retrieved from a specified file. Where a text string is used,
a start and end character must be defined as a marker to identify the information
string, where in the example the “character defines the information string. The
string represents a value in the range of 1 to 2000 characters, including spaces.
The information based header command follows the format of header { login |
shell } information text where information represents the information string,
including start and end markers.

 In the case of a file based header, the format header { login | shell } file file-name is
applied, where file-name represents the directory and file from which the
information string can be retrieved.
 The system structures access to command functions hierarchically to protect
system security. The system administrator sets user access levels that grant specific
users access to specific command levels. The command level of a user is a value
ranging from 0 to 3, whilst the user access level is a value ranging from 0 to 15.
Level 0 defines a visit level for which access to commands that run network
diagnostic tools, (such as ping and traceroute), as well as commands such as telnet
client connections, and select display commands.

 The Monitoring level is defined at a user level of 1 for which command levels 0 and
1 can be applied, allowing for the majority of display commands to be used, with
exception to display commands showing the current and saved configuration. A
user level of 2 represents the Configuration level for which command levels up to 2
can be defined, enabling access to commands that configure network services
provided directly to users, including routing and network layer commands. The
final level is the Management level which represents a user level of 3 through to 15
and a command level of up to 3, enabling access to commands that control basic
system operations and provide support for services.

 These commands include file system, FTP, TFTP, configuration file switching, power
supply control, backup board control, user management, level setting, system
internal parameter setting, and debugging commands for fault diagnosis. The
given example demonstrates how a command privilege can be changed, where in
this case, the save command found under the user view requires a command level
of 3 before the command can be used.
 Each user interface is represented by a user interface view or command line view
provided by the system. The command line view is used to configure and manage
all the physical and logical interfaces in asynchronous mode. Users wishing to
interface with a device will be required to specify certain parameters in order to
allow a user interface to become accessible. Two common forms of user interface
implemented are the console interface (CON) and the virtual teletype terminal
(VTY) interface.

 The console port is an asynchronous serial port provided by the main control
board of the device, and uses a relative number of 0. VTY is a logical terminal line
that allows a connection to be set up when a device uses telnet services to connect
to a terminal for local or remote access to a device. A maximum of 15 users can
use the VTY logical user interface to log in to the device by extending the range
from 0 – 4 achieved by applying the user-interface maximum-vty 15 command. If
the set maximum number of login users is 0, no users are allowed to log in to the
router through telnet or SSH. The display user-interface command can be used to
display relevant information regarding the user interface.
 For both the console and VTY terminal interfaces, certain attributes can be applied
to modify the behavior as a means of extending features and improving security. A
user allows a connection to remain idle for a given period of time presents a
security risk to the system. The system will wait for a timeout period before
automatically terminating the connection. This idle timeout period on the user
interface is set to 10 minutes by default.

 Where it may be necessary to increase or reduce the number of lines displayed on


the screen of a terminal when using the display command for example, the screen-
length command can be applied. This by default is set to 24 however is capable of
being increased to a maximum of 512 lines. A screen-length of 0 however is not
recommended since no output will be displayed.

 For each command that is used, a record is stored in the history command buffer
which can be retrieved through navigation using the (↑) or CTRL+P and the (↓) or
Ctrl+N key functions. The number of recorded commands in the history command
buffer can be increased using the history-command max-size command to define
up to 256 stored commands. The number of commands stored by default is 10.
 Access to user terminal interfaces provides a clear point of entry for unauthorized
users to access a device and implement configuration changes. As such the
capability to restrict access and limit what actions can be performed is necessary
as a means of device security. The configuration of user privilege and
authentication are two means by which terminal security can be improved. User
privilege allows a user level to be defined which restricts the capability of the user
to a specific command range. The user level can be any value in the range of 0 –
15, where values represent a visit level (0), monitoring level (1), configuration level
(2), and management level (3) respectfully.

 Authentication restricts a user capability to access a terminal interface by


requesting the user be authenticated using a password or a combination of
username and password before access via the user interface is granted. In the case
of VTY connections, all users must be authenticated before access is possible. For
all user interfaces, three possible authentication modes exist, in the form of AAA,
password authentication and non-authentication. AAA provides user
authentication with high security for which a user name and password must be
entered for login. Password authentication requires that only the login password is
needed therefore a single password can be applied to all users. The use of non-
authentication removes any authentication applied to a user interface. It should be
noted that the console interface by default uses the non-authentication mode.

 It is generally recommended that for each user that is granted telnet access, the
user be identified through usernames and passwords to allow for distinction of
individual users. Each user should also be granted privilege levels, based on each
users role and responsibility.
 In order to run IP services on an interface, an IP address must be configured for
the interface. Generally, an interface needs only the primary IP address. In special
cases, it is possible for a secondary IP address to be configured for the interface.
For example, when an interface of a router such as the AR2200 connects to a
physical network, and hosts on this physical network belong to two network
segments.

 In order to allow the AR2200 to communicate with all the hosts on the physical
network, configure a primary IP address and a secondary IP address for the
interface. The interface has only one primary IP address. If a new primary IP
address is configured on an interface that already has a primary IP address, the
new IP address overrides the original one. The IP address can be configured for an
interface using the command ip address <ip-address > { mask | mask-length }
where mask represents the 32 bit subnet mask e.g. 255.255.255.0, and mask-
length represents the alternative mask-length value e.g. 24, both of which can be
used interchangeably.

 The loopback interface represents a logical interface that is applied to represent a


network or IP host address, and is often used as a form of management interface
in support of a number of protocols through which communication is made to the
IP address of the loopback interface, as opposed to the IP address of the physical
interface on which data is being received.
 Theconsoleinterfaceiscapableofsupportingonlyasingleuseratanygiventime;
thisisrepresentedbytheconsole0userinterfaceview.

 Theloopbackinterfacerepresentsalogicalinterfacethatisnotpresentinarouter
untilitiscreated.Oncecreated,theloopbackinterfaceisconsideredup.OnARG3
devices,theloopbackinterfacescanhoweverbeshutdown.
 The file system manages files and directories on the storage devices. It can create,
delete, modify, or rename a file or directory, or display the contents of a file.

 The file system has two functions: managing storage devices and managing the
files that are stored on those devices. A number of directories are defined within
which files are stored in a logical hierarchy. These files and directories can be
managed through a number of functions which allow the changing or displaying
of directories, displaying files within such directories or sub-directories, and the
creation or deletion of directories.

 Common examples of file system commands for general navigation include the cd
command used to change the current directory, pwd to view the current directory
and dir to display the contents of a directory as shown in the example. Access to
the file system is achieved from the User View.
 Making changes to the existing file system directories generally relates to the
capability to create and delete existing directories within the file system. Two
common commands that are used in this case. The mkdir directory command is
used to create a folder in a specified directory on a designated storage device,
where directory refers to the name given to the directory and for which the
directory name can be a string of 1 to 64 characters. In order to delete a folder
within the file system, the rmdir directory command is used, with directory again
referring to the name of the directory. It should be noted that a directory can only
be deleted if there are no files contained within that directory.
 Making changes to the files within a file system includes copying, moving,
renaming, compressing, deleting, undeleting, deleting files in the recycle bin,
running files in batch and configuring prompt modes. Creating a duplicate of an
existing file can be done using the copy source-filename destination-filename
command, where if the destination-filename is the same as that of an existing file
(source-filename), the system will display a message indicating that the existing file
will be replaced. A target file name cannot be the same as that of a startup file,
otherwise the system displays a message indicating that the operation is invalid
and that the file is a startup file.

 The move source-filename destination-filename command can be used to move


files to another directory. After the move command has been successfully
executed, the original file is cut and moved to the defined destination file. It
should be noted however that the move command can only move files in the same
storage device.
 For the removal of files within a file system, the delete function can be applied
using the command delete [ /unreserved ] [ /force ] { filename | device-name }.
Generally files that are deleted are directed to a recycle bin from where files can
recovered using the undelete { filename | device-name } command, however
should the /unreserved command be used, the file will be permanently deleted.
The system will generally display a message asking for confirmation of file deletion,
however if the /force parameter is included, no prompt will be given. The filename
parameter refers to the file which is to be deleted, while the device-name
parameter defines the storage location.

 Where a file is directed to the recycle bin, it is not permanently deleted and can be
easily recovered. In order to ensure that such files in the recycle bin are deleted
permanently, the reset recycle-bin [ filename ]command can be applied, where the
filename parameter can be used to define a specific file for permanent deletion.
 When powered on, the device retrieves configuration files from a default save path
to initialize itself, which is then stored within the RAM of the device. If
configuration files do not exist in the default save path, the router uses default
initialization parameters.

 The current-configuration file indicates the configurations in effect on the device


when it is actually running. When the configuration is saved, the current
configuration is stored in a saved-configuration file within the storage location of
the device. If the device loaded the current-configuration file based on default
initialization parameters, a saved-configuration file will not exist in the storage
location of the default save path, but will be generated once the current
configuration is saved.
 Using the display current-configuration command, device parameters that take
effect can be queried. If default values of certain parameters are being used, these
parameters are not displayed. The current-configuration command includes a
number of parameters that allow for filtering of the command list during the used
of the display function. The display current-configuration | begin {regular-
expression} is an example of how the current-configuration can be used to display
active parameters that begin with a specific keyword or expression. An alternative
to this command is the display current-configuration | include {regular-expression}
which allows parameters that include a specific keyword or expression within the
current-configuration file.

 The display saved-configuration [ last | time ] shows the output of the stored
configuration file used at startup to generate the current-configuration. Where the
last parameter is used it displays the configuration file used in the current startup.
The configuration file is displayed only when it is configured for the current startup.
The time parameter will display the time when the configuration was last saved.
 Using the save [configuration-file] command will save the current configuration
information to a default storage path. The configuration-file parameter allows the
current configuration information to be saved to a specified file. Running the save
command with the configuration-file parameter does not affect the current startup
configuration file of the system. When configuration-file is the same as the
configuration file stored in the default storage path of the system, the function of
this command is the same as that of the save command.

 The example demonstrates the use of the save command to save the current-
configuration, which by default will be stored to the default vrpcfg.zip file in the
default storage location of the device.
 The currently used save configuration file can be discovered through the use of
the display startup command. In addition the display startup command can be
used to query the name of the current system software file, name of the next
system software file, name of the backup system software file, names of the four
currently used (if used) system software files, and names of the next four system
software files. The four system software files are the aforementioned configuration
file, voice file, patch file, and license file.
 Following discovery of the startup saved-configuration file, it may be necessary to
define a new configuration file to be loaded at the next startup. If a specific
configuration file is not specified, the default configuration file will be loaded at
the next startup.

 The filename extension of the configuration file must be .cfg or .zip, and the file
must be stored in the root directory of a storage device. When the router is
powered on, it reads the configuration file from the flash memory by default to
initialize. The data in this configuration file is the initial configuration. If no
configuration file is saved in the flash memory, the router uses default parameters
to initiate.

 Through the use of the startup saved-configuration [configuration-file] where the


configuration-file parameter is the configuration file to be used at startup, it is
possible to define a new configuration file to initialize at the next system startup.
 When the compare configuration [configuration-file] [current-line-number save-
line-number] command is used, the system performs a line by line comparison of
the saved configuration with the current configuration starting from the first line. If
the current-line-number save-line-number parameters are specified, the system
skips the non-relevant configuration before the compared lines and continues to
find differences between the configuration files.

 The system will then proceed to output the configuration differences between the
saved configuration and the current configuration files. The comparison output
information is restricted to 150 characters by default. If the comparison requires
less than 150 characters, all variations until the end of two files are displayed.
 The reset saved-configuration command is used in order to delete a device startup
configuration file from the storage device. When performed, the system compares
the configuration files used in the current startup and the next startup when
deleting the configuration file from the router.

 If the two configuration files are the same, they are deleted at the same time after
this command is executed. The default configuration file is used when the router is
started next time. If the two configuration files are different, the configuration file
used in the current startup is deleted after this command is executed.

 If no configuration file is configured for the device current startup, the system
displays a message indicating that the configuration file does not exist after this
command is executed. Once the reset saved-configuration command is used, a
prompt will be given to confirm the action, for which the user is expected to
confirm, as shown in the example.
 The storage devices are product dependant, and include flash memory, SD cards,
or USB flash drives. The AR2200E router for example has a built-in flash memory
and a built-in SD card (in slot sd1). The router provides two reserved USB slots
(usb0 and usb1) and an SD card slot (sd0). For the S5700 it includes a built-in flash
memory with a capacity that varies dependant on the model, with 64MB
supported in the S5700C-HI, S5700-LI, S5700S-LI and S5710-EI models, and 32 MB
for all others. The details regarding the Huawei product storage devices can be
detailed by using the display version command as shown.
 Formatting a storage device is likely to result in the loss of all files on the storage
device, and the files cannot be restored, therefore extra care should be taken when
performing any format command and should be avoided unless absolutely
necessary. The format [storage-device] command is used along with the storage-
device parameter to define the storage location which is required to be formatted.
 When the terminal device displays that the system has failed, the fixdisk command
can be used to attempt to fix the abnormal file system in the storage device,
however it does not provide any guarantee as to whether the file system can be
restored successfully. Since the command is used to rectify problems, if no
problem has occurred in the system it is not recommended that this command be
run. It should also be noted that this command does not rectify device-level
problems.
 Thefilesystemattributedrepresentsthattheentryisadirectoryinthefilesystem.
Itshouldbenotedthatthisdirectorycanonlybedeletedonceanyfilescontained
withinthedirectoryhavebeendeleted.Theremainingrwxvaluesrefertowhether
thedirectory(orfile)canberead,writtento,and/orexecuted.

 Aconfigurationmaybesavedunderaseparatenamefromthedefaultvrpcfg.zip
filenameandstoredwithinthestoragedeviceoftherouterorswitch.Ifthisfileis
requiredtobeusedastheactiveconfigurationfileinthesystem,thecommand
startupsaved-configuration<configuration-file-name>shouldbeusedwherethe
configuration-file-namereferstothefilenameandfileextension.
 The VRP platform is constantly updated to maintain alignment with changes in
technology and support new advancements to the hardware. The VRP image is
generally defined by a VRP version and a product version number. Huawei ARG3
and Sx7 series products generally align with VRP version 5 to which different
product versions are associated.

 As the product version increases, so do the features that are supported by the
version. The product version format includes a product code Vxxx , Rxxx denotes a
major version release and Cxx a minor version release. If a service pack is used to
patch the VRP product version, an SPC value may also be included in the VRP
product version number. Typical examples of the VRP version upgrades for the
AR2200E include:

 Version 5.90 (AR2200 V200R001C00)

 Version 5.110 (AR2200 V200R002C00)

 Version 5.160 (AR2200 V200R007C00)


 File transfer refers to the means by which files are sent to or retrieved from a
remote server or storage location. Within the IP network this application can be
implemented for a wide range of purposes. As part of effective practice, it is
common for important files be duplicated and backed up within a remote storage
location to prevent any loss that would affect critical systems operations. This
includes files such as the VRP image of products which (should the existing image
suffer loss through use of the format command or other forms of error), can be
retrieved remotely and used to recover system operations. Similar principles apply
for important configuration files and maintaining records of activity within devices
stored in log files, which may be stored long term within the remote server.
 FTP is a standard application protocol based on the TCP/IP protocol suite and used
to transfer files between local clients and remote servers. FTP uses two TCP
connections to copy a file from one system to another. The TCP connections are
usually established in client-server mode, one for control (the server port number
is 21) and the other for data transmission (the sever port number is 20). FTP as a
file transfer protocol is used to control connections by issuing commands from the
client (RTA) to the server and transmits replies from the server to the client,
minimizing the transmission delay. In terms of data transmission, FTP transmits
data between the client and server, maximizing the throughput.

 Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol over which a
router can function as a TFTP client to access files on a TFTP server. Unlike FTP,
TFTP has no complex interactive access interface and authentication control.
Implementation of TFTP is based on the User Datagram Protocol (UDP). The client
initiates the TFTP transfer. To download files, the client sends a read request
packet to the TFTP server, receives packets from the server, and returns an
acknowledgement to the server. To upload files, the client sends a write request
packet to the TFTP server, sends packets to the server, and receives
acknowledgement from the server.
 The example demonstrates how connection between an FTP server and client is
established in order to retrieve a VRP image that can be used as part of the system
upgrade process. Prior to any transfer of data, it is necessary to establish the
underlying connectivity over which files can be transferred. This begins by
providing suitable IP addressing for the client and the server. Where the devices
are directly connected, interfaces can be applied that belong to the same network.
Where devices belong to networks located over a large geographic area, devices
must establish relevant IP addressing within their given networks and be able to
discover a relevant network path over IP via which client/server connectivity can be
established.
 A user must determine for any system upgrade as to whether there is adequate
storage space in which to store the file that is to be retrieved. The file system
commands can be used to determine the current status of the file system,
including which files are currently present within the file storage location of the
device and also the amount of space currently available. Where the storage space
is not adequate for file transfer, certain files can be deleted or uploaded to the FTP
server in the event that they may still be required for future use.

 The example demonstrates the use of the delete file system command to remove
the existing image file. It should be noted that the system image, while deleted will
not impact the current operation of the device as long as the device remains
operational, therefore the device should not be powered off or restarted before a
new VRP image file is restored within the storage location of the device, and set to
be used during the next system startup.
 TheretrievingoffilesfromanFTPserverrequiresthataconnectionbeestablished
firstlybeforeanyfiletransfercantakeplace.Withintheclientdevice,theftp
serviceisinitiatedusingtheftp<ip address>wheretheIPaddressrelatestothe
addressoftheFTPservertowhichtheclientwishestoconnect.FTPconnections
willbeestablishedusingTCP,andrequiresauthenticationintheformofa
usernameandpasswordwhichisdefinedbytheFTPserver.Onceauthentication
hasbeensuccessfullyachieved,theclientwillhaveestablishedaccesstotheFTP
serverandwillbeabletouseavarietyofcommandstoviewexistingfilesstored
withinthelocalcurrentdirectoryoftheserver.

 Priortofiletransmission,theusermayberequiredtosetthefiletypeforwhich
twoformatsexist,ASCIIandBinary.ASCIImodeisusedfortext,inwhichdatais
convertedfromthesender'scharacterrepresentationto"8-bitASCII"before
transmission,andthentothereceiver'scharacterrepresentation.Binarymodeon
theotherhandrequiresthatthesendersendeachfilebyteforbyte.Thismodeis
oftenusedtotransferimagefilesandprogramfiles,andshouldbeappliedwhen
sendingorretrievinganyVRPimagefile.Intheexample,thegetvrp.cccommand
hasbeenissuedinordertoretrievethenewVRPimagelocatedwithintheremote
server.
 In the event that the client wishes to retrieve a VRP image from a TFTP server, a
connection to the server need not first be established. Instead the client must
define the path to the server within the command line, along with the operation
that is to be performed. It should also be noted that the AR2200E & S5720 models
serve as the TFTP client only and transfer files only in binary format. As can be
seen from the example, the get command is applied for retrieval of the VRP image
file from the TFTP server following the defining of the destination address of the
TFTP server.
 The transfer of the VRP image file to the client once successfully achieved, requires
that the image be enabled as the startup system software during the next system
startup process. In order to change the system software version, the startup
system-software command must be run and include the system software file to be
used in the next startup. A system software file must use .cc as the file name
extension, and the system software file used in the next startup cannot be that
used in the current startup.

 Additionally, the storage directory of a system software file must be the root
directory, otherwise the file will fail to run. The display startup command should be
used to verify that the change to the startup system software has been performed
successfully. The output for the startup system software should show the existing
VRP image, while the next startup system software should display the transferred
VRP image that is now present within the root directory of the device.
 Confirmation of the startup system software allows for the safe initiation of the
system software during the next system boot. In order to apply the changes and
allow for the new system software to take effect, the device must be restarted. The
reboot command can be used in order to initiate the system restart. During the
reboot process, a prompt will be displayed requesting confirmation regarding
whether the configuration file for the next system startup be saved.

 In some cases, the saved-configuration file may be erased by the user in order to
allow for a fresh configuration to be implemented. Should this have occurred, the
user is expected define a response of ‘no’ at the ‘Continue?’ prompt. If the
user chooses ‘yes’ at this point, the current-configuration will be rewritten to
the saved-configuration file and applied once again during the next startup. If the
user is unaware of the changes for which the save prompt is providing a warning,
it is recommended that the user select ‘no’ or ‘n’ and perform a comparison
of the saved and current configuration to verify the changes. For the reboot
prompt, a response of ‘yes’ or ‘y’ is required to complete the reboot process.
 AclientdevicemusthavethecapabilitytoreachtheFTPserveroverIP,requiring
anIPaddressbeconfigured ontheinterfaceviawhichtheFTPservercanbe
reached.ThiswillallowapathtobevalidatedtotheFTPserveratthenetwork
layerifoneexists.

 Theusercanruntheconfigurationcommanddisplaystartuptovalidatethat
currentstartupsystemsoftware(VRP)isactive,identifiedbythe.ccextension.
 As the enterprise network expands, multiple users need to be established as part
of a multi-access network. The evolution of network technologies has seen a shift
away from shared local networks, to networks which support multiple collision
domains and support the use of 100BaseT forms of media that isolated the
transmission and reception of data over separate wire pairs, thus eliminating the
potential for collisions to occur and allowing higher full duplex transmission rates.
The establishment of a switch brings the capability for increased port density to
enable the connection of a greater number of end system devices within a single
local area network. Each end system or host within a local area network is required
to be connected as part of the same IP network in order for communication to be
facilitated at the network layer. The IP address however is only relevant to the host
systems since switch devices operate within the scope of the link layer and
therefore rely on MAC addressing for frame forwarding.
 As a link layer device, each switch relies on a MAC based table that provides
association between a destination MAC address and the port interface via which a
frame should be forwarded. This is commonly referred to as the MAC address
table.

 The initiation of a switch begins with the switch having no knowledge of end
systems and how frames received from end systems should be forwarded. It is
necessary that the switch build entries within the MAC address table to determine
the path that each frame received should take in order to reach a given destination,
so as to limit broadcast traffic within the local network. These path entries are
populated in the MAC address table as a result of frames received from end
systems. In the example, Host A has forwarded a frame to Switch A, which
currently has no entries within its MAC address table.
 The frame that is forwarded from Host A contains a broadcast MAC address entry
in the destination address field of the frame header. The source address field
contains the MAC address of the peering device, in this case Host A. This source
MAC address is used by the switch in order to populate the MAC address table, by
associating the MAC entry in the source address field with the switch port interface
upon which the frame was received. The example demonstrates how the MAC
address is associated with the port interface to allow any returning traffic to this
MAC destination to be forwarded directly via the associated interface.
 The general behavior of an ARP request involves the frame being flooded to all
intended destinations primarily due to the MAC broadcast (FF-FF-FF-FF-FF-FF) that
represents the current destination. The switch is therefore responsible for
forwarding this frame out of every port interface with exception to the port
interface on which the frame was received, in an attempt to locate the intended IP
destination as listed within the ARP header for which an ARP reply can be
generated. As demonstrated in the example, individual frames are flooded from
the switch via port interfaces G0/0/2 and G0/0/3 towards hosts B and host C
respectively.
 As a result of the ARP request header, the receiving host is able to determine that
the ARP header is intended for the IP destination of 10.1.1.3, along with the local
source address (MAC) from which the frame originated, and use this information
to generate a unicast reply. The information regarding Host A is associated with
the IP address of 10.1.1.3 and stored within the MAC address table of Host C. In
doing so, the generation of broadcast traffic is minimized, thereby reducing the
number of interrupts to local destinations as well as reduction of the number of
frames propagating the local network.

 Once the frame is received from Host C by Switch A, the switch will populate the
MAC address table with the source MAC address of the frame received, and
associate it with the port interface on which the frame was received. The switch
then uses the MAC address table to perform a lookup, in order to discover the
forwarding interface, based on the destination MAC address of the frame. In this
case the MAC address of the frame refers to Host A, for which an entry now exists
via interface G0/0/1, allowing the frame to be forwarded to the known destination.
 Early Ethernet systems operated based on a 10Mbps half-duplex mode and
applied mechanisms such as CSMA/CD to ensure system stability. The transition to
a twisted pair medium gave rise to the emergence of full-duplex Ethernet, which
greatly improved Ethernet performance and meant two forms of duplex could be
negotiated. The auto-negotiation technology allows newer Ethernet systems to be
compatible with earlier Ethernet systems.

 In auto-negotiation mode, interfaces on both ends of a link negotiate their


operating parameters, including the duplex mode, rate, and flow control. If the
negotiation succeeds, the two interfaces work with the same operating parameters.
In some cases however it is necessary to manually define the negotiation
parameters, such as where Gigabit Ethernet interfaces that are working in auto-
negotiation mode are connected via a 100 Mbps network cable. In such cases,
negotiation between the interfaces will fail.

 Due to different product models, HUAWEI switches may not support the change
port duplex mode, see the product manual.
 In the event that the configuration parameters for negotiation are changed from
using auto negotiation, the defined parameters should be checked using the
display interface <interface> command to verify that the negotiated parameters
allow for the link layer interface negotiation to be successful. This is verified by the
line protocol current state being displayed as UP. The displayed information
reflects the current parameter settings for an interface.
 Whenahostorotherendsystemisconnectedtoaswitchportinterface,a
gratuitousARPisgeneratedthatisdesignedtoensurethatIPaddressesremain
uniquewithinanetworksegment.ThegratuitousARPmessagehoweveralso
providestheswitchwithinformationregardingtheMACaddressofthehost,
whichisthenincludedintheMACaddresstableandassociatedwiththeport
interfaceonwhichthehostisconnected.

 Ifthephysicalconnectionofahostconnectedtoaswitchportinterfaceis
removed,theswitchwilldiscoverthephysicallinkisdownandremovetheMAC
entryfromtheMACaddresstable.Oncethemediumisconnectedtoanotherport
interface,theportwilldetectthatthephysicallinkisactiveandagratuitousARP
willbegeneratedbythehost,allowingtheswitchtodiscoverandpopulatethe
MACaddresstablewiththeMACaddressoftheconnectedhost.
 Enterprise growth results in the commissioning of multiple switches in order to
support the interconnectivity of end systems and services required for daily
operations. The interconnection of multiple switches however brings additional
challenges that need to be addressed. Switches may be established as single
point-to-point links via which end systems are able to forward frames to
destinations located via other switches within the broadcast domain. The failure
however of any point-to-point switch link results in the immediate isolation of the
downstream switch and all end systems to which the link is connected. In order to
resolve this issue, redundancy is highly recommended within any switching
network.

 Redundant links are therefore generally used on an Ethernet switching network to


provide link backup and enhance network reliability. The use of redundant links,
however, may produce loops that cause the communication quality to drastically
deteriorate, and major interruptions to the communication service to occur.
 One of the initial effects of redundant switching loops comes in the form of
broadcast storms. This occurs when an end system attempts to discover a
destination for which neither itself nor the switches along the switching path are
aware of. A broadcast is therefore generated by the end system which is flooded
by the receiving switch.

 The flooding effect means that the frame is forwarded via all interfaces with
exception to the interface on which the frame was received. In the example, Host A
generates a frame, which is received by Switch B which is subsequently forwarded
out of all other interfaces. An instance of the frame is received by the connected
switches A and C, which in turn flood the frame out of all other interfaces. The
continued flooding effect results in both Switch A and Switch C flooding instances
of the frame from one switch to the other, which in turn is flooded back to Switch
B, and thus the cycle continues. In addition, the repeated flooding effect results in
multiple instances of the frame being received by end stations, effectively causing
interrupts and extreme switch performance degradation.
 Switches must maintain records of the path via which a destination is reachable.
This is identified through association of the source MAC address of a frame with
the interface on which the frame was received. Only one instance of a MAC
address can be stored within the MAC address table of a switch, and where a
second instance of the MAC address is received, the more recent information takes
precedence.

 In the example, Switch B updates the MAC address table with the MAC address of
Host A and associates this source with interface G0/0/3, the port interface on
which the frame was received. As frames are uncontrollably flooded within the
switching network, a frame is again received with the same source MAC address as
Host A, however this time the frame is received on interface G0/0/2. Switch B must
therefore assume that the host that was originally reachable via interface G0/0/3 is
now reachable via G0/0/2, and will update the MAC address table accordingly. The
result of this process leads to MAC instability and continues to occur endlessly
between both the switch port interfaces connecting to Switch A and Switch C since
frames are flooded in both directions as part of the broadcast storm effect.
 The challenge for the switching network lies in the ability to maintain switching
redundancy to avoid isolation of end systems in the event of switch system or link
failure, and the capability to avoid the damaging effects of switching loops within
a switching topology which implements redundancy. The resulting solution for
many years has been to implement the spanning tree protocol (STP) in order to
prevent the effects of switching loops. Spanning tree works on the principle that
redundant links be logically disabled to provide a loop free topology, whilst being
able to dynamically enable secondary links in the event that a failure along the
primary switching path occurs, thereby fulfilling the requirement for network
redundancy within a loop free topology. The switching devices running STP
discover loops on the network by exchanging information with one another, and
block certain interfaces to cut off loops. STP has continued to be an important
protocol for the LAN for over 20 years.
 The removal of any potential for loops serves as the primary goal of spanning tree
for which an inverted tree type architecture is formed. At the base of this logical
tree is the root bridge/switch. The root bridge represents the logical center but not
necessarily the physical center of the STP-capable network. The designated root
bridge is capable of changing dynamically with the network topology, as in the
event where the existing root bridge fails to continue to operate as the root bridge.
Non-root bridges are considered to be downstream from the root bridge and
communication to non-root bridges flows from the root bridge towards all non-
root bridges. Only a single root bridge can exist in a converged STP-capable
network at any one time.
 Discovery of the root bridge for an STP network is a primary task performed in
order to form the spanning tree. The STP protocol operates on the basis of
election, through which the role of all switches is determined. A bridge ID is
defined as the means by which the root bridge is discovered. This comprises of
two parts, the first being a 16 bit bridge priority and the second, a 48 bit MAC
address.

 The device that is said to contain the highest priority (smallest bridge ID) is elected
as the root bridge for the network. The bridge ID comparison takes into account
initially the bridge priority, and where this priority value is unable to uniquely
identify a root bridge, the MAC address is used as a tie breaker. The bridge ID can
be manipulated through alteration to the bridge priority as a means of enabling a
given switch to be elected as the root bridge, often in support of an optimized
network design.
 Thespanningtreetopologyreliesonthecommunicationofspecificinformationto
determinetheroleandstatusofeachswitchinthenetwork.ABridgeProtocol
DataUnit(BPDU)facilitatescommunicationwithinaspanningtreenetwork.Two
formsofBPDUareusedwithinSTP.AConfigurationBPDUisinitiallycreatedby
therootandpropagateddownstreamtoensureallnon-rootbridgesremainaware
ofthestatusofthespanningtreetopologyandimportantly,therootbridge.The
TCNBPDUisasecondformofBPDU,whichpropagatesinformationinthe
upstreamdirectiontowardstherootandshallbeintroducedinmoredetailaspart
ofthetopologychangeprocess.

 BridgeProtocolDataUnitsarenotdirectlyforwardedbyswitches,insteadthe
informationthatiscarriedwithinaBPDUisoftenusedtogenerateaswitchesown
BPDUfortransmission.AConfigurationBPDUcarriesanumberofparametersthat
areusedbyabridgetodetermineprimarilythepresenceofarootbridgeand
ensurethattherootbridgeremainsthebridgewiththehighestpriority.EachLAN
segmentisconsideredtohaveadesignatedswitchthatisresponsibleforthe
propagationofBPDUdownstreamtonon-designatedswitches.

 TheBridgeIDfieldisusedtodeterminethecurrentdesignatedswitchfromwhich
BPDUareexpectedtobereceived.TheBPDUisgeneratedandforwardedbythe
rootbridgebasedonaHellotimer,whichissetto2secondsbydefault.AsBPDU
arereceived bydownstreamswitches,anewBPDUisgeneratedwithlocally
defined parameters and forwarded to all non-designated switches for theLAN
segment.
 Another feature of the BPDU is the propagation of two parameters relating to path
cost. The root path cost (RPC) is used to measure the cost of the path to the root
bridge in order to determine the spanning tree shortest path, and thereby
generate a loop free topology. When the bridge is the root bridge, the root path
cost is 0.

 The path cost (PC) is a value associated with the root port, which is the port on a
downstream switch that connects to the LAN segment, on which a designated
switch or root bridge resides. This value is used to generate the root path cost for
the switch, by adding the path cost to the RPC value that is received from the
designated switch in a LAN segment, to define a new root path cost value. This
new root path cost value is carried in the BPDU of the designated switch and is
used to represent the path cost to the root.
 Huawei Sx7 series switches support a number of alternative path cost standards
that can be implemented based on enterprise requirements, such as where a
multi-vendor switching network may exist. The Huawei Sx7 series of switches use
the 802.1t path cost standard by default, providing a stronger metric accuracy for
path cost calculation.
 Aconvergedspanningtreenetworkdefinesthateachinterfacebeassigneda
specificportrole.Portrolesareusedtodefinethebehaviorofportinterfacesthat
participatewithinanactivespanningtreetopology.Forthespanningtreeprotocol,
threeportrolesofdesignated,rootandalternatearedefined.

 Thedesignatedportisassociatedwitharootbridgeoradesignatedbridgeofa
LANsegmentanddefinesthedownstreampathviawhichConfigurationBPDUare
forwarded.Therootbridgeisresponsibleforthegenerationofconfiguration
BPDUtoalldownstreamswitches,andthusrootbridgeportinterfacesalways
adoptthedesignatedportrole.

 Therootportidentifiestheportthatoffersthelowestcostpathtotheroot,based
ontherootpathcost.Theexampledemonstratesthecasewheretwopossible
pathsexistbacktotheroot,howeveronlytheportthatoffersthelowestrootpath
costisassignedastherootport.Wheretwoormoreportsofferequalrootpath
costs,thedecisionofwhichportinterfacewillbetherootportisdeterminedby
comparingthebridgeIDintheconfigurationBPDUthatisreceivedoneachport.

 Anyportthatisnotassignedadesignatedorrootportroleisconsideredan
alternateport,andisabletoreceiveBPDUfromthedesignatedswitchfortheLAN
segmentforthepurposeofmonitoringthestatusoftheredundantlink,butwill
notprocessthereceivedBPDU.TheIEEE802.1D-1990standardforSTPoriginally
definedthisportroleasbackup,howeverthiswasamendedtobecomethe
alternateport rolewithin theIEEE 802.1D-1998 standards revision.
 The port ID represents a final means for determining port roles alongside the
bridge ID and root path cost mechanism. In scenarios where two or more ports
offer a root path cost back to the root that is equal and for which the upstream
switch is considered to have a bridge ID that is equal, primarily due to the
upstream switch being the same switch for both paths, the port ID must be
applied to determine the port roles.

 The port ID is tied to each port and comprises of a port priority and a port number
that associates with the port interface. The port priority is a value in the range of 0
to 240, assigned in increments of 16, and represented by a value of 128 by default.
Where both port interfaces offer an equal port priority value, the unique port
number is used to determine the port roles. The highest port identifier (the lowest
port number) represents the port assigned as the root port, with the remaining
port defaulting to an alternate port role.
 TherootbridgeisresponsibleforthegenerationofconfigurationBPDUbasedon
aBPDUintervalthatisdefinedbyaHellotimer.ThisHellotimerbydefault
representsaperiodof2seconds.Aconvergedspanningtreenetworkmustensure
thatintheeventofafailurewithinthenetwork,whichswitcheswithintheSTP
enablednetworkaremade awareofthefailure.AMaxAgetimerisassociatedwith
eachBDPUandrepresentslifespanofaBPDUfromthepointofconceptionbythe
rootbridge,andultimatelycontrolsthevalidityperiodofaBDPUbeforeitis
consideredobsolete.ThisMAXAgetimerbydefaultrepresentsaperiodof20
seconds.

 OnceaconfigurationBPDUisreceivedfromtherootbridge,thedownstream
switchisconsideredtotakeapproximately1secondtogenerateanewBPDU,and
propagatethegeneratedBPDUdownstream.Inordertocompensateforthistime,
amessageage(MSGAge)valueisappliedtoeachBPDUtorepresenttheoffset
betweentheMAXAgeandthepropagationdelay,andforeachswitchthis
messageagevalueisincrementedby1.

 AsBPDUarepropagatedfromtherootbridgetothedownstreamswitchesthe
MAXAgetimerisrefreshed.TheMAXAgetimercountsdownandexpireswhen
theMAXAgevalueexceedsthevalueofthemessageage,toensurethatthe
lifetimeofaBPDUislimitedtotheMAXAge,asdefinedbytherootbridge.Inthe
eventthataBPDUisnotreceivedbeforetheMAXAgetimerexpires,theswitch
will consider theBPDU information currently held as obsoleteand assume an STP
networkfailurehasoccurred.
 The spanning tree convergence process is an automated procedure that initiates at
the point of switch startup. All switches at startup assume the role of root bridge
within the switching network. The default behavior of a root bridge is to assign a
designated port role to all port interfaces to enable the forwarding of BPDU via all
connected port interfaces. As BPDU are received by peering switches, the bridge ID
will be compared to determine whether a better candidate for the role of root
bridge exists. In the event that the received BPDU contains an inferior bridge ID
with respect to the root ID, the receiving switch will continue to advertise its own
configuration BPDU to the neighboring switch.

 Where the BDPU is superior, the switch will acknowledge the presence of a better
candidate for the role of root bridge, by ceasing to propagate BPDU in the
direction from which the superior BPDU was received. The switch will also amend
the root ID field of its BPDU to advertise the bridge ID of the root bridge
candidate as the current new root bridge.
 An elected root bridge, once established will generate configuration BPDU to all
other non-root switches. The BPDU will carry a root path cost that will inform
downstream switches of the cost to the root, to allow for the shortest path to be
determined. The root path cost carried in the BPDU that is generated by the root
bridge always has a value of 0. The receiving downstream switches will then add
this cost to the path cost of the port interfaces on which the BPDU was received,
and from which a switch is able to identify the root port.

 In the case where equal root path costs exist on two or more LAN segments to the
same upstream switch, the port ID is used to discover the port roles. Where an
equal root path cost exists between two switches as in the given example, the
bridge ID is used to determine which switch represents the designated switch for
the LAN segment. Where the switch port is neither a root port nor designated port,
the port role is assigned as alternate.
 Aspartoftherootbridgeandportroleestablishment,eachswitchwillprogress
throughanumberofportstatetransitions.Anyportthatisadministratively
disabledwillbeconsideredtobeinthedisabledstate.Enablingofaportinthe
disabledstatewillseeastatetransitiontotheblockingstate①.

 Anyportconsideredtobeinablockingstateisunabletoforwardanyusertraffic,
butiscapableofreceivingBPDUframes.AnyBPDUreceivedonaportinterfacein
theblockingstatewillnotbeusedtopopulatetheMACaddresstableofthe
switch,butinsteadtodeterminewhetheratransitiontothelisteningstateis
necessary.ThelisteningstateenablescommunicationofBPDUinformation,
followingnegotiationoftheportroleinSTP②,butmaintainsrestrictiononthe
populatingoftheMACaddresstablewithneighborinformation.

 Atransitiontotheblockingstatefromthelisteningorotherstates③ mayoccurin
theeventthattheportischangedtoanalternateportrole.Thetransitionbetween
listeningtolearningandlearningtoforwardingstates④ isgreatlydependant on
theforwarddelaytimer,whichexiststoensurethatanypropagationofBDPU
informationtoallswitchesinthespanningtreetopologyisachievablebeforethe
statetransitionoccurs.

 Thelearningstatemaintainstherestrictionofusertrafficforwardingtoensure
preventionofanyswitchingloopshoweverallowsforthepopulationoftheMAC
addresstablethroughoutthespanningtreetopologytoensureastableswitching
network.Following a forward delay period,theforwarding stateis reached.The
disabledstateisapplicableatanytimeduringthestatetransitionperiodthrough
manualintervention(i.e.theshutdowncommand)⑤.
 Events that cause a change in the established spanning tree topology may occur in
a variety of ways, for which the spanning tree protocol must react to quickly re-
establish a stable and loop free topology. The failure of the root bridge is a
primary example of where re-convergence is necessary. Non-root switches rely on
the intermittent pulse of BPDU from the root bridge to maintain their individual
roles as non-root switches in the STP topology. In the event that the root bridge
fails, the downstream switches will fail to receive a BPDU from the root bridge and
as such will also cease to propagate any BPDU downstream. The MAX Age timer is
typically reset to the set value (20 seconds by default) following the receipt of each
BPDU downstream.

 With the loss of any BPDU however, the MAX Age timer begins to count down the
lifetime for the current BPDU information of each non-root switch, based on the
(MAX Age – MSG Age) formula. At the point at which the MSG Age value is greater
than the MAX Age timer value, the BPDU information received from the root
becomes invalid, and the non-root switches begin to assume the role of root
bridge. Configuration BPDU are again forwarded out of all active interfaces in a bid
to discover a new root bridge. The failure of the root bridge invokes a recovery
duration of approximately 50 seconds due to the Max Age + 2x Forward Delay
convergence period.
 In the case of an indirect link failure, a switch loses connection with the root bridge
due to a failure of the port or media, or due possibly to manual disabling of the
interface acting as the root port. The switch itself will become immediately aware
of the failure, and since it only receives BPDU from the root in one direction, will
assume immediate loss of the root bridge, and assert its position as the new root
bridge.

 From the example, switch B begins to forward BPDU to switch C to notify of the
position of switch B as the new root bridge, however switch C continues to receive
BPDU from the original root bridge and therefore ignores any BPDU from switch B.
The alternate port will begin to age its state through the MAX Age timer, since the
interface no longer receives BPDU containing the root ID of the root bridge.

 Following the expiry of the MAX Age timer, switch C will change the port role of
the alternate port to that of a designated port and proceed to forward BPDU from
the root towards switch B, which will cause the switch to concede its assertion as
the root bridge and converge its port interface to the role of root port. This
represents a partial topology failure however due to the need to wait for a period
equivalent to MAX Age + 2x forward delay, full recovery of the STP topology
requires approximately 50 seconds.
 A final scenario involving spanning tree convergence recovery occurs where
multiple LAN segments are connected between two switch devices for which one is
currently the active link while the other provides an alternate path to the root.
Should an event occur that causes the switch that is receiving the BPDU to detect a
loss of connection on its root port, such as in the event that a root port failure
occurs, or a link failure occurs, for which the downstream switch is made
immediately aware, the switch can instantly transition the alternate port.

 This will begin the transition through the listening, learning and forwarding states
and achieve recovery within a 2x forward delay period. In the event of any failure,
where the link that provides a better path is reactivated, the spanning tree
topology must again re-converge in order to apply the optimal spanning tree
topology.
 In a converged spanning tree network, switches maintain filter databases, or MAC
address tables to manage the propagation of frames through the spanning tree
topology. The entries that provide an association between a MAC destination and
the forwarding port interface are stored for a finite period of 300 seconds (5
minutes) by default. A change in the spanning tree topology however means that
any existing MAC address table entries are likely to become invalid due to the
alteration in the switching path, and therefore must be renewed.

 The example demonstrates an existing spanning tree topology for which switch B
has entries that allow Host A to be reached via interface Gigabit Ethernet 0/0/3
and Host B via interface Gigabit Ethernet 0/0/2. A failure is simulated on switch C
for which the current root port has become inactive. This failure causes a
recalculation of the spanning tree topology to begin and predictably the activation
of the redundant link between switch C and switch B.

 Following the re-convergence however, it is found that frames from Host A to Host
B are failing to reach their destination. Since the MAC address table entries have
yet to expire based on the 300 second rule, frames reaching switch B that are
destined for Host B continue to be forwarded via port interface Gigabit Ethernet
0/0/2, and effectively become black holed as frames are forwarded towards the
inactive port interface of switch C.
 AnadditionalmechanismmustbeintroducedtohandletheMACentriestimeout
periodissuethatresultsininvalidpathentriesbeingmaintainedfollowing
spanningtreeconvergence.Theprocessimplementedisreferredtoasthe
TopologyChangeNotification(TCN)process,andintroducesanewformofBPDU
to thespanningtreeprotocoloperation.

 ThisnewBPDUisreferredtoastheTCNBPDUandisdistinguishedfromthe
originalSTPconfigurationBPDUthroughthesettingoftheBPDUtypevalueto
128(0x80).ThefunctionoftheTCNBPDUistoinformtheupstreamrootbridgeof
anychangeinthecurrenttopology,therebyallowingtheroottosend a
notificationwithintheconfigurationBPDUtoalldownstreamswitches,toreduce
thetimeoutperiodforMACaddresstableentriestotheequivalentoftheforward
delaytimer,or15secondsbydefault.

 TheflagsfieldoftheconfigurationBPDUcontainstwofieldsforTopologyChange
(TC)andTopologyChangeAcknowledgement(TCA).UponreceivingaTCNBPDU,
therootbridgewillgenerateaBPDUwithboththeTCandTCAbitsset,to
respectivelynotifyofthetopologychangeandtoinformthedownstreamswitches
thattherootbridgehasreceivedtheTCNBPDU,andthereforetransmissionofthe
TCNBPDUshouldcease.

 TheTCAbitshallremainactiveforaperiodequaltotheHellotimer(2seconds),
followingwhichconfigurationBPDUgeneratedbytherootbridgewillmaintain
only theTC bit for a duration of(MAX Age+forward delay),or 35seconds by
default.
 The effect of the TCN BPDU on the topology change process ensures that the root
bridge is notified of any failure within the spanning tree topology, for which the
root bridge is able to generate the necessary flags to flush the current MAC
address table entries in each of the switches. The example demonstrates the
results of the topology change process and the impact on the MAC address table.
The entries pertaining to switch B have been flushed, and new updated entries
have been discovered for which it is determined that Host B is now reachable via
port interface Gigabit Ethernet 0/0/1.
 Huawei Sx7 series switches to which the S5700 series model belongs, is capable of
supporting three forms of spanning tree protocol. Using the stp mode command,
a user is able to define the mode of STP that should be applied to an individual
switch. The default STP mode for Sx7 series switches is MSTP, and therefore must
be reconfigured before STP can be used.
 As part of good switch design practice, it is recommended that the root bridge be
manually defined. The positioning of the root bridge ensures that the optimal path
flow of traffic within the enterprise network can be achieved through configuration
of the bridge priority value for the spanning tree protocol. The stp priority [priority]
command can be used to define the priority value, where priority refers to an
integer value between 0 and 61440, assigned in increments of 4096. This allows for
a total of 16 increments, with a default value of 32768. It is also possible to assign
the root bridge for the spanning tree through the stp root primary command.
 It has been understood that Huawei Sx7 series of switches support three forms of
path cost standard in order to provide compatibility where required, however
defaults to support the 802.1t path cost standard. The path cost standard can be
adjusted for a given switch using the stp pathcost-standard {dot1d-1998 | dot1t |
legacy } command, where dot1d-1998, dot1t and legacy refer to the path cost
standards described earlier in this section.

 In addition, the path cost of each interface can also be assigned manually to
support a means of detailed manipulation of the stp path cost. This method of
path cost manipulation should be used with great care however as the path cost
standards are designed to implement the optimal spanning tree topology for a
given switching network and manipulation of the stp cost may result in the
formation of a sub-optimal spanning tree topology.

 The command stp cost [cost] is used, for which the cost value should follow the
range defined by the path cost standard. If a Huawei legacy standard is used, the
path cost ranges from 1 to 200000. If the IEEE 802.1D standard is used, the path
cost ranges from 1 to 65535. If the IEEE 802.1t standard is used, the path cost
ranges from 1 to 200000000.
 If the root switch on a network is incorrectly configured or attacked, it may receive
a BPDU with a higher priority and thus the root switch becomes a non-root switch,
which causes a change of the network topology. As a result, traffic may be
switched from high-speed links to low-speed links, causing network congestion.

 To address this problem, the switch provides the root protection function. The root
protection function protects the role of the root switch by retaining the role of the
designated port. When the port receives a BPDU with a higher priority, the port
stops forwarding packets and turns to the listening state, but it still retains a
designated port role. If the port does not receive any BPDU with a higher priority
for a certain period, the port status is restored from the listening state.

 The configured root protection is valid only when the port is the designated port
and the port maintains the role. If a port is configured as an edge port, or if a
command known as loop protection is enabled on the port, root protection cannot
be enabled on the port.
 Using the display stp command, the current STP configuration can be determined.
A number of timers exist for managing the spanning tree convergence, including
the hello timer, max age timer, and forward delay, for which the values displayed
represent the default timer settings, and are recommended to be maintained.

 The current bridge ID can be identified for a given switch through the CIST Bridge
configuration, comprised of the bridge ID and MAC address of the switch.
Statistics provide information regarding whether the switch has experienced
topology changes, primarily through the TC or TCN received value along with the
last occurrence as shown in the time since last TC entry.
 For individual interfaces on a switch it is possible to display this information via the
display stp command to list all interfaces, or using the display stp interface
<interface> command to define a specific interface. The state of the interface
follows MSTP port states and therefore will display as either Discarding, Learning
or Forwarding. Other valid information such as the port role and cost for the port
are also displayed, along with any protection mechanisms applied.
 Followingthefailureoftherootbridgeforaspanningtreenetwork,thenextbest
candidatewillbeelectedastherootbridge.Intheeventthattheoriginalroot
bridgebecomesactiveonceagaininthenetwork,theprocessofelectionforthe
positionofrootbridgewilloccuronceagain.Thiseffectivelycausesnetwork
downtimeintheswitchingnetworkasconvergenceproceeds.

 TheRootPathCostisthecostassociatedwiththepathbacktotherootbridge,
whereasthePathCostreferstothecostvaluedefinedforaninterfaceonaswitch,
whichisaddedtotheRootPathCost,todefinetheRootPathCostforthe
downstreamswitch.

You might also like