The Illustrated Network- P83

Chia sẻ: Cong Thanh | Ngày: | Loại File: PDF | Số trang:10

Thêm vào BST

Báo xấu

60
lượt xem 2
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

The Illustrated Network- P83:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: The Illustrated Network- P83

Index 789 requirement levels, 20 operation, 487–88 TCP, 285–86 operators, 488 Resource records (RRs), 493 See also Domain name system (DNS) Class ﬁeld, 494 Round-trip times, 205 Comments ﬁeld, 495 Route distinguishers, 670 Name ﬁeld, 493 Route leaking, 374 Record-Data ﬁeld, 495 Router advertisement, 212 Record-Type ﬁeld, 494–95 DHCPv6 and, 479–80 TTL ﬁeld, 494 in host direction to DHCP server, 213 types, 494 message, 203 Resource Reservation Protocol (RSVP), Router architectures, 242–47 425–26, 447 basic, 243–45 Reverse ARP (RARP), 146, 158, 468 hardware-based, 243, 246–48 Reverse-path forwarding (RPF), 411–13 network processor engines (NPEs), 244 check, 412 software-based, 243, 244 table, 412 Router-assigned preﬁxes, 113 table, populating, 412–13 Router-based networks. See Connectionless Ring topology, 31 networks RIPE NCC (Reseaux IP European Network Router-by-router VPLS conﬁguration, Coordination Center), 138 672–74 RIPng, 345, 352, 362–64 CEO router, 672 conﬁguring, 348, 350 PE5 router, 673–74 for IPv6 packet ﬁelds, 363 Routers, 7, 8, 33, 37, 63–64, 77, 222 multicast addresses, 350 access, 248–49 next hop, 364 auxiliary port, 248 updates, 364 backbone, 246 See also Routing Information Protocol (RIP) border, 334, 368, 387 RIPv1, 355, 358–59 CE, 9, 47, 669–70, 672, 676, 716–19 limitations, 358–59 console port, 248 metrics, 359 CPU chips, 244 packets, 358 dead, 213 subnet masks, 359 delay, 67 update timer, 358 DHCP and, 479–80 wasted space, 358 DSL, 78, 79, 329 See also Routing Information Protocol edge, 329, 334 (RIP) egress, 446, 451–52 RIPv2, 355, 359–62 ﬁle transfer to, 10–11 authentication, 361 function, 220 improvements, 259 Illustrated Network, 9, 346–47 limitations, 362 illustrated use, 69 multicasting, 362 in-band management, 248 next hop identiﬁcation, 361–62 indirect delivery and, 231–34 packet format, 359–61 ingress, 446, 450 subnet masks, 361 interfaces, 233–34 See also Routing Information Protocol Internet core, 127 (RIP) IPSec and, 721 RMON (remote monitor), 609, 622 IPv6, 212 ROM, 245 IS–IS, 373 ROM monitor (ROMMON), 245 ISP use, 319 Root level certiﬁcate authorities, 595 Juniper Networks, 237, 241, 246 Root servers, 487–89 loopback interface, 221 details, 489 memory, 243, 244 list, 488 MSDP, 420
790 Index Routers (cont’d) Routing policies, 321, 333 multicast, 409, 415–16 BGP, 384–86, 395–96 neighbor, 353 example illustration, 337 neighbor discovery and, 212 framework, 337 network access, 249–50 function of, 333 as network nodes, 324, 333 IGPs and, 342 NICs, 231 roles of, 336–38 NVRAM, 243 Routing protocols, 321, 333 operation, 60 ASs and, 333 packet ﬁlter, 700–701 ISP use, 319 packet-handling, 240 multicast, 409, 417–18, 426–27 provider, 9, 670, 674–76 See also speciﬁc protocols provider edge, 9, 673–74, 697 Routing tables, 217 Proxy ARP and, 158 asterisk (*), 221, 240 self-booting, 243 on CE routers, 670 stateful inspection, 701–5 Cisco-like display, 240 steps, 242 default route, 221 in TCP/IP networks, 14 deﬁned, 37, 220, 330 transit (intermediate), 446, 450–51 for each IP network, 127 Router-to-host tunnels, 253, 254 entries, 329 Router-to-router tunnels, 253, 254 FreeBSD and, 329–30 Routing, 37, 217–34 host, 222–26, 328–32 direct delivery, 226–29, 230–31 Illustrated Network, 322–23 distance vector, 355–56 information display, 331 domains, 336, 353 IPv4, 221 engines, 247 IPv6, 221, 241, 332 Illustrated Network, 218–19 Linux and, 330–31 indirect delivery, 229, 231–34 metric entries, 221 information exchange, 337 route preference, 221 with IP addresses, 229 Windows XP and, 331–32 loops, 409 RSA Data Security Code (RC4), 601 network layer, 324–25 RSARef, 601 policy, 333 RTP. See Real-Time Protocol switching comparison, 443 Running-conﬁg, 245 ToS, 367–68 at wire speeds, 243 S Routing Information Protocol (RIP), 345, 354 Safe passage, 585 backbone routers running, 351 Scaling, BGP, 395–96 as Bellman-Ford routing protocol, 355 Secret keys, 593 broken links, 356–57 Secure shell (SSH), 249, 633–57 conﬁguring, 350 in action, 649–55 as distance-vector protocol, 354, 355–56 agents, 640 enabling, 349 architecture, 639–40 ﬂooding updates, 356 authentication, 636, 637–38 information ﬂow, 350 basics, 636–37 links, 348 clients, 636, 639 metric, 355 as client–server protocol, 636 multicast addresses, 350 conﬁguration ﬁles, 640 RIPng, 362–64 Ethereal capture, 655 RIPv1, 355, 358–59 features, 637–38 RIPv2, 355, 359–62 FTP and, 647 split horizon, 357 host key, 640 triggered updates, 357–58 Illustrated Network, 634–35
Index 791 key generator, 639 Security keys, 640–41 areas, 599 known hosts, 639 certiﬁcate warning, 588 model illustration, 637 PKI, 598 OpenSSH, 637 protocol, 6 protocol operation, 641–42 public key encryption, 595 protocol relationships, 641 remote access, 10 proxy gateway, 638 VLANs for, 66 random seeds, 640 VPNs and, 664–65 as remote access application, 633 Web site, 585 secure client–server communication, 637 Security association database (SAD), security add-on, 638 722 servers, 639 Security associations (SAs), 713, 722–29 session key, 640–41 Security parameter index (SPI), 713, 722 sessions, 639 AH, 724 signer, 640 security policy, 722 as slogin implementation, 636 Security policy database (SPD), 722 SSH1 and SSH2, 636–37 Segmentation, 61–62 SSH-AUTH, 641, 642, 644–45 Segments, 55, 286 SSH-CONN, 641, 642, 645–46 handling, 39 SSH-SFTP, 641, 642, 647–49 lost, 290 SSH-TRANS, 641, 642, 642–44 request–response pair, 288 transparency, 638 Selectors, 722 user key, 640 Self-signed certiﬁcates, 595 using, 633–49 Sender keeps all (SKA), 338, 339 versatility, 638 Sending ICMP messages, 203–4 Secure socket layer (SSL), 585–605, 665 Serial delay, 743 Alert Protocol, 599 Serial Line Interface Protocol (SLIP), 85 Change Cipher Spec Protocol, 599 Servers, 7, 8 clear private keys, 602–3 authentication, 100, 585 computational complexity, 602 authoritative, 487 data transfer, 601 BOOTP, 459, 469 Difﬁe-Hellman, 599 DHCP, 462–64, 480 Handshake Protocol, 599 DHCPv6, 480 Illustrated Network and, 586–87 DMZ, 709 implementations, 592, 601–2 DNS, 463, 486–87, 489 issues and problems, 602–4 FreeBSD, 498 MAC, 601 FTP, 304, 519 nonrepudiation, 603–4 GLTD, 502 OpenSSL, 588 identity, 585 page, loading, 591 name, 489, 491 as protocol, 598–604 nonauthoritative, 487 protocol stack, 599 pocket calculator decryption at, 597–98 pseudorandom numbers, 603 proxy, 752 public key encryption, 598 root, 487–89 Record Protocol, 599, 602 SMTP, 542 session establishment, 599–601 socket, 315, 316 stolen credentials, 603 SSH, 639 TCP limitation, 603 TFTP, 469 TCP port, 600 VoIP, 739 TLS relationship, 592 Web, 559, 562 as toolkit library, 601 See also Clients; Client–server model Web sites and, 585–92 Service data unit (SDU), 27
792 Index Services, 27 messages and details, 613 Session Announcement Protocol and Source MIB, 618–22 Description Protocol (SAP/SDP) model, 616–23 messages, 407 model illustration, 617 Session Initiation Protocol (SIP), 750–52 as network management tool, 616 registrar, 751 operation, 623–27 request types, 752 PDU structure, 626 responses, 752 polling, 625, 627 sequence of requests/responses, 751 private MIB, 622–23 session initiation steps, 751 read-only access, 614 signaling stack, 749 requests, 625 Session support, 41 RMON, 622 Settlements, 338 router management, 624 Shared secret key, 593 in security framework, 628 Shortest-path tree (SPT), 413–14 sessions, 613 building, 413 SMI, 618–20 size, 414 SNMPv1, 612, 627, 628 Short-inter-frame spacing (SIFS), 101 SNMPv1 PDU, 626 Signaled LSPs, 446 SNMPv1 protocol operation, 625 Signaling, 745, 748–49 SNMPv2, 612 H.323 stack, 749 SNMPv2 enhancements, 627–28 MGCP stack, 749 SNMPv3, 628 MPLS and, 447–48 in TCP/IP protocol stack, 624 packets, 740, 741 traps, 626 protocols, 279 Simplex mode, 31 SIP stack, 749 Site certiﬁcates, 589 Signers, 640 SKEME, 729 Simple Key Management for Internet Sliding window, TCP, 293–94 Protocols (SKIP), 203 Socket interface, 304–7 Simple Mail Transfer Protocol (SMTP), isolation, 307 59–60, 538, 542, 545–47 reasons for, 304 authentication, 544–45, 546 simplicity, 307 basic mail exchange, 546 Windows, 309–11 commands, 547 Sockets, 52, 273, 301–16 mail servers, 542 client–server TCP stream, 316 message delivery with, 540 colon (:), 273 as MTA, 543 concept applied to FTP, 305 packet sequence, 540 datagram, 306 reply codes, 545, 547 dot (.), 273 Service Extensions (ESMTP), 544 Illustrated Network, 302–3 Simple Message Transfer Protocol (SMTP), 42 libraries, 305–6 Simple Network Management Protocol on Linux, 311–16 (SNMP), 60, 249, 609–29 listening, displaying, 264 agent/manager model, 616 power of, 316 agent software, 616, 617 as programmer’s identiﬁer, 305 capabilities, 612–16 raw, 306, 308–9 community, 615 server, 315, 316 community strings, 627 stream, 306 as connectionless, 626 types, 306 enabling, 612 UDP, 260–61, 262–66 Illustrated Network, 610–11 uses, 305–6 manager software, 623 for Windows, 310–11 messages, 624, 625 Software-based forwarding, 243
Index 793 Software ﬁrewalls, 700, 705 Stream sockets, 306 Solicitation message, 203 Structure of Management Information (SMI) Source Speciﬁc Multicast (SSM), 418–19 tree, 618–20 Spanning tree bridges, 63 illustrated, 619 Sparse-mode multicast, 410–11 Network Management Protocol use, 619 Split horizon, 357 objects, 624 SSH. See Secure shell root, 618 SSH-AUTH, 641, 642, 644–45 Subconfederations, 337 request, 644–45 Subnet masks, 128 use of, 653 default, 129 SSH-CONN, 641, 642, 645–46 forms, 128–29 channel requests, 646 RIPv1, 359 channel types, 645–46 RIPv2, 361 multiplexing, 645 use of, 129–30 See also Secure shell (SSH) Subnetting, 117, 127–31 SSH-SFTP, 641, 642, 647–49 address masks, 128 ﬁle transfer with, 648 basics, 128–31 syntax and options, 647–49 LANs, 130 SSH-TRANS, 641, 642, 642–44 Supernetting, 117 binary packet protocol, 643 Swap, 446 key exchange, 643, 644, 652 Switched Multimegabit Data Services negotiation, 651 (SMDS), 85 See also Secure shell (SSH) Switched networks. See Connection-oriented SSL. See Secure socket layer networks SSLava, 601 Switched virtual circuits (SVCs), 324, 446 SSLRef, 601 packets on, 324 Standards, 16–18 Switches, 37, 324 data communication, 16 ATM, 442 de facto, 16–17 LAN, 9, 33, 64–65 de jure, 16 See also Routers draft, 19 Symmetrical encryption, 598 Internet, 18, 20 Symmetric DSL (SDSL), 95 interoperability and, 16 Synchronization source identiﬁer (SSRC), proposed, 19 746 protocols versus, 15 Synchronous Digital Hierarchy (SDH) TCP/IP protocol suite, 17 as PPP technology, 86 See also speciﬁc standards SONET frame structure differences, 77 Star topology, 31 See also Synchronous Optical Network/ Stateful inspection, 701–5, 706–8 Synchronous Digital Hierarchy anomaly categories, 702–3 (SONET/SDH) deep, 707 Synchronous optical network (SONET) as dynamic/reﬂexive ﬁrewall, 706 evolution of, 96–98 ﬂows, 702 frames, 32 from and then structure, 703 links, displaying, 76–78 interface application, 703 point-to-point, 7 Juniper Networks router, 702 SDH frame structure differences, 77 See also Firewalls standard, 77 State variables, 41 transmission-frame payload area, 98 Static IP address assignment, 121 Synchronous Optical Network/Synchronous Static LSPs, 446 Digital Hierarchy (SONET/SDH), 71, link failure and, 452 84, 244 MPLS conﬁguration with, 450–53 frames, 97 See also Label switched paths (LSPs) high-speed WAN links, 96
794 Index Synchronous Optical Network/Synchronous overview, 30 Digital Hierarchy (cont’d) physical, 30–32 links, 72–73 transport, 30, 38–40 MIB, 622 TCP/IP protocol suite, 3, 25–29, 43–44 Packet over (POS), 97–98 detail, 56 Systems, 6 device categories, 26 AS, 332–34 ﬂexibility, 27 end, 6, 26 illustrated, 44 intermediate, 6, 26 open, 25 peer protocol, 54 T standards, 17 TCP headers, 282–85, 286, 745 TCP/IP Sockets in C, 311, 406 ACK ﬁeld, 283, 289, 291 Telnet, 59 Acknowledgment Number ﬁeld, 282–83 Termination of communications, 15 Checksum ﬁeld, 284 Tethereal MAC addresses, 229 Destination Port ﬁeld, 282 Third-party cookies, 581 ECN ﬂags, 283 Three-way handshake, 286 ﬁeld illustration, 283 capture, 296 FIN ﬁeld, 283, 289 FTP, 297 Header Length ﬁeld, 283 functions, 288 Options ﬁeld, 284 See also Transmission Control Protocol PSH ﬁeld, 283 (TCP) Reserved ﬁeld, 283 Token ring, 84, 87 RST ﬁeld, 283 Topology Sequence Number ﬁeld, 282 bus/broadcast, 31 Source Port ﬁeld, 282 IPSec, 717 SYN ﬁeld, 283, 287, 288, 289 ring, 31 Urgent Pointer ﬁeld, 284 star, 31 URG ﬁeld, 283 VPLS conﬁguration, 679 Window Size ﬁeld, 283 Traceroute, 205–6 See also Transmission Control Protocol implementations, 206 TCP/IP LSPs and, 452–53 convergence on, 441–42 message, 203 encapsulation ﬂow, 29 on Unix-based systems, 206 implementations, 86 Transit fees, 338 model, 25 Transit (intermediate) routers, 446 multicast, 408 Transmission Control Protocol (TCP), 55, networks, 14 259, 279–99 number of packets exchanged, 14 as byte-sequencing protocol, 292 protocol stack, 624 client–server connections, 280–81 voice signaling packets, 745 client–server interaction, 287 Windows and, 310 complexity, 294 TCP/IP applications, 42–43 congestion control, 294 in applications layer, 41 as connection-oriented layer, 56 illustrated, 43 connections, 279, 282, 286–92 interfaces, 11 control bits, 284 TCP/IP layers, 14, 26–27, 30–41 data transfer, 289–91 application, 30, 41 data units, 55 contents, 25 echo using, 298 data link, 30, 32–35, 84–86 ﬂow control, 292–94 illustrated, 26, 44 FTP and, 296–98 interface, 27 functions and mechanisms, 59 network, 30, 35–38 Illustrated Network, 280–81
Index 795 ISN, 288, 289 ﬁle transfer, 474 lost segment handling, 290 FTP comparison, 472–73 mechanisms, 285–86 header, 473, 474 NID, 289 messages, 473, 474 on-demand connections, 279 operation codes, 473 option types, 284–85 servers, 469 overhead, 570 transactions, 473 performance algorithms, 294–96 Tunneling, 237, 252–54 permanent connections, 279 6to4 tunnels, 255 pseudo-header, 297 automatic, 253 registered ports, 272 conﬁgured, 253 reliability, 55–56, 58 GRE tunnels, 255 RFCs, 285–86 host-to-host, 253, 254 RTT, 289 host-to-router, 253, 254 segments, 286 IPv4-compatible tunnels, 255 sessions, 297–98 IPv6 addressing formats, 254 sliding window, 293, 294 ISATAP tunnels, 255 stream service calls, 306–7 manually conﬁgured tunnels, 255 three-way handshake, 286, 288 mechanisms, 255 transactions and, 286 in mixed IPv4/IPv6 network, 253 as virtual circuit service, 285 occurrence, 252 well-known ports, 271 protocols, 91 windows, 293–94 router-to-host, 253, 254 See also TCP header router-to-router, 253, 254 Transmission framing, 30 types illustration, 254 Transparent bridging, 63 Twice NAT. See Overlapping NAT Transport layer, 30, 38–40, 58–59 Type of Service (ToS) routing, connectionless, 40 367–68 connection-oriented, 40 error control, 40 U ﬂow control, 40 Unicast addresses, 116 functions, 39–40 Unidirectional NAT, 686–87 illustrated, 39 Uniform resource identiﬁers (URIs), process addressing, 39 565 process-to-process delivery, 38, 40 Uniform resource locators (URLs), 565 protocol packages, 38 accesses, 568 segmentation, 38 ﬁelds, 566, 567 segment handling, 39 locator part, 566 TCP, 55, 58–59 rules, 568 UDP, 55, 59 Uniform resource names (URNs), 565, See also TCP/IP layers 568–69 Transport Layer Interface (TLI), 309 namespace, 569 Transport Layer Security (TLS), 592 notation, 569 SSL relationship, 592 resource identiﬁcation by, 569 TLS 1.0, 592 Unique local-unicast addresses, 127 TLS 1.1, 604 Universally reachable address level, 389 Traps, 626 Unix Triggered updates, 357–58 raw sockets access, 309 Triple DES (3DES), 601 TLI, 309 Triple play, 431 traceroute and, 206 Trivial File Transfer Protocol (TFTP), 468, Update Message, BGP, 396, 397–98 472–74 Upstream interface, 409 download, 473 User authentication, 585
796 Index User Datagram Protocol (UDP), 51, 55, 59, Virtual private LAN service (VPLS), 659, 671, 259–76 672–76 actions, 274 conﬁguration topology, 679 applications, 59 Illustrated Network, 673 checksum, 264, 266 router-by-router conﬁguration, 672–74 congestion control, 275 virtual port, 671, 672 as connectionless transport layer, 56 Virtual private networks (VPNs), 442, 659–79 data unit, 55, 259 Layer 2, 659, 671–72 ﬂow control, 274–75 Layer 3, 442, 449, 668–70 Illustrated Network, 260–61 LSPs and, 449 operation, 259, 274 MPLS-based, 449, 668–72 overﬂows, 274–75 protocols and, 665–66 popularity, 259 security and, 664–65 port numbers, 269–74 types of, 662–64 ports, 260–61, 262–66 Virtual routing and forwarding (VRF) tables, pseudo-header, 266, 268, 269 669 registered ports, 272 Voice over IP (VoIP), 735–55 for short transactions, 59 in action, 738–44 sockets, 260–61, 262–66, 273 address, 739 as stateless, 265, 266 attraction of, 741 trafﬁc, 266 Avaya software, 738 use of, 262 clients, 738 well-known ports, 271 converged network architecture, See also Datagrams 753 User Datagram Protocol header, delays, 742–44 267–68 Illustrated Network, 736–37 Checksum ﬁeld, 267, 268 jitter, 742, 743 Destination Port ﬁeld, 267 packetized voice, 744 illustrated, 267 protocols for, 744–53 Length ﬁeld, 267 as PSTN bypass method, 742 Source Port ﬁeld, 267 PSTN trafﬁc percentage, 738 User tracking abuse, 581 RTP for, 745–48 servers, 739 V sessions, 739 Variable bindings, 626 signaling architectures, 748–49 Variable-length subnet masking (VLSM), 117, signaling protocols, 740 131–32 use of, 135 W Very-high-speed DSL (VDSL), 85, 95 Web browsers Virtual circuits, 158–59, 324 built-in security, 591 support over public network, 664 FTP and, 516, 517, 518 Virtual LANs (VLANs), 47, 58, 65–66, 671 screening/rejecting cookies, 581 frame tagging, 66–68 secure lock, 585, 590, 591 identiﬁer, 66 Web pages Illustrated Network, 660–61 deﬁned in HTML, 573 in LAN switch, 65, 67 dynamic, 573 reasons for, 66–67 secure, 590 space, increasing, 66 Web servers tagging, 66–68, 671 Apache software, 562 See also Layer 2 VPNs (L2VPNs) Illustrated Network, 560–61 Virtual path identiﬁers (VPIs), 159 stateless, 580
Index 797 Web sites multitasking capabilities, 310 Illustrated Network, 586–87 raw sockets and, 308 security, 585 routing tables and, 331–32 SSL and, 585–92 socket interface, 309–11 user authentication, 585 sockets for, 310–11 Well-known ports, 269–73 TCP/IP and, 310 statistically mapping, 304 Windows, TCP, 293–94 TCP, 271 Windows for Workgroups (WFW), 310 UDP, 271 WinSock, 309 use of, 269 DLL, 310 See also Ports interface, 310 Wide area networks (WANs) Wireless LANs ARPs and, 158–59 architectures, 99 links, 7 encapsulation, 82 routing and switching comparison, frame addressing, 82 443 hidden terminal problem, 100, 101 Wi-Fi, 98–100 Wi-Fi, 98–100 captive portal, 100 See also Local area networks (LANs) jungle, 99 Wireless links Windowing, 58 data frames and packets on, 82 Windows, Microsoft displaying, 81–83 ARP cache display, 152 Wire speeds, 243 ARP reply capture, 150 conﬁguration for DHCP use, 464 X cookies in, 580 X.25, 84, 435–37 DHCP servers for, 462 network nodes, 437 direct delivery and, 226 packet routing, 436 FTP utility, 296 packets, 436 hosts, 224 See also Frame relay metrics, 226 X Windows attacks, 638
This page intentionally left blank