NET 121b: Essentials of Networking
Chapter 4: Introducing Protocols
This chapter discusses protocols used on various OSI network model layers.
The topics of this chapter are:
- Access protocols
- Network access methods
- Transport layer protocols
- Remote access (WAN) protocols
- Security protocols
Protocol has two meanings that apply to networking: a rule
used on networks, or a program that implements a rule. You have
probably heard of networks using the TCP/IP protocol. TCP/IP, in fact,
is the name of two protocols: Transmission Control Protocol (TCP) and
Internet Protocol (IP). They are used with several other protocols to
enable some kinds of network communications. IP
is used by routers, devices that find communication paths to other
computers. Finding currently valid paths is necessary because any path
may be available or unavailable at any given time. TCP is used
to assure that messages we send are actually delivered. (There
is a lot more to it, but this is an overview.)
The Institute of Electrical and Electronic Engineers (IEEE) is
a standards organization that has specified many of the rules used in
building networks. Their standards are often referred to by number. In
this chapter, we discuss some of the IEEE 802.x standards
(there are about a dozen and a half, currently). LAN protocols that support
the IEEE 802 standards can be referred to as 802.x protocols.
- 802.2 - specifies the use of headers and frames, supporting
the LLC sublayer of the Data-Link layer.
- 802.3 - specifies the CSMA/CD access method, so this
is often thought to be the Ethernet standard. More data appears
802.3 was based on Ethernet, and made a more general standard. Ethernet
can be thought of as one implementation of the 802.3 standard. This
standard fits on the Physical layer and the MAC sublayer
of the Data-Link layer. You should be aware of the parsing (breaking
into understandable parts) of the names of LAN types using this standard.
For instance, 10BASE5 means 10 Mbps, baseband transmission
and a limit of 500 meters per segment (thick Ethernet). 10BASET
means 10 Mbps, baseband transmission and using UTP
cable. (Parse: to resolve into component parts. This
is a word used in English grammar classes.) Base may be shown in lower
or upper case in the name of a LAN type.
- 802.3u - Fast Ethernet
- 802.3z and 802.3ab - Gigabit Ethernet
- 802.5 - specifies a token passing system based on IBM's token
ring standard. IBM's standard specifies a physical ring, but 802.5
does not, so we often see physical stars that are logical rings by this
- 802.11 - specifies how wireless LANs work, like spread
spectrum, infrared, and short range Gigahertz radio
- 802.12 - 100VG-AnyLAN, is a standard that may authorize
a hub to decide which of two contenders for the bandwidth should
have it, based on priority.
Contention systems work by letting each device try to send a
message on the net as needed, contending or competing with all
the other devices for the bandwidth. Two examples of methods that support such
systems are CSMA/CD (Carrier Sense, Multiple Access, with Collision
Detection) and CSMA/CA (Carrier Sense, Multiple Access,
with Collision Avoidance). A collision occurs when two signals
collide on the medium, causing signal loss. These protocols best support
intermittent transmissions. Time sensitivity is good, as users do not
often have to wait for media access.
In a CSMA/CD system (example: Ethernet), the collision is detected and
the devices that caused it each wait a random number of seconds before
sending again. This usually results in one device going ahead of the other.
In a CSMA/CA system, devices can be assigned time slices or can be required
to ask permission to send, avoiding collisions. Apple LocalTalk is an
example of this.
Token-Passing involves passing a token, a small data frame, from
station to station. When a station has the token, it is that station's
turn to access the medium. Examples of this method are token ring, FDDI,
and token bus. This type of media access is predictable and consistent,
allowing large or small transmissions. It is not the best for time sensitive
data since waits are built in, but it will support more devices than contention.
Contention is best when the load is light, token passing is better with
heavier loads, and both schemes crash under too much load.
Polling, asking each device if it has any data to send, is a third
method of accessing the network. You should know it exists, and that it
is not used by any major network vendor. It is too slow and controlled
to give the users the speed they expect from every other network method.
The 802.3 standard covers a variety of physical implementations.
You should be aware of the parts and meanings common to most of their
names: the first part of a name like 10base5 is the data rate (10
Mbps), the word BASE or BROAD refers to the kind of transmission
used (baseband means one transmission at at time on the network, broadband
means multiple simultaneous transmissions are allowed), and the last character
gives you a clue about segment length. The length designator is
the least standardized: 10base2 means about 200 yards (185
meters), and 10base5 means about 500 meters. Both of these
standards use coaxial cable.
Systems that do not use coaxial cable are named just a bit differently.
10baseT means 10 Mbps, baseband transmission, and
UTP cable. Although many 10baseT LANs were put together with Cat
3 UTP cable, no one would do so now with cable less than Cat 5.
A 10baseT network uses UTP cable, and RJ-45 connectors. Only four of the
eight wires in the cable are actually used by the network. In the wiring
table below, it would be the orange and green circuits that are actually
||TX data +
||TX data -
||RX data +
||RX data -
Another type of network, 100baseT4, makes use of all four
circuits in a standard UTP cable. (This is not the only way to
increase the bandwidth to 100 Mbps.)
The next one is 802.3u (the "u" stands for update).
It is called Fast Ethernet and comes in three types: 100BASE-TX, 100BASE-T4,
and 100BASE-FX. 802.3u specifies a physical star (unlike some other 802.3
standards) and a logical bus (like all 802.3 standards). Each of the variants
of 802.3u specifies a different medium. This is referred to as being a
Media Independent Interface (MII):
- uses two pairs of Category 5 Unshielded Twisted-Pair (UTP)
or Category 1 Shielded Twisted-Pair (STP) cabling.
- 100 Mbps speed
- for UTP, use standard RJ-45 connectors.
- for STP, use DB-9 connectors
- maximum segment length is 100 meters.
- uses four pairs of Category 3, 4, or 5 Unshielded Twisted
- 100 Mbps speed
- uses RJ-45 connectors
- maximum segment length is 100 meters
- uses two-strand 62.5/125 micron multi-mode or single-mode
- maximum segment length is 412 meters for half-duplex, multi-mode
- maximum segment length is 10,000 meters for full-duplex, single-mode
802.3z and 802.3ab - Gigabit Ethernet methods created for
use on backbone networks.
Three types of 802.3z are listed:
- 1000baseCX - uses special copper cable, for short connection
in wiring closets
- 1000baseSX - uses fiber optic cable, multimode; for use inside
a single building
- 1000baseLX - uses fiber optic cable, single mode; can span
several buildings at one location
802.3ab - also known as 1000baseT, uses all four circuits
in Cat 5 UTP cable
The chapter continues with a discussion of the 802.5 standard
for token rings. Remember that IBM invented it, and the IEEE refined
the definition. The standard specifies that workstations are star-wired
to Multi-Station Access Units (MSAUs or MAUs) instead of
standard hubs. MAUs can be connected together, like hubs or switches,
using Ring-In (RI) and Ring-Out (RO) ports, creating a larger
ring. When connecting two MAUs, the Ring-In port of one MAU must
be connected to the Ring-Out port of the other MAU, and vice
versa. The principle is extended to other MAUs if the network requires
more. In this way, star clusters are connected into a logical ring.
Notes about 802.5 Token Rings:
- Either STP or UTP may be used in token rings.
- Devices connected to a port of an MAU are called lobes, instead
- Since many types of cable can be used, the cable distance allowed
between units varies with the type of cable.
- A token is actually a small frame or packet.
It is passed to the next station allowed to transmit by the last station
allowed to transmit.
- One station in a ring acts as the active monitor. Its task
is to remove frames from the ring that continue to circulate without
being removed by a receiver.
- The concept of beaconing is discussed. As an example, assume
there is a break in the cable between nodes 1 and 2. Each node in a
ring expects to receive signals from its NAUN (Nearest Active
Upstream Neighbor). Since the cable is broken, node 2 is not receiving
from node 1. Node 2 begins beaconing, sending a message
to the ring that there is a problem. The message includes its address,
the NAUN's address, and the type of problem. All stations noticing the
problem will beacon as well, but they will stop as soon as they receive
a packet from an upstream neighbor. The network will try to work around
such breaks with reconfiguration.
The 802.11 standard describes how wireless LANs work. It has several
variations. The text suggests thinking of them as wireless Ethernet,
which may keep you from confusing them with cell phone standards. Wireless
Ethernet allows you to make a wireless connection to a nearby LAN. The
most common variations of this standard are 802.11a, 802.11b,
and 802.11g. Each successive version extends the range and capacity
of previous versions. All versions of this standard may be called Wi-Fi.
Wi-Fi devices will use one or more of these protocols, but they are not
required to support all of them.
802.11 methods typically use CSMA/CA, described above.
The next topic is FDDI, Fiber Distributed Data Interface,
a fiber optic ring standard. This is an ANSI (American
National Standards Institute) standard, not an IEEE standard, but
it makes use of the 802.2 and 802.5 standards. It is very fast, and has
high capacity, making it useful for three main applications:
- Backbones - connections to other networks that need to be
fast and wide
- Computer room networks - fast connections between critical
- High data rate LANs - connections for users of data intensive
applications like CAD
Consider the fault tolerant advantage of FDDI: it uses two rings that
are counter rotating. This means that traffic travels clockwise
on one ring, and counterclockwise on the other, making reconfiguration
simple. If a break occurs between two workstations, the rings cross over
at those workstations, turning the two rings into one loop.
FDDI uses two rings that are counter rotating. This means that traffic travels clockwise on one ring and counterclockwise on the other, making reconfiguration simple. If a break occurs between two workstations, the rings cross over at those workstations, turning the two rings into one, longer loop. (Mouse over the picture to see this happen when a nasty bug breaks the rings.)
a doughnut. One cable runs around the outside of the
doughnut, and another runs around the inside of the doughnut. That's the
FDDI ring. Take a bite of the doughnut, all the way to
the center. That's the broken line. Now imagine the cable that runs around
the outside of the doughnut turning inside at both sides of the bite,
connecting with the inside cable, and completing the loop. This is what
happens in a broken FDDI ring. Specific factors for FDDI:
- No more than 1000 stations per ring
- No more than 200 kilometers of cable per ring
- The above numbers should be cut in half for fault tolerance
(anticipating a break)
- Multi-mode 62.5/125 micron fiber optic cable is standard
- Repeaters are required every 2 kilometers
- Class A stations are connected to both rings, Class B
stations are connected to only one ring
FDDI's token method is a bit different. The station with the token,
A, transmits its message, and tacks the token on the end of it. The
station, B, would remove the message if it is the recipient, or
send it on if not. If sending it on, B could also tack messages onto
if it had messages to send. In this way, it is not necessary for all
stations to wait until they receive the token to send traffic.
Protocols associated with the Transport layer:
- Transmission Control Protocol - TCP provides reliable delivery
of packets on TCP/IP networks
- Sequenced Packet Exchange Protocol - SPX works like TCP in
older Novell networks (that use IPX/SPX)
- NWLink - a Microsoft protocol that mimics both SPX and IPX, when sending
signals to older Novell servers and clients
- AppleTalk Transaction Protocol - ATP provides reliable delivery
of packets on Apple networks
- NetBEUI - NetBEUI (NetBIOS Extended User Interface) only works inside
networks, but it provides delivery and error services on them.
Gateways are mentioned in the chapter, and they are briefly described
as providing services on several layers of the OSI model. A gateway provides
translation services between networks and devices that are not alike.
Some of the technologies in the chapter are used on Wide Area Networks
(WANs). Your text refers to them as remote access protocols. You will
want to be familiar with the list of protocols used on WANs:
- Serial Line Internet Protocol (SLIP) - an older dial up protocol,
maps to the Physical layer only. Variations exist which are not mutually
- Point-to-Point Protocol (PPP) - an improved dial up protocol,
maps to the Physical and Data-Link layers. Supports several features
that SLIP does not: dynamic IP addressing, multiple protocols on the
same link, passwords and error control.
- Remote Desktop Protocol (RDP) - used in Windows NT and XP systems,
to remotely access and operate another computer or server. This is an
Application layer protocol.
- Frame relay - used for transmitting bursts of data, without
error checking, other protocols check for errors on each end of the
frame relay network, maps to the Physical and Data-Link layers, useful
for data only; can work with X.25 or ISDN, can run at 56 Kbps, T1 or
- ATM - Asynchronous Transfer Mode can be both a LAN and
WAN protocol. It maps to the first three layers of the ISO-OSI model.
It is listed in your text as another topology type, due to its unusual
- Uses 53 byte blocks called cells.
- Uses virtual channels.
- Can use most media: fiber optic, STP or UTP
- Uses Interworking Units (IWUs) to connect networks
The text offers a short discussion of six protocols that attempt to offer
- Internet Protocol Security (IPSec) - a group of protocols used
with IP to provide security on Virtual Private Networks (VPNs).
Two versions exist. Transport mode encrypts data, but not packet
headers. Tunnel mode encrypts both.
- Layer 2 Tunneling Protocol (L2TP) - an extension of PPP that
is meant to be used with IPSec on VPNs. This protocol
works on the Data Link layer of the OSI model.
- Secure Sockets Layer (SSL) - used by web browsers to provide
secure connections. Works with HTTPS instead of the HTTP protocol. To
understand, you have to understand public and private key cryptography.
A key is an algorithm, a method of turning plain text into encrypted
text, and vice versa. Keys are also used to encrypt and decrypt
messages. In a private key system, the senders and receivers
of messages all use the same key.
Public key cryptography is an encoding scheme that assigns every
user two keys. These keys are used to prove the identity
of the sender of a message. Either of the keys can be used
to encrypt a message. Whichever key is used to encrypt the
message, the other key must be used to decrypt it. One
of the two keys is called a user's public key. This key is
delivered to anyone who needs it, and is used to decrypt messages
that were encrypted with the user's other key, the private key.
(The private key is never given to anyone except the key's
owner.) This method proves to message recipients that the message
originated from the owner of the private key. Likewise, messages
sent to the owner can be encrypted with the public
key, and can only be decrypted with the owner's private
key, ensuring security.
The process of delivering public keys to people who need them is
a problem. How do you know that the proof you are accepting is reliable?
Public keys need to be verified by a Certificate Authority (CA).
Various network vendors provide a CA in their Certificate Servers.
Now the terminology changes a bit. Messages may be sent to a server/provider
with a digital signature. A user can create a digital signature
with their private key, and register that digital signature with a
Certificate Authority. The signature may also be created by the CA
and delivered to the user, since the CA may be the source of both
of the user's keys.
Example: A user sends a message to an online vendor,
including a digital signature, created with the user's private key.
That signature may be verified with the CA that the user is registered
with. The CA receives a request for verification from the vendor and
checks out the signature. If the signature is valid, the CA then sends
an encrypted message to the vendor including the public key of the
original user, allowing the vendor to read the digital signature.
In this way, the vendor does not get the user's information until
it has been established that the message is really from the user.
Encryption can also be done strictly with public and private keys.
Consider buying something online, using a web browser. The buyer is
sent the public key of the store through the browser. The browser
encrypts the buyer's credit card data, and sends to the store's
server. The server decrypts the data using the store's private
key. (A problem exists here: the store has no secure way to send
encrypted data back to the buyer, unless the buyer has a public and
private key of his/her own. So, a key pair can be created for the
buyer as well.)
- Wired Equivalent Privacy (WEP) - an early protocol developed
for security on Wireless LANs (WLANs). It is no longer considered to
- Wi-Fi Protected Access (WPA) - an improved protocol that addresses
shortcomings in WEP. WPA provides for encryption of the keys sent across
the WLAN (using TKIP) and for user authentication with Extensible Authentication
- 802.1x - Uses EAP to force WLAN users to authenticate through
a dedicated authentication server.