NET 121b: Essentials of Networking

Chapter 4: Introducing Protocols

Objectives:

This chapter discusses protocols used on various OSI network model layers. The topics of this chapter are:

  1. Access protocols
  2. Network access methods
  3. Transport layer protocols
  4. Remote access (WAN) protocols
  5. Security protocols
Concepts:

Protocol has two meanings that apply to networking: a rule used on networks, or a program that implements a rule. You have probably heard of networks using the TCP/IP protocol. TCP/IP, in fact, is the name of two protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP). They are used with several other protocols to enable some kinds of network communications. IP is used by routers, devices that find communication paths to other computers. Finding currently valid paths is necessary because any path may be available or unavailable at any given time. TCP is used to assure that messages we send are actually delivered. (There is a lot more to it, but this is an overview.)

The Institute of Electrical and Electronic Engineers (IEEE) is a standards organization that has specified many of the rules used in building networks. Their standards are often referred to by number. In this chapter, we discuss some of the IEEE 802.x standards (there are about a dozen and a half, currently). LAN protocols that support the IEEE 802 standards can be referred to as 802.x protocols.

  • 802.2 - specifies the use of headers and frames, supporting the LLC sublayer of the Data-Link layer.
  • 802.3 - specifies the CSMA/CD access method, so this is often thought to be the Ethernet standard. More data appears below.
    802.3 was based on Ethernet, and made a more general standard. Ethernet can be thought of as one implementation of the 802.3 standard. This standard fits on the Physical layer and the MAC sublayer of the Data-Link layer. You should be aware of the parsing (breaking into understandable parts) of the names of LAN types using this standard. For instance, 10BASE5 means 10 Mbps, baseband transmission and a limit of 500 meters per segment (thick Ethernet). 10BASET means 10 Mbps, baseband transmission and using UTP cable. (Parse: to resolve into component parts. This is a word used in English grammar classes.) Base may be shown in lower or upper case in the name of a LAN type.
  • 802.3u - Fast Ethernet
  • 802.3z and 802.3ab - Gigabit Ethernet
  • 802.5 - specifies a token passing system based on IBM's token ring standard. IBM's standard specifies a physical ring, but 802.5 does not, so we often see physical stars that are logical rings by this standard.
  • 802.11 - specifies how wireless LANs work, like spread spectrum, infrared, and short range Gigahertz radio
  • 802.12 - 100VG-AnyLAN, is a standard that may authorize a hub to decide which of two contenders for the bandwidth should have it, based on priority.

Contention systems work by letting each device try to send a message on the net as needed, contending or competing with all the other devices for the bandwidth. Two examples of methods that support such systems are CSMA/CD (Carrier Sense, Multiple Access, with Collision Detection) and CSMA/CA (Carrier Sense, Multiple Access, with Collision Avoidance). A collision occurs when two signals collide on the medium, causing signal loss. These protocols best support intermittent transmissions. Time sensitivity is good, as users do not often have to wait for media access.
In a CSMA/CD system (example: Ethernet), the collision is detected and the devices that caused it each wait a random number of seconds before sending again. This usually results in one device going ahead of the other. In a CSMA/CA system, devices can be assigned time slices or can be required to ask permission to send, avoiding collisions. Apple LocalTalk is an example of this.

Token-Passing involves passing a token, a small data frame, from station to station. When a station has the token, it is that station's turn to access the medium. Examples of this method are token ring, FDDI, and token bus. This type of media access is predictable and consistent, allowing large or small transmissions. It is not the best for time sensitive data since waits are built in, but it will support more devices than contention.

Contention is best when the load is light, token passing is better with heavier loads, and both schemes crash under too much load.

Polling, asking each device if it has any data to send, is a third method of accessing the network. You should know it exists, and that it is not used by any major network vendor. It is too slow and controlled to give the users the speed they expect from every other network method.

The 802.3 standard covers a variety of physical implementations. You should be aware of the parts and meanings common to most of their names: the first part of a name like 10base5 is the data rate (10 Mbps), the word BASE or BROAD refers to the kind of transmission used (baseband means one transmission at at time on the network, broadband means multiple simultaneous transmissions are allowed), and the last character gives you a clue about segment length. The length designator is the least standardized: 10base2 means about 200 yards (185 meters), and 10base5 means about 500 meters. Both of these standards use coaxial cable.

Systems that do not use coaxial cable are named just a bit differently. 10baseT means 10 Mbps, baseband transmission, and UTP cable. Although many 10baseT LANs were put together with Cat 3 UTP cable, no one would do so now with cable less than Cat 5. A 10baseT network uses UTP cable, and RJ-45 connectors. Only four of the eight wires in the cable are actually used by the network. In the wiring table below, it would be the orange and green circuits that are actually used.


Pin Assignments
Pin Color Color Signal Circuit
1 Orange/White
Orange White
TX data + Orange Circuit
2 Orange Orange TX data - Orange Circuit
3 Green/White
Green White
RX data + Green Circuit
4 Blue Blue unused Blue Circuit
5 Blue/White
Blue White
unused Blue Circuit
6 Green Green RX data - Green Circuit
7 Brown/White
Brown White
unused Brown Circuit
8 Brown Brown unused Brown Circuit

Another type of network, 100baseT4, makes use of all four circuits in a standard UTP cable. (This is not the only way to increase the bandwidth to 100 Mbps.)

The next one is 802.3u (the "u" stands for update). It is called Fast Ethernet and comes in three types: 100BASE-TX, 100BASE-T4, and 100BASE-FX. 802.3u specifies a physical star (unlike some other 802.3 standards) and a logical bus (like all 802.3 standards). Each of the variants of 802.3u specifies a different medium. This is referred to as being a Media Independent Interface (MII):

  • 100BASE-TX
    • uses two pairs of Category 5 Unshielded Twisted-Pair (UTP) or Category 1 Shielded Twisted-Pair (STP) cabling.
    • 100 Mbps speed
    • for UTP, use standard RJ-45 connectors.
    • for STP, use DB-9 connectors
    • maximum segment length is 100 meters.
  • 100BASE-T4
    • uses four pairs of Category 3, 4, or 5 Unshielded Twisted Pair (UTP)
    • 100 Mbps speed
    • uses RJ-45 connectors
    • maximum segment length is 100 meters
  • 100BASE-FX
    • uses two-strand 62.5/125 micron multi-mode or single-mode fiber media
    • maximum segment length is 412 meters for half-duplex, multi-mode fiber.
    • maximum segment length is 10,000 meters for full-duplex, single-mode fiber

802.3z and 802.3ab - Gigabit Ethernet methods created for use on backbone networks.

Three types of 802.3z are listed:

  • 1000baseCX - uses special copper cable, for short connection in wiring closets
  • 1000baseSX - uses fiber optic cable, multimode; for use inside a single building
  • 1000baseLX - uses fiber optic cable, single mode; can span several buildings at one location

802.3ab - also known as 1000baseT, uses all four circuits in Cat 5 UTP cable

The chapter continues with a discussion of the 802.5 standard for token rings. Remember that IBM invented it, and the IEEE refined the definition. The standard specifies that workstations are star-wired to Multi-Station Access Units (MSAUs or MAUs) instead of standard hubs. MAUs can be connected together, like hubs or switches, using Ring-In (RI) and Ring-Out (RO) ports, creating a larger ring. When connecting two MAUs, the Ring-In port of one MAU must be connected to the Ring-Out port of the other MAU, and vice versa. The principle is extended to other MAUs if the network requires more. In this way, star clusters are connected into a logical ring.

Notes about 802.5 Token Rings:

  • Either STP or UTP may be used in token rings.
  • Devices connected to a port of an MAU are called lobes, instead of nodes
  • Since many types of cable can be used, the cable distance allowed between units varies with the type of cable.
  • A token is actually a small frame or packet. It is passed to the next station allowed to transmit by the last station allowed to transmit.
  • One station in a ring acts as the active monitor. Its task is to remove frames from the ring that continue to circulate without being removed by a receiver.
  • The concept of beaconing is discussed. As an example, assume there is a break in the cable between nodes 1 and 2. Each node in a ring expects to receive signals from its NAUN (Nearest Active Upstream Neighbor). Since the cable is broken, node 2 is not receiving from node 1. Node 2 begins beaconing, sending a message to the ring that there is a problem. The message includes its address, the NAUN's address, and the type of problem. All stations noticing the problem will beacon as well, but they will stop as soon as they receive a packet from an upstream neighbor. The network will try to work around such breaks with reconfiguration.

The 802.11 standard describes how wireless LANs work. It has several variations. The text suggests thinking of them as wireless Ethernet, which may keep you from confusing them with cell phone standards. Wireless Ethernet allows you to make a wireless connection to a nearby LAN. The most common variations of this standard are 802.11a, 802.11b, and 802.11g. Each successive version extends the range and capacity of previous versions. All versions of this standard may be called Wi-Fi. Wi-Fi devices will use one or more of these protocols, but they are not required to support all of them.

802.11 methods typically use CSMA/CA, described above.

The next topic is FDDI, Fiber Distributed Data Interface, a fiber optic ring standard. This is an ANSI (American National Standards Institute) standard, not an IEEE standard, but it makes use of the 802.2 and 802.5 standards. It is very fast, and has high capacity, making it useful for three main applications:

  • Backbones - connections to other networks that need to be fast and wide
  • Computer room networks - fast connections between critical devices
  • High data rate LANs - connections for users of data intensive applications like CAD

Consider the fault tolerant advantage of FDDI: it uses two rings that are counter rotating. This means that traffic travels clockwise on one ring, and counterclockwise on the other, making reconfiguration simple. If a break occurs between two workstations, the rings cross over at those workstations, turning the two rings into one loop.

FDDI uses two rings that are counter rotating. This means that traffic travels clockwise on one ring and counterclockwise on the other, making reconfiguration simple. If a break occurs between two workstations, the rings cross over at those workstations, turning the two rings into one, longer loop. (Mouse over the picture to see this happen when a nasty bug breaks the rings.)

Imagine a doughnut. One cable runs around the outside of the doughnut, and another runs around the inside of the doughnut. That's the FDDI ring. Take a bite of the doughnut, all the way to the center. That's the broken line. Now imagine the cable that runs around the outside of the doughnut turning inside at both sides of the bite, connecting with the inside cable, and completing the loop. This is what happens in a broken FDDI ring. Specific factors for FDDI:

  • No more than 1000 stations per ring
  • No more than 200 kilometers of cable per ring
  • The above numbers should be cut in half for fault tolerance (anticipating a break)
  • Multi-mode 62.5/125 micron fiber optic cable is standard
  • Repeaters are required every 2 kilometers
  • Class A stations are connected to both rings, Class B stations are connected to only one ring

FDDI's token method is a bit different. The station with the token, A, transmits its message, and tacks the token on the end of it. The next station, B, would remove the message if it is the recipient, or send it on if not. If sending it on, B could also tack messages onto the original, if it had messages to send. In this way, it is not necessary for all stations to wait until they receive the token to send traffic.

Protocols associated with the Transport layer:

  • Transmission Control Protocol - TCP provides reliable delivery of packets on TCP/IP networks
  • Sequenced Packet Exchange Protocol - SPX works like TCP in older Novell networks (that use IPX/SPX)
  • NWLink - a Microsoft protocol that mimics both SPX and IPX, when sending signals to older Novell servers and clients
  • AppleTalk Transaction Protocol - ATP provides reliable delivery of packets on Apple networks
  • NetBEUI - NetBEUI (NetBIOS Extended User Interface) only works inside networks, but it provides delivery and error services on them.

Gateways are mentioned in the chapter, and they are briefly described as providing services on several layers of the OSI model. A gateway provides translation services between networks and devices that are not alike.

Some of the technologies in the chapter are used on Wide Area Networks (WANs). Your text refers to them as remote access protocols. You will want to be familiar with the list of protocols used on WANs:

  • Serial Line Internet Protocol (SLIP) - an older dial up protocol, maps to the Physical layer only. Variations exist which are not mutually compatible
  • Point-to-Point Protocol (PPP) - an improved dial up protocol, maps to the Physical and Data-Link layers. Supports several features that SLIP does not: dynamic IP addressing, multiple protocols on the same link, passwords and error control.
  • Remote Desktop Protocol (RDP) - used in Windows NT and XP systems, to remotely access and operate another computer or server. This is an Application layer protocol.
  • Frame relay - used for transmitting bursts of data, without error checking, other protocols check for errors on each end of the frame relay network, maps to the Physical and Data-Link layers, useful for data only; can work with X.25 or ISDN, can run at 56 Kbps, T1 or T3 speeds
  • ATM - Asynchronous Transfer Mode can be both a LAN and WAN protocol. It maps to the first three layers of the ISO-OSI model. It is listed in your text as another topology type, due to its unusual features:
    • Uses 53 byte blocks called cells.
    • Uses virtual channels.
    • Can use most media: fiber optic, STP or UTP
    • Uses Interworking Units (IWUs) to connect networks

The text offers a short discussion of six protocols that attempt to offer secure connections:

  • Internet Protocol Security (IPSec) - a group of protocols used with IP to provide security on Virtual Private Networks (VPNs). Two versions exist. Transport mode encrypts data, but not packet headers. Tunnel mode encrypts both.
  • Layer 2 Tunneling Protocol (L2TP) - an extension of PPP that is meant to be used with IPSec on VPNs. This protocol works on the Data Link layer of the OSI model.
  • Secure Sockets Layer (SSL) - used by web browsers to provide secure connections. Works with HTTPS instead of the HTTP protocol. To understand, you have to understand public and private key cryptography. A key is an algorithm, a method of turning plain text into encrypted text, and vice versa. Keys are also used to encrypt and decrypt messages. In a private key system, the senders and receivers of messages all use the same key.

    Public key cryptography is an encoding scheme that assigns every user two keys. These keys are used to prove the identity of the sender of a message. Either of the keys can be used to encrypt a message. Whichever key is used to encrypt the message, the other key must be used to decrypt it. One of the two keys is called a user's public key. This key is delivered to anyone who needs it, and is used to decrypt messages that were encrypted with the user's other key, the private key. (The private key is never given to anyone except the key's owner.) This method proves to message recipients that the message originated from the owner of the private key. Likewise, messages sent to the owner can be encrypted with the public key, and can only be decrypted with the owner's private key, ensuring security.

    The process of delivering public keys to people who need them is a problem. How do you know that the proof you are accepting is reliable? Public keys need to be verified by a Certificate Authority (CA).

    Various network vendors provide a CA in their Certificate Servers. Now the terminology changes a bit. Messages may be sent to a server/provider with a digital signature. A user can create a digital signature with their private key, and register that digital signature with a Certificate Authority. The signature may also be created by the CA and delivered to the user, since the CA may be the source of both of the user's keys.

    Example: A user sends a message to an online vendor, including a digital signature, created with the user's private key. That signature may be verified with the CA that the user is registered with. The CA receives a request for verification from the vendor and checks out the signature. If the signature is valid, the CA then sends an encrypted message to the vendor including the public key of the original user, allowing the vendor to read the digital signature. In this way, the vendor does not get the user's information until it has been established that the message is really from the user.

    Encryption can also be done strictly with public and private keys. Consider buying something online, using a web browser. The buyer is sent the public key of the store through the browser. The browser encrypts the buyer's credit card data, and sends to the store's server. The server decrypts the data using the store's private key. (A problem exists here: the store has no secure way to send encrypted data back to the buyer, unless the buyer has a public and private key of his/her own. So, a key pair can be created for the buyer as well.)

  • Wired Equivalent Privacy (WEP) - an early protocol developed for security on Wireless LANs (WLANs). It is no longer considered to be secure.
  • Wi-Fi Protected Access (WPA) - an improved protocol that addresses shortcomings in WEP. WPA provides for encryption of the keys sent across the WLAN (using TKIP) and for user authentication with Extensible Authentication Protocol (EAP).
  • 802.1x - Uses EAP to force WLAN users to authenticate through a dedicated authentication server.