Going Back to Class

When the Internet Protocol was first introduced, the designers had no idea just how widely it would become adopted.  At the time, it competed head to end with Novell’s IPX protocol, along with Appletalk and a number of others, before IP finally achieved dominance.  In the beginning uses, groups of addresses were placed in classes which represented the way the addresses treated parts of the address, namely network and node (or host).  I love Wendell Odom’s explanation of these concepts, which he uses in his CCNA ICND1 Official Exam Certification Guide by Cisco Press (his website can be found at:http://www.certskills.com/) .  The network portion of the address is similar to a postal zip code, a broader representation of locations in a geographical area, after which street addresses and cities narrow down to a specific location.  A letter carrier on his/her route doesn’t care about zip codes several states away (in this analogy, addresses in other networks), but only the ones local to them.  With this in mind, let’s look at how address classes break out in terms of network length and node length.

Class A addresses have a network length of 8 bits, which is the first byte/octet of that address space.  Let’s use the example of 4.233.10.40, which would use 4 as the network portion and 233.10.40 as the node portion.  The natural or default mask is 255.0.0.0, or /8 using the examples described in the last blog.  Look at the representation of the possible ranges of Class A addresses in binary: 00000000 – 01111111. Two things should jump out at you, first, that only the leading digit (0) is consistent, which should always clue you in that a leading zero represents a Class A address.  Second, if you do the conversion from binary back to decimal, you will find the range to be 0 through 127 in the first octet.  Strictly speaking, the 127.0.0.0  range is reserved for internal loopback usage and zero ist permitted, so the actual usable range is 1.0.0.0 – 126.255.255.255.

To save space and brain cells, I will just summarize the Class B and C address characteristics, but keep in mind that the binary math works similarly to what is discussed above:

Address Class                        Leading Bit(s)                       Valid Network Numbers                       Network Bits                       Host Bits

A                                               0                                              1.0.0.0 to 126.0.0.0                                8                                             24

B                                               10                                            128.0.0.0 to 191.0.0.0                            16                                           16

C                                               11                                             192.0.0.0 to 223.0.0.0                           24                                           8

Notice that if you add the host bits and network bits you end up with 32 bits (4 bytes), which is the total address space in an IP Address.  Being able to recognize the Class of address in both binary and decimal will be very helpful not only on the exam, but later on when we discuss subnetting.

More to come…

– Joe

An Address By Any Other Name…

Source and Destination Addresses

When I first got into networking, I found the whole idea of IP addressing to be arcane and mysterious. Keep in mind that during most of my
elementary and middle school years, I was told that math was certainly NOT my thing (the string of C’s seemed to support that). That made me very skittish to even try to grasp things in the numerical arena, and it cast a blanket of fog over the dotted decimal addresses (e.g., 192.168.1.1, 10.2.1.5, etc.)

To be totally truthful, as a visual learner I read and memorized first and had my “aha” moment much later. Granted, there are a
boatload of principles, facts, and figures that just have to be firmly fixed in the brain first, but typically understanding happens at various points along the way. I hope that sharing my own experiences of learning will enable some of you to grasp the concepts more readily than I first did.

First things first, binary is king, as I mentioned much earlier in this blog. All of the seemingly strange things make perfect sense when you
leave behind our familiar decimal/base 10 thinking and get “tw0-dimensional.” At various points I will try to explain the quite-literal “bits and bytes” when it will further clarify some of the networking magic.

There are two ways to typically refer to an Internet Protocol (IP or IPV4) address, either of which you may encounter in various articles, books,
and other technical literature. The first is the use of the address and then the mask/subnet mask, while the second is the network or subnet, with the number of bits used, as follows:

192.168.1.2                 255.255.255.0

192.168.1.2/24

While they look very different, they mean exactly the same thing.  In decimal, each group of numbers between the dots is between 1-255 and is
referred to as an octet because you use 8 binary characters (bits) to create the same number in base-2. We’ll look into the bits involved a little
bit later, but that gives you a beginning point.

IP addresses are grouped into categories referred to as address classes, referred to as A, B, C, D and E. Class D addresses (223.0.0.0 to
239.255.255.255) refer to multicast addresses which are beyond the scope of the CCENT/CCNA but a fascinating topic nonetheless (if interested, read some more on your own). Class E (240.0.0.0 – 255.255.255.255) addresses were experimental and never used in any production setting, and mostly just idle geek-party chatter (just kidding).

Next time we will delve into the A, B and C address classes in more detail

– Joe

No Strings (Wires) Attached: Wireless LANs, Part IV

Up to NO Good!

When the 802.11 wireless standard first came out, security was seemingly an afterthought…one of the greatest criticisms of the technology in the “early days” was the fact that just about anyone could access the wireless medium with relative ease.  Stories abounded of hackers with antenna arrays made out of Pringle’s cans not only getting access to a company’s network, but having access to restricted information resources as well.  To combat these very real threats, the first security measure, called Wired Equivalent Privacy, or WEP, was released.

Any early adopter of technology will tell you that the first release of just about anything, now matter how cool, is going to have some significant problems.  Most seasoned engineers or administrators will typically pass on the first release of a new product or version of code for that very reason (why make your job harder than it needs to be, right?)  WEP was no exception to that rule, for several reasons.  First, it used static preshared keys that were rarely, if ever, changed.  I know of a large healthcare institution where an ex-employee, just out of curiosity, checked to see if the WEP keys one supposedly secure wireless network had been changed, after several years of being gone.  Not only were the WEP keys the same, but so were most of the passwords on the servers and network!  Had this individual had unhealthy motives, it could have resulted in a significant security breach resulting in RGE’s (resume generating events) for members of the network staff.  To complicate the death knell for WEP, the keys were easily cracked and the methods for doing so were readily available to both the hacker community as well as publicized on the Internet.  NOT a good start for wireless security.

The next generation of wireless security was advanced by the Wi-Fi Alliance, and titled WPA or Wi-Fi Protected Access.  WPA introduced more thorough methods of authentication (that is, verification of the identity of legitimate users before granting access) as well as strong encryption.  WPA was released prior to an actually IEEE standard, so not long after WPA2 was released, matched to the 802.11i standard, and made even stronger, particularly on the encryption front.

The final area of wireless security had nothing to do with technology, and everything to do with policy management: security policies.  Many times the reasons networks have serious points of vulnerability have less to do with technology protection mechanisms and more to do with the foibles of internal users.  A strong security policy can prevent either intentional or unintentional problems by regulating risky behavior.  Next time, we will consider IP addressing and services…

– Joe

No Strings (Wires) Attached: Wireless LANs, Part III

Accidental Brilliance!

As with many inventions, microwave ovens were actually invented by accident. Percy Spencer, an engineer at Raytheon, was touring a factory and was standing close to a magnetron, (a device which provided the heart of radar systems at the close of World War II). He noticed that a candy bar in his
pocket began melting as he stood close to the machine, and then called for a bag of popcorn, which began popping within minutes of getting close to the
machine. The reason for including this seemingly irrelevant history lesson?
Simply put, it introduces the subject of the Industrial, Scientific, and Mechanical (ISM) unlicensed radio bands. In 1985, The FCC gave permission for
general use of a group of frequencies without requiring government-issued licenses, which is why it is often referred to an unlicensed spectrum. The
frequencies within this allocated space included 900 MHz, 2.4 GHz, and 5.0 GHz, which then spawned an entire range of wireless-enabled devices on the market.  Early cordless phones, for example, usd the 900 MHz range, with newer ones using the 2.4 GHz range, along with our friend, the microwave oven.

The first generation of just about anything, whether hardware, software, cellular phones, always starts out with a very small group of early
adopters. This group tends to love gadgets, are willing to pay a premium, and tolerant of initial “bugginess.” As the technology gains popularity,
costs begin to drop, the rough edges get smoothed out, and the rates of sales and usage starts to grow, and eventually skyrocket. Wireless networking is no
different, as when the original 802.11 devices were released, with only 1-2 Mbps speeds and clunky/proprietary implementations. The “golden
ticket” came with the introduction of 802.11b devices in 1999, which operated in the 2.4 GHz frequency band and speeds of 11 Mbps using a modulation called
Digital Sequence Spread Spectrum, or DSSS. Ironically, 802.11a was released at the same time, which boasted speeds of up to 54 Mbps in the 5.0 GHz range using Orthogonal Frequency Division Multiplexing (OFDM), but the greater cost and lower adoption made it far less popular. Companies such as Linksys, D-Link, and others on the consumer side and Cisco on the business side flooded the market with affordable 802.11b access points and client adapters and pushed wireless network access into “prime time.” While it was an interesting time for service providers trying to offer subscription-based services, the hardware
side fared pretty well.

Wireless technology is now offered as standard on laptops, cellular phones, printers, and an entire plethora of other devices, making it
certain that it is here to stay.  There are drawbacks to wireless LAN technologies, which is what we will consider next time.

– Joe

No Strings (Wires) Attached: Wireless LANs, Part II

Wireless = Radio!

Wireless LANs transmit signals across the air rather than across copper wires or fiber optic cable.  For those of you who can remember back far enough before cable television, you may recall seeing antennas sticking up from the back of the set (remember rabbit ears?).  Television stations transmitted one-way signals that reached the television set, were decoded, and turned back into light and sound to entertain the masses.  In the “good old days” you turned a knob on the front of the set to change the channel (frequency) that was being displayed on the screen, and only a couple were usually available, NBC, ABC, and CBS, and maybe PBS.  Understanding the basics of wireless LAN technologies actually start at this point, in getting a better grasp of how radio signals actually act and operate.

Radio signals travel through the air and require both a transmitter and receiver, which are actually separate operations, although at one time the term transceiver identified something that did both.  Just as with human speech (using sound waves), wireless technologies are analog rather than digital.  Digital signals have one of two values, namely Zero (0) or One (1), indicating on or off status of a computer circuit.  Electromagnetic radiation, including radio frequency (RF), transmit information by changing some aspect of these waves, usually termed frequency (the measure of how many waves are repeated per interval), amplitude (strength of the signal), or phase (difference between the wave and some reference point).  All wireless technologies use some form of encoding/modulation to change the signal to communicate the zeroes or ones in order to carry the digital information.  For the sake of simplicity, let’s think of frequencies the way you typically use them: channels on your television or radio.  When you want to receive a different stream of data (for example, ESPN instead of the Opera Channel), you use the remote control to change the frequency from one channel to another.  In the United States, the Federal Communications Commission (FCC) sets the rules for who can use certain frequencies, as well as power levels so that they can coexist.  Some organizations pay the “big bucks” for use of certain frequencies of operation, such as television and radio stations, and cellular telephone companies.  These are referred to as licensed frequencies because they require a valid agreement in place with the FCC in order to use them.  For our purposes, we need not worry about these RF signal families, but rather those that are part of the unlicensed frequencies group.  Since this is a much deeper topic, we will discuss this next time.

– Joe

No Strings (Wires) Attached: Wireless LANs, Part I

Evil Wire Monster! Run!

The evolution of networking has been rapid over the past several decades as computing moved from a single centralized mainframe to a more distributed model with server farms.  Alongside computing has been vast arrays of cable plants, originally consisting of thick coaxial cable, migrating to thin coaxial cable, to the twisted pair cables we all know and love.  However, just as a puppet without strings would be considered a marvel, a network without wires is equally impressive and desirable; this brings us to the subject of wireless LAN’s, or WLANs, as they are affectionately called.

The umbrella IEEE standard for wireless is designated as 802.11, representing a wide family of other standards, protocols, and so forth.  The establishment of the Wi-Fi Alliance (http://www.wi-fi.org/) in 1999 to promote interoperability has not only created widespread awareness of the technology, but has become synonymous with te technology itself (users frequently refer to WLAN’s as “wi-fi networks.”)

It probably sounds overly simplistic to say that the differences between wired and wireless networks are vastly different, but there is more truth to that than simply saying one medium uses wires and the other does not.  There are some similarities, however, that should not be overlooked:

1. Layer 2 Technology: While they implement it differently, both operate at Layer 2 of the OSI stack.
2. Communication Between Devices: Both allow for inter-device communication and data transmission.
3. Frame Formats: While not identical, both use frame formats constructed with a similar anatomy, including headers/trailers, source/destination MAC addresses, etc.

One of the most striking differences between the 802.11 family of wireless standards and their 802.3 relatives has to do with the mechanics of data transmission; Ethernet uses Carrier Sense Multiple Access with Collision Detect (CSMA/CD), and responds to frames which collide in transit, while a WLAN uses CSMA/CA, in which is the stands for avoidance.  If you think of an intersection with cars crashing into one another as analogous of Ethernet, cars constantly swerving to get out of the way would be closer to wireless operation.  Here is the basic process a wireless devices uses to transmit data:

1. Listen to make sure there is no traffic on the medium (in this case, the channel/air)
2. Set a random timer and do nothing until it expires
3. Listen again to make sure that there is no traffic
4. Send the frame
5. Wait for an acknowledgement
6. If there is no acknowledgement, assume the frame was lost and start over at #1

Keep in mind that this is the process for transmitting a single frame, and you don’t have to be a rocket scientist to see the amount of overhead this takes.  The reason?  While you can control things that happen on a wire, you have no control over the air, namely transmitted signals.  Lots more to come!

– Joe

The (Necessary) Evils of Spanning Tree, Part III

Port States, Get it?

To pick up where we left off, I wanted to take a minute to talk about 802.d port states, not to be confused with US states on the eastern/western seaboard (insert groan here at the bad joke).  In traditional spanning tree, remember that a loop-free path through te network is essential, and the mechanics of that is a little bit of paranoia.  The protocol assumes that loops can creep in undetected at various stages of the game (so to speak) and one of the mechanisms to prevent that is port states…a series of stages that a switch port must go through in order to pass traffic.  Think of each as a “check point” on a tightly guarded road, at which the vehicle is allowed through to the next point.  Here are the port states, in order:

1. Blocking (does not pass traffic, forward frames, or learn MAC addresses)
2. Listening (does not pass traffic, forward frames, or learn MAC addresses)
3. Learning (does not pass traffic, forward frames, but does learn MAC addresses)
4. Forwarding (passes traffic, forwards frames, and learns MAC addresses)
5. Disabled (shutdown , does not pass traffic, forward frames, or learn MAC addresses)

Another important part of the spanning-tree process is how the path through the network is determined, and the short answer is cost.  Every functioning interface has a cost associated with it that is based on the bandwidth of the port, which is selected by default but can be changed through manual configuration.  At the grocery store, for example, you are far more likely to buy an item on sale at a discount than you are to pay full price, given a choice.  Spanning-tree does the same thing by choosing lower-cost ports (and as a result, paths) to find the best way back to the root switch.  Keep in mind that cost is cumulative from a given switch back to the root, but the principle is pretty straightforward.

What if could get all the strengths of spanning tree (loop-free path calculation, the enhancements explained in the last blog, etc.) without its weaknesses (such as a 50-second convergence time)?  That was the essential question that sparked a more improved/updated version of spanning-tree, known as Rapid Spanning-Tree (RSTP, 802.1w), which incorporated all of the Cisco-based improvements such as portfast, uplinkfast, and backbonefast and made them standard features.  In addition, the port states discussed earlier collapse from five to just three, namely discarding (replaces disabled, blocking and listening), learning, and forwarding.  As a sort of “icing on the cake,” the Maxage timer is dropped from 20 seconds to 5 and forward-delay is eliminated altogether, resulting in a convergence time of less than 10 seconds.  Take that, 802.1d!

– Joe

The (Necessary) Evils of Spanning Tree, Part II

Timing Is Everything

One of the more important aspects of 802.1d Spanning Tree Protocol operation has to do with the use of specific timers, three of them specifically.  These critical timers are as follows:

1. Hello Timer: As the name suggests, this timer is concerned with the frequency at which hello messages are sent from the root switch and subsequently propagated throughout the switched network.  By default, the interval is set at two (2) seconds, and the root switch sends out the Hello BPDU out all of its actively functioning interfaces.
2. Max Age Timer: The Max Age timer is not the point at which a worker should retire, but rather the length of time switches should wait before triggering changes in the spanning-tree topology.  This happens in response to events in which the hello messages are failing to appear.  Rather than being dependent on a “Max Age” setting, this timer is derived by multiplying the hello interval by 10, yielding a default setting of twenty (20).
3. Forward Delay: Ever paranoid about loops, spanning-tree sets yet another timer as a blocked port moves to a full forwarding state (more about port states later).  There are two steps in this process, each of which are allocated fifteen (15) seconds each.

For spanning-tree to converge, the Max Age (20 seconds and Forward Delay (15+15=30 seconds) timers have to expire, which ensures that no accidental path loops will be introduced during a topology change (50 seconds total).  I would imagine you cannot think of anyone that would be willing to wait as long as a full minute for network resources to become available again, right?  To get around this issue, Cisco created some new feature to trim or eliminate the ridiculously long convergence time, as follows:

1. Etherchannel: Since spanning-tree blocks multiple links, why not bond ports to create a single, larger logical connection?  This is exactly what Etherchannel does, it creates a bundle of similar interfaces into a larger entity “Port Channel” with the benefits of greater bandwidth and nullifying the blocking issue of multiple ports.  If one link drops, spanning-tree never has to reconverge.
2. Portfast: Many devices connected to the network (workstations, servers, etc.) pose no loop threat and do not even participate in spanning tree, so the portfast feature puts the port into forwarding mode immediately.
3. Uplinkfast: Miss America pageants have first runner-up contestants that can immediately be promoted to first place without having to stage an entirely new pageant.  Uplinkfast tracks secondary root (alternate) and designated (backup) ports for this very purpose.
4. Backbonefast: If indirect links upstream/downstream of the switch fail, the switch can query its neighbors for new path information without waiting for the Max Age timer to expire.

Next time, we will look at 802.1d port states and improvements created in a newer version of spanning-tree, Rapid Spanning Tree (802.1w).

– Joe

The (Necessary) Evils of Spanning Tree, Part I

The Network Without STP: Chaos

My wife and I had the privilege of getting to visit Europe, specifically Italy, Croatia, Spain, France and Italy several years ago, and got to stand in the middle of St. Mark’s Square (pictured above).  You can clearly see the chaos of clouds of birds descending on the square having no restraint of any kind and the wild disarray as a result.  This very same kind of chaos can result if there are no traffic safeguards in the network, when frames (later 2) run through the network with no protection whatsoever.  These “storms” can literally halt a network in its tracks and prevent any legitimate traffic from getting through.  I personally witnessed this at my workplace, a faulty switch was throwing out bad packets that slowed everything to a standstill.  The global NOC thought there was a virus, but eventually they tracked it down to a cheap switch in one of the conference rooms.

Traditional Spanning Tree (IEEE standard 802.1d) was designed to create a loop free path throughout the network, to prevent situations like the one described above.  Remember that unknown unicast, multicast, and broadcast frames are all flooded out all interfaces (except the originating one) by default, so controlling the paths that frames travel is no trivial matter.  The basic principle is that there is only a single active path allowed end to end; any redundant links are put into a blocking state, meaning that they cannot pass any traffic.  If you only have one set of interfaces active between switches then that precludes the possibility of loops, but then you are susceptible to link failures.

The very center of the Spanning-Tree universe is the root switch, and like human being, it firmly believes that everything rotates around it!  Other switches connected to the network have ports pointing either toward or away from the root switch.  Those pointing back to the root are referred to as root ports, and those leading away (which forward hello messages from the root) are called designated ports.

Now let’s talk just briefly about those hello messages.  Only the root switch sends them out, and they are forwarded by each switch throughout the network.  These messages act as keepalives, help detect link failures, and help elect the root switch when spanning tree starts up.  When switches power up, they all start sending out hello frames claiming to be the best switch for the root, until they hear a better (technical term is superior) hello, usually based on a preconfigured priority and/or the MAC address of the switch.  Eventually the rest of the switches stop sending out hello messages and just wait for the root to send them out.

More to come…

– Joe

I’d Rather Fight Than Switch

My maternal grandfather smoked Tareyton cigarettes, which carried the famous ad line of “I’d rather fight than switch” that I thought was a perfect lead-in for discussing LAN switching (clever, right?)  To the uninitiated, the term switch conjures up a whole set of images, usually relating to electrical components and/or lights.  In terms of networking, switching was a quantum leap forward, especially in terms of network congestion and bandwidth.  Think of a hub just like a parking lot after a sporting event–there is only one exit, and everybody is crowding to get out of that one opening, and coming from all directions as well.  Not a pretty picture, especially if you have waited seemingly hours to get out…

Wouldn’t it be amazing if there were a whole block of separate exit points from that parking lot?  Imagine how much faster things would go and how much more smoothly would the lot empty.  That’s the essential idea behind switches…instead of all stations sharing a single network entry point, separate data channels are created for all of the attached devices.  Sounds almost magical, but there is a rather simple logic that makes it all work, and it all based at Layer 2…the data-link layer of the OSI model.  Hubs just took electrical signals and retransmitted it out all ports because it had no way of distinguishing traffic.  Switches are different because they are examining the MAC (hardware) addresses of the frames passing through their ports.  If the frame is one it has never seen before, or a broadcast (ffff.ffff.ffff), it sends it out all ports except the one it arrived on (termed flooding).  The switch then records the source address contained in the frame, as well as the interface it came in on, and when a frame destined for that address arrives again, it send it out the port contained in the table entry (termed forwarding).  If it arrives on the same port in the table, it simply drops the frame (termed filtering).  The reason for the term switch is simple, because it takes a frame from one port,and then switches it to another port and sends it on its way.

In the next blog, I will drill into the specific types of switches in the Cisco product line and how they are best used in real-world settings.

– Joe