UNIT- 2

NETWORK ADDRESS TRANSLATOR:

Network Address Translation (NAT): It is a process in which one or more local IP
address is translated into one or more Global IP address and vice versa in order to
provide Internet access to the local hosts.it does the translation of port numbers i.e.
masks the port number of the host with another port number, in the packet that will
be routed to the destination. It then makes the corresponding entries of IP address
and port number in the NAT table. NAT generally operates on a router or firewall. 

Network Address Translation (NAT) working – 

Generally, the border router is configured for NAT i.e the router which has one
interface in the local (inside) network and one interface in the global (outside)
network. When a packet traverse outside the local (inside) network, then NAT
converts that local (private) IP address to a global (public) IP address. When a packet
enters the local network, the global (public) IP address is converted to a local (private)
IP address. If NAT runs out of addresses, i.e., no address is left in the pool configured
then the packets will be dropped and an Internet Control Message Protocol (ICMP)
host unreachable packet to the destination is sent. 

NAT inside and outside addresses – 

Inside refers to the addresses which must be translated. Outside refers to the
addresses which are not in control of an organization. These are the network
Addresses in which the translation of the addresses will be done.
 Inside local address – An IP address that is assigned to a host on the Inside
(local) network. The address is probably not an IP address assigned by the service
provider i.e., these are private IP addresses. This is the inside host seen from the
inside network. 
 
 Inside global address – IP address that represents one or more inside local IP
addresses to the outside world. This is the inside host as seen from the outside
network. 
 
 Outside local address – This is the actual IP address of the destination host in
the local network after translation. 
 
 Outside global address – This is the outside host as seen from the outside
network. It is the IP address of the outside destination host before translation. 
Network Address Translation (NAT) Types – 
There are 3 ways to configure NAT: 
1) Static NAT:  In this, a single unregistered (Private) IP address is mapped with a
legally registered (Public) IP address i.e one-to-one mapping between local and
global addresses. This is generally used for Web hosting.
2) Dynamic NAT : In this type of NAT, an unregistered IP address is translated into
a registered (Public) IP address from a pool of public IP addresses. If the IP
address of the pool is not free, then the packet will be dropped as only a fixed
number of private IP addresses can be translated to public addresses. 
3) Port Address Translation (PAT): This is also known as NAT overload. In this,
many local (private) IP addresses can be translated to a single registered IP
address. Port numbers are used to distinguish the trafficThis is most frequently
used as it is cost-effective as thousands of users can be connected to the
Internet by using only one real global (public) IP address. 
Advantages of NAT – 
 1) conserves legally registered IP addresses. 
 2) It provides privacy as the device’s IP address, sending and receiving the traffic, will
be hidden. 
3)Eliminates address renumbering when a network evolves
Disadvantage of NAT – 
1) Translation results in switching path delays. 
 2)Certain applications will not function while NAT is enabled. 
3) Complicates tunneling protocols such as IPsec. 
4) Also, the router being a network layer device, should not tamper with port
numbers(transport layer) but it has to do so because of NAT. 
 
 Internet Control Message Protocol (ICMP)
The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to
diagnose network communication issues. ICMP is mainly used to determine whether or not data is
reaching its intended destination in a timely manner. Commonly, the ICMP protocol is used on network
devices, such as routers. ICMP is crucial for error reporting and testing, but it can also be used
in distributed denial-of-service (DDoS) attacks.

Position of ICMP in the network layer

ICMP layer resides in the IP layer

Messages
The ICMP messages are usually divided into two categories:

 The Destination Unreachable Error Message: This message is generated when a data

packet cannot reach its final destination for some reason another. For example, there could
be hardware failures, port failures, network disconnections and more.
  Source Quench Error Message: This is a message generated by the source computer
to curtail or decrease the flow of network traffic that is being sent to the destination
computer.

 The Time Exceeded Error Message: This is the same as the Time to Live network-
based event

 The Parameter Problem Message: The checksum functionality was described in the

last section. This is provided in order to provide some level of assurance to the network
administrator that the ICMP has remained intact.
 The Redirection Error Message: This is when the source computer (such as the PDC)
requests that the flow of data packets be sent along another route than what was originally
planned for. 

 Query messages: The query messages are those messages that help the host to get
the specific information of another host. For example, suppose there are a client and a server,
and the client wants to know whether the server is live or not, then it sends the ICMP message
to the server

common applications of the ICMP:

There are two common applications or utilities that the ICMP is used for:

 The Traceroute: This is a tool that is used by the network administrator in order to
map out the potential path, or route, that the data packet can take.
 The Ping: In this scenario, there are two types of ICMP messages that are used: Echo
Request and Echo Reply. First, the echo request is sent out and then the echo reply is
transmitted back. 

security vulnerabilities of the ICMP:

Despite the advantages that the ICMP offers, it is also prone to a number of key security
vulnerabilities:

 The Ping Flood: This type of attack is very similar to that of a Distributed Denial of

Service (DDoS) attack , but rather than using malformed data packets to flood the
server in an effort to slow down its processes, it is flooded with ICMP echo requests
 The Ping of Death: This occurs when the cyberattacker sends out Ping requests
that are too large (in terms of bytes). In this scenario, the datagram that is used to
send out the Ping request becomes too oversaturated with “filler” information/data
that has no relevant meaning.
  The Twinge Attack: This is similar to the Ping Flood attack, but rather than the
ICMP echo requests coming from just one computer, they are coming from multiple
computers. They also have a fake source IP address in the header of the data packet

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP): It is a networking protocol used for the

management and monitoring of network-connected devices in Internet Protocol networks. ... It
is an application layer protocol in the OSI model framework that uses UDP port number
161/162.SNMP is used to monitor the network, detect network faults, and sometimes
even used to configure remote devices. 

SNMP components – 
There are 3 components of SNMP: 

1. SNMP Manager – 
It is a centralized system used to monitor network. It is also known as Network
Management Station (NMS) 
 
2. SNMP agent – 
It is a software management software module installed on a managed device.
Managed devices can be network devices like PC, routers, switches, servers, etc. 
 
3. Management Information Base – 
MIB consists of information on resources that are to be managed. This information
 is organized hierarchically. It consists of objects instances which are essentially
variables. 

SNMP Protocols
SNMP uses two other protocols which are as follows −

1) SMI:
SMI stands for Structure Management Information. SMI represents the general rules for
naming objects, defining object types (including range and length), and showing how to encode
objects and values.
SMI does not determine the number of objects an entity should handle or name the objects to
be managed or define the relationship between the objects and their values.

2) MIB:
MIB stands for Management information base. For each entity to be handled, this protocol
must represent the number of objects, name them as per the rules represented by SMI, and
relate a type to each named object. MIB generates a collection of named objects, their types,
and their relationships to each other in an entity to be managed.

SNMP security levels – 

It defines the type of security algorithm performed on SNMP packets. These are used
in only SNMPv3. There are 3 security levels namely: 
 
1. noAuthNoPriv – 
This (no authentication, no privacy) security level uses a community string for
authentication and no encryption for privacy. 
 
2. authNopriv – This security level (authentication, no privacy) uses HMAC with
Md5 for authentication and no encryption is used for privacy. 
 
3. authPriv – This security level (authentication, privacy) uses HMAC with Md5 or
SHA for authentication and encryption uses the DES-56 algorithm. 
 
SNMP versions – 
There are 3 versions of SNMP: 
 
1. SNMPv1 – 
It uses community strings for authentication and uses UDP only. 
 
2. SNMPv2c – 
It uses community strings for authentication. It uses UDP but can be configured to
use TCP. 
 
3. SNMPv3 – 
It uses Hash-based MAC with MD5 or SHA for authentication and DES-56 for
privacy. This version uses TCP. Therefore, the conclusion is the higher the version
of SNMP, the more secure it will be. 

Classless Inter Domain Routing (CIDR):

Classless inter-domain routing (CIDR): It is a set of Internet protocol (IP) standards that is
used to create unique identifiers for networks and individual devices. The IP addresses allow particular
information packets to be sent to specific computers.That system is known as CIDR notation. Classless
Inter-Domain Routing. which is also known as Classless addressing. In the Classful addressing
the no of Hosts within a network always remains the same depending upon the class of the
Network.

Class A network contains 2 24 Hosts,

Class B network contains 216 Hosts,
Class C network contains 2 8 Hosts

In order to reduce the wastage of IP addresses a new concept of Classless Inter-

Domain Routing is introduced. Now a days IANA is using this technique to provide the
IP addresses. Whenever any user asks for IP addresses, IANA is going to assign that
many IP addresses to the User.
Representation: It is as also a 32-bit address, which includes a special number which
represents the number of bits that are present in the Block Id.
a . b . c . d / n (Where, n is number of bits that are present in Block Id / Network Id).
Example: 20.10.50.100/20
Rules for forming CIDR Blocks:
1. All IP addresses must be contiguous.
2. Block size must be the power of 2 (2 n).
If the size of the block is the power of 2, then it will be easy to divide the Network.
Finding out the Block Id is very easy if the block size is of the power of 2.
Example:
If the Block size is 2 5 then, Host Id will contain 5 bits and Network will contain 32 –
5 = 27 bits.

3. First IP address of the Block must be evenly divisible by the size of the block. in
simple words, the least significant part should always start with zeroes in Host Id.
Since all the least significant bits of Host Id is zero, then we can use it as Block Id
part.
Example:
Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or not?
1. All the IP addresses are contiguous.
2. Total number of IP addresses in the Block = 16 = 2 4.
3. 1st IP address: 100.1.2.00100000
Since, Host Id will contains last 4 bits and all the least significant 4 bits are zero.
Hence, first IP address is evenly divisible by the size of the block.
All the three rules are followed by this Block. Hence, it is a valid IP address block.
 Advantages of CIDR:
 CIDR can be used to effectively manage the available IP address space.
 CIDR can reduce the number of routing table entries.

 Disadvantages of CIDR:
 it is no longer possible to determine by looking at the first octet to determine how
many bits of an IP address represent the network ID and how many the host ID.
 
Internet Protocol version 6 (IPv6):
Internet Protocol version 6 (IPv6): It is the most recent version of the Internet
Protocol (IP), the communications protocol that provides an identification and location system
for computers on networks and routes traffic across the Internet. ... IPv6 is intended to replace
IPv4.IPv6 was developed by Internet Engineering Task Force (IETF) to deal with the problem of
IP v4 exhaustion. IP v6 is a 128-bits address having an address space of 2^128, which is way
bigger than IPv4. In IPv6 we use Colon-Hexa representation.
The IPv6 (Internetworking Protocol, version 6) is designed to overcome the shortfalls of the
IPv4.
Packet Format of IPv6:
The IPv6 packet is shown in the diagram. Each packet is composed of base header and the
payload. The payload consists of two fields, optional extension headers and the data from
upper layer.

 Base header consists of eight fields:

1. Version : This is 4 bit  field, which defines the version number of an IP and its value is 6 for
IPv6.
2. Priority : This is 4 bit field, which defines the priority of the packet with respect to the traffic
congestion.
3. Flow label : This is 24 bit field, which is designed to provide facility of specially handling the
specific flow of the data.
4. Payload length : This is 16 bit field, which defines the length of an IP datagram excluding the
base header.
5. Next header : This is 8 bit field, which defines the header that follows the base header in the
datagram.
 6. Hop limit : This is 8 bit field, which serves the same purpose as the TTL( Time to Live field in
IPv4) field. It is a  mechanism that limits the life span of the data in computer networks.
7. Source address : This is 128 bit source address field, which identifies the original source of
the datagram.
8. Destination address : It is 128 bit destination address field, which identifies the original
destination of the datagram.

Priority field of IPv6: Defines the priority of each packet with respect to other packets from the
same source.
The IPv6 divides the traffic into two categories:

 Congestion-Controlled Traffic : If source can adjust itself with traffic slowdown due to
congestion, the traffic is referred to as congestion controlled traffic.
 Non Congestion-Controlled Traffic : Non-Congestion - Controlled Traffic is a type of
traffic which can accept a minimum delay.

In IPv6 representation, we have three addressing methods : 

 Unicast
 Multicast
 Anycast

1. Unicast Address –
Unicast Address identifies a single network interface. A packet sent to a unicast address is
delivered to the interface identified by that address. 
2. Multicast Address –
Multicast Address is used by multiple hosts, called as Group, acquires a multicast destination
address. These hosts need not be geographically together. If any packet is sent to this
multicast address, it will be distributed to all interfaces corresponding to that multicast
address. 
3. Anycast Address –
Anycast Address is assigned to a group of interfaces. Any packet sent to an anycast address
will be delivered to only one member interface (mostly nearest host possible). 
Note: Broadcast is not defined in IPv6. 

Types of IPv6 address: 

We have 128 bits in IPv6 address but by looking at the first few bits we can identify what type
of address it is. 
Prefix Allocation Fraction of Address Space

0000 0000 Reserved 1/256

0000 0001 Unassigned (UA) 1/256

0000 001 Reserved for NSAP 1/128

0000 01 UA 1/64

0000 1 UA 1/32

0001 UA 1/16

001 Global Unicast 1/8

010 UA 1/8

011 UA 1/8

100 UA 1/8

101 UA 1/8

110 UA 1/8

1110 UA 1/16

1111 0 UA 1/32

1111 10 UA 1/64

1111 110 UA 1/128

1111 1110 0 UA 1/512

 Prefix Allocation Fraction of Address Space

1111 1110 10 Link-Local Unicast Addresses 1/1024

1111 1110 11 Site-Local Unicast Addresses 1/1024

1111 1111 Multicast Address 1/256

Note: In IPv6, all 0’s and all 1’s can be assigned to any host, there is not any restriction like
IPv4. 

Advantages of IPv6:
Some advantages of IPv6 over IPv4 are mentioned below:

1. Address Space : IPv6 has a 128 bit long address, which is larger than IPv4.
2. Header format : IPv6 has a new header format, in which options are separated from the base
header and inserted between the base header and the upper layer data.
3. Extension : IPv6 is designed to allow the extension of the protocol, if required for new
applications.
4. Security : Encryption and authentication mechanism provides confidentiality and integrity to
the packets in IPv6.

Routing Protocol Basics in advanced networks:

Routing Protocols
Routing Protocols are the set of defined rules used by the routers to communicate
between source & destination. They do not move the information to the source to a
destination, but only update the routing table that contains the information.Network
Router protocols helps you to specify way routers communicate with each other. It
allows the network to select routes between any two nodes on a computer network.

Types of Routing Protocols

There are mainly two types of Network Routing Protocols

 Static
 Dynamic
 Routing Protocols

 Static Routing Protocols:

Static routing protocols are used when an administrator manually assigns the path
from source to the destination network. It offers more security to the network.

Advantages:
 No overhead on router CPU.
 No unused bandwidth between links.
 Only the administrator is able to add routes

Disadvantages:
 The administrator must know how each router is connected.
 Not an ideal option for large networks as it is time intensive.
 Whenever link fails all the network goes down which is not feasible in small
networks.

 Distance Vector Routing Protocol (DVR):

Distance Vector Protocols advertise their routing table to every directly connected
neighbor at specific time intervals using lots of bandwidths and slow converge.

In the Distance Vector routing protocol, when a route becomes unavailable, all
routing tables need to be updated with new information.
Advantages:
 Updates of the network are exchanged periodically, and it is always broadcast.
 This protocol always trusts route on routing information received from
neighbor routers.

Disadvantages:
 As the routing information are exchanged periodically, unnecessary traffic is
generated, which consumes available bandwidth.

 Routing Information Protocol (RIP):

RIP is used in both LAN and WAN Networks. It also runs on the Application layer of
the OSI model. The full form of RIP is the Routing Information Protocol. Two versions
of RIP are

1. RIPv1
2. RIPv2

 Interior Gateway Protocol (IGP):

IGRP is a subtype of the distance-vector interior gateway protocol developed by
CISCO. It is introduced to overcome RIP limitations.This type of routing protocol is
the best for larger network size as it broadcasts after every 90 seconds, and it has a
maximum hop count of 255

 Link State Routing Protocol:

Link State Protocols take a unique approach to search the best routing path. In this
protocol, the route is calculated based on the speed of the path to the destination
and the cost of resources.

Link state routing protocol maintains below given three tables:

 Neighbor table: This table contains information about the neighbors of the

router only. For example, adjacency has been formed.
  Topology table: This table stores information about the whole topology. For
example, it contains both the best and backup routes to a particular
advertised network.
 Routing table: This type of table contains all the best routes to the advertised
network.

 Enhanced Interior Gateway Routing Protocol (EIGRP)

EIGRP is a hybrid routing protocol that provides routing protocols, distance vector,
and link-state routing protocols. The full form routing protocol EIGRP is Enhanced
Interior Gateway Routing Protocol. It will route the same protocols that IGRP routes
using the same composite metrics as IGRP, which helps the network select the best
path destination.

 Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) protocol is a link-state IGP tailor-made for IP
networks using the Shortest Path First (SPF) method.OSPF routing allows you to
maintain databases detailing information about the surrounding topology of the
network. It also uses the Dijkstra algorithm (Shortest path algorithm) to recalculate
network paths when its topology changes. This protocol is also very secure, as it can
authenticate protocol changes to keep data secure.

 Dynamic Routing Protocols: Dynamic routing protocols are another

important type of routing protocol. It helps routers to add information to
their routing tables from connected routers automatically. These types of
protocols also send out topology updates whenever the network changes’
topological structure.

Advantage:
 Easier to configure even on larger networks.
 It will be dynamically able to choose a different route in case if a link goes
down.
 It helps you to do load balancing between multiple links

Disadvantage:
 Updates are shared between routers, so it consumes bandwidth.
  Routing protocols put an additional load on router CPU or RAM.

Purpose of Routing Protocols:

 Allows optimal path selection
 Offers loop-free routing
 Fast convergence
 Minimize update traffic
 Easy to configure
 Adapts to changes
 Scales to a large size
 Compatible with existing hosts and routers
 Supports variable length

Routing Information Protocol (RIP):

Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count
as a routing metric to find the best path between the source and the destination
network. It is a distance-vector routing protocol that has an AD value of 120 and works
on the Network layer of the OSI model. RIP uses port number 520.
Hop count is the number of routers occurring in between the source and destination
network.

Features of RIP 
 Updates of the network are exchanged periodically. 
 Updates (routing information) are always broadcast. 
 Full routing tables are sent in updates
 Routers always trust routing information received from neighbor routers. This
is also known as Routing on  rumors.

RIP versions : 
There are three versions of routing information protocol – 
 RIP Version1
 RIP Version2
 RIPng. 
 RIP v1 RIP v2 RIPng

Sends update as broadcast Sends update as multicast Sends update as multicast

Multicast at FF02::9 (RIPng

can only run on IPv6
networks) 
Broadcast at 255.255.255.255 Multicast at 224.0.0.9  

Doesn’t support
authentication of updated Supports authentication of
messages RIPv2 update messages –

Classless protocol updated

Classful routing protocol supports classful Classless updates are sent

RIP v1 is known as Classful Routing Protocol because it doesn’t send information of subnet
mask in its routing update. RIP v2 is known as Classless  Routing Protocol because it sends
information of subnet mask in its routing update. 

Configuration :  

Consider the above-given topology which has 3-routers R1, R2, R3. R1 has IP address
172.16.10.6/30 on s0/0/1, 192.168.20.1/24 on fa0/0. R2 has IP address 172.16.10.2/30
on s0/0/0, 192.168.10.1/24 on fa0/0. R3 has IP address 172.16.10.5/30 on s0/1,
172.16.10.1/30 on s0/0, 10.10.10.1/24 on fa0/0. 
Configure RIP for R1 : 
R1(config)# router rip
R1(config-router)# network 192.168.20.0
R1(config-router)# network 172.16.10.4
R1(config-router)# version 2
R1(config-router)# no auto-summary

Note: no auto-summary command disables the auto-summarisation. If we don’t select

any auto-summary, then the subnet mask will be considered as classful in Version 1.
 
Configuring RIP for R2:  
R2(config)# router rip
R2(config-router)# network 192.168.10.0
R2(config-router)# network 172.16.10.0
R2(config-router)# version 2
R2(config-router)# no auto-summary

Similarly, Configure RIP for R3 :  

R3(config)# router rip
R3(config-router)# network 10.10.10.0
R3(config-router)# network 172.16.10.4
R3(config-router)# network 172.16.10.0
R3(config-router)# version 2
R3(config-router)# no auto-summary

RIP timers:  
 Update timer: The default timing for routing information being exchanged by the
routers operating RIP is 30 seconds. Using an Update timer, the routers exchange their
routing table periodically.
 Invalid timer: If no update comes until 180 seconds, then the destination router
considers it invalid. In this scenario, the destination router mark hop counts as 16 for that
router.
 Hold down timer: This is the time for which the router waits for a neighbor router to
respond. If the router isn’t able to respond within a given time then it is declared dead. It
is 180 seconds by default.
 Flush time: It is the time after which the entry of the route will be flushed if it doesn’t
respond within the flush time. It is 60 seconds by default. This timer starts after the route
has been declared invalid and after 60 seconds i.e time will be 180 + 60 = 240 seconds.
 Interior Gateway Routing Protocol (IGRP):

Interior Gateway Routing Protocol (IGRP) is a proprietary distance vector routing protocol used
to communicate routing information within a host network. It was invented by Cisco. IGRP
manages the flow of routing information within connected routers in the host network or
autonomous system. The protocol ensures that every router has routing tables updated with
the best available path. IGRP also avoids routing loops by updating itself with the changes
occurring over the network and by error management.

Distance Vector technique: Distance Vector Protocols advertise their routing table
to every directly connected neighbor at specific time intervals using lots of
bandwidths and slow converge.

Distance: Means actual distance, how far is a network. In IGRP distance is measured in hop
counts.

Vector: Means direction, to reach a destination which direction should I take.

 IGRP uses Bellman-ford Distance Vector Algorithm to determine the best path to a
destination.
 IGRP is a Cisco Proprietary, thus it works only on Cisco Routers. 
 Its Updates are broadcasted using IP address 255.255.255.255.
 IGRP Administrative distance is 100.
  Its Max hop count is 255, default is 100
 Its Load balancing up to 6 equal or unequal paths
 IGRP is used for large organizations.
 IGRP Send periodic updates, i.e. send information about its routes every 90 seconds
  It is a Classful routing protocol, i.e. Subnet masks are not included in routing table updates.
 IGRP uses the concept of Autonomous System number, which is like a boundary or domain.
Routers in same Autonomous system can communicate and send routing updates to each other.

IGRP Timers :

1. Update Timer: is of 90 seconds by default. It is the time between consecutive updates

i.e. router send updates every 90 seconds. 
2. Invalid Timer: is of 270 seconds by default. It is the time a router waits to hear an
update before marking it as invalid. If an update is received before the timer expires, then
the timer is reset. The route is marked unreachable if there is no update during this interval
( metric of 101) 
3. Flush Timer: is of 630 seconds by default. It is the time before an invalid route is
removed/flushed from the Routing Table. It runs along with the Invalid timer and if a route
is marked invalid, after 360 seconds, it is removed from the routing table. 
4. Hold down timer: is of 280 seconds by default. The amount of time for which the
information about poorer routes are ignored. The default is three times the update timer
and additional 10 seconds. 

Advantages of IGRP :

 Has more scalability compared to RIP ( 255 hops, 100 by default)

 Use of composite metric
 Easy to configure

Disadvantages of IGRP:

 Cisco Proprietary so only works on Cisco routers

 Slow convergence 
 Forms routing Loops

SWITCHING SERVICES:
Switching is process to forward packets coming in from one port to a port leading towards the
destination. When data comes on a port it is called ingress, and when data leaves a port or goes
out it is called egress. A communication system may include number of switches and nodes.
At broad level, switching can be divided into two major categories:

 Connectionless: The data is forwarded on behalf of forwarding tables. No previous

handshaking is required and acknowledgements are optional.
 Connection Oriented:  Before switching data to be forwarded to destination, there is a
need to pre-establish circuit along the path between both endpoints. Data is then
forwarded on that circuit. After the transfer is completed, circuits can be kept for
future use or can be turned down immediately.
There are 3 common switching techniques: 
1. Circuit Switching
2. Packet Switching
3. Message Switching

 Circuit Switching: When two nodes communicate with each other over a dedicated
communication path, it is called circuit switching. In circuit switching, to transfer the
data, circuit must be established so that the data transfer can take place.
Circuits can be permanent or temporary. Applications which use circuit switching may have to
go through three phases:

 Establish a circuit
 Transfer the data
 Disconnect the circuit

Circuit switching was designed for voice applications. Telephone is the best suitable example of
circuit switching.

Message Switching: Message switching was a technique developed as an alternative to

circuit switching before packet switching was introduced. In message switching, end-users
communicate by sending and receiving messages that included the entire data to be shared.
Messages are the smallest individual unit. Message switched data networks are hence called
hop-by-hop systems. 

Message switching network consists of transmission links (channels), store-and-

forward switch nodes, and end stations as shown in the following picture: 
They provide 2 distinct and important characteristics: 

 Store and forward

  Message delivery

Packet Switching: Shortcomings of message switching gave birth to an idea of packet

switching. The entire message is broken down into smaller chunks called packets. The switching
information is added in the header of each packet and transmitted independently.

Packet switching enhances line efficiency as packets from multiple applications can be
multiplexed over the carrier. The internet uses packet switching technique. Packet switching
enables the user to differentiate data streams based on priorities. Packets are stored and
forwarded according to their priority to provide quality of service.

Advantages of Switches:
 They increase the available bandwidth of the network.
 They help in reducing workload on individual host PCs..
 They increase the performance of the network.
 Switches can be connected directly to workstations.

 Disadvantages of Switches:
 They are more expensive compare to network bridges.
 Broadcast traffic may be troublesome.
 Proper design and configuration is needed in order to handle multicast packets.
 Network connectivity issues are difficult to be traced through the network switch .
Spanning Tree Protocol (STP):

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical
topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the
broadcast radiation that results from them.

Need for Spanning Tree : Consider the scenario below with 3 switches with one user
attached to each switch.

Looping of Frame in LAN

Arvind sends a broadcast frame to LAN and as nature of switch frame are send out from other
ports (Gi0/1 & Gi0/2) except receiving port (Fa0/3). Now, this frame goes to SW2, SW2 also
broadcast frame out of Gi0/2 and Fa0/2 ports. SW1 receives frame in its Gi0/1 ports. SW1
also broadcast frame then this frame goes to SW3 and frame broadcasting goes on.
Remember that this frame broadcast also occurs in other direction from SW3 out of Gi0/1
port. Above discussed frame looping was from SW3’s Gi0/2 ports. You can imagine the frame
flooding in that small LAN. This forever looping of frames around LAN is called Broadcast
storm.

This Looping of frames causes three problems as stated below:

1. MAC table instability
2. Broadcast Storm 
3. Multiple Frame Transmission 

Types of Spanning Tree Protocol (STP):

 1. 802.1D – This is also known as CST (Common Spanning Tree). It is a spanning
tree standard developed by IEEE which elects only one root bridge per whole topology.
All the traffic flows over the same path (the best path to the root bridge) but this
doesn’t hold good always as there can be scenarios in which the optimised path to
reach a VLAN is different than the path obtained on electing the root bridge. It is very
slow as it takes 32 seconds to converge. 
Advantages: 
 Less CPU and memory required.
Disadvantages:
 Lesser optimisation as the path calculated as the best cost to root bridge might
not be the best path to reach a network. 
 No load balancing.

2. Per VLAN Spanning Tree + (PVST+) – It is a spanning tree standard

developed by Cisco for its devices which finds the root bridge per VLAN. It is a
Cisco default version of STP.
Advantages: 
 PVST+ provides more optimization on the performance of a network than CST as it
selects root bridges per VLAN. 
 Bandwidth consumption is lesser than CST. 
 Optimum load balancing is achieved.
Disadvantages:
 This is slow as CST i.e. convergence time is slow. By default, Cisco switches take 50
seconds for converging. 
 More resources (CPU and memory) is required. 

3. 802.1w – Rapid Spanning Tree Protocol (RSTP) – It is a spanning standard

developed by IEEE which provides faster convergence than CST but holds the same idea of
finding a single root bridge in the topology. The bridge resources needed in RSTP is higher than
CST but less than PVST+ . 
Advantages: 
 Prevents network loops.
 Prevents redundancy.
 Faster Convergence.
 Backward compatible with STP.

4. Rapid Per VLAN Spanning Tree + (RPVST+) –This Spanning Tree standard is
developed by Cisco which provides faster convergence than PVST+ and finds separate instance
of 802.1w per VLAN. It requires much more CPU and memory than other STP standards. 
 
5. 802.1s (Multiple Spanning Tree) :-This standard is developed by IEEE in which
grouping of VLANs is done and for each single group, RSTP is run. This is basically a Spanning
Tree Protocol running over another Spanning Tree Protocol. 

Advantages: 
 High redundancy 
 load balancing can be achieved. 
 lower CPU and memory usage is required

Disadvantages:
 More configuration is required and not easy to implement.

Standard/Simple Network Management Protocol

(SNMP):
SNMP is an application layer protocol that uses UDP port number 161/162.SNMP is used to
monitor the network, detect network faults, and sometimes even used to configure remote
devices. 

SNMP components – 
There are 3 components of SNMP: 
 1. SNMP Manager – 
It is a centralized system used to monitor network. It is also known as Network
Management Station (NMS) 
 
2. SNMP agent – 
It is a software management software module installed on a managed device.
Managed devices can be network devices like PC, routers, switches, servers.
 
3. Management Information Base –  
MIB consists of information on resources that are to be managed. This information is
organized hierarchically. It consists of objects instances which are essentially
variables. 
 
SNMP messages – 
1. GetRequest – 
SNMP manager sends this message to request data from the SNMP agent. It is simply used
to retrieve data from SNMP agents. In response to this, the SNMP agent responds with
the requested value through a response message. 
2. GetNextRequest – 
This message can be sent to discover what data is available on an SNMP agent. The SNMP
manager can request data continuously until no more data is left. In this way, the SNMP
manager can take knowledge of all the available data on SNMP agents. 
3. GetBulkRequest – 
This message is used to retrieve large data at once by the SNMP manager from the SNMP
agent. It is introduced in SNMPv2c. 
4. SetRequest – 
It is used by the SNMP manager to set the value of an object instance on the SNMP agent.  
5. Response – 
It is a message sent from the agent upon a request from the manager. When sent in
response to Get messages, it will contain the data requested. When sent in response to
the Set message, it will contain the newly set value as confirmation that the value has
been set. 
6. Trap – 
These are the message sent by the agent without being requested by the manager. It is
sent when a fault has occurred. 
7. InformRequest – 
It was introduced in SNMPv2c, used to identify if the trap message has been
received by the manager or not. The agents can be configured to set trap
continuously until it receives an Inform message.
SNMP security levels – 
It defines the type of security algorithm performed on SNMP packets. These are used in
only SNMPv3. There are 3 security levels namely: 
 
1. noAuthNoPriv – This (no authentication, no privacy) security level uses a
community string for authentication and no encryption for privacy. 
 
2. authNopriv – This security level (authentication, no privacy) uses HMAC with Md5
for authentication and no encryption is used for privacy. 
 
3. authPriv – This security level (authentication, privacy) uses HMAC with Md5 or SHA
for authentication and encryption uses the DES-56 algorithm. 
 
SNMP versions – 
There are 3 versions of SNMP: 
1) SNMPv1 – It uses community strings for authentication and uses UDP only. 
2) SNMPv2c – It uses community strings for authentication. It uses UDP but can be
configured to use TCP. 
3) SNMPv3 – It uses Hash-based MAC with MD5 or SHA for authentication and DES-56 for
privacy. This version uses TCP. Therefore, the conclusion is the higher the version of SNMP,
the more secure it will be. 

 Advantages of SNMP:
 Standardized device monitoring, eliminating the need for complex monitoring
configurations.
 Vendorless monitoring (meaning devices from any manufacturer are recognized)
 Automatic parameter monitoring.
 Real-time status updates.