As per ICAO DOC 9868

and DOC 10057

2025

Competency Based Training and Assessment for

ATSEP
Non-PLI Training
On
Data Communication Networking and OS
Linux
MODULE-1
Data Communication Networking

AAI/ANS/CNS/CATC/2025/CBTA-Non PLI/Data
Communication Networking/ /OS Linux/Mod-1
/Ver.2.0 सी.ए.टी.सी.,
THIS PAGE IS INTENTIONALLY KEPT BLANK
 Module-1
Data Communication Networking and OS Linux

Training Quality Policy

“To develop the human

resources for the aviation
industry, ensuring conformity of
the processes, by adapting the
best practices within industry
and building higher skills and
standards in training.”
 Module-1
Data Communication Networking and OS Linux
 Module-1
Data Communication Networking and OS Linux
Version Control

Module Doc No. AAI/CATC/CNS/DCN/OS LINUX/NPLI

Version 1.0 1. Sh. Pravin Kumar Singh, AGM (CNS), CATC
Developed by 2. Sh. Hasan Ashraf, AGM (CNS), CATC
3. Sh. V.P Ratheesh,AGM(CNS),Chennai
4. Sh. Narendra Patel,AGM(CNS),CATC
5. Sh. Dhiraj Kumar Gupta ,Mgr(CNS),Kolkata
6. Sh. Kumar Raunak , AM(CNS),Kolkata
Version 2.0 1. Sh. Hasan Ashraf, AGM (CNS), CATC
Developed by 2. Sh. Narendra Patel,AGM(CNS),CATC
3. Sh. Devendra Kumar Tiwari, AGM(CNS),CATC
4. Sh. Kumar Raunak , AM(CNS),Kolkata
Version 2.0 1. Sh. Govinda Gupta, DGM (CNS), CATC
vetted by 2. Sh. Praveen Kumar Singh, AGM(CNS), CATC
3. Sh. Hasan Ashraf, AGM (CNS), CATC
Period of vetted Ver. 11th April 2025 to 12th April 2025
1.0
Maintained By CDRC, CATC, PRAYAGRAJ
Version Number Modified By Date Date
Modified approved
Ver 1.0
 Module-1
Data Communication Networking and OS Linux
 Module-1
Data Communication Networking and OS Linux
Preface
This “Data Communication Networking and OS Linux NPLI Training” handout
conforms to the standards and recommended practices of International Civil Aviation Organization
(ICAO) vide Doc. 9868 (PANS Training) Part IV Chapter 3 for ATSEP and Doc. 10057 (Manual on
Air Traffic Safety Electronics Personnel- Competency Based Training and Assessment).

With pleasure, I authenticate this handout and make it available for imparting NPLI training
course on “Data Communication Networking and OS Linux” for ATSEPs in AAI.

The course content has been approved by CHQ of AAI. It is hoped that the trainee ATSEPs
will find it informative, interesting and better in presentation.

I am sure that the trainees will carry a sense of pride in undergoing this CBTA based NPLI
Training course of ICAO standard.

This handout on “Data Communication Networking and OS Linux” is specifically

designed and developed to equip the ATSEPs with requisite competencies required to
understand Introduction to Data Communication, TCP/IP, Classification of networks, Network
devices with basic configuration in switch and router, Loop avoidance in LAN, IP Addressing &
Subnetting, IP Routing and configuration of static and dynamic routing, VLAN, VLAN Trunking and
inter VLAN routing and configure VLAN in switch and Inter VLAN routing, IP Multicast, Different
protocol, Access Control List, NAT, VPN Linux operating system, Linux command and Introduction
to cyber security.

This handout is intended to be kept up to date. It will be amended periodically as new

technological developments are made in the field of Data communication networking and cyber.

For the development and presentation of this module as per ICAO Doc 10057, I would like
to appreciate the meticulous and excellent work done by the course developers.

Errors, if any or suggestions, if brought to the notice of undersigned would be highly

commendable as it will serve to improve this module and contribute to our objective of achieving
excellence in the field of ATSEP training.

GM (CNS)/ Head of ATSEP training

CATC, PRAYAGRAJ-211012
Dated: 15th April. 2025
 Module-1
Data Communication Networking and OS Linux
 TABLE OF CONTENTS
CHAPTER -01 ........................................................................................... 1
INTRODUCTION TO DATA COMMUNICATION ............................................ 1
1.1 COMMUNICATIONS MODEL ........................................................................ 1
1.2 DATA REPRESENTATION ........................................................................... 2
1.3 TEXT .................................................................................................... 2
1.4 NUMBERS .............................................................................................. 4
1.5 IMAGES ................................................................................................. 4
1.6 AUDIO .................................................................................................. 4
1.7 VIDEO................................................................................................... 5
1.8 DATA COMMUNICATION NETWORKING ......................................................... 5
1.9 NETWORK TOPOLOGY............................................................................... 6
1.10 PROTOCOLS & STANDARDS ....................................................................... 7
CHAPTER-2 ............................................................................................ 14
INTRODUCTION TO TCP/IP .................................................................... 14
2. TCP/IP (DOD MODEL)............................................................................. 14
2.1. NETWORK ACCESS LAYER ....................................................................... 15
2.2. INTERNET LAYER ................................................................................... 16
2.3. APPLICATION LAYER ............................................................................... 22
CHAPTER-3 ............................................................................................ 26
CLASSIFICATION OF NETWORK & NETWORK DEVICES.......................... 26
3.1. CLASSIFICATION OF NETWORK BASED ON SIZE ............................................ 26
3.2. CABLES AND CONNECTOR USED IN ETHERNET ............................................ 29
3.3. COLLISION IN NETWORK .......................................................................... 34
3.4. REPEATERS.......................................................................................... 35
3.5. HUBS ................................................................................................. 36
3.6. BRIDGES ............................................................................................. 37
3.7. BROADCAST DOMAIN.............................................................................. 37
3.8. SWITCHES ........................................................................................... 38
3.9. ADDRESS RESOLUTION PROTOCOL (ARP) .................................................. 40
3.10. GATEWAY: ........................................................................................... 46
CHAPTER-4 ............................................................................................ 48
LOOP AVOIDANCE IN LAN ...................................................................... 48
CHAPTER-5 ............................................................................................ 54
IP ADDRESSING & SUBNETTING ............................................................ 54
5.1. IP ADDRESSING .................................................................................... 54
5.2. CLASSLESS ADDRESSING ........................................................................ 58
5.3. SUBNETTING ........................................................................................ 59
5.4. VARIABLE LENGTH SUBNETTING (VLSM) ................................................... 65

Civil Aviation Training College, India

CHAPTER-6 ............................................................................................ 71
IP ROUTING ........................................................................................... 71
6.1. IP ROUTING ......................................................................................... 71
6.2. METRIC ............................................................................................... 78
CHAPTER-7 ............................................................................................ 95
VLAN...................................................................................................... 95
7.1. INTRODUCTION ..................................................................................... 95
7.2. VLAN BASICS ...................................................................................... 95
7.3. ACCESS PORT: ..................................................................................... 99
7.4. TRUNK PORT: ....................................................................................... 99
7.5. VLAN TAGGING: ................................................................................. 100
CHAPTER-8 .......................................................................................... 104
IP MULTICAST ..................................................................................... 104
CHAPTER-9 .......................................................................................... 133
PROTOCOLS......................................................................................... 133
9.1 LINK AGGREGATION PROTOCOL ............................................................. 133
9.2 SWITCH STACKING .............................................................................. 134
9.3 INTRODUCTION: .................................................................................. 135
9.3.1 HSRP & VRRP: ................................................................................. 136
9.4 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) ................................ 139
9.5 DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) .................... 143
9.6 DOMAIN NAME SYSTEM .................................................................. 144
CHAPTER-10 ........................................................................................ 146
ACCESS CONTROL LISTS (ACLS) .......................................................... 146
CHAPTER-11 ........................................................................................ 153
NAT (NETWORK ADDRESS TRANSLATION) ........................................... 153
11.1 NAT (NETWORK ADDRESS TRANSLATION) ................................................ 153
CHAPTER-12 ........................................................................................ 156
VIRTUAL PRIVATE NETWORKS (VPNS) ................................................. 156
CHAPTER-13 ........................................................................................ 159
INTRODUCTION TO CYBER SECURITY ................................................. 159
13.1 INTRODUCTION ................................................................................... 159
13.2 CIA TRIAD ......................................................................................... 161
13.3 CYBER SECURITY REGULATING BODIES IN INDIA ....................................... 161
13.4 VARIOUS CYBERSECURITY THREATS ............................................. 165
13.5 CYBERSECURITY THREAT PREVENTION ........................................ 166

Civil Aviation Training College, India

 Chapter – 01 Data Communication

CHAPTER -01
INTRODUCTION TO DATA COMMUNICATION

1.1 Communications Model

For communication to take place it requires a source from where the message
intended to be exchanged is generated. The message so generated is sent to
the destination through a medium. The figure shown below depicts a
generalized block diagram of a communication model.
Source system Destination system

Source Transmitter Transmission Receiver Destination

system

Fig: General Block Diagram

The fundamental purpose of data communications system is the exchange of
data between two parties. The word Data refers to the information presented
in whatever form that is agreed upon by the parties creating and using the
data. The figure given below is one particular example in which
communication between a workstation and a server through a public
telephone network is shown.

Public Telephone network

Computer Modem Modem Computer

Fig: Communication through public network

The key elements of the model are

⮚ Source: This device generates the data to be transmitted; examples are

telephones and Personal computers.

Civil Aviation Training College, India Page 1

 Chapter – 01 Data Communication

⮚ Transmitter: Usually, the data generated by a source system are not

transmitted directly in the form in which they were generated. Rather, a
transmitter transforms and encoded the information in such a way as to
produce

⮚ Destination: Takes electromagnetic signals that can be transmitted

across some sort of transmission system. For example a modem takes a
digital bit stream from an attached device such as a PC and transforms
that bit stream into an analog signal that can be handled by the telephone
network.

⮚ Transmission System: This can be single transmission line or a complex

network connecting source and destination.

⮚ Receiver: The receiver accepts the signal from the transmission system
and converts it into a form that can be handled by the destination device.
For example, a modem will accept analog signal coming from a network or
transmission line and convert it into a digital bit stream the incoming data
from the receiver.
1.2 Data Representation

Information to be exchanged is done in the form of data. This data are in

different forms such as text, numbers, images, audio and video.
1.3 Text

In data communications, text is represented as a bit pattern, a sequence of

bits (0s & 1s). The number of bits in a pattern depends on the number of
symbols in the language. For example, the English language uses 26 symbols
(A,B,C,…..Z) to represent uppercase letters, 26 symbols (a,b,c,….z) to
represent lowercase letters. 10 symbols to represent numbers (0, 1, 2,…9)
and symbols (?, / +, ;,…..) to represent punctuations. Other symbols such as
the blank, the new line, and the tab are used for text alignment and
readability.

Civil Aviation Training College, India Page 2

 Chapter – 01 Data Communication

Different sets of bit patterns have been designed to represent text symbols.
Each set is a code, and the process of representing the symbols is called
coding.

⮚ ASCII: The American Nationals Standard Institute (ANSI) developed a code

called the American Standard code for information Interchange. The
code uses 7bits for each symbol. This means that 28 (127) different
symbols can be defined by this code.

⮚ Extended ASCII: To make the size of each pattern 1byte (8-bits), the
ASCII pattern is augmented with an extra 0 in the left. Now each pattern
is exactly 1 byte of memory. In other words, in extended ASCII, the first
pattern is 00000000 and the last one is 01111111.

⮚ EBCDIC: IBM’s 8-bit code Extended Binary-Coded-Decimal Interchange

Code, EBCDIC is vendor specific and is used primarily in large IBM
computers.

⮚ Unicode: Neither of the foregoing represents symbols belonging to

languages other than English. For that, a code with much greater
capacity is needed. A coalition of hardware and software manufacturers
has designed a called Unicode that uses 16-bits can represent 65536
symbols. Different sections of the code are allocated to symbols from
different languages in the world. Some parts of the code are used for
graphics and special symbols.

The International Standard Organization, known as ISO, has designed a code

using a 32-bit pattern. This code can represent 4,294,967,296 symbols,
which is definitely enough to represent any symbol in the world today.

Civil Aviation Training College, India Page 3

 Chapter – 01 Data Communication

1.4 Numbers

Numbers are also represented using bit patterns. However a code such as
ASCII is not used to represent the numbers; the number is directly converted
to binary numbers. The reason is to simplify mathematical operations on
numbers.
1.5 Images

Images today are represented by bit patterns. In its simpler form, an image is
divided into a matrix of pixels (picture elements), where each pixel is a small
dot. The size of the pixel depends on resolution. For example an image can
be divided into 1000 pixels or 10000 pixels. In the second case, there is a
better representation of image, but more memory is needed to store the bit
pattern of the image.

After the image is divided into pixels, each pixel is assigned a bit pattern. The
size and the value of the pattern depend on the image. For an image made of
only black & white dots (e.g., a chessboard), a 1-bit pattern is enough to
represent a pixel either 0 or 1. If the image consists of 4 levels of gray shades
a 2-bit pattern is required. A bit pattern 00 represents a black pixel, 01 a dark
gray shade, 10 pattern a light gray shade and 11 a white shade.

To represent color images, each color pixel is decomposed into three primary
colors; red, green and blue. A three-bit pattern each consisting of 8-bits is
used to represent the intensity of each color.

1.6 Audio
Audio is representation of sound. Audio is by nature different from text,
numbers, or images. It is continuous not discrete. This form is changed to the
other form to use it.

Civil Aviation Training College, India Page 4

 Chapter – 01 Data Communication

1.7 Video

Video can be produced either as a continuous entity (e.g., by a TV camera),

or it can be a combination of images, each a discrete entity, arranged to
convert the idea of motion.
1.8 Data Communication Networking

In its simplest form data communication takes place between two devices that
are directly connected by some form of point-to-point connected transmission
medium. A network is two or more devices connected together through links. A
link is a communications pathway that transfers data from one device to
another. It is simple to imagine any link as a line drawn between two points. For
communication to occur, two devices must be connected in some way to the
same link at the same time. There are two possible types of connections: point-
to-point and multi-point.

Computer Computer
Fig: Point-to-point connection

In point-to-point connection two devices are connected through a dedicated link.

The entire capacity of the link is reserved for transmission between these two
devices.

Civil Aviation Training College, India Page 5

 Chapter – 01 Data Communication

Most point-to-point connections use an actual length of wire or cable to connect

the two ends, but other options, such as microwave or satellite links are also
possible.
A multipoint (also called multi-drop) connection is one in which more than two
specific devices share a single link. Thus the capacity of the channel is shared.

Fig: Multi-point connection

The links discussed above may be small which may be within a building or it
may be several kilometers long. If the devices are farther apart it is impractical
to directly connect through a point-to-point link. It is always not possible to run
a dedicated line between the devices. In such cases the devices are to be
connected through networks. There exists different types of networks while will
be covered in the networking module.
1.9 Network Topology

Network topology can be classified as:

Star Topology: In a star network, each node is connected to a central device
either a HUB or a SWITCH.

Civil Aviation Training College, India Page 6

 Chapter – 01 Data Communication

Tree Topology: It is also known as Extended Star Topology wherein central

Hub/ Switch is connected to several downstream hubs/ switches.

Bus Topology: It uses a single backbone cable that is terminated at both ends.
All the hosts connect directly to this backbone.
Ring Topology: A ring topology connects the nodes in a continuous loop. Data
flows around the ring in one direction.
Mesh Topology: A mesh topology has at least two network connections on every
device on the network. Each host has its own connections to all other hosts.
Hybrid Topology: It is a combination of above-mentioned topologies, connected
by a suitable networking device.

1.10 Protocols & Standards

In this section, we define two widely used terms: protocols and standards. A
protocol is synonymous with rules and Standards are agreed upon rules.

Civil Aviation Training College, India Page 7

 Chapter – 01 Data Communication

Protocols
In computer networks, communication occurs between entities in different
systems. An entity is anything capable of sending and receiving information.
Examples are user application programs, file transfer packages, e-mail facilities,
Database management systems etc., However, two entities cannot simply send
bit streams to each other and expect to be understood. For communication to
occur, the entities must agree on a protocol. A Protocol is a set of rules that
governs the data communications. A protocol defines what is communicated,
how is it communicated, and when it is communicated. The key elements of a
protocol are:
Syntax: Syntax refers to the structure or format of the data, meaning the order
in which they are represented and signal levels. For example, a simple protocol
might expect the first 8 bits of data to be the address of the sender, the seconds
8bits to be the address of the receiver, and the rest of the stream to be the
message itself.
Semantics: Semantics refers to the meaning of each section of bits. How is a
particular pattern to be interpreted, and what action is to be taken based on that
interpretation?
Timing: Timing refers to the synchronization and coordination between devices
while transferring the data. Timing ensures at what time data should be sent
and how fast data can be sent. For example, If a sender sends 100 Mbps but the
receiver can only handle 1 Mbps, the receiver will overflow and lose data. Timing
ensures preventing data loss, collisions and other timing related issues.
Standards
Network standards are agreed-upon specifications that ensure compatibility and
interoperability among different devices, vendors, and applications on a network.
They define the physical, electrical, and functional characteristics of network
components, such as cables, connectors, signals, frequencies, and protocols. For
example, Ethernet is a network standard that defines how data is transmitted
over a wired network using frames, MAC addresses, and switches.

Civil Aviation Training College, India Page 8

 Chapter – 01 Data Communication

How do network protocols and standards relate?

Network protocols and standards are closely related, but not the same. Network
protocols are the logical rules that govern how data is communicated, while
network standards are the physical and technical specifications that enable the
implementation of network protocols. Network protocols and standards often
work together in layers, forming a network architecture or model that describes
the functions and interactions of each layer. For example, the OSI model is a
network architecture that consists of seven layers, each with its own protocols
and standards.

Why are network protocols and standards important?

Network protocols and standards are important because they enable different
devices and systems to communicate with each other on a network, regardless
of their hardware, software, or location. They also ensure consistency, efficiency,
and quality of service for network users and applications. Without network
protocols and standards, there would be no common language or framework for
data transmission, and network communication would be chaotic, unreliable,
and insecure.

2 PROTOCOL LAYERING
In data communication and networking, a protocol defines the rules that both
the sender and receiver and all intermediate devices need to follow to be able to
communicate effectively. When communication is simple (e.g. – Face to Face) we
may need only one simple protocol;

Fig 1.1

Civil Aviation Training College, India Page 9

 Chapter – 01 Data Communication

When the communication is complex, we may need to divide the task between
different layers, in which case we need a protocol at each layer, or protocol
layering.

Fig 1.2
Let us assume that A sends the first letter to B. The third layer machine listens
to what A says and creates the plaintext (a letter in English), which is passed to
the second layer machine. The second layer machine takes the plaintext,
encrypts it, and creates the ciphertext, which is passed to the first layer machine.
The first layer machine takes the ciphertext, puts it in an envelope, adds the
sender and receiver addresses, and mails it.
At B’s side, the first layer machine picks up the letter from B’s mail box,
recognizing the letter from A by the sender address. The machine takes out the
ciphertext from the envelope and delivers it to the second layer machine. The
second layer machine decrypts the message, creates the plaintext, and passes
the plaintext to the third-layer machine. The third layer machine takes the
plaintext and reads it.
Protocol layering enables us to divide a complex task into several smaller
and simpler tasks. We could have used only one machine to do the job of all
three machines. However, if A and B decide that the encryption/decryption done
by the machine is not enough to protect their secrecy, they would have to change
the whole machine.

Civil Aviation Training College, India Page 10

 Chapter – 01 Data Communication

In the present situation, they need to change only the second layer
machine; the other two can remain the same. This is referred to as modularity.
Modularity in this case means independent layers. A layer (module) can be
defined as a black box with inputs and outputs, without concern about how
inputs are changed to outputs. If two machines provide the same outputs when
given the same inputs, they can replace each other. For example, A and B can
buy the second layer machine from two different manufacturers. As long as the
two machines create the same ciphertext from the same plaintext and vice versa,
they do the job.
One of the advantages of protocol layering is that it allows us to separate
the services from the implementation. A layer needs to be able to receive a set of
services from the lower layer and to give the services to the upper layer; we don’t
care about how the layer is implemented.
Another advantage of protocol layering, which cannot be seen in our
simple examples but reveals itself when we discuss protocol layering in the
Internet, is that communication does not always use only two end systems; there
are intermediate systems that need only some layers, but not all layers. If we did
not use protocol layering, we would have to make each intermediate system as
complex as the end systems, which makes the whole system more expensive.

Logical Connections
In protocol layering, there is a logical connection between each layer. This
means that we have layer-to-layer communication.

Civil Aviation Training College, India Page 11

 Chapter – 01 Data Communication

Fig 1.3

Reference Model in Computer Networking

In the early days of computer networking, suppliers developed proprietary
model networking to support their products. The biggest problem with these
models was that only the devices produced by the same vendor allowed
communication. For example, only the computer or networking device IBM
produced could communicate with.
For both manufacturers and consumers, this situation was neither good
nor profitable. It forced producers to produce all the essential network devices
and consumers to purchase all devices from the same manufacturer.
To overcome this barrier, leading hardware producers agree that a vendor-
neutral network model should be utilized or supported in conjunction with their
proprietary networking model. Two significant efforts were made to create a
supplier-neutral networking model.
The OSI (Open Systems Interconnection) model was established by ISO
(The International Organization for Standardization), and the U.S. Defense Dept.
(DoD) developed the TCP / IP model.

Civil Aviation Training College, India Page 12

 Chapter – 01 Data Communication

Seven Layers of the OSI Model

1. Application Layer: Provides Network Services to various

Applications Processes & Provides User Authentication.
2. Presentation Layer: It formats and structures data in a way that it
is readable at the receiving end. It provides Encryption & negotiates
for data transfer syntax for application layer.
3. Session Layer: It establishes, manages & terminates sessions
between applications.
4. Transport layer: It ensures data transport reliability via fault
detection & recovery information flow control. It establishes,
maintains and terminates virtual circuits.
5. Network Layer: It routes data packets by selecting the best path to
deliver data. Provides logical addressing & path selection.
6. Data Link Layer: Defines format in which data is to be transmitted
and how access to the network is controlled. It also provides error
detection.
7. Physical layer: It defines specifications for activating, maintaining
and deactivating physical links.

Civil Aviation Training College, India Page 13

 CHAPTER – 02 INTRODUCTION TO TCP/IP

CHAPTER-2
INTRODUCTION TO TCP/IP
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite was
created by the Department of Defense (DoD) to ensure and preserve data
integrity, as well as maintain communications in the event of catastrophic war.
It is a hierarchical protocol made up of interactive modules, each of which
provides a specific functionality. The term hierarchical means that each upper-
level protocol is supported by the services provided by one or more lower-level
protocols.

2. TCP/IP (DoD Model)

The DoD model is basically a condensed version of the OSI model—it’s

composed of four, instead of seven, layers:

1) Process/Application layer
2) Host-to-Host layer
3) Internet layer
4) Network Access layer
Figure 6.1 shows a comparison of the DoD model and the OSI reference model.
As you can see, the two are similar in concept, but each has a different number
of layers with different names.

Fig 2 .1 The DoD and OSI models

Civil Aviation Training College, India Page 14

 CHAPTER – 02 INTRODUCTION TO TCP/IP

The original TCP/IP protocol suite was defined as four software

layers built upon the hardware. Today, however, TCP/IP is thought of as a
five-layer model.
Logical connections between layers of the TCP/IP protocol suite

Fig 2.2
2.1. Network Access Layer

Physical Layer
Physical layer is the lowest level in the TCP/IP protocol suite. It is
responsible for transmitting raw data bits over a physical medium, such as
copper wires, fiber optic cables, or wireless communication channels. The
Physical Layer deals with the physical characteristics of the transmission
medium and the physical signaling mechanisms used to transmit data. It defines
how binary 0s and 1s are converted into signals that can be transmitted over the
chosen medium. This process involves encoding the data into electrical, optical,
or radio signals, depending on the transmission medium. It determines the rate
at which data is transmitted over the network and the bandwidth available for
the transmission. Techniques such as parity checking or cyclic redundancy
check (CRC) for error detection and correction.
Data-link Layer
Delivery of the packets between two systems on the same network is the
responsibility of the Data Link layer. Its major role is to ensure error-free
transmission of information. The data link layer receives data from the Network
Layer above it. It breaks this data into smaller, manageable units called frames
and attach source and destination device addresses (MAC addresses) as header.

Civil Aviation Training College, India Page 15

 CHAPTER – 02 INTRODUCTION TO TCP/IP

The physical address / Layer 2 Hardware address / MAC address, is the

unique address of a node. Ethernet uses a 6-byte (48-bit) physical address.
Physical address written as 12 hexadecimal digits; every byte (2 hexadecimal
digits) is separated by a colon, as shown below:
07:01:02: 01:2C:4B
Some of the protocols available in Network Access Layer are:
● Ethernet (IEEE 802.3): Ethernet is one of the most widely used protocols
in local area networks (LANs). It defines the framing and addressing used
to transmit data packets between devices connected to the same network
segment.
● Wi-Fi (IEEE 802.11): Wi-Fi is a set of wireless communication standards
commonly used for wireless local area networking (WLAN).
● Point-to-Point Protocol (PPP): PPP is a data link protocol used to establish
a direct connection between two nodes, typically over serial interfaces. It
is commonly used for dial-up connections, DSL and Leased Lines.

2.2. Internet Layer

The internet layer, also known as the network layer or IP layer, is

responsible for efficiently routing packets of data from a source device to a
destination device, even if they're on entirely different networks.
The Internet Layer uses logical addresses, known as IP addresses, to
uniquely identify devices on a network. IP addresses are assigned to devices and
are used to route packets across interconnected networks.
The Internet Layer may fragment packets into smaller units if they are too
large to be transmitted across a network segment with a smaller Maximum
Transmission Unit (MTU). At the destination, the fragments are reassembled into
the original packet.
Some of the key protocols associated with the internet layer:

⮚ Internet Protocol (IP): The workhorse of the internet layer, IP is

responsible for addressing and routing packets. There are primarily two
versions of the Internet Protocol (IP) currently in use: IPv4 and IPv6.

Civil Aviation Training College, India Page 16

 CHAPTER – 02 INTRODUCTION TO TCP/IP

The IPv4 (Internet Protocol version 4) is the fourth revision of the Internet
Protocol (IP) and the first version of the protocol to be widely deployed. It
defines the addressing system that allows devices to communicate over the
Internet or other IP-based networks.
Here are some key features of IPv4:
IPv4 addresses are 32-bit numerical values expressed in decimal format,
typically represented as four octets separated by periods (e.g.,
192.168.1.1). This addressing scheme provides a unique identifier for each
device on a network.
IPv4 packets consist of a header followed by a data payload. The header
contains various fields, including source and destination IP addresses,
packet length, Time-to-Live (TTL), protocol number (indicating the higher-
layer protocol), and checksum for error detection.
IPv4 uses a hierarchical addressing scheme to facilitate routing.
IPv4 supports packet fragmentation, allowing large packets to be divided
into smaller fragments to traverse networks with different Maximum
Transmission Unit (MTU) sizes.
The figure below is the simple representation of an IP packet
(There are many different fields available in the IP header)

⮚ Address Resolution Protocol (ARP): ARP resolves IP addresses into Media

Access Control (MAC) addresses, which are the hardware addresses used
by devices on a network segment to communicate.

⮚ Internet Control Message Protocol (ICMP): ICMP is used for error

reporting and diagnostics, helping identify issues with data transmission.
 Traceroute: The traceroute utility sends out a series of packets, typically using
ICMP echo requests to the destination host.

Civil Aviation Training College, India Page 17

 CHAPTER – 02 INTRODUCTION TO TCP/IP

 The first packet sent has a TTL value of 1. When this packet reaches the first
router along the path, the TTL is decremented to 0, and the router discards the
packet. The router then sends an ICMP Time Exceeded message back to the
source indicating that the packet's TTL expired.
 The traceroute utility receives the ICMP Time Exceeded message and records the
IP address of the router that sent it. This IP address represents the first hop on
the path to the destination.
 The traceroute utility then sends another packet, this time with a TTL value of 2.
This packet reaches the first router, which decrements the TTL to 1 and forwards
the packet to the next router along the path. When the TTL reaches 0, the second
router sends an ICMP Time Exceeded message back to the source, and its IP
address is recorded by the traceroute utility.
 This process is repeated with increasing TTL values until the packet reaches the
destination host. When the destination host receives the packet, it responds with
an ICMP Port Unreachable message, indicating that the packet has reached its
destination.
 By analyzing the sequence of IP addresses received in response to the packets
sent with increasing TTL values, the traceroute utility can determine the path
taken by packets from the source to the destination. This information is useful
for diagnosing network connectivity issues, identifying routing problems etc.

Civil Aviation Training College, India Page 18

 CHAPTER – 02 INTRODUCTION TO TCP/IP

 While ICMP is essential for troubleshooting and managing IP networks, it can

also be misused for various attacks, such as ICMP flooding attacks or ICMP
redirect attacks. Therefore, network administrators often configure firewalls and
routers to filter ICMP messages to mitigate potential security risks.

⮚ Internet Group Management Protocol (IGMP): Used for managing

multicast communication, where a single data stream is sent to a group of
devices simultaneously.

⮚ Protocol Independent Multicast (PIM): Another multicast routing

protocol that works alongside IGMP for more complex network
configurations.

⮚ Internet Protocol Security (IPsec): IPsec provides security services,

including authentication and encryption, at the Internet Layer.

❖ Transport Layer: The Transport Layer, is the layer above the Network Layer,
is responsible for providing end-to-end communication services for
applications. It ensures that data is transmitted reliably, efficiently, and
accurately between devices on a network. The logical connection at the
transport layer is also end-to-end. The Transport Layer breaks down data
from the Application Layer into smaller units called segments or datagrams
before transmission. It also reassembles these segments at the receiving end.

Port addressing is a fundamental concept in the Transport Layer, specifically

for protocols like TCP (Transmission Control Protocol) and UDP (User
Datagram Protocol). Ports are used to differentiate between multiple services
or applications running on the same device. It enables multiple applications
to share a network connection efficiently. A port number is a 16-bit unsigned
integer that ranges from 0 to 65535.

Types of Port Numbers

Ports are categorized based on their usage, as defined by the Internet
Assigned Numbers Authority (IANA):

Civil Aviation Training College, India Page 19

 CHAPTER – 02 INTRODUCTION TO TCP/IP

 Well-Known Ports (0-1023):

 Registered Ports (1024-49151):
 Dynamic or Private Ports (49152-65535):

Combination of IP address and port number is called a socket. It is used for

communication between multiple processes of different systems in the
network. Socket helps to recognize the address of the application to which
data is to be sent using the IP address and port number.
192.168.1.100:80 is an example of a socket

❖ Transmission Control Protocol (TCP): The Transmission Control Protocol

(TCP) is one of the core protocols of transport Layer. TCP is designed to ensure
that data transmitted between hosts arrives reliably, in order, and without
errors.
TCP is a connection-oriented protocol that first establishes a logical
connection between transport layers at two hosts before transferring data. It
creates a logical pipe between two TCPs for transferring a stream of bytes.
TCP provides reliable, connection-oriented communication between two
hosts on an IP network. It takes large blocks of information from an application
and breaks them into segments, then assigns a sequence number to each
segment and transmits. It numbers and sequences each segment so that the
destination’s TCP stack can put the segments back into the order the application
intended. After these segments are sent, TCP (on the transmitting host) waits for
an acknowledgment of the receiving end’s TCP virtual circuit session. It
retransmits segments that aren’t acknowledged by the destination host.
Some key aspects of TCP:
● before data transfer can occur, a TCP connection must be established
between the client and the server. This process involves a three-way handshake,
where the client sends a SYN (synchronize) packet to the server, the server
responds with a SYN-ACK (synchronize-acknowledge) packet, and finally, the
client sends an ACK (acknowledge) packet to confirm the connection.

Civil Aviation Training College, India Page 20

 CHAPTER – 02 INTRODUCTION TO TCP/IP

● TCP ensures reliable delivery of data by using sequence numbers,

acknowledgments, and retransmissions. Each TCP segment includes a sequence
number, allowing the receiver to reorder packets and detect missing or
duplicated packets. The receiver sends acknowledgments (ACKs) for received
data, and the sender retransmits segments if ACKs are not received within a
certain timeout period.
● TCP implements flow control mechanisms to prevent the sender from
overwhelming the receiver with data. The receiver advertises a receive window
size, indicating the amount of data it is willing to receive. The sender adjusts its
transmission rate based on the receiver's window size to avoid congestion.
● TCP's congestion control mechanisms prevent network congestion by
dynamically adjusting the transmission rate based on network conditions.
● TCP supports full duplex communication, allowing data to be transmitted
in both directions simultaneously. Each TCP connection consists of two streams,
one for sending data from the client to the server (outgoing), and one for sending
data from the server to the client (incoming).

❖ User Datagram Protocol (UDP): UDP is a connectionless protocol that

transmits user datagrams without first creating a logical connection. In UDP,
each user datagram is an independent entity without being related to the
previous or the next one (the meaning of the term connectionless). UDP is a
simple protocol that does not provide flow, error, or congestion control.

Civil Aviation Training College, India Page 21

 CHAPTER – 02 INTRODUCTION TO TCP/IP

Its simplicity, which means small overhead, is attractive to an application

program that needs to send short messages and cannot afford the
retransmission of the packets involved in TCP, when a packet is corrupted or
lost.
UDP is used for communication throughout the internet. It is specifically
chosen for time-sensitive applications like gaming, playing videos, or Domain
Name System (DNS) lookups. UDP results in speedier communication because it
does not spend time forming a firm connection with the destination before
transferring the data.

TCP UDP
Sequenced Un-sequenced
Reliable Unreliable
Connection-oriented Connectionless
Virtual circuit Low overhead
Acknowledgments No acknowledgment
Windowing flow control No windowing or flow control

The figure below shows the simple representation of a TCP or UDP segment.
(There are many different fields available in the TCP and UDP header)

2.3. Application Layer

The application layer is the highest abstraction layer of the TCP/IP model
that encompasses various protocols and services that serves as the bridge
between user applications and the network. It facilitates the user to use the
services of the network, develop network-based applications, transfer of files to
other systems etc. The application layer shields application programs from the
complexities of the lower layers in the TCP/IP model.

Civil Aviation Training College, India Page 22

 CHAPTER – 02 INTRODUCTION TO TCP/IP

Examples of Layer Protocols:

⮚ Hypertext Transfer Protocol (HTTP): HTTP is the foundation of data

communication for the World Wide Web.

⮚ Simple Mail Transfer Protocol (SMTP): SMTP is a protocol used for

sending email messages between servers.

⮚ Domain Name System (DNS): DNS is a distributed naming system used

to translate domain names (e.g., www.aai.aero) into IP addresses.

⮚ File Transfer Protocol (FTP): FTP is a protocol used for transferring files
between hosts over a TCP/IP network. It allows users to upload and
download files to and from remote servers.

⮚ Telnet: Telnet is a protocol used for remote terminal access. It enables

users to log in to remote computers and access resources as if they were
physically connected to the remote machine.

⮚ Simple Network Management Protocol (SNMP): SNMP is a protocol used

for network management and monitoring. It allows network administrators
to monitor network devices, collect information, and manage network
performance.

⮚ Dynamic Host Configuration Protocol (DHCP): DHCP is a protocol used

to dynamically assign IP addresses and network configuration parameters
to devices on a TCP/IP network. It automates the process of IP address
allocation and configuration.

Communication through an internet

We assume that we want to use the suite in a small internet made up of
three LANs (links), each with a link-layer switch. We also assume that the links
are connected by one router, as shown in the following Figure

Civil Aviation Training College, India Page 23

 CHAPTER – 02 INTRODUCTION TO TCP/IP

Let us assume that the Source computer communicates with the Destination
computer. Each device is involved with a set of layers depending on the role of
the device in the internet.

Civil Aviation Training College, India Page 24

 CHAPTER – 02 INTRODUCTION TO TCP/IP

The two hosts are involved in all five layers; the source host needs to create a
message in the application layer and send it down the layers so that it is
physically sent to the destination host. The destination host needs to receive the
communication at the physical layer and then deliver it through the other layers
to the application layer.
The router is involved in only three layers. Router is always involved in one
network layer, but different link-layer and physical-layer pairs according to the
number of links. Each link may use its own data-link or physical protocols.
A switch in a link is involved only in two layers - data-link and physical.
Although each switch in the above figure has two different connections, the
connections are in the same link, which uses only one set of protocols. This
means that, unlike a router, a link-layer switch is involved only in one data-link
and one physical layer.
In the top three layers, the data unit (packets) should not be changed by
any router or link-layer switch. In the data link layer, the packet created by the
host is changed only by the routers, not by the link-layer switches.

Identical objects in the TCP/IP protocol suite

Civil Aviation Training College, India Page 25

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

CHAPTER-3
CLASSIFICATION OF NETWORK & NETWORK DEVICES

3.1. Classification of Network based on size

Depending upon the size of the network, it can be classified as:

Local Area Network (LAN): LAN is in a limited geographical area such as home,
school, computer laboratory, office building, or closely positioned group of
buildings.
There are two primary LAN types: wired LANs and wireless LANs (WLANs).
Wired LAN:

Ethernet standard known as IEEE Standard 802.3, developed by the Electrical

and Electronic Engineers Institute, is the most popular physical layer LAN
technology in use today. Ethernet is indeed a widely used protocol at the Network
Access Layer of the TCP/IP model.

Civil Aviation Training College, India Page 26

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

The Ethernet frame format is the structure used for data transmission over
Ethernet networks. It consists of several fields, each serving a specific purpose
in the communication process.
Here's a breakdown of the Ethernet frame format:
Preamble: The preamble is a sequence of alternating 1s and 0s (101010...) used
to signal the start of the Ethernet frame. It helps the receiving device synchronize
its clock with the incoming data stream.
Start Frame Delimiter (SFD): The SFD is a unique bit pattern (10101011)
immediately following the preamble. It indicates the end of the preamble and the
start of the Ethernet frame's header.
Destination MAC Address: This field specifies the MAC (Media Access Control)
address of the intended recipient of the Ethernet frame. It is 6 bytes (48 bits) in
length and identifies the network interface card (NIC) or device that should
receive the frame.
Source MAC Address: This field specifies the MAC address of the sender of the
Ethernet frame. Like the destination MAC address, it is also 6 bytes (48 bits) in
length and identifies the NIC or device that originated the frame.
EtherType or Length: The EtherType field indicates the type of payload carried
in the Ethernet frame. It can either specify the length of the payload (in bytes) or
indicate the protocol type being used (e.g., IPv4, IPv6, ARP, etc.).
Payload: The payload contains the actual data being transmitted in the Ethernet
frame. It can vary in size depending on the EtherType or length field.
Frame Check Sequence (FCS): The FCS is a 4-byte (32-bit) field used for error
detection. It contains a checksum or CRC (Cyclic Redundancy Check) value
calculated over the entire Ethernet frame, including the header and payload. The
receiving device uses the FCS to check for transmission errors and verify the
integrity of the received data.

The figure below shows a simple representation of an Ethernet frame with IP and
TCP/UDP.

Civil Aviation Training College, India Page 27

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

The Ethernet standard also defines the number of conductors that are required
for a connection, the performance thresholds that can be expected, and provides
the framework for data transmission. A standard Ethernet network can transmit
data at a rate up to 10 Megabits per second (10 Mbps).

The Fast Ethernet standard (IEEE 802.3u) has been established for Ethernet
networks that need higher transmission speeds. This standard raises the
Ethernet speed limit from 10 Mbps to 100 Mbps. Types of Fast Ethernet:
● 100BASE-TX for use with Cat 5 UTP cable
● 100BASE-FX for use with fiber-optic cable

The Gigabit Ethernet standard (IEEE 802.3ab) raises the Ethernet speed limit to
1 Gbps.
● 1000BASE-T for use with Cat 5 UTP cable
● 1000BASE-X is the collective term used to describe various options of 1
Gbps transmission over fiber-optic cable such as 1000BASE-SX,
1000BASE-LX and 1000BASE-LX10 etc.

10 Gigabit Ethernet standard (IEEE 802.3ae) raises the Ethernet speed limit to
10 Gbps.
● 10GBASE-T specifies 10GigE connectivity using UTP copper cables

Civil Aviation Training College, India Page 28

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

● 10GBASE-SR, 10GBASE-LR, 10GBASE-LR etc. are for use with fiber-optic

cable

3.2. Cables and connector used in Ethernet

Ethernet cables are the primary means of wired network connectivity. They
come in various types, but the most common is the UTP (Unshielded Twisted
Pair) cable. UTP cables consist of four pairs of insulated copper wires twisted
together. The twisting helps to cancel out electrical interference (crosstalk) that
can corrupt data signals. UTP cables come in different categories, each with
different maximum speeds and cable lengths.
CAT5e cables can support data transmission speeds of up to 1 gigabit per second
(Gbps) and can reliably transmit data over distances of up to 100 meters (or
approximately 328 feet).
CAT6 cables can support data transmission speeds of up to 1 gigabit per second
(Gbps) over distances of up to 100 meters and 10 Gbps over shorter distances,
typically up to 55 meters.

RJ45 connectors are commonly used in Cat5 and Cat6 cables. These connectors
are standardized connectors used primarily for Ethernet networking.

T-568B T-568A

Pin Colour Pin Name Colour Pin Name

1 Orange White Tx+ Green White Rx+

2 Orange Tx- Green Rx-

3 Green White Rx+ Orange White Tx+

4 Blue Not Used Blue Not Used

5 Blue White Not Used Blue White Not Used

6 Green Rx- Orange Tx

7 Brown White Not Used Brown White Not Used

Civil Aviation Training College, India Page 29

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

8 Brown Not Used Brown Not Used

A straight-through cable is a type of Ethernet cable that is used to connect

devices of different types on a local area network (LAN). The wires inside the cable
are wired in the same order on both ends. To create a straight-through cable,
you'll have to use either T-568A or T-568B on both ends of the cable. To create

Civil Aviation Training College, India Page 30

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

a cross-over cable, you'll wire T-568A on one end and T-568B on the other end
of the cable.
Cross-over cables were traditionally used in Ethernet networking to
connect two similar devices directly. Most modern networking devices (switches,
routers) have a feature called Auto-MDIX (Automatic Medium Dependent
Interface Crossover). This means they automatically detect the cable type
(straight-through or crossover) and adjust the signal flow accordingly.
Ethernet can be transmitted over Fiber Optic Cables (OFC) also especially
in scenarios where high-speed and long-distance data transmission is required.
These cables use light signals to transmit data over long distances with minimal
signal loss and electromagnetic interference compared to traditional copper
cables.
Optical fiber cables (OFC) come in various types, but broadly they are
categorized into two main types based on the type of glass used in the core:
● Single-mode OFC have a small core diameter and are designed to carry
light directly down the fiber with little dispersion. They are optimized for
longer distances and higher bandwidths. Single-mode fiber is commonly
used in long-haul telecommunications networks, metropolitan area
networks (MANs), and other applications where high data rates and long
distances are required.
● Multimode OFC have a larger core diameter compared to single-mode
fiber. This allows multiple modes of light to propagate through the fiber.
Multimode fibers are typically used for shorter-distance applications such
as LANs, data centers, and campus networks.

LC Connectors have a smaller form factor compared to SC connectors, making

them ideal for high-density applications where space is limited. It uses a latch
mechanism similar to RJ45 connectors.

Civil Aviation Training College, India Page 31

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

SC Connectors are larger in size compared to LC connectors. They are

rectangular in shape and are commonly used in applications where high packing
density isn't as critical. It uses a push-pull mechanism.

LC and SC connectors are available in both single-mode and multimode variants.

Civil Aviation Training College, India Page 32

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Wireless LAN:

A wireless local-area network (WLAN) is a group of colocated computers or other

devices that form a network based on radio transmissions rather than wired
connections. IEEE 802.11 family of standards defines various wireless LANs.

Metropolitan Area Network (MAN): A metropolitan area network is a large

computer network that usually spans a city or a large campus

Civil Aviation Training College, India Page 33

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Wide area network (WAN):

A Wide Area Network (WAN) is a type of computer network that spans a large
geographical area, connecting multiple Local Area Networks (LANs) and other
types of networks over long distances. WANs facilitate communication and data
exchange between geographically dispersed locations, such as different cities,
countries, or even continents. WANs utilize various transmission mediums for
data transfer. This includes fiber optic cables, leased lines, satellite links,
microwave links etc.

3.3. Collision in network

A networking collision occurs when two or more data packets from

different systems try to occupy the same network channel at the same time. This
leads to them interfering with one another. Collisions happen in a shared
medium network. Frequent collisions can slow down network performance as
devices often have to stop, wait, and try resending packets. Collisions can lead
to lost or damaged packets, requiring retransmission and using extra network
resources. In extreme cases, a high collision rate could make a network unstable
or unusable, leading to significant business impact.

Civil Aviation Training College, India Page 34

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

A collision domain is a network segment connected by a shared medium

where collision of packets can happen. Repeaters and hubs operate at the
physical layer of the OSI model and are considered to be in a single collision
domain. This means that when a device connected to a repeater or hub transmits
data, all other devices connected to that same repeater or hub will receive that
data. If two devices connected to the same repeater or hub attempt to transmit
data at the same time, a collision occurs. Repeaters and hubs do not segment
the network and do not prevent collisions, unlike switches.

3.4. Repeaters

The repeater passes the digital signal bit-by-bit in both directions between
the two segments. As the signal passes through a repeater, it is amplified and
regenerated at the other end. The repeater does not isolate one segment from the
other, if there is a collision on one segment, it is regenerated on the other
segment. Hence it has one collision domain. Repeaters work at the physical
layer. The main aim of using a repeater is to increase the networking distance
by increasing the strength and quality of signals.

Civil Aviation Training College, India Page 35

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

3.5. Hubs

Hubs are networking devices operating at a physical layer of the OSI model
that are used to connect multiple devices in a network. They are generally used
to connect computers in a LAN. A hub is a multiport repeater. A computer which
intends to be connected to the network is plugged into one of these ports. When
a data frame arrives at a port, it is broadcast to every other port, without
considering whether it is destined for a particular destination device or not. A
hub operates in the physical layer.

All devices connected to a network hub equally share all available

bandwidth. When two devices connected to a network hub transmit data
simultaneously, the packets collide, which causes network performance
problems. The collision domain of all hosts connected through hubs remains
one.

Civil Aviation Training College, India Page 36

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

3.6. Bridges

These are network devices that connect two or more LAN segments. They
work by examining the destination MAC address of a packet and forwarding it
only to the segment where the destination device resides. This reduces collisions
on the network by limiting the traffic flow, but it does not segment the broadcast
domain.

3.7. Broadcast domain

A broadcast domain is a logical group of devices on a network where all members

can directly receive broadcast messages sent by any other member. Broadcast
messages are special data packets addressed to all devices on the network,
identified by a specific destination MAC address (usually FF:FF:FF:FF:FF:FF).
Any device within the broadcast domain will receive and process these messages.
Hubs and repeaters simply broadcast all received data to all connected devices.

Civil Aviation Training College, India Page 37

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Therefore, all devices connected to a hub or repeater are in the same broadcast
domain. Switches improve network efficiency by forwarding traffic only to the
intended recipient; they typically do not segment broadcast domains. This
means all devices connected to a switch, even across different ports, can still
receive broadcast messages. Routers segment broadcast domains. Routers do
not forward broadcast traffic by default, effectively creating separate broadcast
domains for each network they connect.

3.8. Switches

A switch is a networking device that operates at the data link layer. Its
primary function is to connect multiple devices within a local area network (LAN)
and facilitate communication between them. Unlike hubs or repeaters, switches
are intelligent devices that can inspect data packets and make forwarding
decisions based on the destination MAC (Media Access Control) address.

Here are some key features and functions of switches:

MAC Address Learning: Switches maintain a MAC address table, also known as
a Forwarding Table or Content Addressable Memory (CAM) table.

Civil Aviation Training College, India Page 38

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

When a data packet arrives at a switch, it examines the source MAC address of
the packet and updates its MAC address table with the port through which the
packet was received.

Forwarding: When a switch receives a data packet destined for a specific MAC
address, it looks up the MAC address in its table to determine the appropriate
outgoing port. The switch then forwards the packet only to that port, rather than
flooding it out to all ports as hubs do.
Broadcast Handling: Switches handle broadcast traffic differently. Broadcast
traffic is typically forwarded out to all ports except the one it was received on.
Segmentation: Switches can segment a network into multiple collision domains.
Each port on a switch is its own collision domain.

Symbol of switch

Civil Aviation Training College, India Page 39

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

3.9. Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a protocol that resolves IP addresses

to MAC addresses in a local area network (LAN). Every device on a network has
both an IP address and a MAC address. The IP address is used for logical
addressing at the network layer, while the MAC address is used for physical
addressing at the data link layer (Layer 2).
When a device needs to communicate with another device on the same
network, it checks its ARP cache to see if it already knows the MAC address
corresponding to the IP address it wants to reach. If the MAC address is not
found in the ARP cache, the device broadcasts an ARP request. The destination
MAC address in an ARP request is the layer 2 broadcast MAC address
(FF:FF:FF:FF:FF:FF). All devices on the same network receive the broadcast.
However, only the device with the corresponding IP address specified in the ARP
request will respond with its MAC address. Once the reply is received, the
mapping is added to the ARP cache for future reference, speeding up subsequent
communication. The ARP cache entries are typically aged out after a certain
period of time to accommodate changes in the network topology.
How does data packets move from one system to another system in a LAN

Civil Aviation Training College, India Page 40

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

System A wants to send data to system B.

(IP address of System B is known to System A)
● System A checks its ARP cache for the MAC address of System B.
● If MAC address is not available, System A sends an ARP broadcast.
● Switch receives the ARP broadcast packet and sends to all the interfaces
except the interface which it receives the packet.
● Switch update its MAC Table with the MAC address of system A
● All the systems connected to the switch receive the broadcast and only
system B will respond to the ARP request.
● System B sends ARP reply to System A using the MAC address of System
A as destination address.
● Once the switch receives the ARP reply packet from system B, updates its
MAC table with the MAC address of system B.
● Since the MAC address of System A is known to switch, the reply will be
sent only to the port where System A is connected.
● System A receives the ARP reply from B and updates its ARP cache.
● Actual data will be encapsulated in an ethernet frame using the MAC
address of the System B as destination address and sent to the switch.
● Switch checks the MAC table to find out the port where System B is
connected and switch the packet to the corresponding port.

Layer 2 Unmanaged Switch:

Unmanaged switches provide basic switching functionality and are

suitable for small networks. These switches are plug-and-play devices that
require no configuration, Cost-effective and consume less power. Since
unmanaged switches lack remote management capabilities, you cannot monitor
them remotely.

Civil Aviation Training College, India Page 41

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Layer 2 Managed Switch:

Unlike unmanaged switches, which operate in a plug-and-play fashion,

Layer 2 managed switches offer a greater degree of control and configuration
options. Administrators can access and configure these switches through Web
Interface (GUI) using the IP address of the switch and Command Line Interface
(CLI) using Console Port of the switch. Layer 2 managed switches that can be
configured with security features such as access control lists (ACLs), based on
MAC, which can be used to restrict traffic flow on the network. They can also be
used to implement port security, which can limit the number of devices that can
be connected to a particular port. With a managed switch, administrators can
configure features such as VLANs (Virtual Local Area Networks), spanning tree
protocols, Quality of Service (QoS), port mirroring, link aggregation, and more.

Layer 3 Switch:
A Layer 3 switch, also known as a multilayer switch, is a networking device that
combines the functionality of a Layer 2 managed switch and a Layer 3 router in
one device. It operates at both the data link layer (Layer 2) and the network
layer (Layer 3) of the OSI model, making it capable of switching packets based
on both MAC addresses and IP addresses.

Functions of a Layer 3 Switch:

 Switching (Layer 2):

 Performs MAC address-based packet switching within the same VLAN or

network segment.

 Routing (Layer 3):

 Routes packets between different VLANs or IP subnets using IP addresses.

 routing table can be statically configured or learned dynamically using
routing protocols
 Supports advanced routing protocols like OSPF, EIGRP, and RIP.

Civil Aviation Training College, India Page 42

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

 High-Speed Hardware-Based Processing:

 Unlike traditional routers, Layer 3 switches perform routing functions at

hardware speed using specialized ASICs (Application-Specific Integrated
Circuits).

Symbol of Layer 3 Switch

Router:

Routers are networking devices operating at layer 3 or a network layer. It

connects different networks together and sends data packets from one network
to another. They are responsible for receiving, analyzing, and forwarding data
packets among the connected computer networks.

Symbol of Router

Civil Aviation Training College, India Page 43

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Packet Forwarding: Routers forward data packets between computer networks.

They analyze the destination IP addresses of packets and determine the best
path for them to reach their destination.
Routing: Routers use routing tables to determine the optimal path for data
packets to reach their destination. These tables contain information about
network topology, such as available paths, traffic conditions, and the best routes
to different destinations.
Network Address Translation (NAT): NAT is a technique used by routers to
modify network address information in packet headers while in transit. This
allows multiple devices on a local network to share a single public IP address,
facilitating communication with devices on other networks.
Firewall: Many routers include firewall capabilities to filter incoming and
outgoing traffic based on predefined rules. Firewalls help protect networks from
unauthorized access and malicious activity.
DHCP Server: Routers can act as Dynamic Host Configuration Protocol (DHCP)
servers, automatically assigning IP addresses and other network configuration
parameters to devices on a local network.
VPN Support: Some routers support Virtual Private Network (VPN) connections,
allowing remote users to securely access the local network from outside locations
over the internet.
Quality of Service (QoS) Management: Routers can prioritize certain types of
network traffic over others, ensuring that critical data such as voice or video
streams receive sufficient bandwidth and are not disrupted by lower-priority
traffic.
Logging and Monitoring: Routers often include logging and monitoring
capabilities, allowing network administrators to track network activity, diagnose
problems, and identify potential security threats.
Packet Forwarding: Routers use logical network addresses (IP addresses) to
determine the best path for forwarding data packets across different networks.

Civil Aviation Training College, India Page 44

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

This involves analyzing the destination IP address in the packet and consulting
a routing table to find the most efficient route.
Interconnection of Networks: Routers are used to connect different networks
together.
Routing tables: Routers maintain routing tables that contain information about
connected networks, their IP addresses, and the preferred route to reach them.
These tables are used to make informed decisions about forwarding data
packets.

Security: Routers can be configured to filter incoming and outgoing traffic based
on security rules, protecting the network from unauthorized access and
malicious attacks.

TTL (Time-to-Live): The TTL (Time-to-Live) value is a field in the header of an

IP (Internet Protocol) packet. It is used to limit the lifespan or time that a packet
can remain in the network before it is discarded. When an IP packet is created,
the TTL field is set to a predefined value by the sender, typically 64. The specific
TTL value used for packets can vary depending on the operating system and
network configuration. As the packet traverses through routers in the network,
each router it encounters decrements the TTL value by one. This decrementing
process ensures that packets do not circulate indefinitely in the network in case
of routing loops or other issues. If the TTL value of a packet reaches zero (0)
before it reaches its destination, the packet is discarded by the router that
decremented it to zero. Additionally, the router may send an ICMP (Internet
Control Message Protocol) Time Exceeded message back to the source indicating
that the packet was discarded due to TTL expiration.

Civil Aviation Training College, India Page 45

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

Difference between layer 3 switch and router

Layer 3 Switch Router

● Generally support a subset of ● Can handle a variety of routing

routing protocols compared to protocols.
routers. ● Can route traffic between
● Optimized for high-speed packet networks of different types, such
forwarding within LANs. as LANs and WANs.
● Specialized hardware and software ● Support complex routing policies
to handle routing functions. and routing protocols to adapt to
● Can handle large numbers of changing network conditions.
VLANs and perform fast inter- ● Highly scalable
VLAN routing. ● More expensive than Layer 3
● Generally less expensive than switches.
traditional routers ● Used as backbone of large-scale
● commonly used in enterprise LANs networks
to route traffic between VLANs

Summary: Layer 3 switches focus on high-speed LAN switching with basic

routing capabilities. Routers are more versatile in their support for a wide
range of routing protocols, making them suitable for connecting diverse
networks across LANs and WANs.

3.10. Gateway:
A gateway in networking serves as an entry or exit point between two different
networks, facilitating communication between them. Its functions vary
depending on its specific role and the type of networks it connects.

Some common functions of a gateway:

● Packet Routing between networks based on their destination IP addresses.

● Network Address Translation (NAT) between private IP addresses used
within a local network and public IP addresses used on the internet.

Civil Aviation Training College, India Page 46

CHAPTER – 03 CLASSIFICATION OF NETWORK
& NETWORK DEVICES

● Can enforce security policies by filtering and controlling the flow of traffic
between networks. It is done by inspecting packets and applying rules to
allow or deny specific types of traffic based on criteria such as
source/destination IP addresses, ports, or protocols.
● Perform protocol conversion, translating between different network
protocols to enable communication between networks using incompatible
protocols. For example, a gateway can translate data between IPv4 and
IPv6. Similarly, gateways can translate between other network protocols
such as TCP/IP, IPX/SPX, AppleTalk, and more.

Civil Aviation Training College, India Page 47

CHAPTER – 04 LOOP AVOIDANCE IN LAN
CHAPTER-4
LOOP AVOIDANCE IN LAN

Loop Avoidance in LAN

If a switch receives unknown unicast, multicast and broadcast it will forward
that frame from all of its ports except the port on which the frame arrived. If the
switching loop exists, the forwarded frame will be switched in the network
endlessly. When a frame loops around the network indefinitely, it is known as
the broadcast storm. A broadcast storm can saturate all bandwidth of the
network. It also significantly decreases the performance of the end devices by
forcing them to process duplicate copies of the same frame.
A looping frame also makes the CAM table (MAC Table) unstable. When a
switch receives a frame, it checks the source address field of the frame and
associates the interface or port on which the frame arrived with the MAC address
that it finds in the source address field of the frame. If a loop exists in the
network, a switch can receive the looped frame from multiple interfaces. Each
time the switch receives the looped frame from the different interface, it assumes
that the device has been moved and updates the CAM table entry.
Usually switches are connected to each other with a single cable. So there
is a single point of failure. To get rid of this single point of failure we will add
another cable. With the extra cable we now have redundancy. Unfortunately
redundancy also brings loops.
● A sends an ARP request to get the MAC address of B. An ARP request is a
layer 2 broadcast frame (layer 2 broadcast MAC: FF:FF:FF:FF:FF:FF).

Civil Aviation Training College, Allahabad. Page 48

CHAPTER – 04 LOOP AVOIDANCE IN LAN

● SW1 will forward this broadcast frame on all its interfaces, except the
interface where it received the frame on.
● SW2 will receive both broadcast frames.
● SW2 will forward it out of every interface except the interface where it
received the frame on.
● The frame that was received on interface Fa0/0 of SW2 will be forwarded
on its Interface Fa0/1.
● The frame that was received on Interface Fa0/1 of SW2 will be forwarded
on Interface Fa0/0.
● The same thing will happen in SW1 also.
● Both switches will keep forwarding packets over and over again, creating
an infinite loop.

A layer 2 switching loop creates three major problems: broadcast storm,

duplicate frames, and unstable CAM table. If a loop exists, a single looped frame
is sufficient to decrease the performance of the entire network by consuming the
bandwidth and CPU power of the affected devices.

How to avoid layer 2 switching loops in a network?

Implementing the Spanning Tree Protocol (STP) is the primary way to

avoid Layer 2 switching loops. STP actively monitors all links of the network. To
finds a redundant link, it uses an algorithm, known as the STA (spanning-tree
algorithm). The STA algorithm first creates a topology database then it finds and
disables the redundant links. Once redundant links are disabled, only the STP-
chosen links remain active. If a new link is added or an existing link is removed,
the STP re-runs the spanning-tree algorithm and re-adjusts all links to reflect
the change.

Civil Aviation Training College, Allahabad. Page 49

CHAPTER – 04 LOOP AVOIDANCE IN LAN

We have three switches and added redundancy by connecting the switches

in a triangle, this also means we have a loop here. MAC addresses are simplified
for explanation in this example:
● SW1: MAC AAA
● SW2: MAC BBB
● SW3: MAC CCC

Since spanning tree is enabled, all our switches will send a special frame
to each other called a BPDU (Bridge Protocol Data Unit). In this BPDU there are
two pieces of information that spanning-tree requires:
● MAC address
● Priority

The MAC address and the priority together make up the bridge ID. The
BPDU is sent between all the switches

Civil Aviation Training College, Allahabad. Page 50

CHAPTER – 04 LOOP AVOIDANCE IN LAN

Spanning-tree requires the bridge ID for its calculation. How it works:

● First of all spanning tree will elect a root bridge; this root-bridge will be the
one that has the best “bridge ID”.
● The switch with the lowest bridge ID is the best one.
● By default the priority is 32768 but we can change this value if we want.

In this example SW1 will become the root bridge. Since the priority is the
same on all switches it will be the MAC address that is the tiebreaker. SW1 has
the lowest MAC address thus the best bridge ID and will become the root bridge.
All other switches will become non-root bridges
The ports on the root bridge are always designated which means they are in a
forwarding state.

Civil Aviation Training College, Allahabad. Page 51

CHAPTER – 04 LOOP AVOIDANCE IN LAN

Non-root bridges will have to find the shortest path to the root bridge. The
shortest path to the root bridge is called the “root port”.
To break the loop, one of the ports between SW2 and SW3 shall be
shutdown. Both switches have the same priority but the MAC address of SW2 is
lower. Hence, SW3 will block its port, effectively breaking the loop.

The Fa1/0 interface of SW3 is called a Non Designated port.

Civil Aviation Training College, Allahabad. Page 52

 CHAPTER – 04 LOOP AVOIDANCE IN LAN

Cost of link:
It’s a numerical value assigned to each network link based on its
bandwidth.
Lower cost = faster link.
STP adds up the cost of each link along a path to the Root Bridge.
The switch chooses the path with the lowest total cost to determine its Root Port.
Bandwidth Cost (IEEE Standard)
10 Mbps 100
100 Mbps 19
1 Gbps (1000 Mbps) 4
10 Gbps 2

Take a look at the picture above. SW1 is the root bridge and SW2 is non-
root. We have two links between these switches for redundancy. Redundancy
means loops so spanning-tree is going to block one the interfaces on SW2.
SW2 will receive BPDUs on both interfaces but the root path cost field will
be the same. When the cost is equal, spanning-tree will look at the port priority.
By default the port priority is the same for all interfaces which means that the
interface number will be the tie-breaker. The lowest interface number (Fa0/1)
will be chosen as forwarding port and port Fa0/2 will be blocked here. Of course
port priority is a value that we can change so we can choose which interface will
be blocked.

Civil Aviation Training College, India Page 53

CHAPTER – 05 IP ADDRESSING & SUBNETTING

CHAPTER-5
IP ADDRESSING & SUBNETTING
5.1. IP Addressing

An IP address, short for Internet Protocol address, is like a unique digital

address assigned to each device on a network, allowing them to communicate
with each other. IP addressing was designed to allow hosts on one network to
communicate with a host on a different network. These routers use the
destination IP address to determine where to forward the data packets until they
reach their intended destination.
There are two main types of IP addressing schemes:
● IPv4 (Internet Protocol version 4): This is the most widely used IP
addressing scheme. It uses a 32-bit address scheme allowing for a total of
232 addresses (over 4 billion addresses). However, due to the rapid growth
of the internet, IPv4 addresses are now running out, leading to the
adoption of IPv6.
● IPv6 (Internet Protocol version 6): IPv6 is the next-generation IP addressing
scheme designed to replace IPv4. It uses a 128-bit address scheme, which
allows for significantly more addresses than IPv4 (2128 addresses). IPv6
adoption has been increasing to accommodate the growing number of
devices and internet users.
IPv4 (Internet Protocol version 4)
An IP address is 32-bit and consists of 2 parts, the network part and the
host part.

IPv4 addresses are typically represented in decimal format as four octets.

Each octet is 8 bits long, and they are separated by dots.

Civil Aviation Training College, India Page 54

CHAPTER – 05 IP ADDRESSING & SUBNETTING

This format, known as "dotted-decimal notation," makes it easier for us to

read and work with IP addresses.

Dividing an IP address into network and host parts: An IP address itself

doesn't inherently tell you which portion identifies the network and which
identifies the specific device (host) on that network. The subnet mask (32 bits)
acts like a divider, specifying how many bits from the beginning of the IP address
represent the network part, and the remaining bits represent the host part.
Example:

Classful IP address scheme

In classful addressing, IP addresses are divided into predefined classes,
each with its own default subnet mask. A classful address refers to an IP address
scheme that divides the IP address space into five classes. Each class has a
predetermined range of addresses and a default subnet mask. The classification
is based on the first few bits of the IP address, which determine the network
class. The main classes are Class A, Class B, and Class C. There are also Class
D and Class E, but they are used for special purposes and are not typically used
for general network addressing.
● Class A: The first bit always has to be 0.
● Class B: The first 2 bits always have to be 10.
● Class C: The first 3 bits always have to be 110.

Civil Aviation Training College, India Page 55

CHAPTER – 05 IP ADDRESSING & SUBNETTING

● Class D: The first 3 bits always have to be 1110.

● Class E: The first 3 bits always have to be 1111.

So if you calculate this from binary to decimal you’ll get the following:
● Class A starts at 0.0.0.0
● Class B starts at 128.0.0.0
● Class C starts at 192.0.0.0
● Class D starts at 224.0.0.0
● Class D starts at 240.0.0.0

So what are the exact ranges that we have?

● Class A: 0.0.0.0 – 127.255.255.255
● Class B: 128.0.0.0 – 191.255.255.255
● Class C: 192.0.0.0 – 223.255.255.255
● Class D: 224.0.0.0 to 239.255.255.255
● Class E: 240.0.0.0 to 255.255.255.255

The range 127.0.0.0/8 (or 127.0.0.0 - 127.255.255.255) is designated for

loopback testing. A loopback interface is a virtual network interface in a
computer, typically with the IP address 127.0.0.1. By pinging the loopback
address (ping 127.0.0.1), you can verify basic functionality of the TCP/IP stack
on the device. As long as the device itself is operational, the loopback interface
is considered "up" and reachable. In the classful networking scheme, subnet
masks were predetermined based on the class of the IP address.

Civil Aviation Training College, India Page 56

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Class A: Subnet mask is 255.0.0.0 (or /8 in CIDR notation). This means the first
8 bits are for the network portion, and the remaining 24 bits are for hosts.
Class B: Subnet mask is 255.255.0.0 (or /16 in CIDR notation). This allows for
16 bits for the network portion and 16 bits for hosts.
Class C: Subnet mask is 255.255.255.0 (or /24 in CIDR notation). This allows
for 24 bits for the network portion and 8 bits for hosts.
Subnet masks are not defined for Class D and Class E addresses because
these address ranges were reserved for special purposes and were not intended
for conventional host-to-host communication.
Difference between “Private” and “Public” IP addresses
● Public IP addresses are used on the Internet.
● Private IP addresses are used on your local area network and should not
be used on the Internet.

Private IP address ranges:

● Class A: 10.0.0.0 – 10.255.255.255
● Class B: 172.16.0.0 – 172.31.255.255
● Class C: 192.168.0.0 – 192.168.255.255

In each IP subnet, there are two special addresses that cannot be assigned to
individual devices.
● Network address.
● Broadcast address.

Civil Aviation Training College, India Page 57

CHAPTER – 05 IP ADDRESSING & SUBNETTING

The network address cannot be used on a computer as an IP address

because it’s being used to “define” the network.
The broadcast address cannot be used on a computer as an IP address
because it’s used for broadcast to all devices in the same network.
Let’s use the Class C range IP address 192.168.1.1 to find the network address
and broadcast address.

When we set all the bits to 0 in the 'host' part of the IP address
192.168.1.1, we obtain the network address.

When we set all the bits to 1 in the 'host' part of the IP address
192.168.1.1, we obtain the broadcast address.

Main limitations of classful addressing:

Classful addressing allocated IP addresses in fixed-length blocks based on
the class of the address. This often resulted in inefficient use of address space,
as organizations were assigned larger blocks of addresses than they needed,
leading to address wastage and rapid depletion of available IPv4 addresses
5.2. Classless Addressing

Classless Addressing, also known as Classless Inter-Domain Routing

(CIDR), is a flexible method of IP addressing and subnetting in IPv4 networks.

Civil Aviation Training College, India Page 58

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Unlike classful addressing, which divides IP addresses into fixed classes

(Class A, B, C, etc.) with predefined subnet masks, CIDR allows for the allocation
of IP addresses in Variable-Length Subnet Masks (VLSM). CIDR allows for the
subdivision of IP address blocks into smaller subnets, enabling more efficient
utilization of available IP addresses.
With VLSM (Variable-Length Subnet Masks), network administrators can
subnet a network into smaller subnets, each with its own subnet mask length
based on the number of required hosts in that subnet. This flexibility enables
more precise allocation of IP addresses, reducing wastage and optimizing
address space utilization.
For example, in a network with the IP address range 192.168.1.0/24, a subnet
mask of /24 (255.255.255.0) provides 256 addresses. However, if one subnet
requires only 30 hosts, while another requires 100 hosts, VLSM allows using
subnet masks of /27 (255.255.255.224) for the smaller subnet (30 hosts) and
/25 (255.255.255.128) for the larger subnet (100 hosts) (Variable subnetting will
be discussed later).
5.3. Subnetting

A subnet mask is a 32-bit number that identifies the network portion and
the host portion of an IP address. It's represented similarly to an IP address,
often with dotted decimal notation. The subnet mask contains a sequence of
contiguous ones (1s) followed by a sequence of contiguous zeros (0s). The ones
represent the network portion, and the zeros represent the host portion.
Subnetting is the process of dividing a large network into smaller, more
manageable sub-networks called subnets. It's a technique used in IP networking
to efficiently utilize IP address space and improve network performance,
security, and management. Subnetting is facilitated by the use of subnet masks.
To subnet a network, borrow bits from the host portion of the IP address and
allocate them to create subnets. Each subnet is identified by its own unique
subnet address and subnet mask.
Let's subnet the network 192.168.1.0/24 into 2 newt works.

Civil Aviation Training College, India Page 59

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Identify the original network: The given network is 192.168.1.0 with a subnet
mask of /24, which means the first 24 bits are assigned for the network portion.
It is a class C network.

Determine the number of bits to borrow for subnetting: To create subnets,

we need to borrow bits from the host portion. The number of bits we borrow
determines the number of subnets and hosts per subnet.
Choose a subnet mask: We want to create 2 subnets. To accommodate this, we
need to borrow 1 bit (since 21 = 2) from the host part. This would result in a
subnet mask of /25 (24 + 1 bit borrowed = 25).

Calculate the new subnet mask: With 1 bit borrowed, the new subnet mask
becomes 255.255.255.128 in decimal (or /25 in CIDR notation), as the first 25
bits are set to 1.
Determine the subnet range: Each subnet will have its own range of addresses.

Hence there can be two networks

1. 192.168.1.0/25
2. 192.168.1.128/25

Civil Aviation Training College, India Page 60

CHAPTER – 05 IP ADDRESSING & SUBNETTING

The subnet ranges will be:

Subnet 1: 192.168.1.0/25
192.168.1.0 (Network Address)
192.168.1.127 (Broadcast Address)
192.168.1.1 to 192.168.1.126 (Usable Address Range)
126 usable IPs
Subnet 2: 192.168.1.128/25
192.168.1.128 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.129 to 192.168.1.254 (Usable Address Range)
126 usable IPs

Let's subnet the class c network 192.168.1.0/24 into 4 newt works.

We want to create 4 subnets. To accommodate this, we need to borrow 2 bits
(since 22 = 4) from the host part. This would result in a subnet mask of /26 (24
+ 2 bit borrowed = 26).

With 2 bits borrowed, the new subnet mask becomes 255.255.255.192 in

decimal (or /26 in CIDR notation), as the first 26 bits are set to 1.
Each subnet will have its own range of addresses.

Hence there can be 4 networks

192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26 and 192.168.1.192/26
1. 192.168.1.0/26
a. Network Address - 192.168.1.0
b. Broadcast Address - 192.168.1.63
c. Usable Address Range - 192.168.1.1 to 192.168.1.62 (62 Usable IPs)

Civil Aviation Training College, India Page 61

CHAPTER – 05 IP ADDRESSING & SUBNETTING

2. 192.168.1.64/26
a. Network Address - 192.168.1.64
b. Broadcast Address - 192.168.1.127
c. Usable Address Range - 192.168.1.65 to 192.168.1.126 (62 Usable
IPs)

3. 192.168.1.128/26
a. Network Address - 192.168.1.128
b. Broadcast Address - 192.168.1.191
c. Usable Address Range - 192.168.1.129 to 192.168.1.190 (62 Usable
IPs)

4. 192.168.1.192/26
a. Network Address - 192.168.1.192
b. Broadcast Address - 192.168.1.255
c. Usable Address Range - 192.168.1.193 to 192.168.1.254 (62 Usable
IPs)

Let's subnet the class c network 192.168.1.0/24 into 8 newt works

Here another method will be used to find the details
1. In the given question, the network address is 192.168.1.0 and the subnet
mask is 255.255.255.0 (11111111.11111111.11111111.00000000 - first
24 bits in the network side and the last 8 bits in the host side)
2. 2n = Number of subnets, where n is the number of bits to be borrowed
from the host side.

23 = 8 (We need to create 8 nos of subnets)

Since n=3. We need to borrow 3 bits from host side to network side
3. Hence the new subnet mask will be

255.255.255.224 (11111111.11111111.11111111.11100000 - 3 bits from

host side is brought to the network side)
4. To find out the network addresses of new subnets, we have to find out the
block size

Civil Aviation Training College, India Page 62

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Block Size = 2(32 - number of 1’s in the new subnet mask)

Here, Block Size = 232-27 = 25 = 32
Hence the new network addresses are
192.168.1.0/27, 192.168.1.32/27, 192.168.1.64/27, 192.168.1.96/27,
192.168.1.128/27, 192.168.1.160/27, 192.168.1.192/27 and
192.168.1.224/27
5. First IP address of each network will be the network address. Last IP
address of each network will be the broadcast address. The IP addresses
available between first and last IP addresses are the usable IPs of that
network. So 30 nos of IPs are available to assign to the hosts.

Let's take one of the above network 192.168.1.160/27

Network address - 192.168.1.160
Usable IPs - 192.168.1.161 to 192.168.1.190
Broadcast IP - 192.168.1.191

Example 2 :
How many networks will be available on 190.10.0.0/22. Also find the number of
hosts per network
1. First octet is 190. So it belongs to the Class B network.
2. Usually Class B networks have a 16 bit subnet mask.
3. In this example the subnet mask is 22 bits long. So 6 bits were borrowed
from the host side to the network side.
4. 2n = Number of subnets. 26 = 64. So 64 nos of subnets can be formed.
5. Block Size = 2(32 - number of 1’s in the new subnet mask), 232-22) = 210 = 1024

6. Since size of a network is 1024, number of hosts in a network will be

1024 - 2 = 1022
7. To find the network addresses of each subnet
a. Block Size = 2(32 - number of 1’s in the new subnet mask), 232-22) = 210

b. First 2 octets of the network part are fixed.

Civil Aviation Training College, India Page 63

CHAPTER – 05 IP ADDRESSING & SUBNETTING

c. Block size of third and fourth octet is 210 (22 x 28)

d. So block size of third octet is 22 = 4

e. Accordingly first 4 subnets are shown below

Subnet Usable IPs Broadcast IP

190.10.0.0/22 190.10.0.1 - 190.10.3.254 190.10.3.255
190.10.4.0/22 190.10.4.1 - 190.10.7.254 190.10.7.255
190.10.8.0/22 190.10.8.1 - 190.10.11.254 190.10.11.255
190.10.12.0/22 190.10.12.1 - 190.10.15.254 190.10.15.255
How to find the network address of an IP address
● You need to know the subnet mask associated with the network
● Convert both the IP address and the subnet mask to binary form.
● Perform a bitwise AND operation between each corresponding pair of bits
in the IP address and the subnet mask.
● Convert the binary result back to decimal form. This will give you the
network address.

Example 3 : Find the network address of 195.170.1.45/27

● Subnet mask - 255.255.255.224 (/27)
● Convert 195.170.1.45 into binary -
11000011.10101010.00000001.00101101
● Convert 255.255.255.224 into binary -
11111111.11111111.11111111.11100000
● Perform a bitwise AND operation between the IP address and the subnet
mask.

11000011.10101010.00000001.00101101
11111111.11111111.11111111.11100000
__________________________________
11000011.10101010.00000001.00100000
● Result in decimal - 195.170.1.32
● Therefore, the network address for the IP address 195.170.1.45/27 is
195.170.1.32

Civil Aviation Training College, India Page 64

CHAPTER – 05 IP ADDRESSING & SUBNETTING

5.4. Variable Length Subnetting (VLSM)

Variable Length Subnetting is a technique used in IP addressing to

allocate subnets with varying sizes according to the specific needs of different
network segments. Here's an example to illustrate VLSM:
Let's consider a network with the address 192.168.10.0/24. We need to
divide this network into subnets to accommodate different departments within
an organization, each with varying numbers of hosts.
Main Office: Requires a subnet with at least 50 hosts.
Sales Department: Requires a subnet with at least 20 hosts.
Accounting Department: Requires a subnet with at least 10 hosts.
IT Department: Requires a subnet with at least 6 hosts.
Management Department: Requires a subnet with at least 2 hosts.

How to do subnetting to fulfill the above needs?

192.168.10.0/24 is a single network with 256 addresses (254 usable IPs).
The number of hosts in VLSM can be in multiples of 2, so adjust the subnet size
accordingly to fit specific requirements.

To provide 50 hosts to Main Office, 6 bits required in host part (26 = 64)
Hence allocate a subnet of /26 (which allows for 62 hosts) to this department.
Subnet: 192.168.10.0/26 Broadcast: 192.168.10.63
IP addresses from 192.168.10.1 to 192.168.10.62 are reserved for the Main
Office.

To provide 20 hosts to Sales Department, 5 bits required in host part (25 = 32)
Hence allocate a subnet of /27 (which allows for 30 hosts) to this department.
Subnet: 192.168.10.64/27 Broadcast: 192.168.10.95
IP addresses from 192.168.10.65 to 192.168.10.94 are reserved for the Sales
Department.

Civil Aviation Training College, India Page 65

CHAPTER – 05 IP ADDRESSING & SUBNETTING

To provide 10 hosts to Accounting Department, 4 bits required in host part (24

= 16)
Hence allocate a subnet of /28 (which allows for 14 hosts) to this department.
Subnet: 192.168.10.96/28 Broadcast: 192.168.10.111
IP addresses from 192.168.10.97 to 192.168.10.110 are reserved for the
Accounting Department.

To provide 6 hosts to IT Department, 3 bits required in host part (23 = 8)

Hence allocate a subnet of /29 (which allows for 6 hosts) to this department.
Subnet: 192.168.10.112/29 Broadcast: 192.168.10.119
IP addresses from 192.168.10.113 to 192.168.10.118 are reserved for the IT
Department.
To provide 2 hosts to Management Department, 2 bits required in host part (22
= 4)
Hence allocate a subnet of /30 (which allows for 2 hosts) to this department.
Subnet: 192.168.10.120/30 Broadcast: 192.168.10.123
IP addresses from 192.168.10.121 to 192.168.10.122 are reserved for the
Management Department.

Civil Aviation Training College, India Page 66

CHAPTER – 05 IP ADDRESSING & SUBNETTING

With VLSM, we have efficiently allocated subnets with varying sizes

according to the specific requirements of each department, optimizing the use of
IP addresses within the network.

Civil Aviation Training College, India Page 67

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Subnet Mask Chart

Decimal CIDR Binary

255.0.0.0 /8 11111111.00000000.00000000.00000000
255.128.0.0 /9 11111111.10000000.00000000.00000000
255.192.0.0 /10 11111111.11000000.00000000.00000000
255.224.0.0 /11 11111111.11100000.00000000.00000000
255.240.0.0 /12 11111111.11110000.00000000.00000000
255.248.0.0 /13 11111111.11111000.00000000.00000000
255.252.0.0 /14 11111111.11111100.00000000.00000000
255.254.0.0 /15 11111111.11111110.00000000.00000000
255.255.0.0 /16 11111111.11111111.00000000.00000000
255.255.128.0 /17 11111111.11111111.10000000.00000000
255.255.192.0 /18 11111111.11111111.11000000.00000000
255.255.224.0 /19 11111111.11111111.11100000.00000000
255.255.240.0 /20 11111111.11111111.11110000.00000000
255.255.248.0 /21 11111111.11111111.11111000.00000000
255.255.252.0 /22 11111111.11111111.11111100.00000000
255.255.254.0 /23 11111111.11111111.11111110.00000000
255.255.255.0 /24 11111111.11111111.11111111.00000000
255.255.255.128 /25 11111111.11111111.11111111.10000000
255.255.255.192 /26 11111111.11111111.11111111.11000000
255.255.255.224 /27 11111111.11111111.11111111.11100000
255.255.255.240 /28 11111111.11111111.11111111.11110000
255.255.255.248 /29 11111111.11111111.11111111.11111000
255.255.255.252 /30 11111111.11111111.11111111.11111100

Internet Protocol version 6 (IPv6)

The main reason for the development and implementation of IPv6 (Internet
Protocol version 6) is the exhaustion of IPv4 addresses. IPv4, the previous version
of the Internet Protocol, uses 32-bit addresses, which allows for approximately
4.3 billion unique addresses. With the rapid growth of the internet and the
proliferation of connected devices, IPv4 addresses were being depleted.

Civil Aviation Training College, India Page 68

 CHAPTER – 05 IP ADDRESSING & SUBNETTING

IPv6 addresses are 128 bits long, providing a vastly larger address space
compared to IPv4's 32-bit addresses. This allows for approximately 340 trillion
(2128) unique addresses, ensuring that the internet can continue to grow and
accommodate the increasing number of devices and users.

IPv6 addressing scheme:

IPv6 addresses are 128 bits long. IPv6 addresses are typically represented in
hexadecimal notation, consisting of eight groups of four hexadecimal digits
separated by colons. For example, a typical IPv6 address might look like this:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
IPv6 allows consecutive groups of zeroes within an address to be compressed to
‘::’. For example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334 can be
compressed to ‘2001:db8:0:42::ab00:1234’
IPv6 addresses include network prefixes and host identifiers. The network prefix
specifies the network portion of the address, similar to IPv4's network address,
while the host identifier identifies a specific interface on the network. For
example, 2001:0db8:85a3::/48 represents the network prefix with a length of 48
bits. Subnetting in IPv6 is typically done by adjusting the prefix length.
Routers configured with the IPv6 SLAAC protocol (Stateless Address Auto
configuration) in IPv6 networks periodically send router advertisement messages
containing information about the network address (prefix), subnet mask (prefix
length), and default gateway. Using this information, the host generates its own
IPv6 address (known as a Global Unicast Address or GUA) automatically without
manual intervention. Hosts append their interface identifier (typically based on
the MAC address or a random number) to the received network prefix to form a
complete IPv6 address. This identifier ensures the uniqueness of the IPv6
address on the network.

Civil Aviation Training College, India Page 69

CHAPTER – 05 IP ADDRESSING & SUBNETTING

Civil Aviation Training College, India Page 70

CHAPTER – 06 IP ROUTING

CHAPTER-6
IP ROUTING
6.1. IP Routing

System A wants to send a unicast packet to system D

(Both are in the same network)

● The process or application running in the system A initiates

communication.

Civil Aviation Training College, India Page 71

CHAPTER – 06 IP ROUTING

● Then the data is encapsulated into TCP or UDP datagrams (Adding Port
Addresses)

● Then it performs a bitwise logical AND operation between its own IP

address and subnet mask and the IP address and subnet mask of System
D.

● The result of the bitwise AND operation for both the source and
destination addresses yields the same network address, then the
destination is within the same network.

● The transport layer segment/datagram is then encapsulated into an IP

packet (Adding the source and destination IP addresses to the packet
header).

● System A checks its ARP cache for the MAC address of System D.

● If not available, then System A sends an ARP broadcast.

● Switch receives the broadcast, reads the source MAC address (MAC of
System A), updates its own MAC table and forwards to all other ports
except the port which it receives.

● All systems connected to the switch receive the broadcast and Only
System D will reply (ARP Reply) with its own MAC address.

● Switch receives the ARP reply from System D, reads the source MAC
address (MAC of System D), updates its own MAC table, checks its MAC
table to find which port is connected to System A and forwards the packet
only to System A.

● System A updates its ARP cache with the MAC address of System D.

● Then System A makes an ethernet frame as shown in the below figure and
sends it to switch.

● Switch receives the frame, read the destination MAC address and forward
to the port in which System D is connected.

Civil Aviation Training College, India Page 72

CHAPTER – 06 IP ROUTING

System A wants to send a unicast packet to system E

(Both are in different network)
● The process or application running in the system A initiates
communication.

● Then the data is encapsulated into TCP or UDP datagrams (Adding Port
Addresses).

● Then it performs a bitwise logical AND operation between its own IP

address and subnet mask and the IP address and subnet mask of System
E.

● The result of the bitwise AND operation for both the source and
destination addresses yields different network addresses. Hence, the
destination is not within the same network.

● Since the gateway IP address is not configured in System A, further

operations halt.

● So, to enable communication between System A and System E, we

changed the topology of the network by introducing a router.

● Router creates a new point of connection and defines a new boundary

between different network segments.

● Configure gateway address 192.168.1.4 in System A, B & C. Also configure

gateway address 172.100.0.5 in System D, E, F & G.

Civil Aviation Training College, India Page 73

CHAPTER – 06 IP ROUTING

● The process or application running in the system A initiates

communication.

● Then the data is encapsulated into TCP or UDP datagrams (Adding Port
Addresses).

● Then it performs a bitwise logical AND operation between its own IP

address and subnet mask and the IP address and subnet mask of System
E.

● The result of the bitwise AND operation for both the source and
destination addresses yields different network addresses. Hence, the
destination is not within the same network.

● Since the gateway IP address is configured in System A, the frame needs

to be forwarded to the router (Gateway Interface).

● System A checks its ARP cache for the MAC address of the router (Gateway
Interface).

● If not available, then System A sends an ARP broadcast.

● Switch receives the broadcast, reads the source MAC address (MAC of
System A), updates its own MAC table, if not available and forwards to all
other ports except the port which it receives.

● All systems connected to the switch receive the broadcast and only router
gateway interface reply (ARP Reply) with its own MAC address.

● Switch receives the ARP reply from the router gateway interface, reads the
source MAC address (MAC of router gateway interface), updates its own
MAC table, if not available. Checks its MAC table to find which port is
connected to System A and forwards the packet only to System A.

● System A updates its ARP cache with the MAC address of the router
gateway interface.

● Then System A makes an ethernet frame as shown in the below figure and
sends it to switch.

Civil Aviation Training College, India Page 74

CHAPTER – 06 IP ROUTING

● Switch receives the frame, reads the destination MAC address and
forwards to the port in which the router gateway interface is connected.

● Router receives the packet, reads the source MAC address, updates its
ARP cache with the MAC address of System A.

● Then it reads the destination IP, checks its routing table to find the
interface through which this packet needs to be sent.

● In a router's routing table, directly connected networks are automatically

updated based on the router's interfaces and their configurations.

● So, the router needs to send out the packet to the interface Fa0/1.

● Router checks its ARP table to find the MAC address of System E.

● If not available, using ARP request and reply, the router gets the MAC of
system E.

● Then make an ethernet frame for system E as shown below.

Compare the source and destination MAC addresses of the incoming and
outgoing ethernet frames of the router. MAC addresses were changed. But no
change in IP addresses.

IP routing is the process of forwarding data packets from one network

to another network based on their IP addresses. In computer networking, devices
called routers are responsible for this task. When a device wants to send data to
another device on a different network, it forwards the data packet to its default
gateway (usually a router), which then examines the destination IP address of
the packet and determines the best path or route to reach that destination.

Civil Aviation Training College, India Page 75

CHAPTER – 06 IP ROUTING

The routing decision is made based on the routing table stored in the
router's memory. This routing table contains information about various
networks and the next-hop router or interface through which data should be
forwarded to reach each network. IP routing ensures that data packets are
efficiently routed through multiple network segments and routers to reach their
intended destinations.

If system A wants to send data to System B, then the ethernet frame will
be sent to the gateway (Fa 0/0 interface of R 1). Router 1 will consult its routing
table, which contains information about the available paths to various
destinations. Based on metrics like hop count, bandwidth, latency, and
administrative cost, Router 1 will select the best path to forward the Ethernet
frame toward System B. Once the best path is determined, Router 1 will then
forward the frame accordingly.
Routing tables are built through various mechanisms.
● Directly Connected Networks: When a router is configured with an IP
address and subnet mask on an interface, it automatically knows about
the network directly connected to that interface. These networks and their
associated interfaces are typically added to the routing table as directly
connected routes.

Civil Aviation Training College, India Page 76

CHAPTER – 06 IP ROUTING

Example: Network 1, 2 & 3 are directly connected to Router 1. These three

networks and associated interfaces will be automatically added to the
routing table of R 1.
● Static Routes: Network administrators can manually configure static
routes on routers. This is called static routing. These routes specify a next-
hop router or an outgoing interface for a particular destination network.
Static routes are entered manually into the routing table and remain
unchanged until they are manually modified or removed.

System A in Network 1 can reach system B in Network 7 only through R1.

But R1 has two routes to reach system B. One through R2 and another
through R4. In static routing, the network administrator has to manually
add the route through which R1 shall reach system B of Network 7 in the
routing table of R1.
Let's assume, the selected route is through R4. Routes can be added in
two ways.
1. Using next hop address (IP address of the interface Fa0/0 of R4)
2. Using the exit interface (Fa0/2 of Router 1)

Similarly, the network administrator has to add all the routes

manually in all the routers of the network. It is a cumbersome process and
leads to erroneous routing configuration.

● Dynamic Routing Protocols: Dynamic routing protocols allow routers

to exchange routing information with neighboring routers. Routers
running dynamic routing protocols share information about the
networks they know about to the neighboring routers, and this
information is used to dynamically update the routing table of those
routers. RIP (Routing Information Protocol), OSPF (Open Shortest Path
First), EIGRP (Enhanced Interior Gateway Routing Protocol), BGP
(Border Gateway Protocol) etc are examples of dynamic routing
protocols.

Civil Aviation Training College, India Page 77

CHAPTER – 06 IP ROUTING

● Administrative Distance: This is a measure used by routers to select

the best path when there are multiple routes to the same destination
from different routing protocols. It's a way to prioritize routes. Each
routing protocol assigns a default administrative distance value to each
of its routes. The lower the administrative distance, the more preferred
the route. For example, in Cisco routers, directly connected routes have
an administrative distance of 0, while static routes typically have an
administrative distance of 1. The administrative distance is
independent of the actual path's characteristics like speed or cost.
Routing Protocols Administrative Distance
Directly Connected Interface 0
Static Routing 1
EIGRP 90
OSPF 110
IS-IS 115
RIP 120
UNKNOWN 255

6.2. Metric

This is a measure used by routing algorithms to determine the best path to a

destination within the same routing protocol. The metric is typically based on
various factors such as hop count, bandwidth, delay, load, etc. Each routing
protocol has its own way of calculating the metric.
There are three classes of routing protocols
1. Distance Vector
2. Link State
3. Hybrid

Civil Aviation Training College, India Page 78

CHAPTER – 06 IP ROUTING

6.2.1 Distance Vector Protocols

A distance-vector routing protocol is a type of routing protocol used in
computer networks to determine the best path for forwarding packets from a
source to a destination. In a distance-vector routing protocol, routers exchange
information about the networks they know about with their neighboring routers.
Based on this information, each router builds a routing table that contains
information about the network topology and the best path to reach each
destination network.
The name "distance-vector" comes from the way these protocols operate:
Distance: Each router maintains a vector (a list) of distances (metrics) to reach
various networks. These distances can be measured in terms of hop count,
bandwidth, or other metrics depending on the specific protocol.
Vector: The vector component refers to the direction or next-hop router that
should be used to reach each destination network.
Routers periodically exchange routing information with their neighboring
routers to keep their routing tables up to date. When a router receives a routing
table update from a neighbor, it compares the received information with its own
routing table. If the received information contains routes that are not present in
its own table or if the received information offers a better path to a destination
network, the router updates its routing table accordingly. Distance-vector
routing protocols only exchange routing information with directly connected
neighbors. Routers make routing decisions based on the information received
from their neighbors. They don't have complete knowledge of the entire network
topology. Distance-vector protocols may take some time to converge, especially
in larger networks, due to the iterative nature of updating routing tables. In
addition to exchanging routing information when changes occur in the network,
routers using distance-vector protocols also send periodic updates to ensure
that neighboring routers have the most up-to-date routing information. The
frequency of these updates varies depending on the specific routing protocol and
configuration settings.

Civil Aviation Training College, India Page 79

CHAPTER – 06 IP ROUTING

When a distance-vector routing protocol starts up, each router begins with only
its directly connected networks in its routing table.

As routing updates are received from neighboring routers, the routing table is
updated to reflect the learned routes.
Examples of distance-vector routing protocols:
1. RIP (Routing Information Protocol)
2. IGRP (Interior Gateway Routing Protocol)
3. EIGRP (Enhanced Interior Gateway Routing Protocol)

Civil Aviation Training College, India Page 80

CHAPTER – 06 IP ROUTING

Distance-vector routing protocols have certain limitations, such as slow

convergence and susceptibility to routing loops, which have led to the
development of other routing protocols like OSPF and BGP

RIP (Routing Information Protocol)

It is one of the oldest distance-vector routing protocols used in computer
networks. RIP is designed for small to medium-sized networks and is relatively
simple to configure and manage. RIP uses a distance-vector algorithm to
determine the best path to a destination network. It measures distance in terms
of hop count, where each hop represents a router traversed along the path. RIP
has a maximum hop count limit of 15. If a route's hop count exceeds this limit,
it is considered unreachable. This limits the size of networks that RIP can
effectively support. RIP routers periodically broadcast their entire routing table
to neighboring routers. By default, updates are sent every 30 seconds, although
this interval can be adjusted.

Routing loops occur in distance-vector routing protocols when incorrect

routing updates cause packets to circulate indefinitely in the network.
"Count to Infinity" is a common problem in distance-vector routing protocols
where routers continuously increase the hop count to a destination after a link
failure, leading to slow convergence and potential routing loops.
How Count to Infinity Occurs?

Router-A Router-B Router-C

X Y Z T

1. Routers A, B, and C are connected in a simple network.

2. Router A knows a direct route to Network X with a metric of 1.
3. Router B learns about Network X from Router A and sets its metric to 2.
4. Suddenly, Network X fails, and Router A removes the route from its table.

Civil Aviation Training College, India Page 81

CHAPTER – 06 IP ROUTING

5. Before Router A informs anyone, Router B advertises its routing table to

Router A.
6. Router A receives the route to Network X from Router B with metric 2
(thinking it's valid).
7. Router A assumes Network X is reachable via B and sets the new metric
to 3.
8. Router A advertises this incorrect route (metric 3) to B.
9. Router B receives the updated route and increases the metric to 4.
10. This cycle continues, increasing the metric by 1 each time
11. Until the metric reaches 16, which RIP considers infinity (unreachable).
12. Finally, the route is removed from all routing tables.
To prevent this issue, several techniques are used in distance-vector protocols
like RIP:

Split Horizon:
 A router does not send route updates back on the interface from which
it learned the route.
 Prevents a router from advertising a route back to the router that originally
shared it.
Example:
 Router A → advertises Route X to Router B
 Router B learns Route X from A and does not send it back to A
 This prevents A from mistakenly thinking B has a better route to X

Route Poisoning
 When a router detects a failed route, it sets the metric to infinity (in
RIP, infinity is 16 hops) before advertising it.
 This informs all routers that the route is no longer reachable.

Example:
 Router A detects that Network X is down.
 It advertises Network X to Router B with a metric of 16 (unreachable).
 Router B does not use this route anymore, preventing loops.

Civil Aviation Training College, India Page 82

CHAPTER – 06 IP ROUTING

Hold-Down Timers
 When a router receives an update about a failed route, it waits (hold-
down timer period) before accepting any new updates for that route.
 This prevents routers from quickly believing incorrect updates from a
misconfigured or slow-converging neighbor.

Example:
 Router A marks Route X as down.
 It starts a hold-down timer (e.g., 180 seconds in RIP).
 If it receives an alternative route within the hold-down period, it ignores it
unless it has a better metric than before.

There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2
(RIPv2). RIPv2 includes enhancements such as support for Variable Length
Subnet Masking (VLSM), authentication, and support for multicast routing
updates.
RIP has several limitations:
● RIP's periodic update mechanism and limited metric (hop count) can lead
to slow convergence, especially in larger networks.
● The maximum hop count limit restricts the size of networks that RIP can
support. RIP is not suitable for large or complex networks.
● In some scenarios, RIP may encounter routing loops.
● RIP's sole metric, hop count, does not consider factors such as bandwidth
or delay, which can lead to suboptimal routing decisions.

6.2.2 Link State Routing Protocols

● Link-State Routing Protocols (LSRPs) are used to manage and route data
efficiently in networks. Unlike distance-vector routing protocols that share
routing tables with neighbors, LSRPs share the entire network topology
with all routers.

Civil Aviation Training College, India Page 83

CHAPTER – 06 IP ROUTING

Here’s how LSRPs work:

1. Network Discovery: Each router learns about its directly connected

neighbors and the cost of the links (e.g., bandwidth or delay).
2. Link-State Advertisements (LSAs): Routers broadcast LSAs to their
neighbors. These small packets contain the router's state and information
about directly connected links.
3. Network Map: Using LSAs, each router builds a complete "map" (link-
state database) of the network topology, detailing all routers and their
connections.
4. Shortest Path Calculation: Routers use algorithms (like Dijkstra's,) to
independently calculate the shortest path to all other routers.
5. Routing Table Creation: Based on the shortest path calculations, routers
generate their routing tables, showing the best path to each destination.
6. Event-Driven Updates: Updates are triggered by network changes (e.g.,
link failures) instead of being sent periodically.

Examples of LSRPs:
 Open Shortest Path First (OSPF): Widely used in enterprise and ISP
networks.
 Intermediate System to Intermediate System (IS-IS): Common in large
service provider networks.
Example:
Below is a diagram showing a link-state routing network where Routers A,
B, C, D, E, F, and G are connected with bandwidth costs.
Find the shortest path from the source Router A to the destinations C, D,
and G, and write the routing table for Router A.

Civil Aviation Training College, India Page 84

CHAPTER – 06 IP ROUTING

A B C
2 5
6

3 4 4
G
1
5 2
D E F

Step is required to find shortest path:

1. Link-State Advertisements (LSAs)
2. Link-State Database (LSDB)
3. Shortest Path Tree (SPT) using Dijkstra’s algorithm
4. Final shortest path.

Link-State Advertisements (LSAs):

Each node (router) sends an LSA that contains a list of directly connected
neighbors and the cost to reach them.

Router A

Directly connected neighbors Cost

Router B 2
Router D 3

Router B

Directly connected neighbors Cost

Router A 2
Router C 5
Router E 4

Civil Aviation Training College, India Page 85

CHAPTER – 06 IP ROUTING

Router C

Directly connected neighbors Cost

Router B 5
Router F 4
Router G 6

Router D

Directly connected neighbors Cost

Router A 3
Router E 5

Router E

Directly connected neighbors Cost

Router B 4
Router D 5
Router F 2

Router F

Directly connected neighbors Cost

Router C 4
Router E 2
Router G 1

Router G

Directly connected neighbors Cost

Router C 6
Router F 1

Link-State Database (LSDB):

● Each router floods Link State Advertisements (LSAs) to every other router.
● All routers receive the same LSAs, so they build an identical LSDB.
● The LSDB represents the entire network topology from that area.

Civil Aviation Training College, India Page 86

CHAPTER – 06 IP ROUTING

LSDB for all routers:

A: B(2), D(3)

B: A(2), C(5), E(4)

C: B(5), F(4), G(6)

D: A(3), E(5)

E: B(4), D(5), F(2)

F: C(4), E(2), G(1)

G: C(6), F(1)

Shortest Path Tree (SPT) using Dijkstra’s algorithm :

Every router independently runs Dijkstra's algorithm on its own LSDB to

calculate its own Shortest Path Tree (SPT).

Civil Aviation Training College, India Page 87

CHAPTER – 06 IP ROUTING

Note 1:
● The total cost from Source A to Destination E via D is 8.
● The total cost from Source A to Destination E via B is 6.
● The path from D to E is neglected due to the lower cost from Source A to
Destination E via B.
Note 2:
● The total cost from Source A to Destination F via C is 11.
● The total cost from Source A to Destination F via E is 8.
● The path from C to F is neglected due to the lower cost from Source A to
Destination F via E.

Note 3:
● The total cost from Source A to Destination G via C is 13.
● The total cost from Source A to Destination G via E and F is 9.
● The path from C to G is neglected due to the lower cost from Source A to
Destination G via E and F.

Civil Aviation Training College, India Page 88

CHAPTER – 06 IP ROUTING

Final shortest path:

Routing Table for Router A:

Destination Next hop Cost

A ---- 0

B B 2

C B 7

D D 3

E B 6

F B 8

G B 9

Civil Aviation Training College, India Page 89

CHAPTER – 06 IP ROUTING

Difference Between Link-State Routing and Distance Vector

Routing Protocols

MPLS

MPLS is an IP packet routing technique that enhances the delivery rate of

IP packets by using labels instead of complex routing tables. Unlike traditional
IP routing, which relies on network addresses, MPLS directs data based on these
labels. It’s like having express lanes for your network traffic, ensuring efficient
and rapid delivery.

Civil Aviation Training College, India Page 90

CHAPTER – 06 IP ROUTING

Imagine a network with routers. Instead of examining lengthy routing tables,

routers in an MPLS network use labels attached to IP packets. Multi-Protocol
Label Switching (MPLS) operates at a layer that is generally considered to lie
between traditional definitions of OSI Layer 2 (data link layer) and Layer 3
(network layer). It is often referred to as a layer 2.5 protocol. MPLS is not tied to
a single protocol; it can operate with various network layer protocols. It can carry
different types of traffic, including IP, Ethernet, Frame Relay, and ATM. The
multiprotocol nature of MPLS enables service providers to offer a wide range of
services, including Layer 2 VPNs (Virtual Private Networks), Layer 3 VPNs.

Components of mpls

● Label: A short, fixed-length identifier assigned to packets by ingress

routers. Labels are used to forward packets along predefined paths known
as Label Switched Paths (LSPs).

● Label Switched Path (LSP): A unidirectional path through the MPLS

network along which labeled packets are forwarded. LSPs are established
and maintained using signaling protocols such as RSVP-TE (Resource
Reservation Protocol - Traffic Engineering) or LDP (Label Distribution
Protocol).

Civil Aviation Training College, India Page 91

CHAPTER – 06 IP ROUTING

● Ingress Router: The router at the edge of the MPLS network where packets
enter from external networks. The ingress router assigns MPLS labels to
incoming packets and forwards them into the MPLS network.

● Egress Router: The router at the edge of the MPLS network where labeled
packets exit the MPLS domain and are forwarded to their final destination.
The egress router removes MPLS labels from outgoing packets before
forwarding them to the next hop or destination.

● Label Switch Router (LSR): Routers within the MPLS network that
perform label switching based on incoming labels. LSRs make forwarding
decisions based on labels and swap labels as packets traverse the MPLS
network.

● Provider Edge (PE) Router: Routers within the service provider's MPLS
network that connect directly to customer networks via CE (Customer
Edge) routers. PE routers establish MPLS connectivity with CE routers. A
PE router can function as both an ingress and an egress router, depending
on the context and the flow of traffic within an MPLS (Multiprotocol Label
Switching) network.

● Customer Edge (CE) Router: Routers at the edge of customer networks

that connect to PE routers in the service provider's MPLS network.

● Label Distribution Protocol (LDP): A signaling protocol used to distribute

MPLS labels between routers within the MPLS network. LDP establishes
label bindings between neighboring routers to create LSPs and enable
MPLS forwarding.

● MPLS Forwarding Table: A data structure maintained by routers in the

MPLS network that maps incoming labels to outgoing interfaces or next-
hop routers. The MPLS forwarding table is used to make forwarding
decisions based on MPLS labels.
Virtual Routing and Forwarding (VRF) plays a crucial role in Multiprotocol
Label Switching (MPLS) networks. It allows the separation of traffic for different
customers within the MPLS cloud.

Civil Aviation Training College, India Page 92

CHAPTER – 06 IP ROUTING

Each VRF maintains its own routing table and policies. Multiple VRFs can
coexist on the same router. Each VRF corresponds to a virtual packet-forwarding
table. VRF configurations are typically done on Provider Edge (PE) routers. Each
VRF instance is bound to one or more physical or logical interfaces on the PE
router. These interface bindings determine which interfaces belong to each VRF
instance and where traffic belonging to that VRF is received or forwarded. VRF
instances are typically denoted by assigning a unique name or identifier to each
VRF. These identifiers use a mix of letters and numbers. For example, VRF
names like VRF123, CustomerA, or Site42.

Civil Aviation Training College, India Page 93

CHAPTER – 06 IP ROUTING

Civil Aviation Training College, India Page 94

 CHAPTER – 07 VLAN

CHAPTER-7
VLAN
7.1. Introduction

A VLAN is a logical grouping of network users and resources connected to

administratively defined ports on a switch. When you create VLANs, you’re given
the ability to create smaller broadcast domains within a layer 2 switched inter-
network by assigning different ports on the switch to different sub networks. A
VLAN is treated like its own subnet or broadcast domain, meaning that frames
broadcast onto the network are only switched between the ports logically
grouped within the same VLAN.

By default, hosts in a specific VLAN cannot communicate with hosts that

are members of another VLAN, so if you want inter-VLAN communication, the
answer is that you still need a router.

7.2. VLAN Basics

Figure shows how layer 2 switched networks are typically designed as flat
networks. With this configuration, every broadcast packet transmitted is seen by
every device on the network regardless of whether the device needs to receive
that data or not. The reason it’s called a flat network is because it’s one broadcast
domain, not because the actual design is physically flat. In Figure we see Host A
sending out a broadcast. All the ports except the receiving port of the switch
forward the packet.

Switched network

Civil Aviation Training College, India Page 95

 CHAPTER – 07 VLAN

When VLANs were not in the picture, we were using the type of network depicted
in the figure below.

Here you can see that each network is attached with a hub port to the router.

Notice that each department has its own LAN, so if you needed to add new users
to, let’s say, Sales, you would just plug them into the Sales LAN, and they would
automatically become part of the Sales collision and broadcast domain. This
design really worked well for many years. But there was one major flaw. What
happens if the hub for Sales is full, and we need to add another user to the Sales
LAN? Or, what do we do if there’s no more physical space available where the
Sales team is located for this new employee?

Well, let’s say there just happens to be plenty of room in the Finance section of
the building. That new Sales team member will just have to sit on the same side
of the Finance people, and we’ll just plug the system of that sales team
member into the hub for Finance. Doing this obviously makes the new user part
of the Finance LAN, which is very bad for many reasons. First and foremost, we
now have a major security issue. Because the new Sales employee is a member
of the Finance broadcast domain, the newbie can see all the same servers and
access all network services that the Finance folks can. Second, for this user to
access the Sales network services, they would have to go through the router to
log in to the Sales server—not exactly efficient!

Civil Aviation Training College, India Page 96

 CHAPTER – 07 VLAN

But, if you create a virtual LAN (VLAN). You can solve many of the problems
associated with these issues.

Here’s a short list of ways VLANs simplify network management:

● VLANs enable you to group devices together logically, even though they are
physically connected to the same switch.
● All the devices connected to the same switch are in the same broadcast
domain.
● But VLANs allow you to create separate broadcast domains within a single
physical switch.
● Devices within the same VLAN can communicate with each other as if they
were on the same physical network.
● Devices in different VLANs typically cannot communicate with each other
without routing.
● VLANs enhance network security by isolating traffic.

Civil Aviation Training College, India Page 97

 CHAPTER – 07 VLAN

● VLANs limit the scope of broadcast traffic. Broadcasts are confined to

devices within the same VLAN, reducing network congestion and
improving overall network performance.
● VLANs provide flexibility in network design and management. They allow
you to reconfigure the logical layout of your network without physically
relocating devices or rewiring connections.
● VLAN tagging adds a header to Ethernet frames, indicating which VLAN
the frame belongs to. This allows VLAN-aware devices to distinguish
between different VLANs and route traffic accordingly.
● To enable communication between devices in different VLANs, you
typically need a router or a Layer 3 switch capable of routing traffic
between VLANs. This process is known as inter-VLAN routing.

In what ways can devices be grouped into VLANs?

● Port-based VLANs: are a common method of assigning VLAN membership

to devices based on the physical switch port to which they are connected.
Administrators configure each switch port to be a member of a specific
VLAN. Any device plugged into that port will automatically be part of the
assigned VLAN.
● MAC address-based VLANs, also known as MAC-based VLANs: are a
method of assigning VLAN membership to devices based on their MAC
addresses. In traditional VLAN configurations, VLAN membership is
typically determined by the switch port to which a device is connected.
However, MAC address-based VLANs offer more granular control over
VLAN assignments by allowing specific devices to be associated with
particular VLANs, regardless of the switch port they are connected to. With
MAC-based VLANs, the switch creates a table that maps specific MAC
addresses to VLANs. When a frame arrives at the switch, the switch looks
up the source MAC address in the table. If a match is found, the switch
assigns the corresponding VLAN ID to the frame and forwards it within
that VLAN.

Civil Aviation Training College, India Page 98

 CHAPTER – 07 VLAN

● Policy-Based VLANs: VLAN memberships can also be determined based on

policies configured on the network devices. These policies can take into
account various factors such as IP address ranges, application types, or
specific protocols to determine VLAN assignments.
● VLAN Membership Policy Server (VMPS): is a system used in network
environments to dynamically assign VLAN memberships to devices based
on their MAC addresses. The VMPS is configured with a database that
maps MAC addresses to VLANs. When a device connects to the network,
it sends a request to the VMPS, typically using a protocol like VLAN
Membership Policy Protocol (VMPP) or Cisco VMPS Protocol (VMPS). This
request includes the device's MAC address. The VMPS checks its database
for the MAC address received in the request. If a matching entry is found,
the server responds to the device with the corresponding VLAN
assignment. If no matching entry is found, the server may assign the
device to a default VLAN or reject the request.

7.3. Access Port:

When a switch port is configured as an access port, it will only carry traffic for
the specified VLAN. Access ports are primarily used to connect end-user devices
such as computers, printers, IP phones, cameras, and other network peripherals
to the local network. By connecting these devices to access ports, they can
communicate with other devices within the same VLAN. In the fig: ___ Port nos
2,3,6 are the access ports of VLAN 3, Port nos 1,7 are the access ports of VLAN
4 and Port nos 4,5,8 are the access ports of VLAN 5.

VLAN trunking is a technique used in computer networking to carry traffic from

multiple VLANs over a single network link (trunk).

7.4. Trunk Port:

Trunk ports are switch ports configured to carry traffic for multiple VLANs
simultaneously. They are used to interconnect switches or to connect switches.

Civil Aviation Training College, India Page 99

 CHAPTER – 07 VLAN

This eliminates the need for separate cables for each VLAN when connecting
switches, promoting network efficiency. This allows VLAN traffic to traverse
multiple switches while maintaining VLAN segregation and ensuring that frames
reach their intended destinations. Trunk ports are also used to connect switches
to routers, servers, or other networking devices that support VLAN tagging. This
enables these devices to communicate with multiple VLANs on the network. Each
frame transmitted over a trunk port includes a VLAN tag that identifies the VLAN to
which the frame belongs.

7.5. VLAN Tagging:

VLAN tagging is a method used in computer networks to identify which VLAN a

data packet belongs to when it travels across trunk ports on switches. In a
standard Ethernet frame, there is no field to indicate the VLAN to which the
frame belongs. On access links, which are configured for a single VLAN, frames
are typically untagged. If the frame needs to traverse a trunk link, it will be
tagged with the appropriate VLAN ID before being sent out. The IEEE 802.1Q &
Cisco ISL (Inter Switch Link) standard defines how VLAN tagging should be
implemented. According to this standard, a 4-byte tag is added to the Ethernet
frame header, which includes information about the VLAN ID and other details.
When a frame exits a trunk port on a switch, the VLAN tagging process inserts
a VLAN tag into each Ethernet frame. This tag functions like a label, identifying
the specific VLAN the data belongs to. Upon receiving a tagged frame, switches
examine the VLAN tag to determine the VLAN to which the frame belongs.

Civil Aviation Training College, India Page 100

 CHAPTER – 07 VLAN

This allows switches on the receiving end to correctly forward the frames to the
appropriate VLANs.

Inter VLANs Communication:

What we see in the above figure is that each router interface is plugged into an
access link. This means that each of the routers’ interface IP addresses would
then become the default gateway address for each host in each respective VLAN.

Civil Aviation Training College, India Page 101

 CHAPTER – 07 VLAN

Instead of using a router interface for each VLAN, you can use one Fast Ethernet interface
and run 802.1Q trunking (802.1Q trunking, also known as VLAN trunking. Above figure
shows how a Fast Ethernet interface on a router will look when configured with 802.1Q
trunking. This allows all VLANs to communicate through one interface. Cisco calls this a
“router on a stick.”
How Router on a Stick works.
● First, you configure the switch to support VLANs. Then create and assign VLANs
to specific switch ports where devices are connected.
● On the switch, configure a port as a trunk port. It carries traffic from multiple
VLANs across a single physical link.
● This trunk link is then connected to one of the physical interface of the router.
● Configure subinterfaces(Logical) on the above mentioned physical interface of the
router. Subinterfaces are commonly used in routers to perform inter-VLAN
routing.
● Each subinterface is configured with its own unique network settings, including IP
address, subnet mask, VLAN tagging. These settings allow the subinterface to
operate as if it were a distinct physical interface.

Civil Aviation Training College, India Page 102

 CHAPTER – 07 VLAN

● Configure the router to route traffic between the different subinterfaces.

● With the router configured, devices in different VLANs can communicate with each
other through the router.
● When a device sends traffic destined for another VLAN, the traffic is forwarded to
the router through the trunk link.
The router examines the VLAN tag, determines the appropriate subinterface for the
destination VLAN, and forwards the traffic accordingly.

Why use a Layer 3 switch?

Layer 3 switches make the use of virtual local area networks (VLANs) and inter VLAN
routing easier and faster. They make VLANs easier to configure because a separate router
isn't required between each VLAN; all the routing can be done right on the switch. Layer
3 switches also improve VLAN performance because they eliminate the bottleneck that
results from a router forming a single link between VLANs.

Civil Aviation Training College, India Page 103

 CHAPTER – 08 IP MULTICAST

CHAPTER-8
IP MULTICAST
There are three types of traffic that we can choose from for our networks:

● Unicast

● Broadcast

● Multicast

If you want to send a message from one source to one destination, we use
unicast. If you want to send a message from one source to everyone, we use
broadcast.

What if we want to send a message from one source to a group of receivers?

That’s when we use multicast.

Why do you want to use multicast instead of unicast or broadcast? That’s best
explained with an example. Let’s imagine that we want to stream a high
definition video on the network using unicast, broadcast or multicast. You will
see the advantages and disadvantages of each traffic type. Let’s start with
unicast:

Above we have a small network with a video server that is streaming a

movie and four hosts who want to watch the movie.

Civil Aviation Training College, India Page 104

 CHAPTER – 08 IP MULTICAST

Two hosts are on the same LAN, the other two hosts are on another site that is
connected through a 30 Mbps WAN link.

A single HD video stream requires 6 Mbps of bandwidth. When we are

using unicast, the video server will send the packets to each individual host.
With four hosts, it means the video server will be streaming 4x 6 Mbps = 24
Mbps of traffic.

Each additional host that wants to receive this video stream will put more
burden on the video server and require more bandwidth from the WAN link.
Hence it is not scalable.

What about broadcast traffic?

If our video server broadcasts its traffic then the load on the video server
will be reduced, it’s only sending the packets once. The problem however is that
everyone in the broadcast domain will receive it, whether they like it or not.
Another issue with broadcast traffic is that routers do not forward broadcast
traffic, it will be dropped.

What about multicast traffic?

Civil Aviation Training College, India Page 105

 CHAPTER – 08 IP MULTICAST

Multicast traffic is very efficient. This time we only have two hosts that are
interested in receiving the video stream. The video server will only send the
packets once. switches forward multicast packets selectively to only interested
receivers, routers play a more active role in replicating and distributing multicast
packets across different network segments. This reduces the load of the video
server and network traffic in general.

When using unicast, each additional host will increase the load and traffic rate.
With multicast it will remain the same.

Multicast Components

1. Source of multicast data.

2. Multicast receivers.
3. Multicast enabled routers.
4. Distribution tree established by the routers using a multicast routing
protocol.
5. Data is delivered downstream in the distribution tree from the source to
the receivers.

Multicast is efficient but it doesn’t work “out of the box”. There are a
number of components that we require.

Civil Aviation Training College, India Page 106

 CHAPTER – 08 IP MULTICAST

First of all we use a designated range of IP addresses that is exclusively

used for multicast traffic. We use the class D range for this: 224.0.0.0 to
239.255.255.255. These addresses are only used as destination addresses, not
as source addresses. In networking, a single multicast address is indeed referred
to as a "multicast group." Multicast groups are used to represent a set of
receivers interested in receiving the same multicast traffic. The source IP address
will be the device that is sending the multicast traffic, for example the video
server. We also require applications that support multicast. A simple example is
the VLC media player, it can be used to stream and receive a video on the
network.

When a router receives multicast traffic, somehow it has to know if anyone

is interested in receiving the multicast traffic.

Above you can see the router is receiving the multicast traffic from the
video server. It doesn’t know where and if it should forward this multicast traffic.
We need some mechanism on our hosts that tells the router when they want to
receive multicast traffic.

Civil Aviation Training College, India Page 107

 CHAPTER – 08 IP MULTICAST

We use the IGMP (Internet Group Management Protocol) for this. Hosts that
want to receive multicast traffic will use the IGMP protocol to tell the router
which multicast traffic they want to receive.

IGMP helps the router to figure out on what interfaces it should forward
multicast traffic but what about switches? Take a look at the following image:

To help the switch figure out where to forward multicast traffic, we can
use IGMP snooping. The switch will “listen” to IGMP messages between the
host(s) and router to figure out where it should forward multicast traffic to.

Civil Aviation Training College, India Page 108

 CHAPTER – 08 IP MULTICAST

Above we have our video server that is forwarding multicast traffic to R1.
On the bottom there’s H1 who is interested in receiving it.

With unicast routing, each router advertises its directly connected

interfaces in a routing protocol. Routers who receive unicast packets only care
about the destination address. They check their routing tables, find the outgoing
interface and forward the packets towards the destination. With multicast
routing, things are not that simple. The destination is a multicast group address
and the multicast packets have to be forwarded to multiple receivers throughout
the network.

To accomplish this, we use a multicast routing protocol:

● DVMRP (Distance Vector Multicast Routing Protocol)

Civil Aviation Training College, India Page 109

 CHAPTER – 08 IP MULTICAST

● MOSPF (Multicast Open Shortest Path First)

● PIM (Protocol Independent Multicast)

The most popular multicast routing protocol is PIM.

Multicast IP Addresses

One of the differences between unicast and multicast IP addresses, is that

unicast IP addresses represent a single network device while multicast IP
addresses represent a group of receivers. IANA (Internet Assigned Numbers
Authority) has reserved the class D range to use for multicast. The first 4 bits in
the first octet are 1110 in binary which means that we have the 224.0.0.0
through 239.255.255.255 range for IP multicast addresses.

Some of the addresses are reserved and we can’t use them for our own
applications. The 224.0.0.0 – 224.0.0.255 range has been reserved by IANA to
use for network protocols. All multicast IP packets in this range are not
forwarded by routers between subnets.

Few examples of reserved Multicast addresses

Address Usage

224.0.0.1 All Hosts

224.0.0.2 All Multicast Routers

224.0.0.5 OSPF Routers

224.0.0.9 RIPv2 Routers

224.0.0.10 EIGRP Routers

224.0.0.12 DHCP Server / Relay

224.0.0.13 All PIM Routers

224.0.0.18 VRRP

Civil Aviation Training College, India Page 110

 CHAPTER – 08 IP MULTICAST

Multicast IP Address to MAC address mapping

Analyzing an Unicast MAC: 00:A0:C9:AB:0E:8F

Analyzing an Multicast MAC: 01:00:5E:00:00:05

Look at the above figure.

For all multicast IP addresses, the first 4 bits must be the same because of class
D.

For all multicast MAC addresses, the first 25 bits must be the same. Because
IANA has reserved the block from 01:00:5e:00:00:00 to 01:00:5e:7f:ff:ff for
encapsulating IP multicast datagrams.

Civil Aviation Training College, India Page 111

 CHAPTER – 08 IP MULTICAST

From the above example, you can find that the MAC addresses for 224.11.2 and
225.11.1.2 are the same. Because the 5 bits of IP address (shown in the above
figure) are not relevant for IP to MAC mapping.

All the multicast IPs shown in the below table are mapped to the same multicast
MAC address - 01:00:5E:0B:01:02

224.11.1.2 225.11.1.2 226.11.1.2 227.11.1.2 228.11.1.2 229.11.1.2

230.11.1.2 231.11.1.2 232.11.1.2 233.11.1.2 234.11.1.2 235.11.1.2

236.11.1.2 237.11.1.2 238.11.1.2 239.11.1.2 224.139.1.2 225.139.1.2

226.139.1.2 227.139.1.2 228.139.1.2 229.139.1.2 230.139.1.2 231.139.1.2

231.139.1.2 232.139.1.2 233.139.1.2 234.139.1.2 235.139.1.2 236.139.1.2

237.139.1.2 238.139.1.2 239.139.1.2

Civil Aviation Training College, India Page 112

 CHAPTER – 08 IP MULTICAST

2 = 32 different multicast IP can be mapped to the same MAC address.

5

IGMP (Internet Group Management Protocol): IGMP stands for Internet Group
Management Protocol. It is a communication protocol used by IPv4 hosts and
multicast routers to manage multicast group memberships within a network.
IGMP operates at the network layer (Layer 3) of the OSI model.

There are two main versions of IGMP: IGMPv1 and IGMPv2.

IGMP version 2 (IGMPv2) is widely used in IPv4 networks for managing multicast
group memberships.

IGMP message types

- Membership query

- Membership report

- Leave group message

IGMP Membership Query

● General Query: This query is sent to all hosts on a network segment,

asking them to report their membership status for all multicast groups.
General Queries are typically used by routers to periodically refresh their
knowledge of active multicast group memberships on the network.

Civil Aviation Training College, India Page 113

 CHAPTER – 08 IP MULTICAST

● Group-Specific Query: This query targets a specific multicast group,

asking hosts if they are members of that particular group. Group-Specific
Queries are used by routers when they need to determine the status of a
specific multicast group's membership, such as when a router receives
multicast traffic for that group and wants to verify if there are active
members.

IGMP Membership Report: IGMP membership report is a message sent by an

IPv4 host to a multicast router in response to an IGMP Membership Query or to
announce its interest in receiving multicast traffic for specific multicast groups.

IGMP Leave Group message: IGMP leave group message is sent by an IPv4 host
to notify the local multicast router that it is no longer interested in receiving
traffic for a specific multicast group.

IGMP messages are sent with the TTL field in the IP header set to one.
Therefore, IGMP messages are never forwarded by routers.

IGMP Snooping
Layer two switches are simple devices. They learn source MAC addresses
and insert these in their MAC address tables. When a frame arrives, they check
for the destination MAC address, perform a lookup in the MAC address table
and then forward the frame. This works very well for unicast traffic but it’s a
problem for multicast traffic. Take a look at the example below:

Civil Aviation Training College, India Page 114

 CHAPTER – 08 IP MULTICAST

Refer to the above figure: A video server is streaming multicast traffic to

destination 239.1.1.1. The destination MAC address will be 0100.5e01.0101.
When the switch receives this traffic then it will do a lookup for MAC address
0100.5e01.0101. Since this MAC address has never been used as a source, all
multicast traffic will be flooded. All hosts will receive this traffic whether they
want it or not.

IGMP snooping is a feature of network switches that monitors Internet

Group Management Protocol (IGMP) messages exchanged between multicast
routers and hosts. When the host sends a membership report for a multicast
group then the switch adds an entry in the CAM table for the interface that is
connected to the host. When the host sends a leave group for a multicast group
then the switch removes an entry in the CAM table for the interface that is
connected to the host.

By analyzing these messages, switches can intelligently forward multicast

traffic only to the ports where it's needed, rather than flooding it to all ports in
the network. Without IGMP snooping, switches will flood multicast traffic
everywhere, treating it like broadcast traffic.

Multicast Routing

When a router receives an unicast packet, it reads the destination

address, checks its routing table to find out the next hop address or exit interface
and forward the IP packet towards the destination.

What about multicast traffic?

Civil Aviation Training College, India Page 115

 CHAPTER – 08 IP MULTICAST

Above figure: R1 receives a multicast packet from some video server, the
destination address is 239.1.1.1. But the routing table is a unicast routing table.
There’s no information about any multicast addresses in there. Router 1 will
have no idea where to forward this multicast traffic to.

To route multicast traffic, we need to use a multicast routing protocol.

Protocol Independent Multicasting (PIM)

Protocol Independent Multicasting (PIM) is a family of multicast routing

protocols used in computer networks. PIM depends 100% on the information in
the unicast routing table. But it doesn’t matter which unicast routing protocol
you use to fill the unicast routing table. PIM operates independently of any
specific unicast routing protocol. The primary goal of PIM is to efficiently deliver
multicast traffic from a source to multiple destinations across an IP network. It
achieves this by dynamically building multicast distribution trees, which
determine the path that multicast packets should take through the network. PIM
operates at the network layer (Layer 3) of the OSI model / internet layer of TCP/IP
model.

Protocol Independent Multicast (PIM) Hello packets are used to establish

and maintain neighbor adjacencies. These packets are exchanged between
routers to discover and maintain neighbor relationships, enabling the routers to
exchange multicast routing information effectively.

Different modes of PIM:

● PIM Dense mode

● PIM Sparse mode

Protocol Independent Multicasting (PIM) - Dense Mode

Dense Mode: Dense mode multicast routing protocols are used for networks
where most subnets in your network should receive the multicast traffic. When

Civil Aviation Training College, India Page 116

 CHAPTER – 08 IP MULTICAST

a router receives the multicast traffic, it will flood it on all of its interfaces except
the interface where it received the multicast traffic.

In the example above both the hosts H1 and H2 are interested in multicast traffic
but what if there are hosts that don’t want to receive it?

A multicast router can tell its neighbor that it doesn’t want to receive the
multicast traffic anymore. This happens when:

● The router doesn’t have any downstream neighbors that require the
multicast traffic.

● The router doesn’t have any hosts on its directly connected interface that
require the multicast traffic.

Above we see R1 that receives the multicast traffic from our video server.
It floods this multicast traffic to R2 and R3. But these two routers don’t have
any interest in multicast traffic. They will send a prune message to signal R1
that it should no longer forward the multicast traffic.

Multicast routing is vulnerable to routing loops.

One simple loop-prevention mechanism is that routers will never forward

multicast packets on the interface where they received the packet on.

Civil Aviation Training College, India Page 117

 CHAPTER – 08 IP MULTICAST

There is one additional check also to prevent loops. It is called RPF (Reverse
Path Forwarding).

Refer above figure. R1 receives a multicast packet which is flooded on all

interfaces except the interface that connects to the video server.

● R1 floods the packet to R3.

● R3 floods the packet to R2.

● R2 floods it back to R1.

Even Though routers are not forwarding multicast packets on the interface
where they received the packet on, there exists a multicast routing loop. This
can be prevented by implementing the RPF check:

When a router receives a multicast packet on an interface, it looks at the source

IP address and does two checks:

● Is there an entry that matches the source address in the unicast routing
table?

● If so, what interface is used to reach that source address?

When the multicast packet is received on the interface that matches the
information from the unicast routing table, it passes the RPF check and accepts
the packet. When it fails the RPF check, drop the packet.

Civil Aviation Training College, India Page 118

 CHAPTER – 08 IP MULTICAST

Above we see R1 floods the multicast traffic to R2 and R3. R2 also floods
it to R3. R3 will now perform a RPF check. It sees the source address of the
multicast data is 192.168.12.2 and checks the unicast routing table. It finds a
route for 192.168.12.2 that points to R1.

The packet that it receives from R1 will pass the RPF check since we
receive it on the Fa0/0 interface, the one it receives from R2 fails the RPF check.
So, the multicast packet from R2 will be dropped.

R3 will then flood the multicast packet towards R2 who will also do a RPF
check. It will drop this packet since R2 uses its interface towards R1 to reach
192.168.12.2.

Another way to look at this is that the RPF check ensures that only
multicast packets from the shortest path are accepted. Multicast packets that
travel longer paths are dropped.

Upstream router - The router where we receive multicast traffic from (source
side)

Downstream router - The router where multicast traffic is forwarded (Towards

Receivers).

Civil Aviation Training College, India Page 119

 CHAPTER – 08 IP MULTICAST

RPF neighbor

PIM (Protocol Independent Multicast), the term "RPF neighbor" stands for
"Reverse Path Forwarding neighbor."

When a router receives multicast traffic, it performs an RPF check. It looks at its
unicast routing table to determine the upstream interface from which it expects
to receive unicast traffic for the source of the multicast stream.

The router compares the incoming interface of the multicast packet with the
expected upstream interface determined by the RPF check.

If the incoming interface matches the expected upstream interface, the router
forwards the multicast packet. If they don't match, the router might discard the
packet to prevent loops.

In this context, the upstream neighbor from which the router expects to receive
multicast traffic is referred to as the "RPF neighbor" for that source.

PIM Dense Mode is a push method in which source-based trees are used.

Civil Aviation Training College, India Page 120

 CHAPTER – 08 IP MULTICAST

Above we see a video server sending a multicast packet towards R1. H1 wants to
receive the same multicast. So H1 will send an ip igmp join request to R6. As
soon as R1 receives this multicast packet, it will create an entry in its multicast
routing table where it stores the source address and multicast group address. It
will then flood the traffic on all of its interfaces except the interface where it
received the multicast packets.

Other routers that receive this multicast packet will also create an entry
in its multicast routing table and are flooded on all of their interfaces except the
interface where it received the multicast packets. This does cause some issues,
one problem is that we will have multicast routing loops. You can see that the
packet that R1 receives is forwarded to R2 > R4 > R5 and back to R1 (and the
other way around).

Each router that is not interested in the multicast traffic will send a prune
to its upstream router, requesting it to stop forwarding it. Pruning of multicast
traffic helps to prevent looping.

To avoid the looping RPF(Reverse Path Forwarding) technique will also be

used. (When the multicast packet was received on the interface that we use to
reach the source, the RPF check succeeds. When the multicast packet was
received on another interface, it fails the RPF check and the packet is discarded.)

End Result will look like this:

Multicast data from server to H1 will flow through R1>R2>R6>H1

Civil Aviation Training College, India Page 121

 CHAPTER – 08 IP MULTICAST

The interfaces of routers R2 and R6 where the arrow marks are shown will not send a
prune back message. Because H1 wants to receive the multicast packets.

Couple of reasons why a router can send a prune message:

● No directly connected hosts that are interested in receiving the multicast

traffic.

● No downstream routers are interested in receiving the multicast traffic.

● When downstream routers receive traffic on a non-RPF interface.

Now multicast traffic is flooded from R1 to R2 > R6 > H1. This flood and
prune behavior will occur every three minutes. This topology is called the source-
based distribution tree or SPT (Shortest Path Tree). The source is the root of
our tree. The routers in between that are forwarding traffic are the nodes. The
subnets with receivers are the branches and leaves of the tree. Depending on the
source and/or multicast groups that we use, you might have more than one
source tree in your network. We use the [S,G] notation to refer to a particular
source tree.

● S: the source address

● G: the multicast group address

Civil Aviation Training College, India Page 122

 CHAPTER – 08 IP MULTICAST

Protocol Independent Multicasting (PIM) - Sparse Mode: With PIM dense

mode, multicast traffic will be flooded everywhere and then prune it. Dense mode
is very inefficient with its flooding of multicast traffic. Lot of bandwidth and
resources on the router is wasted due to flooding. The alternative is sparse mode
which is far more efficient. With PIM sparse mode multicast traffic will not be
forwarded unless another router requests it. It’s the complete opposite of dense
mode.

● Dense mode floods multicast traffic until a router asks you to stop.

● Sparse mode sends multicast traffic only when a router requests it.

Requesting multicast traffic sounds great but it introduces one problem.

Where are you going to send your request to? With dense mode, you will receive
the traffic whether you like it or not. With sparse mode, you have no idea where
the multicast traffic is coming from.

To fix this issue, sparse mode uses a special router called the RP
(Rendezvous Point). All multicast traffic is forwarded to the RP and when other
routers want to receive it, they’ll have to find their way towards the RP.

Above we see R1 which is the RP for the network. It’s receiving multicast
traffic from the video server but at the moment nobody is interested in it. R1 will
not send any multicast traffic on the network at this moment.

Civil Aviation Training College, India Page 123

 CHAPTER – 08 IP MULTICAST

If R2 or R3 receive an IGMP join message from a host that is directly

connected or a request from another downstream router, then:

● H2 wants to receive this multicast traffic so it sends an IGMP join message

for multicast group 239.1.1.1 to R3

● R3 receives the IGMP join and will request R1 (Using PIM Join message)
to start sending the multicast traffic.

● R1 will now start forwarding the multicast to R3 and it reaches H2.

With this, wastage of network resources can be reduced.

When using sparse mode, all routers need to know the IP address of the RP.
(This will discussed later)

Civil Aviation Training College, India Page 124

 CHAPTER – 08 IP MULTICAST

In the above diagram, a video server is streaming multicast traffic to 239.1.1.1.

At the bottom, R6 received an IGMP membership from a directly connected
host H1. But R6 is unaware of the source of multicast 239.1.1.1

● Router R5 is configured as RP for this multicast group

● Multicast traffic is received by R1.

Civil Aviation Training College, India Page 125

 CHAPTER – 08 IP MULTICAST

● R1 will encapsulate the first multicast packet in a PIM register message

and forwarded to the RP.

● Once the RP receives the PIM register message there are two options:
o When nobody is interested in the multicast traffic then the RP will
reject the PIM register message.
o When there is at least one receiver, the RP accepts the RP register
message.

● When nobody is interested in the multicast traffic, RP will respond to R1

with a PIM register stop message.

● Then R1 stops forwarding any multicast traffic.

● R1 will start a suppression timer. By default this timer is 60 seconds

● When the timer is almost expired, R1 will send a PIM register null packet
to RP.

● PIM register null packet doesn’t carry the encapsulated multicast packet.
It’s a simple request to ask the RP if it is interested now.

● If still don’t have any receivers, the RP will send another PIM register stop
message.

● When there are receivers, the RP will not send a PIM register stop message
to R1

● Then R1 will start forwarding the multicast traffic.

Civil Aviation Training College, India Page 126

 CHAPTER – 08 IP MULTICAST

● The host (H1) that is connected to R6 would like to receive multicast traffic.

● So H1 sends an IGMP membership report to R6.

● R6 now has to figure out how to get to the RP and request it to start
forwarding the multicast traffic.

Civil Aviation Training College, India Page 127

 CHAPTER – 08 IP MULTICAST

● R6 will check its unicast routing table for the IP address of the RP and
send a PIM join message on the interface that is used to reach the RP.

● In this case, R6 will forward PIM join towards R4.

● When R4 receives the PIM join, it has to request the RP to start forwarding
multicast traffic

● So R4 will check its unicast routing table, find the interface that is used
to reach the RP and send a PIM join message towards the RP.

● When the RP receives the PIM join, it will start forwarding the multicast
traffic.

● Multicast traffic is now flowing from R1 towards the RP, down to R4, R6
and to our receiver (H1).

This concept of joining the RP is called the RPT (Rendezvous Point Tree) or
Shared Tree.

Civil Aviation Training College, India Page 128

 CHAPTER – 08 IP MULTICAST

The RP is the root of our tree which decides where to forward multicast traffic to.
Each multicast group might have different sources and receivers so we might
have different RPTs in our network.

If you look closely at the picture above then you might have noticed that R6 has
multiple paths towards the source. Right now multicast traffic is flowing like
this:

R1 > R5 > R4 > R6 (Rendezvous Point Tree)

This is not the most optimal path. The path from R1 > R2 > R6 has one less
router than the current path. So if all interfaces are equal, this path is probably
better.

Once H1 starts receiving multicast traffic through the RP, it’s possible to switch
to the SPT (Shortest Path Tree) - R1 > R2 > R6.

Refer the figure below

● When R6 received the multicast traffic through the RP, it also learned the
source address of this multicast.

● R6 checks its unicast routing table to find a better path to reach the
source. It finds that R1 > R2 > R6 is the better path.

● Now R6 decided to use the SPT (R1 > R2 > R6) instead of the RPT (R1 > R5
> R4 > R6) to receive this traffic.

● For this, R6 will send PIM join messages to R2. R2 will forward the PIM
join to R1

Civil Aviation Training College, India Page 129

 CHAPTER – 08 IP MULTICAST

Civil Aviation Training College, India Page 130

 CHAPTER – 08 IP MULTICAST

Refer the above figure

● R1 will start forwarding multicast traffic towards R6, using the best path:
R1 > R2 > R6 (SPT - Source Path Tree)

● Since R6 is now receiving multicast traffic through R2 and R1, it doesn’t

need it from the RP anymore.

● R6 will send PIM prune messages to R4.

● R4 will forward the PIM Prune message to RP

● Multicast data flow through RP will be stopped.

What have we learned?

● PIM sparse mode uses a RP (Rendezvous Point) as a “central point” for our
multicast traffic.

● Routers will use PIM register packets to register sources with the RP. The
first multicast packet is encapsulated and forwarded to the RP.

● When the RP is not interested in traffic from a certain group then it will
send a PIM register stop packet.

● The router that sent the PIM register will start a suppression timer (60
seconds) and will send a PIM register null packet a few seconds before the
suppression timer expires.

● Routers with receivers will join the RPT (Root Path Tree) for each group
that they want to receive.

● Once routers with receivers get a multicast packet from the RP, they will
switch from the RPT to the SPT when traffic exceeds 0 kbps (in other
words: immediately).

Multicast PIM Bootstrap (BSR)

PIM sparse mode requires an RP (Rendezvous Point) as a meeting point in

the network for all multicast traffic.

Civil Aviation Training College, India Page 131

 CHAPTER – 08 IP MULTICAST

Any router in the network can be configured as an RP. We manually

configured the RP on all routers. For a small network, this is no problem. On
large multicast networks, it’s not a good idea. First of all, it takes time to
manually configure each router, but it’s also prone to errors.

Civil Aviation Training College, India Page 132

CHAPTER-09 PROTOCALS
CHAPTER-9
PROTOCOLS
9.1 Link Aggregation Protocol

Link Aggregation is a method where you combine multiple Ethernet cables

to work as one big virtual cable between two devices (like switches or a
switch and a server).

 More speed: Add up the bandwidth of each link (e.g., 2 cables of 1 Gbps
= 2 Gbps total).
 Redundancy: If one cable fails, the other(s) keep the connection alive.

There are two main types of link aggregation protocols:

 LACP (Link Aggregation Control Protocol)

 Defined by: IEEE 802.3ad (now 802.1AX)

 Standard-based: Works across different vendors
 Dynamic negotiation of aggregated links
 Automatically detects and forms link bundles

 PAgP (Port Aggregation Protocol)

 Cisco proprietary
 Similar to LACP but only works between Cisco devices
 Less flexible than LACP

LACP or PAgP

Civil Aviation Training College, India Page 133

CHAPTER-09 PROTOCALS

9.2 Switch Stacking

Switch stacking means combining multiple physical switches into a single

logical unit. You can manage them as one device — one configuration, one
console, and one IP address.

It's like building one big switch from smaller ones, using high-speed stack
cables that allow them to talk to each other internally.

Example: Imagine you’re setting up a network for a mid-sized office. The

office has:

 60 computers
 20 VoIP phones
 10 printers

Each device needs to be connected to a switch. You decide to use stackable

24-port switches.

Without Stacking:

You install 4 standalone 24-port switches.

 You need 4 separate uplinks to the core switch or router.

 You manage 4 different switch configurations.
 Inter-switch communication uses uplinks → more cabling &
complexity.
 If one switch fails, devices connected to it go offline.

With Stacking:

You connect the 4 switches using stack cables to form a stacked switch.

Now:

 You manage just one switch with one configuration and IP address.

Civil Aviation Training College, India Page 134

CHAPTER-09 PROTOCALS
 All devices communicate internally without needing extra uplinks.
 The switches act as one big 96-port switch.
 If one switch fails, others continue to operate (redundancy).

9.3 Introduction:

Both VRRP and HSRP are first-hop redundancy protocols (FHRP) used to
provide high availability for network gateways (default gateways) in a LAN. They
ensure that if the primary router fails, a backup router takes over seamlessly
without disrupting network traffic.

Civil Aviation Training College, India Page 135

CHAPTER-09 PROTOCALS
9.3.1 HSRP & VRRP:

High Availability (HA) protocols are critical in modern networks to ensure

continuous and uninterrupted operation of services, even when hardware,
software, or link failures occur. These protocols help maintain network resilience
by enabling automatic failover, minimizing downtime, and improving overall
service reliability.

Two widely used HA protocols at the gateway level are:

 HSRP (Hot Standby Router Protocol) – Cisco proprietary

 VRRP (Virtual Router Redundancy Protocol) – Open standard (RFC-based)

Purpose of HSRP and VRRP:

Both VRRP (Virtual Router Redundancy Protocol) and HSRP (Hot Standby
Router Protocol) are redundancy protocols used in networks to ensure high
availability of the default gateway. They allow multiple routers to work together,
so if one fails, another takes over, ensuring uninterrupted network access for
end devices.

Civil Aviation Training College, India Page 136

CHAPTER-09 PROTOCALS
1. Virtual IP Address (VIP):
 A Virtual IP address is shared among routers in the group and
configured as the default gateway for hosts.
 In both protocols, this VIP must belong to the local subnet.
 Only the active (HSRP) or master (VRRP) router handles traffic for the
VIP.
2. Virtual MAC Address:
 Both protocols use a virtual MAC address tied to the VIP.
 This MAC is derived automatically to ensure continuity in the ARP
cache of hosts.
 VRRP MAC format: 00-00-5E-00-01-{VRID in Hex}
Example: VRID 10 → MAC = 00-00-5E-00-01-0A
 HSRP MAC format (for HSRP version 1): 00-00-0C-07-AC-{group
number in hex}
3. Group Identification:
 HSRP uses a Group Number (range: 0 to 255).
 VRRP uses a Virtual Router ID (VRID) (range: 1 to 255; VRID 0 is
reserved).
 All routers in the group must be configured with the same group
number or VRID.
4. Roles:

HSRP/VRRP:

 Active Router: Forwards traffic for the VIP.

 Standby Router: Takes over if the active fails.

5. Priority and Election:

 Routers are assigned priority values (default is 100).
 The router with the highest priority becomes Active (HSRP) or Master
(VRRP).
 If priorities are equal, HSRP and VRRP uses highest IP address to break
ties.

Civil Aviation Training College, India Page 137

CHAPTER-09 PROTOCALS

6. Preemption:
 Preemption allows a router with higher priority to reclaim the
active/master role once it's back online.
 Supported by both protocols.
 A preemption delay can be configured to avoid flapping or instability.

7. Timers:

HSRP:
 Hello Timer (default: 3 seconds): Active router sends Hello messages to
Standby.
 Hold Timer (default: 10 seconds): Time Standby waits before assuming
Active role.

VRRP:
 Master Advertisement Timer: Master sends advertisements every 1
second to 224.0.0.18.
 Master Dead Timer: If no message is received in 3.69 seconds, a backup
takes over.

8. Authentication in HSRP and VRRP:

Both HSRP and VRRP support authentication to secure redundancy

operations. They offer:

 Plain Text Authentication: A shared password is configured on all

routers. It's simple but not secure, as the password is visible in packets.
 MD5 Authentication: More secure. A shared key is used to generate a
hashed value (MD5) in each protocol message. The receiving router
verifies this hash to ensure the message is authentic.

Using MD5 helps prevent unauthorized routers from joining the group
and ensures secure failover operations.

Civil Aviation Training College, India Page 138

CHAPTER-09 PROTOCALS
9.4 Simple Network Management Protocol (SNMP)

SNMP, which stands for Simple Network Management Protocol, is a widely

used protocol of application layer for managing and monitoring network devices
and systems. It allows network administrators to remotely monitor, configure,
and manage network devices such as routers, switches, servers, printers, and
more, from a central management station.

Components of SNMP

Managed Devices: These are the network devices that are being monitored or
managed using SNMP. Examples include routers, switches, servers, printers,
etc.

Agents: SNMP agents are software modules running on managed devices. They
collect and store management information and make it available to SNMP
managers.

Network Management System (NMS): The NMS is the central management

station responsible for monitoring and managing the managed devices. It
communicates with SNMP agents on managed devices to gather information and
issue commands.

SNMP operates through a set of standardized protocol operations.

Civil Aviation Training College, India Page 139

CHAPTER-09 PROTOCALS

Get: The NMS requests specific data from a managed device, such as device
configuration or performance metrics.

Get Response: This is the response sent by the SNMP agent to the SNMP
manager in response to a GET request.

Set: The NMS sends instructions to a managed device to modify its configuration
or settings.

Trap/Inform: The managed device sends unsolicited messages (traps or

informs) to the NMS to notify it of specific events or conditions, such as system
reboots, interface status changes, or critical errors.

Get Next: Similar to the Get operation, but retrieves the next available data
object in the MIB (Management Information Base), which is a hierarchical
database containing managed objects representing various aspects of the
device's configuration and status.

Civil Aviation Training College, India Page 140

CHAPTER-09 PROTOCALS
GetBulk: Retrieves a large amount of data from the MIB in a single operation,
reducing network overhead for large data requests.

Management Information Base (MIB): Management Information Base (MIB)

files are typically located on the device or system that is being managed. They
are not physically stored as separate files but rather represented within the
SNMP agent software running on the managed device. When an SNMP agent is
running on a device, it contains a database or repository of managed objects
organized in a hierarchical structure according to the MIB specifications.

The data available in a Management Information Base (MIB) can vary

depending on the specific MIB module being used, the device being managed,
and the configuration of the SNMP agent.

Here are some common types of data available in MIBs:

● System Information: Information about the managed device itself,

including its name, location, contact information, system description, and
uptime.

● Network Interfaces: Details about the network interfaces on the device,

such as their status, speed, traffic statistics (e.g., packets transmitted and
received), and configuration parameters.

● Hardware Components: Information about the hardware components of

the device, including CPU usage, memory utilization, disk space,
temperature, and fan status.

● Network Protocols: Parameters and statistics related to network protocols

running on the device, such as TCP/IP, UDP, ICMP, SNMP, and routing
protocols (e.g., OSPF, BGP).

● Performance Metrics: Metrics related to the performance of the device

and its components, including bandwidth utilization, packet loss, error
rates, and latency.

Civil Aviation Training College, India Page 141

CHAPTER-09 PROTOCALS

● Device Configuration: Configuration parameters and settings that can be

read or modified using SNMP, such as IP addresses, routing tables, VLAN
configurations, and security policies.

● Event Logs: Log entries and event notifications generated by the device,
including system events, error messages, security alerts, and
administrative actions.

● Software Modules: Information about installed software modules,

running processes, and software version numbers.

● Environmental Monitoring: Data related to the environmental conditions

surrounding the device, such as temperature, humidity, power supply
status, and physical sensor readings.

● Vendor-Specific Data: Vendor-specific extensions and proprietary

information, including device-specific parameters, custom configurations,
and manufacturer-specific features.

Versions: SNMP has evolved through different versions, including SNMPv1,

SNMPv2c, and SNMPv3. Each version offers improvements in security,
performance, and functionality. While SNMPv2c remains prevalent due to its
simplicity and backward compatibility,

SNMPv3 is increasingly being adopted, especially in environments where security

is a top priority. It introduces strong authentication, encryption, and access
control mechanisms to address the security shortcomings of earlier versions.
Although SNMPv3 provides enhanced security, its adoption has been slower due
to the complexity of configuration and the need for SNMP agents and
management systems to support the new security features.

Civil Aviation Training College, India Page 142

CHAPTER-09 PROTOCALS
9.5 DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)

The Dynamic Host Configuration Protocol (DHCP) is a network

management protocol used on IP networks to dynamically assign IP addresses
and other network configuration parameters like Subnet Mask, Default Gateway,
DNS Server Addresses, etc to devices. DHCP simplifies the process of network
configuration.
How DHCP works:
● DHCP service can be enabled on various devices within a network,
including servers, routers, and layer 3 switches (Some layer 3 switches
support DHCP server functionality).
● DHCP service shall be enabled in one or more devices mentioned above.
● When a device (referred to as a DHCP client) connects to a network, it
sends out a broadcast message called a DHCP discover message to
discover DHCP servers available on the network.
● DHCP servers on the network receive the DHCP discover message and
respond with a DHCP offer message. The offer includes an available IP
address from the DHCP server's pool of addresses and other configuration
parameters. If multiple DHCP servers are available, the client may receive
multiple offers to choose from.
● The DHCP client selects the offered IP addresses and sends a DHCP
request message to the DHCP server requesting the offered IP address and
configuration parameters.
● The DHCP server acknowledges the request by sending a DHCP
acknowledge (ACK) message to the client, confirming the lease of the IP
address and providing the configuration parameters.

Civil Aviation Training College, India Page 143

CHAPTER-09 PROTOCALS

● The DHCP client now has an IP address and other configuration settings
for a limited time period, known as the lease duration. During this time,
the client can use the assigned IP address and communicate on the
network.
● Before the lease expires, the DHCP client can request to renew its lease
with the DHCP server. If the lease is not renewed, the IP address is released
back to the DHCP server for reuse by other clients.
● DHCP servers maintain a pool of available IP addresses and manage
address allocation to clients, ensuring efficient utilization of available
addresses and preventing address conflicts. Administrators can configure
various settings on the DHCP server, such as the size of the address pool,
lease duration, and network configuration parameters to be provided to
clients.

9.6 DOMAIN NAME SYSTEM

DNS was designed with the primary function of resolving hostnames to IP

addresses. Without DNS on a network or even the internet, we will need to know
and remember all the IP addresses of each server and device we want to access.
DNS servers are devices that contain various records that are mapped with
an associated IP address for domain names. There are many publicly available
DNS servers on the internet.
● When a user inputs a domain name (e.g., "example.com") into a web
browser or any other application.

Civil Aviation Training College, India Page 144

CHAPTER-09 PROTOCALS
● The system first checks its local DNS cache (a temporary storage of recent
DNS lookups - operating systems, such as Windows, macOS, and Linux,
maintain a local DNS cache) to see if it has the IP address associated with
the domain name.
● If found, the IP address is used, and the process ends here.
● If the IP address is not found in the local cache, the operating system sends
a DNS query to a DNS resolver.
● The DNS resolver is typically provided by the internet service provider
(ISP), a network administrator, or a third-party DNS resolver service (like
Google DNS or OpenDNS).
● The resolver sends the IP address(es) back to the requesting application
or device.

Civil Aviation Training College, India Page 145

 CHAPTER – 10 ACCESS CONTROL LIST

Chapter-10
Access Control Lists (ACLs)

An Access Control List (ACL) in computer networking is a list of rules used to

filter network traffic. It's a set of rules that determines whether a particular
packet is allowed to reach its destination or not based on various criteria such
as source IP address, destination IP address, protocol, port numbers, etc. ACLs
are commonly used in routers, firewalls, and other networking devices to control
traffic flow and enforce security policies. ACLs are configured and applied to
interfaces on networking devices to control the flow of traffic entering or leaving
a network. They can be used for various purposes such as restricting access to
certain network resources, enforcing security policies, or optimizing network
performance.

There are two main types of ACLs:

Standard ACL: This type of ACL filters traffic based only on the source IP
address. Standard ACLs are simpler but less flexible compared to extended
ACLs. They are typically used for basic access control requirements. They are
typically applied closer to the destination to minimize the impact of filtering
decisions on other traffic. Standard ACLs are identified by a numeric range (1-
99 and 1300-1999) in Cisco routers.

Example of Standard ACL:

Civil Aviation Training College, India Page 146

 CHAPTER – 10 ACCESS CONTROL LIST

permit 192.168.1.0 0.0.0.255

permit 10.10.10.0 0.0.0.255

deny any

Extended ACL: This type of ACL allows filtering based on multiple criteria.
Extended ACLs provide greater precision and control in filtering network traffic
than standard ACLs.

Criteria commonly used in extended ACLs:

● Source IP address or range of IP addresses

● Destination IP address or range of IP addresses
● Protocol used by the traffic, such as TCP, UDP, ICMP, or IP
● Source port number or range of port numbers
● Destination port number or range of port numbers
● TCP flags (such as SYN, ACK, FIN, RST)
● ICMP traffic based on specific ICMP message types and codes
● Time-Based ACLs: You can configure ACLs to be active only during specific
times or days

Example of Standard ACL:

permit tcp 192.168.1.0 0.0.0.255 any eq 80

deny tcp 10.10.10.0 0.0.0.255 any eq 23

Access control lists (ACLs) on interfaces can typically be applied in two main
ways:

Inbound ACLs: Inbound ACLs are applied to incoming traffic on an interface.

They are configured to filter traffic as it enters the device from the network.
Inbound ACLs are commonly used for security purposes, such as blocking
unwanted traffic or restricting access to specific resources.

Civil Aviation Training College, India Page 147

 CHAPTER – 10 ACCESS CONTROL LIST

Outbound ACLs: Outbound ACLs are applied to outgoing traffic on an interface.

They are configured to filter traffic as it leaves the device and heads towards the
network. Outbound ACLs are often used to control the types of traffic allowed to
exit the network or to enforce traffic shaping policies.

These two methods of applying ACLs provide network administrators with

flexibility in controlling traffic flow and enforcing security policies within their
networks.

Access control lists (ACLs) in networking can be identified and referenced using
both numbers and names.

Numbered Access Lists:

● Numbered ACLs are identified by a numeric range.

● Standard numbered access lists range from 1 to 99 and 1300 to 1999.
● Extended numbered access lists range from 100 to 199 and 2000 to 2699
in Cisco routers.
● Each entry in a numbered access list is assigned a sequence number.

Named Access Lists:

● Named ACLs are identified by a user-defined name.

● They offer more flexibility and readability compared to numbered access
lists, as they can be given descriptive names.
● Named access lists can be standard or extended, providing the same
filtering capabilities as numbered ACLs.

Both numbered and named access lists serve the purpose of traffic
filtering, but named access lists provide better readability, ease of management,
and flexibility in configuration, especially in larger network deployments where
clarity and organization are essential.

Civil Aviation Training College, India Page 148

 CHAPTER – 10 ACCESS CONTROL LIST

Wildcard masks are used in access control lists (ACLs) to specify which bits
in an IP address should be matched or ignored when filtering traffic. In the
context of ACLs, wildcard masks are the inverse of subnet masks. They help
define which portions of the IP address should be compared against the address
specified in the ACL entry. Where the wildcard mask has a '0' bit, the
corresponding bit in the IP address must match exactly. Where the wildcard
mask has a '1' bit, the corresponding bit in the IP address is ignored.

Wildcard masks are usually set up to do one of four things:

1. Match a specific host.

Example: The ACL entry “permit ip 192.168.1.1 0.0.0.0” permits all IP

traffic from the specific source IP address 192.168.1.1.

2. Match an entire subnet.

Example: The ACL entry “deny ip 10.0.0.0 0.255.255.255” denies all IP

traffic originating from the IP address range 10.0.0.0 to 10.255.255.255
(Class A network of 10.0.0.0/8).

3. Match a specific range.

Example: The ACL entry “permit ip 192.168.1.0 0.0.0.63 any” permits all
IP traffic from the IP address range 192.168.1.0 to 192.168.1.63 to any
destination.

4. Match all addresses.

Example: The ACL entry “permit ip any any” / deny ip any any

For example, in the ACL entry “permit ip 192.168.1.0 0.0.0.255”, the wildcard
mask 0.0.0.255 indicates that the ACL will permit any IP address from the range
192.168.1.0 to 192.168.1.255.

Civil Aviation Training College, India Page 149

 CHAPTER – 10 ACCESS CONTROL LIST

In contrast, the ACL entry “deny tcp 10.0.0.0 0.255.255.255 any eq 23”, the
wildcard mask 0.255.255.255 indicates that the ACL will deny any TCP traffic
from the entire Class A network 10.0.0.0.

Example: Access-list:

192.56.56.65/30 unwanted host coming to your network,then we blocked there

network.

SUBNETMASK:255.255.255.252

WILDCARD MASK:0.0.0.3

192.56.56.64 ---------------------------NETWORK ID

192.56.56.65--------------------------FIRST VALID HOST

192.56.56.66--------------------------SECOND VALID HOST

192.56.56.67------------------------- BROADCAST ADDRESS

R1(config)#access-list 10 deny 192.56.56.64 0.0.0.3

Netid 192.56.56.64--------------- 11000000. 00111000. 00111000. 01000000

Wildcard 0.0.0.3-------------------- 00000000.00000000.00000000.00000011

Host IP 192.56.56.65--------------- 11000000. 00111000. 00111000. 01000001

Host IP 192.56.56.66---------------11000000.00111000.00111000.01000010

Valid host IP of Network192.56.56.68 is 192.56.56.69 & 192.56.56.70 is Permit

Host IP 192.56.56.69---------------11000000.00111000.00111000.01000101

Host IP 192.56.56.70---------------11000000.00111000.00111000.01000110

Civil Aviation Training College, India Page 150

 CHAPTER – 10 ACCESS CONTROL LIST

Rules for ACL –

● The standard Access-list is generally applied close to the destination (but

not always).
● The extended Access-list is generally applied close to the source (but not
always).
● Only one inbound and outbound ACL is permitted per interface.
● We can’t remove a rule from an Access-list if we are using a numbered
Access-list. If we try to remove a rule then the whole ACL will be removed.
● If we are using named access lists then we can delete a specific rule.
● Every new rule which is added to the access list will be placed at the
bottom of the access list therefore before implementing the access lists,
analyze the whole scenario carefully.
● As there is an implicit deny at the end of every access list, we should have
at least a permit statement in our Access-list otherwise all traffic will be
denied.
● Standard access lists and extended access lists cannot have the same
name.
● A single access control list (ACL) can indeed have multiple lines of rules.

Example - A named ACL “EXAMPLE_ACL”

access-list EXAMPLE_ACL extended permit tcp any host

192.168.1.100 eq www

access-list EXAMPLE_ACL extended permit tcp any host

192.168.1.100 eq ssh

access-list EXAMPLE_ACL extended permit icmp any host

192.168.1.100

access-list EXAMPLE_ACL extended deny ip any host 192.168.1.100

Civil Aviation Training College, India Page 151

 CHAPTER – 10 ACCESS CONTROL LIST

The first rule permits TCP traffic from any source to the host with IP
address 192.168.1.100 on port 80 (www).

The second rule permits TCP traffic from any source to the same host on
port 22 (SSH).

The third rule permits ICMP traffic (ping) from any source to the same
host.

The fourth rule denies all other IP traffic (not matching the previous rules)
destined for the host.

In the above example, If traffic does not match any of the rules explicitly
stated in the ACL, it is implicitly denied by default due to the implicit deny
rule that exists at the end of all ACLs.

The followings are the list of some security threats that you can mitigate
with ACLs:

● IP address spoofing, inbound

● IP address spoofing, outbound
● Denial of service (DoS) TCP SYN attacks, blocking external attacks
DoS TCP SYN attacks, using TCP Intercept
● DoS smurf attacks
● Filtering ICMP messages, inbound
● Filtering ICMP messages, outbound
● Filtering traceroute

Civil Aviation Training College, India Page 152

CHAPTER – 11 NAT (NETWROK ADDRESS TRANSLATION)

Chapter-11
NAT (Network Address Translation)

11.1 NAT (Network Address Translation)

NAT (Network Address Translation) is a process used in networking to

translate private IP addresses to public IP addresses, and vice versa. It enables
devices in a private network to communicate with devices on the public Internet.
In IPv4 networking, IP addresses are divided into private and public address
ranges. Private IP addresses are used within private networks and are not
routable on the public Internet. Public IP addresses are globally unique and
routable on the Internet. When a device from a private network initiates
communication with a device on the Internet, NAT translates the private IP
address of the sending device to a public IP address before sending the packets
out to the Internet. This allows the device to communicate with devices on the
Internet using a public IP address.

NAT generally operates on a border router or firewall. In the above network

diagram, When a packet traverses outside the inside local network, NAT in R1
converts that local (private) IP address to a global (public) IP address. When a
packet enters the local network, the global (public) IP address is converted to a
local (private) IP address. If NAT runs out of addresses, i.e., no address is left in
the pool configured then the packets will be dropped.
There are 3 ways to configure NAT:
Static NAT – In this, a single unregistered (Private) IP address is mapped with a
legally registered (Public) IP address i.e one-to-one mapping between local and
global addresses.

Civil Aviation Training College, India Page 153

CHAPTER – 11 NAT (NETWROK ADDRESS TRANSLATION)

This is generally used for Web hosting. These are not used in organizations.
Suppose, if there are 3000 devices that need access to the Internet, the
organization has to buy 3000 public addresses that will be very costly.
Dynamic NAT – In this type of NAT, an unregistered IP address is translated into
a registered (Public) IP address from a pool of public IP addresses. If the IP
address of the pool is not free, then the packet will be dropped. Suppose, if there
is a pool of 2 public IP addresses then only 2 private IP addresses can be
translated at a given time. If 3rd private IP address wants to access the Internet
then the packet will be dropped therefore many private IP addresses are mapped
to a pool of public IP addresses. NAT is used when the number of users who want
to access the Internet is fixed. This is also very costly as the organization has to
buy many public IP addresses to make a pool.
Port Address Translation (PAT) – This is also known as NAT overload. In this,
many local (private) IP addresses can be translated to a single registered IP
address. Port numbers are used to distinguish the traffic i.e., which traffic
belongs to which IP address. This is most frequently used as it is cost-effective
as thousands of users can be connected to the Internet by using only one real
global (public) IP address. The NAT device maintains a translation table that
maps each private IP address and port pair to a unique public IP address and
port pair. When an internal device sends a packet out to the internet, the NAT
device translates the source IP address and port of the packet to its own public
IP address and a unique port number from a pool of available ports. This process
is known as port mapping. The NAT device keeps track of the port mappings in
its translation table so that when responses come back from the internet, it
knows how to properly forward the packets back to the correct internal device
based on the destination IP address and port. Multiple internal devices can share
the same public IP address because each internal device is assigned a unique
port number for communication. As long as the combination of source IP address,
source port, destination IP address, and destination port is unique, the NAT
device can correctly route packets to the appropriate internal device.

Civil Aviation Training College, India Page 154

CHAPTER – 11 NAT (NETWROK ADDRESS TRANSLATION)

PAT offers several advantages:

1. PAT allows organizations to conserve public IP addresses by multiplexing
multiple internal devices behind a single public IP address.
2. PAT adds a layer of security by hiding the internal IP addresses and
structure of the network from external entities. This helps protect internal
devices from direct attacks and makes it more challenging for attackers to
identify and target specific devices.
3. PAT allows network administrators to implement port-level access control
policies. By controlling which ports are accessible from the outside,
administrators can enhance network security and minimize potential
vulnerabilities.

Civil Aviation Training College, India Page 155

 CHAPTER – 12 VIRTULA PRIVATE NETWORKS(VPNs)

Chapter-12
Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs): A virtual private network (VPN) is a technology

that creates a safe and encrypted connection over a less secure network, such as
the Internet. A Virtual Private Network is a way to extend a private network using
a public network such as the Internet. The name only suggests that it is a “Virtual
Private Network”, i.e. a user can be part of a local network sitting at a remote
location. It makes use of tunneling protocols to establish a secure connection.
There are primarily two types of VPNs based on the network architecture and the
parties involved:
a. A Site-to-Site VPN also known as router-to-router VPNs or gateway-to-
gateway VPNs is a type of VPN connection that establishes a secure and
encrypted communication tunnel between two or more geographically
separated networks. Site-to-site VPNs are commonly used to interconnect
branch offices, remote sites, or data centers, enabling secure
communication and data exchange between different locations over the
internet or another public network.

what happens in the above network:

➔ System A sends an IP packet with source 192.168.1.1 and
destination 192.168.2.2.
➔ R1 encrypts the IP packet, adds a VPN header and creates a new IP
header with its own public IP address (1.1.1.1) as the source and
2.2.2.2 as the destination.
➔ R1 sends the new packet to R2.

Civil Aviation Training College, India Page 156

 CHAPTER – 12 VIRTULA PRIVATE NETWORKS(VPNs)

➔ R2 receives the packet, checks if the packet really came from R1,
decrypts it and forwards it to H2.
➔ System B receives the original IP packet.

b. The client-to-Site VPN is also called the Remote User VPN allowing
individual users or remote employees to securely connect to a corporate
network from remote locations. The user installs a VPN client on his/her
computer, laptop, smartphone or tablet. The VPN tunnel is established
between the user’s device and the remote network device. Here’s an
example:

In the picture above, the user has established a VPN tunnel between its
VPN client and R1. This allows the user to access a remote server.
There are a couple of VPN protocols, the most common ones are:
➔ Point-to-Point Tunneling Protocol (PPTP)
➔ Layer 2 Tunneling Protocol (L2TP)
➔ Internet Protocol Security (IPsec)
➔ Secure Socket Tunneling Protocol (SSTP)
➔ Open VPN
➔ Generic Routing Encapsulation (GRE) tunneling
Advantages of Virtual Private Networks (VPNs)
★ VPNs encrypt data transmitted between the user's device and the VPN
server, protecting it from interception and eavesdropping by unauthorized
parties.
★ VPNs provide users with a level of privacy and anonymity by masking their
IP address and encrypting their internet traffic.

Civil Aviation Training College, India Page 157

 CHAPTER – 12 VIRTULA PRIVATE NETWORKS(VPNs)

★ VPNs allow users to bypass geographical restrictions and access geo-

blocked content by connecting to VPN servers located in different countries.
★ VPNs enable remote users to securely access corporate networks and
resources from anywhere in the world.
★ VPNs add an extra layer of security to public Wi-Fi networks, such as those
found in airports, cafes, and hotels, thereby helping prevent unauthorized
access and protect users from Wi-Fi snooping and man-in-the-middle
attacks.
★ VPNs help organizations comply with regulatory requirements and industry
standards related to data privacy and security.

Civil Aviation Training College, India Page 158

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

CHAPTER-13
INTRODUCTION TO CYBER SECURITY

13.1 Introduction

Cybersecurity is the practice of protecting computers, networks, systems,

and data from digital attacks. With the increasing reliance on digital technologies
in nearly every aspect of our lives, the importance of cybersecurity cannot be
overstated. It encompasses various technologies, processes, and practices
designed to safeguard against unauthorized access, data breaches, and other
cyber threats. The rapid evolution of technology has brought about new
opportunities, but it has also introduced new vulnerabilities.
Cyber threats can originate from individual hackers, organized
cybercriminal groups, or even nation-states seeking to disrupt systems or steal
sensitive information.
Cybersecurity measures are essential for individuals, businesses,
governments, and organizations of all sizes.
Moreover, cybersecurity is not solely a technical issue; it also encompasses
human factors such as user awareness and education. Employees and users
must be educated about the importance of cybersecurity practices.

Civil Aviation Training College, India Page 159

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

Elements of Cybersecurity:-
Application Security: Application security refers to the measures and practices
implemented to protect software applications from threats and vulnerabilities.
Information Security: Information security, often abbreviated as InfoSec, is the
practice of protecting information by mitigating information risks. It involves
safeguarding the confidentiality, integrity, and availability of data.
Network Security: Network security refers to the practice of securing a computer
network infrastructure against unauthorized access, misuse, modification, or
denial of service.
Disaster Recovery Planning: Disaster Recovery Planning (DRP) in cybersecurity
involves the development of strategies, processes, and procedures to restore and
recover IT infrastructure, systems, and data after a cyberattack or any other form
of disaster. The goal is to minimize downtime, mitigate data loss, and ensure
business continuity in the face of unexpected events.
Operational Security: Operational Security (OPSEC) in cybersecurity
encompasses the strategies and actions aimed at safeguarding sensitive
information from unintended exposure or compromise.
It involves assessing potential adversary interests, anticipating their methods of
exploitation, and implementing countermeasures to mitigate such risks.

Civil Aviation Training College, India Page 160

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

End-user Security: End-user security in cybersecurity refers to the measures

and practices implemented to protect individual users, their devices, and their
data from various cyber threats.

13.2 CIA Triad

The CIA Triad is a foundational concept in cybersecurity that represents

the three core principles of information security:

Confidentiality in cybersecurity refers to the protection of sensitive information

from unauthorized access or disclosure. It ensures that only authorized
individuals or systems can access certain data or resources, and it prevents
unauthorized users or entities from viewing, copying, or using that information.
Integrity in cybersecurity,refers to the trustworthiness and accuracy of data or
resources. It ensures that information remains unaltered and reliable throughout
its lifecycle, from creation to storage and transmission.
Availability in cybersecurity, refers to the accessibility of information and
resources to authorized users when they need them.

13.3 Cyber security Regulating Bodies in India

These are the main regulating bodies that enforce cybersecurity regulations
and ensure compliance with laws and standards by all Indian organizations.

Civil Aviation Training College, India Page 161

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

1. Computer Emergency Response Team (CERT-In) : Made official in 2004, the

Computer Emergency Response Team (CERT In) is the national nodal agency for
collecting, analyzing, forecasting, and disseminating non-critical cyber security
incidents. In addition to cyber security incident reporting and notifying, the CERT
In cyber security directive helps with issuing guidelines for Indian organizations
guidelines as well, offering the best information security practices for managing
and preventing cyber security incidents. The Jurisdiction of Information
Technology Rules, 2013 is responsible for mandating all Indian data centers,
service providers, and their intermediates. All intermediaries are required to
report any cyber security incidents to CERT In.
CERT In acts as the primary task force that:
● Analyzes cyber threats, vulnerabilities, and warning information.
● Responds to cybersecurity incidents and data breaches.
● Coordinates suitable incident response to cyber-attacks and conducts
forensics for incident handling.
● Identify, define, and take suitable measures to mitigate cyber risks.
● Recommend best practices, guidelines, and precautions to organizations
for cyber incident management so that they can respond effectively.
CERT In roles and functions were later clarified in an additional amendment
under Information Technology the Indian Computer Emergency Response Team
and Manner of Performing Functions and Duties) Rules IT Rules, 2013.

2. National Critical Information Infrastructure Protection Center (NCIIPC): The

National Critical Information Infrastructure Protection Center NCIIPC was
established on January 16, 2014, by the Indian government, under Section 70A
of the IT Act, 2000 (amended 2008).
Based in New Delhi, the NCIIPC was appointed as the national nodal agency in
terms of Critical Information Infrastructure Protection. Additionally, the NCIIPC
is regarded as a unit of the National Technical Research Organization NTRO and
therefore comes under the Prime Minister's Office PMO.

Civil Aviation Training College, India Page 162

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

The Indian Parliament divides cyber security into two segments: “Non-Critical
Infrastructure NCI,” which CERT In is responsible for, and “Critical Information
Infrastructure CII ,” which NCIIPIC is responsible for. CII is defined by the Indian
Parliament as “facilities, systems or functions whose incapacity or destruction
would cause a debilitating impact on national security, governance, economy and
social well-being of a nation.”

NCIIPC is required to monitor and report national-level threats to critical

information infrastructure. The critical sectors include:

● Power and energy

● Banking, financial services, and insurance
● Telecommunication and information
● Transportation
● Government
● Strategic and public enterprises
NCIIPC successfully implemented several guidelines for policy guidance,
knowledge sharing, and cyber security awareness for organizations to conduct
preemptive measures of these important sectors, especially in power and energy.
The guidelines represent the first means for regulating such sectors and requiring
“mandatory compliance by all responsible entities.”

Additionally, the Indian government approved the Revamped Distribution Sector

Scheme in August 2021. The main goal of this regulation is to improve the
operations of DISCOMs (distribution companies) by enhancing the cyber
infrastructure with AI-based solutions. This will ultimately aid organizations and
companies in meeting the framework's goals.

3. Cyber Regulations Appellate Tribunal (CRAT): Under the IT Act, 2000, Section
62, the Central Government of India created the Cyber Regulations Appellate

Civil Aviation Training College, India Page 163

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

Tribunal CRAT as a chief governing body and authority for fact-finding, receiving
cyber evidence, and examining witnesses.
While CRAT doesn’t have as much jurisdiction for cyber security notification as
CERT In, the government also serves to respond to and act on related cyber
security incidents and breaches. According to the Civil Court and Code of Civil
Procedure, 1908, CRAT has the power to:
● Receive evidence on affidavits
● Ensure that all electronic and cyber evidence and records are presented for
court
● Enforce, summon, and issue regular commissions for examining witnesses,
documents, and people under oath
● Review final decisions of the court to resolve incidents and cases
● Approve, dismiss, or declare the defaulter's applications as ex-parte

4. Telecom regulatory Authority of India (TRAI) and Department of Telecom

(DoT): The Telecom Regulatory Authority of India, along with the DoT
(Department of Telecommunication), have tightened regulations for user data
privacy and how it’s used. TRAI is a regulatory body, and DoT is a separate
executive department of the Ministry of Communications in India. Although TRAI
has been granted more regulatory powers, both work together to govern and
regulate telephone operators and service providers. On June 16, 2018, TRAI
released recommendations for telecom providers on “Privacy, Security and
Ownership of the Data in the Telecom Sector.” In the newest guidelines, TRAI
addresses newer responsibilities governing consumer data because most digital
transactions in India are done via cell phones.
TRAI addresses data protection with the following objectives:
● Define and understand the scope of “Personal data, Ownership, and
Control of Data,” namely, the data of users of the telecom service providers.
● Understand and Identify the “Rights and Responsibilities of Data
Controllers”

Civil Aviation Training College, India Page 164

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

● Assess and identify the efficiency of how data is protected and which data
protection measures are currently in place in the telecommunications
sector
● Identify and address critical issues regarding data protection
● Collect and control user data of TISP (traffic information service providers)
services

13.4 VARIOUS CYBERSECURITY THREATS

Cybersecurity threats, and the landscape is constantly evolving as
cybercriminals develop new techniques and technologies. Organizations and
individuals must remain vigilant, implement security best practices, and stay
informed about emerging threats to mitigate risks effectively. Here's an
introduction to some common cybersecurity threats:

1. Malware
Malicious software like viruses, worms, trojans, ransomware. Can damage,
steal, or lock data.
2. Phishing
Fake emails or websites trick users into sharing sensitive info.Common way
to steal passwords or banking details.
3. Ransomware
Locks or encrypts data and demands ransom to restore access.Often
spreads through email or infected files.
4. Denial of Service (DoS/DDoS) Attacks
Overloads a system or website, making it unavailable. DDoS uses multiple
systems for a stronger attack.
5. Man-in-the-Middle (MitM) Attacks
Attacker intercepts and alters communication between two parties.Can
steal data during login or transactions.
6. SQL Injection
Attackers insert malicious SQL code into a database query.Can be used to
access or destroy database contents.

Civil Aviation Training College, India Page 165

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

7. Zero-Day Exploits
Attacks on unknown or unpatched vulnerabilities.No fix available when the
attack happens.
8. Insider Threats
Security threats from employees or trusted users.Can be intentional or
accidental.
9. Spyware
Software that secretly monitors user activity.Can collect keystrokes,
passwords, or browsing habits.
10. Credential Theft
Stealing login credentials to gain unauthorized access.Often through
phishing or malware.

13.5 CYBERSECURITY THREAT PREVENTION

1. Use Strong Passwords
Create complex, unique passwords; enable multi-factor authentication
(MFA).
2. Install Antivirus & Anti-Malware
Protects against malicious software and scans for threats.
3. Regular Software Updates
Patch security vulnerabilities in operating systems and apps.
4. Firewall Configuration
Blocks unauthorized access to networks.
5. Data Backup
Regular backups help recover data after ransomware or other attacks.
6. User Awareness Training
Educate users to recognize phishing, scams, and suspicious activity.
7. Secure Network Access
Use VPNs and segment networks to limit access.
8. Email Filtering
Block spam and malicious attachments/links.

Civil Aviation Training College, India Page 166

 CHAPTER – 13 VIRTULA PRIVATE NETWORKS(VPNs)

9. Access Control
Give users only the permissions they need.
10. Monitor and Audit Systems
Continuously check for unusual or suspicious behavior.

Civil Aviation Training College, India Page 167

 ATSEP CBTA
NON-PLI
DATA
COMMUNICATION
NETWORKING AND OS
LINUX

Contents

 INTRODUCTION TO DATA COMMUNICATION

 INTRODUCTION TO TCP/IP
 CLASSIFICATION OF NETWORK &NETWORK DEVICES
 LOOP AVOIDANCE IN LAN
 IP ADDRESSING & SUBNETTING
 IP ROUTING
 VLAN
 IP MULTICAST
 PROTOCOL
 ACCESS CONTROL LISTS (ACLS)
 NAT (NETWORK ADDRESS TRANSLATION)
 VIRTUAL PRIVATE NETWORKS (VPNS)
 INTRODUCTION TO CYBER SECURITY

AAI/ANS/CNS/CATC/2024/NON-PLI
सी.ए.टी.सी., प्रयागराज TRNG/DATA COMMUNICATION
NETWORKING/ OS LINUX/MOD
1/Ver.1.0
C.A.T.C., PRAYAGRAJ