Threats to Internet Services

There are many necessary technical services required for operating an internet. The required services are routing, addressing, domain naming, and database management.  Without these services, the internet is not possible. These services of the internet are also primary targets for cybercriminals.

Cybercriminals use a different technique to capture data stream over a network. These techniques put in dangers all sensitive data, like username, password and credit card information. These techniques included botnets, DDoS, hacking, malware, pharming, phishing, ransomware, spam, DNS Spoofing, and Man-in-the-Middle. Criminals also used these techniques for monitoring and recording all information coming across a network. Following is the short explanation of the above technique.

Botnets

Botnets are largely undetected because it is a collection of software robots, or 'bots', that creates a group of infected computers known as “zombies” that are remotely controlled by the originator of the robots. You may be one of them and you may not even know it

Distributed denial-of-service (DDoS) 

A distributed denial-of-service attack or a DDoS attack is an attack when an infected user gets a network of zombie computers to sabotage a specific website or server. The attack occurs when the malicious user tells all the zombie computers to connect to a particular server or a website again and again. That increase the volume of traffic on that specific server or a website resulting overloading that slow the server and website for legitimate users, sometimes the website or server shuts down completely. By using a malicious user computer the attacker can take advantage of security vulnerabilities and weaknesses and could take control of your computer. The attacks are "distributed" because the attacker is using several computers to launch the denial-of-service attacks.

Hacking

Hacking is an expression used to explain actions taken by someone to gain unauthorized access to a computer. This is a process by which cybercriminals gain access to any computer connected to the internet.

Pharming

Pharming is a type of online fraud. It's meant to point the user to a malicious and illegitimate website by redirecting the legitimate URL. Even if the address is entered correctly, it can still be redirected to a fake website.

Phishing

Phishing is easy to execute and its required very little efforts therefore many cybercriminals use phishing. Criminals sent fake emails, text messages and created a website looking authentic. They use email, messages, and website to steal personal and financial information from users. This is also known as spoofing.

Ransomware

Ransomware restricts access to the users own computer and files. It is a type of malware that displays a message and demand payment to remove the restriction from computer and files. The email contains a malicious attachment and pop-up advertisement is the most common type of ransomware infection.

Spam

Spam is another common method of sending information out and collecting it from unsuspecting people. The spam distributes unsolicited messages, advertising or pornography to the addresses that are easily available on the Internet through like social sites, company websites and personal blogs.

Spoofing

This technique is often used in conjunction with phishing in an attempt to steal information.  Domain Name Service (DNS) translates an IP address into name and Domain name into IP address, such as www.networkustad.com, into its numerical IP address and vice versa. If a DNS server does not know the IP address of the required domain, it will request another DNS server. Using DNS spoofing, the cybercriminal introduces fake data into a DNS resolver’s cache. These attacks develop a weakness in the software of the DNS system that causes the DNS servers to forward traffic for a particular domain to the criminal’s computer, instead of the valid owner of the domain.

Man-in-the-Middle attack.

They also use irregular devices, for example, unsecured Wi-Fi devices and access points. If the criminal installs unsecured Wi-Fi near a public place, unsuspecting individuals may sign in to these devices and the packet sniffer copies their personal information.

Packets forgery or packet injection interferes with an established network communication by constructing packets become visible just they are the part of a communication. It allows a criminal to interrupt or catch real packets. With this process, a criminal can hijack an authorized connection or denies an authorized person able to use assured network services.  This is called a man-in-the-middle attack.

 

Common Threats to End Users

Innovators and visionaries are two types of experts in the cybersecurity. These experts build different cyber domains of the Internet. They have the capability to identify the power of data and bind it. They provide service for cybersecurity and build special organizations for these services. These organization also giving services to protect people from cyber attacks. These professionals must identify the threats and vulnerabilities because these are the main concern of cybersecurity professionals. There are two situations that are critical:

• When there is a threats possibility.


• When vulnerability makes a target at risk of an attack.

For example data in the unauthorized person can result in privacy loss for the owners and affect the credit of the owner and the career of the owner can be at risk. The Google, Facebook, school, hospital, financial and government agencies and e-commerce facing greatest risks for identity theft. The large organizations like Google have a resource to hire top cybersecurity professionals to protect their servers and data. Many organizations build databases containing personal information about the clients and peoples and they need cybersecurity professionals, so the demand for cybersecurity professional are increased nowadays. Cyber threats are unsafe for certain industries and the records they must maintain.

Types of Personal Records

The following are some examples of personal records that are come from few sources only.

Medical Records

Thieves can sell personal health information on the Internet black market. They can use personal medical credentials to obtain medical services and devices for themselves and others, or bill insurance companies for phantom services in your name.

The electronic health record (HER ) of patients includes physical health, mental health, and other personal information that may not be medically related. For example, the person goes to a checkup as a child because of major changes in the family. This will be somewhere in his medical history, so with medical history and personal information, the record may also include information about that person’s family. A number of laws shielding patient records.

Many medical devices use the cloud platform to enable wireless transfer, storage and display of clinical data like heart rates, blood pressures and blood sugars. These medical devices can produce, a huge amount of clinical data that can become part of a medical record.

Education Records

The Education records which include grades, test scores, attendance, courses taken, awards, degrees awarded, and disciplinary reports. With the education record, there may also include contact information, health and vaccination records, and special education records, including individualized education programs (IEPs).

Employment and Financial Records

Employment records also include personal information, salary, and insurance information. Financial records are very attractive data for cybercriminals. This record may include information about income, expenditures, and credit card data. Tax records could include paycheck stubs, credit card statements, credit rating and banking information. The cybercriminals can use their credit cards for purchasing or selling in the black-market.

Authentication Details

The information about access into online system is very valuable on the black-market. This the habit of a human using the same password for online accounts. So if someone manage to get hold of your Facebook password or email password then they will mainly to be able to login to any of your accounts.

Thwarting Cyber Criminals

Thwarting the cyber criminals is not an easy task. But, company, government, and organizations have started to get the parallel action to limit and discourage cyber criminals. The actions against cybercriminals are included:

• Creating early warning system sensors and alert system. The system is too much costly therefore it is impossible to monitor each network. The organizations only monitor high-value targets because these high-value targets are more chances to experience cyber attacks.


• Creating complete databases of identified system vulnerabilities and attack signatures. Organizations distribute these databases over the globe to assist and prepare for and keep away many common attacks.


• Establishing information security management standards for national and international organizations.


• Sharing of cyber intelligence information between the organization and nations. Government agencies and countries now work together to share critical information about serious attacks to prevent the similar attack in other places. Several countries have organized their cyber intelligence agencies to work together worldwide in warfare major cyber attacks.


• Making new laws to dispirit cyber attacks and data breaches. These laws have strict penalties to punish cyber criminals caught carrying out unlawful actions.

Following are the measures to thwart cybercriminals and a brief explanation of each.

Vulnerability Database

The National Common Vulnerabilities and Exposure (CVE) national database was developed to provide a publically available database of all known vulnerabilities. CVE is a list of entries each containing the identification number, description, and at least one public reference for publicly known cybersecurity vulnerabilities.

Early Warning System

Cyber early warning systems (CEWS) aim at alerting such attempts in their growing stages. Design and implementation of such systems involve numerous research challenges. The Honeynet Project is an international security research organization,  which investigate the latest attacks, developing open source security tools to improve Internet security and learning how hackers behave. It is in an example of an Early Warning System. The project provides a HoneyMap which display the real-time visualization of attacks.

Share Cyber Intelligence

Sharing of cyber information and intelligence to prevent hostile cyber attacks. The InfraGard is a partnership between the FBI and the private sector which is an example of the widespread sharing of cyber intelligence.

ISM Standards

The ISO/IEC 2700 standards are an example of information security management standards. It is also called ISO 2700 standards. The ISO/IEC 2700 standards help organizations keep information assets secure such as financial information, intellectual property, employee details or information entrusted to you by third parties. It is the best-known standard in the family providing requirements for an information security management system (ISMS).

New Laws

ISACA is a self-governing, nonprofit, global association that tracks laws related to cybersecurity. It is previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only. These laws address individual privacy for the protection of intellectual property. These laws include the Cybersecurity Act, the Data Breach Notification Act, Federal Exchange, and the Data Accountability and Trust Act.

Cyber Criminals

The typical cybercriminals in the cyber world in the early days were youngsters or hobbyists. Their attacks generally limited to pranks and vandalism. But at present, the cybercriminals become very dangerous. The attackers are individuals or groups. They try to make use of the vulnerabilities for there mission. These criminals are interested in the whole thing as of credit cards, product designs, and anything with some value. The type of cybercriminals are the following:

Amateurs

Amateurs are also called script kiddies. They have only some skills and want to be a hacker. They lack any serious technical expertise and usually use existing tools to initiate attacks. Some of these are just curious and others try to show their skills and cause damage. They are just using basic tools and usually be able to attack very weakly secured system, but the results can be very destructive.

Hackers

A term hacker is first used in the early days of the 1960s. It describes a programmer or somebody who can hack computer code. Usually work secretly and create tools for hacking. They often break into computers or networks to gain access for a variety of reasons. The goal of the break-in determines the categorization of these hackers as white, gray, or black hats. The figure below illustrates the type of hackers.

White Hat Hackers

These are ethical hackers and used their programming skills for good and legal process. They break into networks or computers with the permission of the owners to find weaknesses of these systems to improve security aspects. White hat hackers use their skills to discover network vulnerabilities and report to developers and owners for fixing these issues before the vulnerabilities can make damage.

Black Hat Hackers

The black hat attackers are individuals who take advantage of any vulnerability for illegal missions. Blackhat hackers are unethical hackers. These hackers compromise the network permission for their personal gain. They also attack a network for malicious.

Gray hat hackers

These hackers are between white and black hat attackers. The gray hat attackers may find the vulnerability and report it to the owners of the system to fix the problem and some gray hat hackers publish the facts about the vulnerability on the Internet so that other attackers can exploit it.

Organized Hackers

These are the organization of cybercriminals, which include hacktivists, terrorists and state-sponsored hackers. These criminals are generally groups of skilled criminals focused on control, power and wealth.

Hacktivists

The hacktivists working for making for political statements to create wakefulness to different issues to their rights. Hacktivists publish awkward information about their victims publicly.

State-sponsored

State-sponsored attackers collect intelligence or situate damage on behalf of their government. These attackers are very high and well trained. Their attacks focus on particular goals that are helpful to their government. These attackers are usually members of their countries armed forces.

VLANs Range and Creating VLANs

Different Cisco Catalyst switches support different numbers of VLANs. The number of supported VLANs is sufficient to accommodate the requirements of nearly all organizations. The Catalyst 2960 and 3560 Series switches support VLANs over 4,000. The Normal VLANs

range is numbered from 1 to 1,005 and extended-range VLANs are numbered from 1,006 to 4,094. The figure illustrates the normal range of VLANs on a Cisco switch. The Used of a normal range is used in small- and medium-sized business and enterprise networks.

Normal VLANs Range 

• The normal range VLAN ID is between 1 and 1005.


• IDs 1002 through 1005 are reserved for Token Ring and FDDI VLANs.


• IDs 1, 1002, 1003, 1004 and 1005 are automatically created and cannot be removed.


• The VLAN configurations are stored in a VLAN database file, called vlan.dat. The vlan.dat file is saved in the flash memory of the switch.


• The VTP (VLAN Trunking Protocols) helps to manage VLAN configurations between switches. The VTP can only learn and store normal range VLANs.

Extended VLANs Range

• The extended VLANs range enables service providers to extend their infrastructure to a greater number of customers.


• The VLAN ID is between 1006 and 4094.


• The extended range configuration is stored by default in running configurations file instead of the vlan.dat file.


• Support fewer VLAN features than normal range of VLANs.


• VTP not working with extended range VLANs.

Creating VLANs

For normal range VLAN configuring, the configuration is stored vlan.dat file, which is stored in flash memory on the switch.  Flash memory does not require the copy running-config startup-config or Write command. But, other details are usually configured on a Cisco at the same time when VLANs are created; it is best to save running configuration changes to the startup configuration. The figure below illustrates the Cisco IOS command syntax used to add a VLAN to a Cisco switch and give it a name. Naming each VLAN is considered a best practice in switch configuration.





The figure below illustrates the topology where VLAN 10 and 20 are configured on Switch1. We can check using the Syntax Checker show vlan brief command in user exec mode to display the contents of the vlan.dat file.



We can use a series of VLAN IDs which can be entered separated by commas and we can also use a range of VLAN IDs separated by hyphens using the vlan vlan-id command. For example, use the following command to create VLANs 10, 20, 30, 40, and VLANs 50-60.

switch1(config)# vlan 10, 20, 30, 40

switch1(config)# vlan 50-60

Tagging Ethernet Frames for VLAN Identification

The Layer 2 devices use Ethernet frame header information to forward packets without having routing tables. Usually, Ethernet frame header does not contain any information about VLAN, so, when Ethernet frames arrive in a trunk, information about its VLAN must be added. This method called tagging. The standard for VLAN tagging is IEEE 802.1Q. The 802.1Q header includes a 32-bits tag inserted inside the original Ethernet frame header, specifying the VLAN to which the frame belongs. When the switch receives an Ethernet frame on a port in access mode and assigned a VLAN, the switch inserts a VLAN tag into the received frame header, calculates the FCS again, and sends out the tagged frame to the trunk port. The figure below illustrates different fields of VLAN tag:

• Type– Type field is 16 bits field also called the tag protocol ID (TPID) value. For Ethernet, it is set to hexadecimal 0x8100.


• User priority– It has a 3-bit value that supports service implementation.


• Canonical Format Identifier (CFI)– This is a 1-bit identifier that enables Token Ring frames to be carried across Ethernet links.


• VLAN ID (VID)– It is 12-bit VLAN identification number that supports up to 4096 VLAN IDs.

Native VLANs and 802.1Q Tagging

Tagged Frames on the Native VLAN

Some devices that support trunking, insert a VLAN tag to native VLAN traffic. If a port configured on 802.1Q trunk receive a tagged frame with VID and the same as the native VLAN, it drops the frame. So when configuring a switch port on Cisco switch, configure devices that they send untagged frames on the native VLAN. Other vendor devices, routers, non-Cisco switches, and servers support tagged frames on the native VLANs.

Untagged Frames on the Native VLAN

When a trunk port receives untagged frames, it forwards these untagged frames to the native VLAN. If there are no devices associated with the native VLAN and also there are no other trunk ports, then the switch dropped the frame. During configuring an 802.1Q trunk port, a default Port VLAN ID is assigned the value of the native VLAN ID. All untagged traffic coming in and out the 802.1Q port is forwarded based on the PVID. For example, if VLAN 10 is configured as a native VLAN. The PVID is 10 and every untagged frame is forwarded to VLAN 10. If the native has not been configured, the PVID value for native VLAN is 1. Because the default native VLAN is 1.

Voice VLAN Tagging

To Support Voice over IP a separate voice VLAN is required. Port that connects Cisco IP phone can be configured to use two separate VLANs. One for voice and another for data traffic. The link between IP phone and switch work like trunk to carry both voice and data VLAN traffic. The Cisco IP Phone has three-port 10/100 switch. These ports give dedicated connections to these devices:

1. Port-1 – This port connects the IP phone to the switch or other VoIP devices.


2. Port-2 – This port is an internal 10/100 interface that carries the IP phone traffic.


3. Port-3 - This is an access port which connects to a PC or other device.

On the switch, the switch port is configured to send CDP packets that instruct an attached IP phone to send voice traffic to the switch in one of the following ways, depending on the type of traffic:

1. In a voice VLAN tagging with a Layer 2 class of service priority value.


2. In; an access VLAN tagging with a Layer 2 class of service priority value.


3. In an access VLAN, untagged without a Layer 2 class of service priority value.

Controlling Broadcast Domains with VLANs

Network without VLANs

In the default configuration, when a switch receives a broadcast frame on the ingress ports of the switch it forwards the frame out all ports excluding the port where the broadcast frame was received. Because the whole network is configured in the same subnet and no VLANs are configured therefore all ports are working in the same broadcast domain. As shown in the figure; when the host 1 sends out a broadcast frame, switch S2 receives the broadcast frame and sends that broadcast frame out all of its ports except ingress port. Ultimately the whole network receives the broadcast for the reason that the network is one broadcast domain.

Network with VLANs

Figure 2 illustrates the segmented network with VLANs; the network has been segmented using two VLAN, VLAN 10 and VLAN 20. The IT department is assigned VLAN 10 and the admin department has assigned VLAN 20. When a broadcast is sent from the IT department computer; Host-1, Host-2, and Host-5  to switch S2; the switch forwards that broadcast frame only to those switch ports configured to support VLAN 10 and Trunk port. Same as when computer from admin department sent a broadcast frame; the switch forwards the frame to port that is configured for VLAN-20 and trunk port.


The ports that connect both switches S1 and S2 are trunks and have been configured to support all the VLANs in the network. When S1 and S2 receive the broadcast frame on a port from VLAN-10. The switch forwards that broadcast frame out of the only other port configured to support VLAN 10; which is trunk port. When VLANs are configured on a switch, the transmission of unicast; multicast, and broadcast traffic from a host in a particular VLAN is limited to the devices that are in that VLAN. The VLAN create multiple broadcast domains in the switch so the broadcast can be controlled with creating multiple broadcast domains.



 

Types of VLANs

There are different types of VLANs used in networking. Some VLAN is defined by classes of traffic and some other are defined by the specific function that they serve. Each switch has a default VLAN.

Default VLAN

VLAN-1 is the default VLAN in Cisco switches. After initial boot up process, the switch loads the default configuration and all switch ports became a part of the default VLAN (VLAN-1). The switch port that is the part of the default VLAN work in the same broadcast domain.  The figure below illustrates the default VLAN of a Cisco switch, the show VLAN brief command was executed on a switch running the default configuration. You can see that all ports are assigned to VLAN 1 by default. There is no difference between the features and function of VLAN1 and other VLAN; excluding that it cannot be renamed or deleted. By default, all Layer 2 control traffic is associated with VLAN 1.

Data VLAN

A data VLAN is also referred to as a user VLAN. It is used to separate the network into different groups of users or devices. Data VLAN is used to forward user-generated traffic. It is also separate voice and management traffic from data traffic.

Native VLAN

A native VLAN is assigned to an 802.1Q trunk port that was created for backward compatibility with old devices that don’t support VLANs just like a hub. Frames belonging to the native VLAN are not tagged when sent out on the trunk links so older devices can simply understand these frames. Frames received untagged on the trunk links are set to the native VLAN. The trunk is the links between switches that maintain the transmission of traffic connected with more than one VLAN. An 802.1Q trunk port supports traffic coming from many VLANs (tagged traffic); with traffic that does not come from a VLAN. Tagged traffic is traffic that has a 4-byte tag inserted in the original Ethernet frame header; specifying the VLAN to which the frame belongs. The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1.

Management VLAN

The separate VLAN for management like monitoring, system logging, SNMP, and other sensitive management jobs is best practice in networking. It also ensures that bandwidth for management will also be available even when user traffic is high. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface of that VLAN is assigned an IP address and subnet mask, which management remotely via HTTP, Telnet, SSH, or SNMP. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN, VLAN 1 would be a bad choice for the management VLAN.

If your organization uses voice over IP (VoIP), a separate VLAN is needed. This will save bandwidth for other applications and ensure VoIP quality. The Voice Over  Internet Protocol (VoIP) traffic requires, assured bandwidth to ensure quality, transmission priority, ability to be routed around congested areas on the network and delay of less than 150ms across the network. To meet these requirements, the entire network has to be designed to support VoIP.

Router File System

Benefits of VLANs

VLANs make it simple to plan a network to maintain the goals of an organization. The most important benefits of  VLANs are as follows:

Security

Security in one of the primary benefits of VLANs. it makes possible that the hosts that have sensitive data are separated from the rest of the network. The separation decreases the possibility of confidential information breaches. The figure below illustrates that management, sells and IT section are totally separate from each other, so they can’t access each other’s files. 

Cost

VLANs reduce the cost of the network and make possible of more efficient use of existing hardware and bandwidth because segmenting a network into smaller VLAN is cheaper than creating a routed network with routers.

Better Network Performance 

Dividing flat Layer 2 networks into multiple broadcast domains reduces unnecessary traffic on the network and help increase network performance. VLANs manage traffic very efficiently so that your end users experience better performance. The administrator will have a smaller amount of latency problems on the network and more reliability for important applications.

Shrink Broadcast Domains 

Division of large network into smaller VLANs reduce devices in the broadcast domain. As shown in the figure above, total nine hosts working in this network but only three hosts are in broadcast domains.

Improved IT staff efficiency 

VLANs make network management very easy for IT staff because users with related network requirements share the same VLAN.

Simpler Project and Application Management 

VLANs combined users and network devices to support both business and geographic requirements.

Simplified Administration for the Network Manager

VLAN simplifies network management. Grouping of users into the virtual networks, make it easy to set up and control network policies at a group level.

Easy Troubleshooting

Network troubleshooting can be simpler and faster because of different user groups are segmented and isolated from one another. If the network administrator knows that complaints are only coming from a different subset of users, the network administrator will be able to quickly narrow down where to look to find the issue.

Virtual Local Area Network (VLANs)

One of the technologies that improve network performance is the separation of large broadcast domains into smaller ones. By design, routers block broadcast traffic. But, routers usually have a limited number of LAN interfaces. A router’s main role is to move data between different networks. The router does not provide network access to end devices. The access layer switches are responsible for connectivity to end devices. The VLAN on Layer 2 switches reduce the size of broadcast domains. VLANs are incorporated into network design making it easier for a network to support the goals of an organization. Mostly VLAN is used within switched LANs.

The VLAN create a logical broadcast domain that consists of different physical LAN segments. it improves network performance by separating large broadcast domains into smaller broadcast domains. If a device in one VLAN sends a broadcast data, all devices in that VLAN receive the data, but devices in other VLANs do not.

What is VLANs

Virtual Local Area Network provides segmentation within a switched network. It is a technique that group devices within a LAN. A group of devices within a VLAN communicate like they are connected to the same wire. VLANs are based on logical connections, in place of physical connections. it permits a network administrator to divide larger networks based on factors like function, project team, or application, without hold for the physical location of the user or device.

Devices inside a VLAN work like they are in their own independent network; though they share a common infrastructure with other VLANs. Any switch port can belong to any VLAN, and unicast; broadcast and multicast packets are forwarded and flooded only to end station within the VLANs. Every VLAN is work like a separate logical network; and data destined for stations, not in the VLAN must be forwarded through a router or device that supports routing. VLANs make possible the implementation of access and security policies to particular groupings of users. Each switch port can be assigned to only one VLAN except some cases. The figure below illustrates the layout of VLANs.

 

Cisco Borderless Networks

Collision Domains and Broadcast Domains

Collision Domains

In hub-based Ethernet segments, network devices contribute to getting the medium, because devices must take turns when transmitting. The segment of the network that shares the same bandwidth between devices is known as collision domains, in other words, a collision domain is the element of a network where collisions of packets can occur. A collision can occur when two or more devices send a packet at the same time on the shared segment.  When the packets collide, both devices must send the packets again, which reduces network efficiency. Usually, collisions occur in a hub environment, as each port on a hub is in the same collision domain. But each port on a bridge, switch and a router is in separate collision domains.

However, the switch can divide a network into segments and which reduce the number of devices that contribute to bandwidth.  Each port of the switch represents a new segment and each new segment is a new collision domain. Which provide more bandwidth to the devices on the segment, and one collision domain does not interfere with other collision domain. The figure below illustrates the collision and broadcast domain.

Broadcast Domains

A broadcast domain is a domain where the sending device sends a single copy of data and that copy of data will be delivered to every device in the network segment. A broadcast domain consists of devices that can reach each other at the data link layer by using broadcast. Each port on a hub and switch are by default in the same broadcast domain. broadcast domains. Although, switches filter frames based on MAC addresses, they do not filter broadcast frames. Switch forward must flood broadcast to all ports for other switches. If a collection of two or more switches forms as a single broadcast domain.

Network layer devices, such as a router, can feature to divide a Layer 2 broadcast domain, so each port of the router are used to segment both collision and broadcast domains. When the device sends layer 2 broadcast, the destination MAC address in the frame should be all F,s. A frame containing all F in the destination field is received by all devices in the broadcast domain.

When a switch in the network segment receives a broadcast frame, it floods the frame out to each of its ports, except the ingress port. All devices connected to the switch receive a copy of the broadcast frame and processes it. Broadcasts are an important part of the network, therefore we can’t avoid it. Broadcasts are used to initially locate other devices and network services. Many protocols like ARP and DHCP are dependent on Broadcast to function.

The broadcasts reduce the network efficiency because network bandwidth is used to propagate the broadcast traffic. A lot of broadcasts and a heavy traffic load on a network can cause in congestion: a slow-down in the network performance. When two or more switches are connected together, the broadcast domain is increased. The figure below illustrates the broadcast domains.

Data Frames Forwarding and Switching Method

With network growing, its facing slower network performance, Ethernet bridges were added to networks to limit the size of the collision domains. The advancement in integrated circuits permitted for LAN switches to replace the early bridges. The modern switches were able to move the layer 2 forwarding decision from software to application-specific-integrated-circuits (ASICs). The ASICs decrease the packet-handling time within the device and permit the device to handle an increased number of ports without degrading performance.  There are two methods of data switching and forwarding:-

• Store-and-forward method


• Cut-through Method

Store-and-Forward Switching

The store-and-forward method makes a forwarding decision when the complete frame received and then checked the frame for errors using a mathematical error-checking mechanism known as a cyclic redundancy check (CRC). if the CRC is valid, the switch looks up the destination address, which determines the outgoing interface. The frame is then forwarded out the correct port.

The Store-and-forward method has two primary characteristics that differentiate it from cut-through:

• Error checking


• Automatic buffering.

Error Checking

A switch using store-and-forward switching technique performs an error check on each incoming frame. When received the entire frame on the ingress port, as shown in the figure, the switch compares the frame-check-sequence (FCS) value in the last field of the datagram against its own FCS calculations. The FCS is the process that helps to make sure that the frame is free of physical and data-link layer errors. If the frame has no error, the switch forwards the frame to the destination; otherwise, the frame is dropped.

 

Automatic Buffering

With any difference in data speeds between the ingress and egress ports, the switch stores the whole frame in a buffer computes the FCS check; forwards it to the egress port buffer and then sends it. For example, when an incoming frame traveling into a Fast Ethernet port that must be sent out a Giga Ethernet interface would require using the store-and-forward method. The store-and-forward switching is the primary method for Cisco switches.

Cut-Through Switching

The Cut-Through Switching is another method of switching, as shown in Figure 2; this method starts the forwarding process when the destination MAC address of an incoming frame and the egress port has been determined. The advantage to this method is the ability to switch data earlier than store-and-forward method. The primary characteristics of cut-through switching are the following:

• Rapid Frame Switching


• Fragment Free

 

Rapid Frame Forwarding

A switch using the cut-through method make forwarding immediately when it has found the destination MAC address of the frame in its MAC address table. The switch doesn’t need to wait for the complete frame to receive like store-and-forward method.

A switch using the cut-through method can quickly decide because of ASICs and MAC controller. The cut-through method needs to check a larger portion of a frame’s headers for additional filtering purposes. For example, the switch can examine source MAC address; destination MAC, and the Ether Type fields which are total 14 bytes and also examine an additional 40 bytes in order to carry out more difficult functions Layers 3 and 4.

This method does not drop invalid frames. The frames with errors are forwarded next segments of the network. If there are too much invalid frames in the network, which produce a negative impact on bandwidth.

Fragment Free Switching

It is a modified form of a cut-through switching. In this form of switching the switch waits for the collision window (64 bytes) to pass before forwarding the frame. Each frame will be checked into the data field to make sure there is no fragmentation has occurred. This is provides enhanced error checking than cut-through; without any further latency and delay. The lower latency speed of cut-through switching makes it more suitable for high-performance computing (HPC) applications that need process-to-process latencies of 10 microseconds or less.

Switching Concept in Networking and Telecommunications

The switch frame forwarding is common in networking and telecommunication. Different types of switches are used in networking(LAN, WAN, and PSTN). The basic concept of switching decision is based on the following two criteria.

• Ingress port


• Destination address

The traffic forwarding decision is completed in relation to the traffic flow. The term ingress is used to explain where a frame enters to the device on a particular port. The term egress is used to describe the frames leaving the device from the particular port. When a switch makes a frame forwarding decision, it is based on the ingress port and the address of the destination host.  The networking switch maintains a MAC address table. The table is used to decide how to forward traffic through the switch. The figure below illustrates the switch MAC address table.

• If a data enters to switch port 1 and the message has a destination address of DB-CD-AC-3D-26-25, then the switch forwards the data out to port 7.


• If a data enters to switch port 6 and the message has a destination address of C3-A3-A2-35-A6-66, then the switch forwards the data out port 8.


• If a data enters switch port 2 and has a destination address of EE-01-A1-AF-00-01, then the switch forwards the data out port 1.

The network switch has only one intelligence, the ability to maintain MAC address and table make a decision to forward traffic based on the ingress port and the destination address of the message. Every switch has only one master table that describes an association between address and port. The Cisco switches forward Ethernet frames based on the destination MAC address of the frames.

The concept of Dynamically Populating a MAC Address Table

Network Switches use MAC address table to forward network traffic towards destination through the proper port. It is necessary for a switch to know which port to use to transmit data. The switch must first learn which devices exist on each port. When the switch learns the devices connected to each port, its prepare MAC address. The table also called content addressable memory (CAM) table. The CAM is a memory which is used in high-speed searching applications. The switches decide how to handle incoming data frames by maintaining the table of MAC addresses. The switch builds MAC address table by reading the MAC address of each device connected to the port of a switch and then uses MAC address table to send frames destined for a particular out the specific port which has been assigned to that device. The switch populates the table of the MAC address based on the source MAC addresses.

When a switch receives an incoming frame with a destination MAC address, if the destination MAC address not available in the table, the switch forwards the frame out of all ports except for the ingress port of the frame, this technique called flooding of data.  When destination device responds, the switch adds the source MAC address of the frame and the port where the just received to the MAC address table. Network, where multiple switches are interconnected, The MAC address table contains multiple addresses for a single port. The switch kept MAC address for a specific time, the aging time is five minutes for a single host entry. The steps below describe the process of the building MAC address table.   

The following steps describe the process of building the MAC address table:

• The switch receives a frame from Host 1 on Port 1, the MAC address table is empty (Figure 1).

• The switch examines the MAC address of the source (Host 1) and compares it to the MAC address table.


• If the address is not found in the MAC address table, it associates the MAC address of host 1 with port 1 (ingress port) in the MAC address table. (Figure 2)

• If the MAC address already exists in the table, it resets the aging timer for an entry.


• when the switch has recorded the source address information in the MAC table then switch examines the destination MAC address.


• If the destination address is not already recorded in the MAC table or if it’s a broadcast MAC address containing all Fs, the switch floods the data frame to all ports, except the ingress port (Figure 3).

• The destination Host (Host 4) will reply to the frame with a unicast frame addressed to Host 1 (Figure 4). The switch enters the source MAC address of Host 4 and the port number of the ingress port into the address table. The destination address (Host 1) of the frame and its associated egress ports found in the MAC address table.

• The switch now complete entries for host 1 and host 4 and they can now forward frames between these source and destination devices without flooding. 

Role of Switched Networks

A few years ago the flat Layer 2 switched networks were the standard. Flat Layer 2 data networks work on the basic principles of Ethernet and the common use of hub and repeaters to broadcast LAN traffic throughout a campus. As shown in Figure 1, networks have primarily changed to switched LANs in a hierarchical network. A switched LAN allows traffic management, additional flexibility, and extra features, such as:

• QoS


• Wireless network connectivity and support


• IP telephony and mobility services


• Additional security

Form Factors

Different types of switches are used in a business network. Considering common business requirement the appropriate switched equipment selection is a very important factor.  Selecting the type of switch the network administrator and designer must select a modular or fixed configuration and stackable or non-stackable. The physical installation is also an important consideration of the switch. The thickness of the switch decides where to install the switch. The switch can be installed in a rack or in a cabinet. These options are sometimes referred to as switch form factors, which I am going to explain below:-

Fixed Configuration Switches

Fixed Configuration switches are switches with a fixed number of ports and are normally not expandable. These switches do not support features or options further than those that originally came with the switch. The switch model determines the features and options available. Such as, if you have a 16-port gigabit fixed switch, you cannot add additional ports when you need them. This category is discussed in further detail below. Cisco Catalyst 2K, 3K, and the Cisco 300/500 series are good examples of Fixed Configuration switches. The Fixed configuration switch category is further broken down into:

• Unmanaged Switches


• Smart Switches


• Managed L2 and L3 Switches

Modular Configuration Switches

Modular switches are expendable switches comes with different sized chassis which allow a different number of modular line cards inside the chassis. The modular switches offer more flexibility in their configuration. If you have a 24 port modular switch you can easily expand the switch to 48 port.  

Stackable Configuration Switches

A stackable switch is a switch that is completely functional operating standalone but which can also be set up to operate jointly with one or more other switches in a group. This group of switches will show the characteristics of a single switch but have the port capacity of the sum of all switches. Stackable switches can be interconnected using a special cable that provides high-bandwidth throughput between the switches. The Cisco Stack Wise Technology allows the interconnection of nine switches in the group. These stacked switches effectively operate as a single larger switch.

Cisco Borderless Network

With the rising demands of the converged network, the recent developments in network design are the Cisco Borderless Network. The Cisco Borderless Network is a network design that allows organizations to support a borderless network that can connect any person, everywhere on any device very securely and consistently. This design address IT and business challenges.

The Cisco Borderless Network structure merge wired and wireless access, as well as access control, policy; and performance management of different device types. Using the Cisco Borderless Network architecture is built on a hierarchical infrastructure of hardware that is scalable and flexible, the Figure below illustrates the Cisco Borderless Network which provides two primary sets of services: network services and endpoint services; all services managed by an integrated management solution. This design enables different network elements to work mutually and also allow to access resources from any place at any time; as providing optimization, scalability as well as security.

Hierarchy in the Cisco Borderless Network

Availability, flexibility, security, and manageability is the primary requirement of the borderless switched network. The borderless switched network should deliver current and future requirement. The basic principles of the Borderless switched network are the following:

• hierarchical network Design


• Modularity


• Resiliency


• Flexibility

Understanding the principle to fits in the different situation is very important. The hierarchical borderless 

switched network is providing a base for the network designer to cover security, mobility, and unified communication features. Cisco designs three-tier and two-tier hierarchical network for a campus. The figure below illustrates the Cisco hierarchical network design. The three-tier of this design are the access, distribution, and core layers.  Every layer of this design can be seen as a clear structured module with particular roles and functions in the campus network.

The campus hierarchical network design which containing modularity provide critical network services with resilient and flexible.  The modularity also provide assistance for increase and change that occurs over time

Access, Distribution, and Core Layers

Access Layer

The access layer is the place where traffic enters or exits the campus network. It is the edge of the campus network. Usually, the main function of an access layer is to provide network connectivity and access to end users.  The switches of the access layer connect to switches of the distribution layer. The switches in the distribution layer apply network foundation technologies such as routing, QoS, and security.

To meet user requirement and network application, the next-generation switching platforms currently present extra converged integrated; and quick services to different types of endpoints at the edge of the network. Creating intelligence into the switches of an access layer allows applications to function on the network more capable and securely.

 Distribution Layer

The distribution layer provides connectivity between access layer and core layer with many important functions. This layer provides intelligent switching and routing. The distribution layer provides network access policy functions to access the whole network as long as differentiated services to different classes of service applications at the edge of the network. This layer providing high ease of use throughout redundant distribution layer switches to the end-user and equal cost paths to the core layer. The distribution layer also aggregate large-scale wiring closet networks and aggregate Layer 2 broadcast domains and Layer 3 routing boundaries

Core Layer

This layer is the backbone of the Cisco borderless network. The core layer connects a number of layers of the campus network and work as the aggregator for all of the other campus blocks and interconnects the campus with each other inside the network. The core layer main function is to provide speedy fault isolation and high-speed backbone connectivity.

Collapsed Core Network

Three-tier campus network usually planed for organizations where the access, distribution, and core, each are required as separate layers. This is required because of a basic, cost-effective, scalable, and efficient physical layout design for the large-scale network where many campuses exist. The best practice is to make an extended-star 

physical topology from the main campus to all other campuses.

The campus where fewer users accessing the network or single building campus usually not required a separate core and distribution layers. Network structure required in this situation is called a collapsed network or two-tier campus network.  In a collapsed network the role of the core switches moves to the distribution switches, merging the core- and distribution layer.

The figure below illustrates the collapsed campus network example for where the distribution and core layers are collapsed into a single layer.

Converged Network

The converged network is such a network that designed to handle voice, video, and data.  The network consists of Layer 3 devices and Layer 2 devices, such as routers and switches. The router should be in position of routing table to accurately and efficiently send data to remote destinations. The converged network must be developed with an architectural approach that embeds intelligence, simplifies operations, and is scalable for future demand.

Elements of a Converged Network

To support a business community networks converged solutions using voice systems, IP phones, voice gateways, video support, and video conferencing. Including data services, a converged network with teamwork support might include following features.

• Call Management - Call processing, caller Identification, call conference ,hold and transfer
• Voice Messaging
• Mobile Call Facility where required
• Automated attendant

All in one is the primary benefits of transitioning to the this type of network because there is just one physical network to install and manage all the above services. Separate network for all the above services is too costly. So, there are considerable savings over the installation and management of converged network for the above services. The converged network solution integrates IT management thus that any change and additions are completed with an keen management interface. This solution also provides computer soft phone application support and point-to-point video, thus that users can enjoy communications with the same ease of administration and use as a voice call.

The services convergence onto the network has resulted in an development in networks from a traditional data transport role to high speed data, voice, and video communication. This one physical converged network should be accurately planned and implement to allow the consistent handling of the various types of information that it must carry. A prearranged design is necessary to allow management of this difficult environment. The figure below illustrates the converged network, that one network and many types of data.

Common Show Commands - Cisco IOs

The Show commands display important information about the configuration and operation of the device in the Cisco IOs command Line Interface (CLI) mode. Network administrators use different show commands to examine device status; interfaces, process and configuration files to validate the device operational status. The status of almost all process and function of the router can be view and verify using show command. The important show commands of Cisco IOS are the following:-

• show version
• show running-config
• show arp
• show interfaces
• show protocols
• show ip protocols
• show ip route
• show ip interface brief
• show cdp neighbors

show version

The show version command on Cisco router displays hardware information. The command output gives insight into the routers capabilities. This command can be abbreviated sh ver. The output of show version command consist of following unique information:-

• IOS version
• Image filename
• System uptime
• Type of processor
• Amount of RAM
• Number of ports on the switch
• Amount of flash memory
• Current configuration register

The figure below illustrates the output of the show version command on the Cisco router.

Show running-config

This command is used to display the configuration information currently running on the terminal. We can also use this command in combination with the show startup-config command to compare the information in running memory to the information stored in NVRAM or in a place specified by the CONFIG_FILE. This command can be abbreviated sh ru

show arp

This command displays the ARP table of the router. The ARP table is the table which contains the resolved IPv4 address to MAC address mappings. If a host is can't ping? Make sure using the show arp command that you're getting an arp entry of the host that you want to ping. The command can be abbreviated sh ar .

show interfaces

The show interface command displays all type of interfaces with configuration and statistics. It is very important for the network administrator to know what interfaces are installed and configure in the router. This command provides a lot of information in the output. This command can be abbreviated as sh int.  The figure below illustrates the output of the show interface command.

show protocols

This command displays the status of configured layer three protocols on all interfaces of the Cisco routers. This command can be abbreviated as sh prot

show ip route

The show ip route command is used to show the routing table of the router. The routing table is the list of all networks that the router can communicate; their metrics and how to communicate with them. This command can be abbreviated with sh ip ro. The command also has parameters after route (ro) like sh ip ro rip for all RIP routes. The figure below illustrates the output of the show ip route command

show ip interface brief

The show ip interface brief is one of the most frequently used commands in the Cisco devices. This command provides abbreviated output than the show ip interface command. It provides an outline of the key information for all the network interfaces on a router. The figure below illustrates the output of this command.  The output displays all interfaces on the router; the IP address assigned interfaces, if any, and the operational status of the interface. The show ip interface brief command can also be used to verify the status of the switch interfaces.

Show CDP neighbors

This command display information about the Cisco devices that are connected to your current device. Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol and will only detect Cisco products. To show detailed information about neighboring devices discovered using CDP; use the show cdp neighbors command in privileged EXEC mode. The command can be abbreviated with sh cd ne.

Interpreting Trace Messages

The Trace is a diagnostic utility which displays the route from host to a destination using ICMP echo packets to the destination. it proceeds a list of hops as a packet is routed through a network. it uses varying TTL values as each router down the path is required to decrement the packet's TTL by at least 1 before forwarding the packet, the TTL is working just like a hop counter. When the TTL value reaches zero (0), the router sends an ICMP "Time Exceeded" message back to the source.
The trace command sends the 1^st  echo packet with a TTL of 1 and then increment the TTL by 1 on each successive transmission, until the destination address responds or until the maximum TTL is reached.

When performing the operation from a Windows computer, the command should be tracert, for example

C:\>tracert fschub.com

C:\>tracert < target IP address >

When performing the trace from a router, the command should be traceroute, for example

Router# traceroute fschub.com

Router# traceroute < target IP address >

Figure 1 shows example output of the tracert command entered on host 4 to trace the route to host 1. The only successful response was from the gateway on Router Peshawar and from router Karak. Trace requests to the next hop (Host 1) timed out, meaning that the next hop (Host 1) did not respond. The results indicate that there is either a failure in the internetwork beyond the LAN or that this host configured not to respond to echo requests used in the trace.

Figure 2 shows an example output of the tracert command on host 4 to host 2 and the trace is completed successfully.

Following is an important switch that uses trace command.

-d -  This switch with tracert command specifies to not determine addresses to hostnames

-h maximum_hops  -Specifies the maximum number of hops to search for the target

-j host-list - Specifies loose source route along the host-list (IPv4 only)

-w timeout -Waits the number of milliseconds specified by timeout for each reply

Network Baseline

Do you know your standard network throughput volume and most types of traffic used in your network? If you have no information about the above questions then you should required baseline your network. The network baseline is one of the most useful tools for monitoring and troubleshooting network performance. For the effective network, performance baseline is required over a period of time. Measuring performance at varying times and loads will help in creating a better image of overall network performance

How to baseline a network

To baseline a network, you need to monitor the network traffic for a long time, because a wider time presents a more realistic picture of a traffic pattern. The use of a network baseline is listed below:

• Evaluate network management policies agreement.
• Understand network pattern and traffic trends.
• Speed up troubleshooting network problems.
• Understand network resources allocation.
• Provide network up-gradation history statistics.
• Provide data for decision making to network and security management.

To baseline a network, network administrators need software Colasoft nChronos and Capsa to baseline their networks. Both software is used to listen to packet data of a wire and generate all kinds of a report on the network.

Another method for starting a baseline is to copy, paste and save the results from an executed ping, trace and other related commands into a text file with time and date. These text files can be used to compare with other results, error messages and the response times from host to host. If there is a huge increase in response times, there may be a latency issue to address. The figures below illustrates the result of the ping command for the same IP address with different timings and the comparison of both. 

The output resulting from network commands can contribute data to the network baseline. Commercial networks should have widespread baselines. Professional-grade software tools are available for storing and maintaining baseline information.