PPP Principle

Components of PPP :

→ Datagram encapsulation method : define the method of encapsulating multi-protocol datagram

→ Link Control Protocol : define method of establishing, configuring, and testing data link conn.

→ Network Control Protocol : define a set of protocol for establishing connection and negotiating parameters for different network-layer protocols.

* | Protocol (2B) | Information | Padding (optional) |

\____________/

Max receive unit (MRU) [default: 1500 bytes]

0x0021 : IP datagram + padding (optional)

0xc021 : LCP + padding (optional)

0x8021 : IP control protocol (IPCP) + padding (optional)

| Flag | Address | Control | PPP frame | FCS | Flag |

01111110 11111111 00000011 * 16bits 01111110

\____HDLC standard___________/ \___follow HDLC standard__/

Messages Used by LCP Negotiation

→ Configure-Request : the beginning of link-layer parameter negotiation of the two ends

→ Configure-Ack : if the values of negotiated parameters are acceptable

→ Configure-Nak : if the values of negotiated parameters are not acceptable

→ Configure-Reject : if the values of negotiated parameters can not be identified

→ Terminate-Request : asks to close connection. 2 * 3 s. if not receive TA, forced close connection

→ Terminate-Ack : acknowledge terminate request from the peer.

→ Echo-Request : checks the status of link [on VRP every 10 s]

→ Echo-Reply : telling to the peer that the link is normal.

[Success] LCP negotiation : RTA sends CR to RTB. RTB sends CA. If CA is not received 10 * 3 s CR.

[Unsuccessful] : RTA sends CR. RTB sends CN. RTA re-sends modified CR. max 5 CR

[Unidentified] : RTA sends CR. RTB can not identify so returns CJ. RTA re-sends deleted CR params.

<photo>

Principle of PAP Authentication Mode → 2 way

RTA [Authenticator] –––––––––––––––– RTB [Authenticated]

RTB – Authenticate-Request (user name + password) → Authenticator.

RTA – Authenticate-Ack/Authenticate-Nak → RTB.

Principle of CHAP Authentication Mode → 3 way

RTA [Authenticator] –––––––––––––––– RTB [Authenticated]

→ RTA send CHALLENGE. RTB encrypt MD5 { identifier+password+challenge }=16-byte digest. RTB sends RESPONSE packet (CHAP user name & digest) to authenticator. A Success/Failure?→ B

Network Control Protocol

NCP has same mechanism (CR,CA,CN,CJ) like LCP but it doesn't invoke LCP.

→ NCP static configuration

→ NCP dynamic configuration : CR (use 0.0.0.0 address) → CN with IP → CR → CA → CR₂ → CA

HDLC Protocol

High-level Data Link Control : bit based line protocol that run on synchronous serial link.

→ The protocol is independent of any set of characters

→ Packets can be transmitted transparently. The “0-bit insert method” for transparent transmission can be implemented based on hardware.

→ The full-duplex communication can be implemented. Data can be transmitted continuously without waiting. The data transmission on the link is highly efficient.

→ All the frames adopt CRC check. The frames are numbered. Thus no frame is lost or received repeatedly. The transmission reliability is high.

→ The transmission control is separated from processing, which makes HDLC flexible and controllable.

| Flag | Address | Control | Information | FCS | Flag |

01111110 01111110

Types of HDLC Frame

→ Information frame : transmit the valid information or data

→ Supervisory frame : control errors and traffic. First two bit of the control field: “10”. [48 bits]

→ Unnumbered frame : used to establish, delete, and control the link.

Frame Relay

Features:

→ Data is transmitted in the form of the frame. (the access rate is 64 Kbps – 2 Mbps)

→ Bandwidth multiplexing and dynamic bandwidth allocation

→ As a type of simplified X.25 WAN protocol, it completes statistical MUX, transparent transmission of frames and error detection in the data link layer, but doesn't provide retransmission function

→ It provides a set of bandwidth management (CIR) and congestion prevention mechanism

→ FR adopts the connection-oriented switching technology, and provides SVC and PVC service

FR Interface Types

→ DTE : Data Terminal Equipment

→ DCE : Data Circuit-terminating Equipment

→ NNI : Network-to-Network Interface

→ DLCI : Data Link Connection Identifier [FR Network] → [range: 16-1007, DLCI 0-1023 for LMI]

Virtual Circuit : → max 1024 VC

→ PVC (Permanent Virtual Circuit) : Once the link is established, it will always be valid.

→ SVC (Switched Virtual Circuit) : automatically allocated by protocol. → transmit burst data

LMI (Local Management Interface) → monitor PVC status. [ANSI: T1.617 Annex D, ITU-T: Q.933 Annex A, non-standard]

<photo_inverse_ARP>

<photo_horizontal_splitting_and_FR>

<photo_FR_sub-interface>

VLAN Technology Principle

Before VLAN:

→ Network Security is bad.

→ Network efficiency is low. (unnecessary packets → wasting bandwidth and CPU resources)

→ Service expanded capability is bad. (e.g. It can't forward Ethernet frame used for network management with higher priority.

VLAN Tag: +4-byte. (IEEE 802.1Q)

| DA | SA | +TAG | TYPE | DATA | FCS |

[6B] [6B] [4B] [2B] [64-1500B] [4B]

|– TPID (Tag Protocol Identified): fixed value 2-byte (802.1Q tag: 0x8100)

|– TCI (Tag Control Information): 2-byte. {

→ Priority: 3bits. [0-7] → to provide differential forwarding service.

→ CFI (Canonical Format Indicator): 1bit. [token ring/FDDI media access]

→ VLAN ID: 12bits. [0-4095] → it can control the forwarding of Ethernet frame

Implement VLAN in the following way :

→ Based on port: Port VLAN ID (PVID) / port default VLAN configured on every port. If an untagged frame is received, the VLAN ID will be PVID.

→ Based on MAC: mapping relation between MAC and VLAN ID. If an untagged frame is received, VLAN ID will be added according to the mapping relation table.

→ Based on protocol: mapping relation between protocol filed of the Ethernet frame and VLAN ID. If an untagged frame is received, VLAN ID will be added according to the mapping relation table.

→ Based on subnet: add VLAN ID according to IP address information in packet.

Priority order from high to low: subnet → protocol → MAC → port. Based on port is common method.

Ports of switch divided into three types:

→ Access : only permit VLAN ID to pass the port, the VLAN ID is the same with PVID of the port; if the frame received from peer device is untagged, the switch will add PVID to the frame by force; the frame sent by Access port is always untagged frame; the default port of switches are access, PVID is 1 by default. VLAN 1 is created by system and can not be deleted.

→ Trunk : VLAN ID can be the same with PVID and also can be different; if ( VLAN ID != exist in permitted list ) { discarded; else if { VLAN ID == PVID {sent to another device after removing away the tag (*PVID each port is unique); else if ( VLAN ID != PVID ) {forwarded without modification}}}

→ Hybrid : if (VLAN tag == none) {same function with access port; else if (not (!) configure untagged VLAN) {trunk;} }

[ e0/1]port link-type hybrid [ e0/2]port link-type hybrid [ e0/24]port link-type hybrid

[ ]port hybrid pvid vlan 2 [ ]port hybrid pvid vlan 3 [ ]port hybrid pvid vlan 99

[ ]port hybrid vlan 2 untagged [ ]port hybrid vlan 3 untagged [ ]port hyb vlan 2 to 3 untagg

[ ]port hybrid vlan 99 untagged [ ]port hybrid vlan 99 untagged

GVRP (GARP VLAN Registration Protocol) → create VLAN automatically

[]gvrp

[]int e0/1

[ ]port link-type trunk

[ ]port trunk permit vlan all

[ ]gvrp

STP Principle

The Problem of Looping

→ broadcast storm

→ MAC table flapping

Calculation Process of Spanning Tree → exchange information and parameters in BPDU

→ Select a bridge as the root bridge among all bridges (based-on bridge id: 2-byte bridge priority [0-65535, default: 32768] + 6-byte MAC address). Smallest id become root bridge

→ Calculate the shortest path from the current bridge to the root bridge

→ For every shared network segment, select the bridge nearest to the root bridge as the designated bridge, responsible for the data forwarding of this network segment

→ For every bridge, select a root port. Based on path cost outgoing port, smaller is better. On VRP, the cost of 100M port is 200. If the path cost is same, compare with identifier of upstream switches. If it's still not elected, the port whose upstream port has the smallest identifier is elected. Port identifier: 1-byte port priority [default: 128] + 1-byte port number.

→ Select the designated port besides the root port. Root path cost → bridge id → port id. On the root bridge, all ports are the designated ports of the connected network segments.

Switch port role :

→ root port : root port is the nearest port to the root switch, it is in forwarding state

→ designated port : it forwards data from network segment which connects to the root switch and data from switch to the network segment it connects to

→ alternate port : backup port, it will not forward any data to the network segment it connects to.

Port status description :

→ disabled : port will not forward data, learn MAC address and calculate spanning tree

→ listening : port will not forward data and learn MAC address, but it will calculation spanning tree, receive and send BPDU

→ blocking : port will not forward data and learn MAC address; it will receive and deal with BPDU but not send BPDU

→ learning : port will not forward data, but it will learn MAC address, calculate spanning tree, receive and send BPDU

→ forwarding : port will forward data, learn MAC address, calculate spanning tree, receive and send BPDU.

After enabled, a port switches to Listening state and begins to calculate the spanning tree. If the port is set to the alternate port, the port state changes to Blocking. If the port is set to the root port or designated port, change from Listening to Learning, wait forward delay, then Learning to Forwarding.  

WAN Protocol

WAN Protocol Laboratory Guide

IP unnumbered configuration of HDLC

[RT1]interface Loopback 0

[ ]ip address 10.1.1.1 32

[]interface Serial 0/0/0

[ ]link-protocol hdlc

[ ]ip address unnumbered interface Loopback 0

[]ip route-static 10.1.1.0 24 Serial 0/0/0

[RT2]interface Serial 0/0/0

[ ]link-protocol hdlc

[ ]ip address 10.1.1.2 24

[RT1]display ip interface brief

[]ping 10.1.1.2

* Note that Serial 0/0/0 on RT1 doesn't has an IP address.

Configure PPP Dynamic Negotiation

[RT1]interface Serial 0

[ ]link-protocol ppp

[ ]ip address ppp-negotiate

[RT2]interface Serial 0

[ ]link-protocol ppp

[ ]ip address 10.1.1.2 30

[ ]remote address 10.1.1.1

Verify by using display ip routing-table command.

Configure PPP Authentication

# PAP Authentication

[RT1]local-user huawei

[ ]password simple hello

[ ]service-type ppp

[]interface Serial 0/0/0

[ ]link-protocol ppp

[ ]ppp authentication-mode pap

[ ]ip address 10.1.1.1 30

[RT2]interface Serial 0/0/0

[ ]link-protocol ppp

[ ]ppp pap local-user huawei password simple hello

[ ]ip address 10.1.1.2 30

# CHAP Authentication

[RT1]local-user huawei

[ ]password cipher hello

[ ]service-type ppp

[]interface Serial 0/0/0

[ ]link-protocol ppp

[ ]ppp authentication chap

[ ]ip address 10.1.1.1 30

[RT2]interface Serial 0/0/0

[ ]link-protocol ppp

[ ]ppp chap user huawei

[ ]ppp chap password cipher hello

[ ]ip address 10.1.1.2 30

Frame Relay Configuration

The Problem of STP

The transform from blocking state to forwarding state it takes 2 times forwarding delay. → use RSTP

→ allocating two port roles alternate port and backup port for root port and designated root, for fast state changing. When the root port is invalid, the alternate port will become the new root port and switch to forwarding state without delay. When the designated port is invalid, the backup port will become the new designated port and switch to forwarding state without delay.

→ in the point to point link only connecting two switch ports, just after one way handshake to the downstream bridge, the designated port could change to forwarding state without time delay. If more than three bridges are connected by the shared lnk, the downstream bridge will not respond to the handshake request sent from upstream designated port; only after two times forward delay, it could change to forwarding state.

→ the port is defined as edge port if it is connected with terminal directly instead of other bridges. The edge port could enter forwarding state without any time delay. However, it should be configured manually since the bridge cannot know whether the port is directly connected with the terminal or not.

The second problem of STP : in the case of VLAN, STP makes the host in some VLAN lost communication. How to resolve it? → Multiple Spanning Tree Protocol (MSTP) → IEEE 802.1s

STP/RSTP is based on port, but MSTP based on instance. The instance is a collection of multiple VLANs. Through bounding multiple VLANs into a single instance, the communication cost and network resources could be saved. In MSTP, the topology calculation of every instance independent. The load balancing could be implemented in these instances. In use, multiple VLANs with the same topology could be mapped into the same instance.

Q/A :

How does STP calculate a tree without loop in the network?

→ STP elects a root bridge, and then elects a root port for each non-root switch and elects a designated port for each network segment. The ports that are neither the root port nor the designated port are set to be in blocking state.

How does STP solve temporary loop problem?

→ Before switching from non-Forwarding state to Forwarding state, a port needs to wait two times as long as the forward delay. This ensures that other switches have enough time to calculate the spanning tree.

Ethernet Port Technology

Auto-Negotiation → 10M Ethernet compatible with the 100M Ethernet. Full duplex ↔ Half duplex.

→ Priority (Precedence) : 100BaseTX full duplex → T4 → TX → 10BaseT full duplex → 10BaseT

→ [Quidway-Ethernet0/1] duplex { auto | full | half } \\ or undo duplex

→ [Quidway-Ethernet0/1] duplex { auto | 10 | 100 } \\ or undo speed

Flow Control → { half-duplex: backpressure, full-duplex: PAUSE frame (802.3x) }

Port Aggregation

Advantages :

→ Increase link bandwidth

→ Traffic load-balance

→ Improve reliability : the members in the same group backup for each other

Limitation for port aggregation between two peers :

→ Number of the aggregation ports [physical params]

→ Speed of the aggregation ports [ … ]

→ Duplex mode of the aggregation ports [ … ]

→ The basic configuration must be same [logical params]

→ STP : enable/disable, port link-type (PPP/not), pref level, route cost, speed limit for sending packets, loop protection, root protection, and edge port.

→ QoS : flow speed control, preference mark, default pref level of 802.1p, bandwidth guarantee, congestion prevention, flow redirection, and flow statistics.

→ VLAN : VLANs that are allowed to pass the port and default VLAN ID

→ Port : port link-type { trunk | hybrid | access }

Example:

<Picture 1>

Port Mirroring

→ Port-based : it copies the sending and receiving data traffic from multiple ports to one monitor port.

→ Flow-based : only applied to flows that meet requirements, which may include the same destination address, the same port number, and so on. Only one port can be configured on switches.

Example:

[SW1] E0/1 –––– E0/1 [SW2] E0/24 –––– PC

[SW1]interface Vlanif 1

[]ip address 10.1.1.1 30

[SW2]interface Vlanif 1

[]ip address 10.1.1.2 30

[]acl number 200

[ ]rule permit ingress interface e0/1

[]mirrored-to link-group 200 interface Ethernet 0/24

Shared Ethernet

CSMA/CD

→ Carrier Sense : The LAN device listens to the Ethernet network to sense the carrier signal on the network, ensures that line is idle to reduce the likelihood of collision.

→ Multiple Access : Any datagram can be received by multiple devices

→ Collision Detection : If there's a collision, the LAN device will wait a random amount of time to transmit again.

The Hub does not have a MAC address and it only forwards data without filtering them.

Disadvantage of Hub : serious collision, broadcast flooding, no security guarantee.

Structure of Ethernet Frame

| DMAC | SMAC | Length/Type | DATA/PAD | FCS |

[6] [6] [2] [46~1500] [4]

If Length/Type > 1500 → represent type of frame → can submit to protocol upper layer without going through the LLC sub-layer (Ethernet II)

If Length/Type <= 1500 → represent length of frame (Ethernet_SNAP / 802.3)

Structure of Ethernet II Frame

… | Length/Type | DATA/PAD | …

0x0800 IP datagram → 0x800 (in hex) is bigger than 1500 (in decimal)

0x0806 ARP request/response

0x8035 RARP request/response

Three Switch Modes

Cut-Through

→ Forward as soon as it receives destination MAC address

→ Low delay

→ No error check

Store-and-forward

→ Forward after it receives all the packets

→ Delay lies on frame length

→ Switch checks error, the error packet will be discarded

Fragment-free → inherit the advantages of cut-through and store-and-forward modes

→ Switch receives the first 64 bytes of the packet, then lookups the address table by header and forwards

→ Switch checks the first 64 bytes, if it finds error, the packet will be discarded

Weakness of L2 Switch : Broadcast flooding, No security guarantee

what is the working theory of the L2 switch?

→ learning based on the source MAC address and forwarding based on the destination MAC address

Ethernet Overview

(1973) IEEE 802.3 Ethernet standard (3 Mbps) → Xerox. (1980) become standard IEEE 802.3

(1995) IEEE 802.3u 100Base-T Fast Ethernet

(1999) IEEE 802.3z/ab 1000Mbps Gigabit Ethernet. 802.3z → fiber & copper. 802.3ab → twisted-pair

(2002) IEEE 802.3ae 10GE Ethernet (over fiber) {10GBaseX,10GBaseR,10GBaseW}

(2004) IEEE 802.3ak 10GBASE-CX4 (over copper twin-axial cable)

10Base5: thick coaxial cable (5 → 500 m)

10Base2: thin coaxial cable (2 → 200 m)

10BaseT: twisted-pair (UTP). Type3 → ANSI & EIA/TIA568 at 16MHz. Type4 → 20MHz. Type5 → 100MHz.

10BaseF: fiber (2 km)

100BaseTX: type5 2 pair UTP / STP (100 m)

100BaseT4: type3,4,5 4 pair (100 m)

100BaseFX: MMF (550-2000 m). SMF (> 2 km)

1000BaseCX: copper shielded twisted-pair (25 m)

1000BaseSX: shortwave laser 770-860 nm (MMF)

1000BaseLX: longwave laser 1270-1355 nm (MMF & SMF)

10GBase-SR/SW: MMF (2-300 m)

10GBase-LR/LW: MMF/SMF (2-10000 m)

10GBase-ER/EW: (2-40000 m)

10GBase-LX4: MMF (300 m) SMF (10000 m)

10GBase-CX4: coaxial copper cable (15 m)

10GBase-T: twisted-pair copper cable (100 m)

10GBaseX: 4 receiver-4 laser 1300 nm. Speed 3.125 Gbps data rate 2.5 Gbps

10GBaseR: serial interface 64B/66B. Data rate 10000 Gbps clock rate 10.3 Gbps

10GBaseW: interface WAN compatible with SONET OC-192, clock rate 9.953 Gbps, data rate 9.585 Gbps

Straight cable : WO-O-WG-B-WB-G-WBr-Br.

Crossover : WG-G-WO-B-WB-O-WBr-Br.

Medium Dependent Interface (MDI) → Routers & NIC. MDI_X → Hub.

Configure Router AR Series via console

<>system-view

[]interface Ethernet 0/0

# enable L3 function on interface (default: bridge mode)

[ ]port link-mode route

[ ]ip address 192.168.13.1 255.255.255.252

[ ]quit

# configure telnet login with password

[]user-interface vty 0 4

[ ]authentication-mode password

# here we use “huawei” as a password

[ ]set authentication password simple huawei

[ ]user privilege level 3

[ ]quit

[]telnet server enable

# configure telnet login with username and password

[]user-interface vty 0 4

[ ]authentication-mode scheme

# here we user “user1” as username and “test” as password

[ ]local-user user1

[ ]password cipher test

[ ]service-type telnet

[ ]level 3

[ ]quit

Let's do a test

[]telnet 192.168.13.1

Command view & User view

visit → monitoring → administration → manage

user view → system view → interface view

Configure FTP/TFTP

[]ftp server enable

[]local-user user2

[ ]password simple huawei

[ ]service-type ftp-directory flash:/ftp/user2

atau

[]ftp server enable

[]aaa

[ ]local-user user2 service type ftp

[ ]local-user user2 password simple huawei

[ ]local-user user2 ftp-dir flash:/ftp/user2