A protocol is a set of rules that determines how computers communicate with each other across networks.

A protocol describes the following:

• The required format of a message
• The way that computers must exchange messages for specific activities

A routed protocol allows the router to forward data between nodes on different networks.

A routable protocol must provide the ability to assign a network number and a host number to each device.

Some protocols, such as IPX, require only a network number. These protocols use the MAC address of the host for the host number.

Other protocols, such as IP, require an address with a network portion and a host portion. These protocols also require a network mask to differentiate the two numbers.

IP is the most widely used implementation of a hierarchical network-addressing scheme.

IP is a connectionless, unreliable, best-effort delivery protocol.

The term connectionless means that no dedicated circuit connection is established prior to transmission.

IP determines the most efficient route for data based on the routing protocol.

The terms unreliable and best-effort do not imply that the system is unreliable and does not work well. They indicate that IP does not verify that data sent on the network reaches its destination. If required, verification is handled by upper layer protocols.

At the network layer, the data is encapsulated into packets. These packets are also known as datagrams.

IP determines the contents of the IP packet header, which includes address information. However, it is not concerned with the actual data.

As a packet travels through an internetwork to its final destination, the Layer 2 frame headers and trailers are removed and replaced at every Layer 3 device. This is because Layer 2 data units, or frames, are for local addressing. Layer 3 data units, or packets, are for end-to-end addressing.

Regardless of the type of Layer 2 addressing used, frames are designed to operate within a Layer 2 broadcast domain. When the data is sent to a Layer 3 device the Layer 2 information changes.

As a frame is received at a router interface, the destination MAC address is extracted.

The address is checked to see if the frame is directly addressed to the router interface, or if it is a broadcast. In either situation, the frame is accepted. Otherwise, the frame is discarded since it is destined for another device on the collision domain.

The CRC information is extracted from the frame trailer of an accepted frame. The CRC is calculated to verify that the frame data is without error.

If the check fails, the frame is discarded. If the check is valid, the frame header and trailer are removed and the packet is passed up to Layer 3.

The packet is then checked to see if it is actually destined for the router, or if it is to be routed to another device in the internetwork.

If the destination IP address matches one of the router ports, the Layer 3 header is removed and the data is passed up to the Layer 4.

If the packet is to be routed, the destination IP address will be compared to the routing table.

If a match is found or there is a default route, the packet will be sent to the interface specified in the matched routing table statement.

When the packet is switched to the outgoing interface, a new CRC value is added as a frame trailer, and the proper frame header is added to the packet.

The frame is then transmitted to the next broadcast domain on its trip to the final destination.

These two services provide the actual end-to-end delivery of data in an internetwork.

Most network services use a connectionless delivery system. Different packets may take different paths to get through the network. The packets are reassembled after they arrive at the destination.

In a connectionless system, the destination is not contacted before a packet is sent.

In connection-oriented systems, a connection is established between the sender and the recipient before any data is transferred. 

Connectionless network processes are often referred to as packet-switched processes. As the packets pass from source to destination, packets can switch to different paths, and possibly arrive out of order.

Connection-oriented network processes are often referred to as circuit-switched processes. A connection with the recipient is first established, and then data transfer begins. All packets travel sequentially across the same physical or virtual circuit.

The Internet is a connectionless network in which the majority of packet deliveries are handled by IP. TCP adds Layer 4, connection-oriented reliability services to IP.

IP packets consist of the data from upper layers plus an IP header.

The information contained in the IP header:

• Version – Specifies the format of the IP packet header. The 4-bit version field contains the number 4 if it is an IPv4 packet and 6 if it is an IPv6 packet. However, this field is not used to distinguish between IPv4 and IPv6 packets. The protocol type field present in the Layer 2 envelope is used for that.
• IP header length (HLEN) – Indicates the datagram header length in 32-bit words. This is the total length of all header information and includes the two variable-length header fields.
• Type of service (ToS) – 8 bits that specify the level of importance that has been assigned by a particular upper-layer protocol.
• Total length – 16 bits that specify the length of the entire packet in bytes. This includes the data and header. To get the length of the data payload subtract the HLEN from the total length.
• Identification – 16 bits that identify the current datagram. This is the sequence number.
• Flags – A 3-bit field in which the two low-order bits control fragmentation. One bit specifies if the packet can be fragmented and the other indicates if the packet is the last fragment in a series of fragmented packets.
• Fragment offset – 13 bits that are used to help piece together datagram fragments. This field allows the previous field to end on a 16-bit boundary.
• Time to Live (TTL) – A field that specifies the number of hops a packet may travel. This number is decreased by one as the packet travels through a router. When the counter reaches zero the packet is discarded. This prevents packets from looping endlessly.
• Protocol – 8 bits that indicate which upper-layer protocol such as TCP or UDP receives incoming packets after the IP processes have been completed.
• Header checksum – 16 bits that help ensure IP header integrity.
• Source address – 32 bits that specify the IP address of the node from which the packet was sent.
• Destination address – 32 bits that specify the IP address of the node to which the data is sent.
• Options – Allows IP to support various options such as security. The length of this field varies.
• Padding – Extra zeros are added to this field to ensure that the IP header is always a multiple of 32 bits.
• Data – Contains upper-layer information and has a variable length of up to 64 bits.

While the IP source and destination addresses are important, the other header fields have made IP very flexible.

The information for routing the message is also contained in IP headers.

Routing is an OSI Layer 3 function.

Routing finds the most efficient path from one device to another.

The primary device that performs the routing process is the router.

The following are the two key functions of a router:

• Routers must maintain routing tables and make sure other routers know of changes in the network topology.
• When packets arrive at an interface, the router must use the routing table to determine where to send them.

Routing metrics are values that are used to determine the advantage of one route over another. 

Routing protocols use various combinations of metrics to determine the best path for data.

The most common routable protocol is IP. Other examples of routable protocols include IPX/SPX and AppleTalk. These protocols provide Layer 3 support. Non-routable protocols do not provide Layer 3 support.

The most common non-routable protocol is NetBEUI. NetBEUI is a small, fast, and efficient protocol that is limited to frame delivery within one segment.

The primary difference is that switches operate at Layer 2 of the OSI model and routers operate at Layer 3.

Each computer and router interface maintains an ARP table for Layer 2 communication. Each ARP table entry contains an IP-MAC address pair.

The Layer 2 switch builds its forwarding table using MAC addresses.

When a host has data for a non-local IP address, it sends the frame to the closest router. This router is also known as its default gateway. The host uses the MAC address of the router as the destination MAC address.

A switch interconnects segments that belong to the same logical network or subnetwork.

For non-local hosts, the switch forwards the frame to the router based on the destination MAC address. The router examines the Layer 3 destination address of the packet to make the forwarding decision. Host X knows the IP address of the router because the IP configuration of the host contains the IP address of the default gateway.

The router keeps a table of IP addresses known as a routing table.

MAC addresses are not logically organized. IP addresses are organized in a hierarchy.

A switch can handle a limited number of unorganized MAC addresses since it only has to search its table for addresses within its segment.

Routers require an organized address system that can group similar addresses together and treat them as a single network unit until the data reaches the destination segment.

If IP addresses were not organized, the Internet would not work. This could be compared to a library that contained millions of individual pages.

Another difference between switched and routed networks is switched networks do not block broadcasts.

Routers block LAN broadcasts, so a broadcast storm only affects the broadcast domain from which it originated.

Routed or routable protocols are used to transfer data from one host to another across a router.

Routing protocols allow routers to choose the best path for data from a source to a destination.

Some functions of a routed protocol are as follows:

• Includes any network protocol suite that provides enough information in its network layer address to allow a router to forward it to the next device and ultimately to its destination
• Defines the format and use of the fields within a packet

The Internet Protocol (IP) and Novell Internetwork Packet Exchange (IPX) are examples of routed protocols. Other examples include DECnet, AppleTalk, Banyan VINES, and Xerox Network Systems (XNS).

Routing:

Routers use routing protocols to exchange routing tables and share routing information. In other words, routing protocols enable routers to route routed protocols.

Some functions of a routing protocol are as follows:

• Provides processes used to share route information
• Allows routers to communicate with other routers to update and maintain the routing tables

Examples of routing protocols that support the IP routed protocol include RIP, IGRP, OSPF, BGP, and EIGRP.

Path determination occurs at the network layer.

A router uses path determination to compare a destination address to the available routes in its routing table and select the best path.

The routers learn of these available routes through static routing or dynamic routing.

Routes configured manually by the network administrator are static routes.

Routes learned by others routers using a routing protocol are dynamic routes.

The router uses path determination to decide which port to send a packet. This process is also referred to as routing the packet.

Each router that the packet encounters along the way is called a hop. The hop count is the distanced traveled.

Similarly, routers can make decisions based on the load, bandwidth, delay, cost, and reliability of a network link.

The following process is used to determine the path for every packet that is routed:

• The router compares the IP address of the packet that it received to the IP tables that it has.
• The destination address is obtained from the packet.
• The mask of the first entry in the routing table is applied to the destination address.
• The masked destination and the routing table entry are compared.
• If there is a match, the packet is forwarded to the port that is associated with that table entry.
• If there is not a match, the next entry in the table is checked.
• If the packet does not match any entries in the table, the router checks to see if a default route has been set.
• If a default route has been set, the packet is forwarded to the associated port. A default route is a route that is configured by the network administrator as the route to use if there are no matches in the routing table.
• If there is no default route, the packet is discarded. A message is often sent back to the device that sent the data to indicate that the destination was unreachable.

Routers use routing protocols to build and maintain routing tables that contain route information.

Routing protocols fill routing tables with a variety of route information. This information varies based on the routing protocol used.

Routers keep track of the following information in their routing tables:

• Protocol type – Identifies the type of routing protocol that created each entry.
• Next-hop associations – Tell a router that a destination is either directly connected to the router or that it can be reached through another router called the next-hop on the way to the destination. When a router receives a packet, it checks the destination address and attempts to match this address with a routing table entry.
• Routing metric – Different routing protocols use different routing metrics. Routing metrics are used to determine the desirability of a route. For example, RIP uses hop count as its only routing metric. IGRP uses bandwidth, load, delay, and reliability metrics to create a composite metric value.
• Outbound interfaces – The interface that the data must be sent out of to reach the final destination.

Different routing protocols use different algorithms to choose the port to which a packet should be sent. Routing algorithms depend on metrics to make these decisions.

Routing protocols often have one or more of the following design goals:

• Optimization – This is the capability of a routing algorithm to select the best route.
• Simplicity and low overhead – The simpler the algorithm, the more efficiently it will be processed by the CPU and memory in the router.
• Robustness and stability – A routing algorithm should perform correctly when confronted by unusual or unforeseen circumstances, such as hardware failures, high load conditions, and implementation errors.
• Flexibility – A routing algorithm should quickly adapt to a variety of network changes. These changes include router availability, router memory, changes in bandwidth, and network delay.
• Rapid convergence – Convergence is the process of agreement by all routers on available routes. When a network event causes changes in router availability, updates are needed to reestablish network connectivity.

Routing algorithms use different metrics to determine the best route. Typically, smaller metric values indicate preferred paths.

Metrics can be based on a single characteristic of a path, or can be calculated based on several characteristics.

The following metrics are most commonly used by routing protocols:

• Bandwidth – Bandwidth is the data capacity of a link. Normally, a 10-Mbps Ethernet link is preferable to a 64-kbps leased line.
• Delay – Delay is the length of time required to move a packet along each link from a source to a destination. Delay depends on the bandwidth of intermediate links, the amount of data that can be temporarily stored at each router, network congestion, and physical distance.
• Load – Load is the amount of activity on a network resource such as a router or a link.
• Reliability – Reliability is usually a reference to the error rate of each network link.
• Hop count – Hop count is the number of routers that a packet must travel through before reaching its destination. Each router is equal to one hop. A hop count of four indicates that data would have to pass through four routers to reach its destination. If multiple paths are available to a destination, the path with the least number of hops is preferred.
• Ticks – The delay on a data link using IBM PC clock ticks. One tick is approximately 1/18 second.
• Cost – Cost is an arbitrary value, usually based on bandwidth, monetary expense, or other measurement, that is assigned by a network administrator.

An autonomous system is a network or set of networks under common administrative control, such as the cisco.com domain.

An autonomous system consists of routers that present a consistent view of routing to the external world.

Two families of routing protocols are Interior Gateway Protocols (IGPs) and Exterior Gateway Protocols (EGPs).

IGPs route data within an autonomous system:

• RIP and RIPv2
• IGRP
• EIGRP
• OSPF
• Intermediate System-to-Intermediate System (IS-IS) protocol

EGPs route data between autonomous systems. An example of an EGP is BGP.

Routing protocols can be classified as either IGPs or EGPs.

IGPs can be further categorized as either distance-vector or link-state protocols. 

distance-vector routing approach:

The distance-vector routing approach determines the distance and direction, vector, to any link in the internetwork. The distance may be the hop count to the link.

Routers using distance-vector algorithms send all or part of their routing table entries to adjacent routers on a periodic basis. This happens even if there are no changes in the network.

By receiving a routing update, a router can verify all the known routes and make changes to its routing table. This process is also known as “routing by rumor”.

Examples of distance-vector protocols include the following:

• Routing Information Protocol (RIP) – The most common IGP in the Internet, RIP uses hop count as its only routing metric.
• Interior Gateway Routing Protocol (IGRP) – This IGP was developed by Cisco to address issues associated with routing in large, heterogeneous networks.
• Enhanced IGRP (EIGRP) – This Cisco-proprietary IGP includes many of the features of a link-state routing protocol. Because of this, it has been called a balanced-hybrid protocol, but it is really an advanced distance-vector routing protocol.

Link-state routing protocols:

Link-state routing protocols were designed to overcome limitations of distance vector routing protocols.

Link-state routing protocols respond quickly to network changes sending trigger updates only when a network change has occurred. Link-state routing protocols send periodic updates, known as link-state refreshes, at longer time intervals, such as every 30 minutes.

When a link changes, the device that detected the change creates a link-state advertisement (LSA) concerning that link.

The LSA is then transmitted to all neighboring devices.

Each routing device takes a copy of the LSA, updates its link-state database, and forwards the LSA to all neighboring devices.

This flooding of LSAs is required to ensure that all routing devices create databases that accurately reflect the network topology before updating their routing tables.

Link-state algorithms typically use their databases to create routing table entries that prefer the shortest path.

Examples of link-state protocols include Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS).

RIP:

RIP is a distance vector routing protocol that uses hop count as its metric to determine the direction and distance to any link in the internetwork.

If there are multiple paths to a destination, RIP selects the path with the least number of hops. However, because hop count is the only routing metric used by RIP, it does not always select the fastest path to a destination.

RIP cannot route a packet beyond 15 hops.

RIP Version 1 (RIPv1) requires that all devices in the network use the same subnet mask, because it does not include subnet mask information in routing updates. This is also known as classful routing.

RIP Version 2 (RIPv2) provides prefix routing, and does send subnet mask information in routing updates. This is also known as classless routing. With classless routing protocols, different subnets within the same network can have different subnet masks. The use of different subnet masks within the same network is referred to as variable-length subnet masking (VLSM).

IGRP:

IGRP is a distance-vector routing protocol developed by Cisco.

IGRP was developed specifically to address problems associated with routing in large networks that were beyond the range of protocols such as RIP.

IGRP can select the fastest available path based on delay, bandwidth, load, and reliability.

IGRP also has a much higher maximum hop count limit than RIP.

IGRP uses only classful routing.

OSPF:

OSPF is a link-state routing protocol developed by the Internet Engineering Task Force (IETF) in 1988.

OSPF was written to address the needs of large, scalable internetworks that RIP could not.

IS-IS and Integrated IS-IS:

Intermediate System-to-Intermediate System (IS-IS) is a link-state routing protocol used for routed protocols other than IP.

Integrated IS-IS is an expanded implementation of IS-IS that supports multiple routed protocols including IP.

EIGRP:

EIGRP is a proprietary Cisco protocol. EIGRP is an advanced version of IGRP.

EIGRP provides superior operating efficiency such as fast convergence and low overhead bandwidth.

EIGRP is an advanced distance-vector protocol that also uses some link-state protocol functions. Therefore, EIGRP is sometimes categorized as a hybrid routing protocol.

BGP:

Border Gateway Protocol (BGP) is an example of an External Gateway Protocol (EGP).

BGP exchanges routing information between autonomous systems while guaranteeing loop-free path selection.

BGP is the principal route advertising protocol used by major companies and ISPs on the Internet.

BGP4 is the first version of BGP that supports classless interdomain routing (CIDR) and route aggregation.

Unlike common Internal Gateway Protocols (IGPs), such as RIP, OSPF, and EIGRP, BGP does not use metrics like hop count, bandwidth, or delay. Instead, BGP makes routing decisions based on network policies, or rules using various BGP path attributes.

To create the subnetwork structure, host bits must be reassigned as network bits. This is often referred to as ‘borrowing’ bits. However, a more accurate term would be ‘lending’ bits.

The starting point for this process is always the leftmost host bit, the one closest to the last network octet.

The ability to divide the original host portion of the address into the new subnet and host fields provides addressing flexibility for the network administrator.

Subnetting enables the network administrator to provide broadcast containment and low-level security on the LAN. Subnetting provides some security since access to other subnets is only available through the services of a router.

Some owners of Class A and B networks have also discovered that subnetting creates a revenue source for the organization through the leasing or sale of previously unused IP addresses.

Subnetting is an internal function of a network. From the outside, a LAN is seen as a single network with no details of the internal network structure. This view of the network keeps the routing tables small and efficient.

Example: Given a local node address of 147.10.43.14 on subnet 147.10.43.0, the world outside the LAN sees only the advertised major network number of 147.10.0.0. The reason for this is that the local subnet address of 147.10.43.0 is only valid within the LAN where subnetting is applied.

Selecting the number of bits to use in the subnet process will depend on the maximum number of hosts required per subnet.

The last two bits in the last octet, regardless of the IP address class, may never be assigned to the subnetwork.

Use of all the available bits to create subnets, except these last two, will result in subnets with only two usable hosts. This is a practical address conservation method for addressing serial router links.

The subnet mask gives the router the information required to determine in which network and subnet a particular host resides.

The subnet mask is created by using binary ones in the network bit positions. The subnet bits are determined by adding the position value of the bits that were borrowed.

Example:

If three bits were borrowed, the mask for a Class C address would be 255.255.255.224. This mask may also be represented, in the slash format, as /27. The number following the slash is the total number of bits that were used for the network and subnetwork portion.

To determine the number of bits to be used, the network designer needs to calculate how many hosts the largest subnetwork requires and the number of subnetworks needed.

Example:

The network requires 30 hosts and five subnetworks. The chart indicates that for 30 usable hosts three bits are required. The chart also shows that this creates six usable subnetworks, which will satisfy the requirements of this scheme.

The difference between usable hosts and total hosts is a result of using the first available address as the ID and the last available address as the broadcast for each subnetwork.

The ability to use these addresses is not provided with classful routing.

This method uses the following formula:

Number of usable subnets = two to the power of the assigned subnet bits or borrowed bits, minus two. The minus two is for the reserved addresses of network ID and network broadcast.

Number of usable hosts = two to the power of the bits remaining, minus two (reserved addresses for subnet id and subnet broadcast).

The Class A and B subnetting procedure is identical to the process for Class C.

The available bits for assignment to the subnet field in a Class A address is 22 bits while a Class B address has 14 bits.

Assigning 12 bits of a Class B address to the subnet field creates a subnet mask of 255.255.255.240 or /28.

All eight bits were assigned in the third octet resulting in 255, the total value of all eight bits.

Assigning 20 bits of a Class A address to the subnet field creates a subnet mask of 255.255.255.240 or /28.

Whichever class of address needs to be subnetted, the following rules are the same:

Total subnets = 2 ^{to the power of the bits borrowed}

Total hosts = 2 ^{to the power of the bits remaining}

Usable subnets = 2 ^{to the power of the bits borrowed} minus 2

Usable hosts = 2 ^{to the power of the bits remaining} minus 2

Routers use subnet masks to determine the home subnetwork for individual nodes. This process is referred to as logical ANDing. ANDing is a binary process by which the router calculates the subnetwork ID for an incoming packet.

The IP address and the subnetwork address are ANDed with the result being the subnetwork ID. The router then uses that information to forward the packet across the correct interface.

Subnetting is a learned skill. It will take many hours performing practice exercises to gain a development of flexible and workable schemes.

A network administrator must know how to manually calculate subnets in order to effectively design the network scheme and assure the validity of the results from a subnet calculator. Also, no calculators are permitted during the certification exam.