IT Infrastructure Architecture

Infrastructure Building Blocks

and Concepts

Networking – Part 1
(chapter 8)
 Introduction
• IT Infrastructure-Networking

• Stand-alone machines Mainframe

Computers in the 1960s-Computing
and Punching machines

• ARPANET-Late 1960s, a number of

computers were connected by The
interface message processor (IMPS)
was the first packet-router.

• The predecessor of the Internet

• With PCs in the 1980s, local Area

Networks (LANs) were introduced
Networking Building Blocks
 OSI Reference Model
• The OSI Reference Model
(OSI-RM) was developed in
1984 by the International
Organization for
Standardization (ISO)

• Seven layers define the

different stages that data
must go through to travel
from one host to another
over a network
 OSI Reference Model
• The OSI stack allows:
– Implementing network components independently of each other
– Ensuring all components work together
• Provides freedom to implement the network stack in an optimal way
for a certain usage
• Each layer’s payload contains the protocol for the next layer
Physical Layer
 Cables
At the most elementary level, networking is about cables
• Copper based cables: Category Maximum bandwidth
– Coax
–
5 or 5e 1 Gbit/s
Twisted pair
• UTP comes in several quality ratings 6 10 Gbit/s
called categories 7 10 Gbit/s
• fiber optic cable
• 8 40 Gbit/s
multiple strands of fier glass or plastic
– Each provide an optical path for
light pulses
• Light source:
– Light-emitting diode (LED)
– Laser
• Two types of fiber optic cable are
most common:
– Multi-Mode Fiber (MMF)
– Single Mode Fiber (SMF)
 Patch Panels
• Cables in buildings are most
visible in patch panels
– In racks in the datacenter
– In patch closets in various
locations in (office) buildings
• They connect systems in a
flexible way, without having to
change the installed cabling in
the building
• Patch panels are passive
connecting devices
• Connecting systems is done
using patch cables
 Vertical and Horizontal Cabling
• The main
distribution cabling
in buildings
connects the patch
panels on the floors
to the datacentre
(vertical cabling)
• Endpoints in the
walls are connected
to the patch panels
(horizontal cabling)
 Leased Lines
Leased lines are dedicated data connections between
two locations, provided by a telecom provider

Leased lines are based on:T or E carrier

lines,SONET,SDH and Dark fiber
 Internet Access
• Three ways to connect
to the internet:
Leased line
Cable internet access
• Uses cable television
infrastructure
Digital Subscriber Line
(DSL)
• Asymmetric DSL (ADSL)
• Symmetric DSL (SDSL)
• Very High DSL (VDSL)
 Network Interface Controllers (NICs)
• Hardware component that
connects a server or end user
device to a physical network
cable
• The NIC is actually both a
physical layer and data link
layer device
– Provides physical access to a
networking cable and an
implementation of a datalink
protocol like Ethernet
• A NIC has a fixed MAC address
that is uniquely assigned to its
network interface
Datalink Layer
 Ethernet
• Developed at Xerox PARC between 1973 and 1975
 Ethernet CSMA/CD

• Carrier Sense Multiple Access with

Collision Detection
• Any machine can start transmitting
packets when the shared carrier is not in
use
– Coax cable, twisted-pair hub or Wi-Fi radio
signal spectrum
• Carrier sensing circuitry checks the activity
on the carrier
• When two machines start to transmit a
packet at the same time, a packet collision
occurs
– This is detected by all sending machines
– They will stop the transmission
immediately
– After a short waiting time, they will
retransmit their packet when the carrier is
not in use anymore
WLAN (Wi-Fi)
 WLAN (Wi-Fi)
• Wi-Fi range is about 30 m
• Access points are base stations for a wireless
network
• Data encryption: Wi-Fi Protected Access
(WPA)
– WPA dynamically generates a new key for each
packet
– WPA includes a Message Integrity Check
• Prevents an attacker from capturing, altering and/or
resending data packets
 Switching
• Switches split a single network
segment into multiple segments
 Each segment has one device
• Switches learn which MAC address
is connected to which port
 Data sent to a certain MAC address
will only be forwarded to the switch
port that has that MAC address
connected
• On a switched network, many
simultaneous data transfers can
take place, in full-duplex
 WAN
• Wide Area Networks (WANs) started
in the 1980s

• Packet Switching technologies

• in WLAN

• Reliable Network

• Most WAN Connections Converted to

VPN using

 MPLS network of a network provider

 The internet using IPsec or SSL

 Dark fiber
 Public Wireless Networks
• Public wireless (mobile) networks are getting
more popular every day
• Public wireless networks are much less reliable
than private wireless networks and have lower
bandwidth
• Technologies:
– 1G and 2G: GSM, CDMA, GPRS and EDGE
– 3G: UMTS and HSDPA
– 4G: LTE
Network Layer
 The IP Protocol
• IP is the defining set of protocols that enable the modern
internet.
• IP, in combination with TCP, was invented by Robert Kahn and
Vinton Cerf in 1973
• The IP protocol-mostly used layer 3 protocol in the world
• IPv4 is the dominant protocol on the internet today
• The IP protocol assumes that the network is inherently
unreliable and that it is dynamic in terms of availability of links
and nodes
• IP uses data packets that contain:
– Source address
– Destination address
– Payload data (typically an Ethernet packet)
 The IP Protocol
• IP routing protocols dynamically define the path of IP
packets from source to destination
• Routing issues:
– Due to network disruption, IP packets can get lost or
corrupted
– When an error is detected, the IP packet is dropped by the
node that found the error
– Since each IP packet is routed individually, IP packets can
arrive at the destination out of order
• The effects of dropped IP packets and IP packets arriving
out of order is handled by upper layer protocols like TCP
 IPv4 Addresses
• IPv4 addresses are
composed of 4 bytes (32
bits)
• An IP address has a network
prefix and a host number
• All hosts with the same
network prefix can
communicate directly to
each other
• Hosts in other networks can
only be reached using a
router
 IPv4 Classes
• First three bits of the
first byte of an IP
address define the
class of the address
• Three classes of
networks are defined
Max number of Number of available
Class First byte
hosts networks
A 0– 127 16,777,214 128
B 128– 191 65,534 16,384
C 192– 223 254 2,097,152
 IPv4 Subnetting
Available Hosts per subnet
• Subnetting is used to CI DR
prefix
Subnet mask
subnets

split up the host part / 24 [Link] 1 254

126
/ 25 [Link] 2
of an IP network in / 26 [Link] 4 62

smaller subnets, / 27 [Link] 8 30

/ 28 [Link] 16 14
each forming a new / 29 [Link] 32 6

IP network / 30 [Link] 64 2
/ 31 [Link] 128 2 (only point-to-point)
 IPv4 - Private IP Ranges
• Private IP addresses should be used for LANs
– The number of unique IP addresses on the internet is limited
– Hosts with public internet IP addresses can reach the internet
directly
• Private IP address ranges:
– [Link] to [Link] (class A address range)
– [Link] to [Link] (class B address range)
– [Link] to [Link] (class C address range)
• Private IP addresses:
– Are not used on the internet
– Are not routed by internet routers
 IPv6
• IPv6 was introduced in 1998 as a successor of
IPv4 to solve the problem of limited IP address
space
• IPv6 uses 128-bit addresses represented in
eight groups of four hexadecimal digits
separated by colons
• Example:
[Link]
 IPv6
• IPv6 has the following • Deployment models for
benefits over IPv4: IPv6:
– Expanded address space – Use IPv6 on the LAN and
– Better support for mobile IP on dedicated WAN links
– Fixed header length
– Protocol translation
– Auto configuration
–
– Dual stack
Quality of Service
– Security – IPv6 over IPv4 tunnels
– MTU discovery • Dual stack is the
• IPv6 is not backwards simplest way to begin
compatible with IPv4 deploying IPv6
 ICMP
• The Internet Control Message Protocol (ICMP)
is an integral part of the IP protocol
• The best-known use of ICMP:
– 'ping‘
– 'traceroute‘
 Routing
• A router copies IP packages between
(sub)networks
• Routers compile routing tables to make IP
packet forwarding decisions
• Routing and switching functionality may be
combined in one device
– A switch capable of handling routing protocols is
also known as a layer 3 switch
 Routing Protocols
• Dynamic routing protocols automatically create routing
tables
– Based on information exchange with neighboring routers
• When a network connection experiences problems, the
routing protocol automatically reconfigures the routing
tables to use alternative routes
• LAN and WAN routing protocols can be divided in three
classes:
– Distance vector protocols (like RIP and IGRP)
– Link state protocols (like OSPF and IS-IS)
– Path vector routing (like BGP)
 Multiprotocol Label Switching
• Multiprotocol Label Switching (MPLS) routes
data from one network node to the next with
the help of labels
• MPLS allows setting up end-to-end circuit
– Across any type of physical transport medium
– Using any protocol
• In practice, MPLS is mainly used to forward IP
and Ethernet traffic
Transport Layer
 Transport Layer

• The transport layer can maintain flow control, and can

provide error checking and recovery of data between
network devices
• The most used transport layer protocols are TCP and UDP
 TCP
• Transmission Control Protocol (TCP) uses the
IP protocol to create reliable transmission of
so-called TCP/IP packets
– TCP provides reliable, ordered delivery of a stream
of data between applications
– TCP introduces much overhead
 UDP
• User Datagram Protocol (UDP) emphasizes
reduced latency over reliability
– It sends data without checking if the data arrived
• Reduces much overhead
– UDP is typically used when some packet loss is
acceptable
• Real-time voice and video streams
• When only small amounts of data are transmitted, that
fit in one IP packet
 TCP and UDP Ports
• TCP and UDP use logical port numbers
• Each side of a TCP or UDP connection uses an associated port number
between 0 and 65,535
• Received TCP or UDP packets are identified as belonging to a specific
connection by its combination of the IP address, and the TCP or UDP
port number
– For instance: [Link]:80, the number after the colon represents the
port number (80 in this case)
• Servers running a specific service listen to well-known ports:
– FTP (port 21)
– SSH (port 22)
– SMTP (port 25)
– DNS (port 53)
– HTTP (port 80)
Network Address Translation (NAT)
• NAT allows the use of a private addressing space within
an organization, while using globally unique addresses
for routing data to the internet
• As a packet passes a
NAT enabled router
from its internal
network interface to its
internet interface, NAT
replaces the packet’s
private IP address with
its public IP address
Session Layer
 Session Layer

The session layer provides mechanisms for

opening, closing and managing a session
between end-user application processes
 Virtual Private Network (VPN)

• A Virtual Private Network (VPN) uses a public network to

interconnect private sites in a secure way
– Also known as a VPN tunnel
• VPN uses "virtual" connections based on IPsec/SSL
• Most network providers also offer private VPNs based on
MPLS
 Virtual Private Network (VPN)
• VPNs use strong encryption and strong user authentication
– Using the internet for transmitting sensitive data is considered safe
• VPN tunnels are often used for remote access to the LAN by
users outside of the organization's premises
• Most common VPN communications protocol standards:
– Point-to-Point Tunneling Protocol (PPTP) for individual client to
server connections
– Layer 2 Tunneling Protocol (L2TP) for individual client to server
connections
– IPsec for network-to-network connectivity
• IPsec is built into IPv6 standard and is implemented as an add-
on to IPv4
Presentation Layer
 Presentation Layer

Figure from [Link]

• This layer takes the data provided by the application layer

and converts it into a standard format that the other layers
can understand
• Many protocols are implemented in the presentation layer
– SSL and TLS are the most important ones
 SSL and TLS
• Allow applications to communicate securely over the
internet using data encryption
• Secure Sockets Layer (SSL)
– SSL is considered insecure and should not be used
• Transport Layer Security (TLS)
– TLS is securing WWW traffic carried by HTTP to form HTTPS
– Version 1.2 is considered secure
– Version 1.3 is in a draft state
– TLS relies on an application capable of handling the
protocol (like a Web browser)
Application Layer
 Application Layer
• This layer interacts with the operating system
or application
• Examples:
– HTTP
– FTP
– SMTP and POP3 (e-mail)
– CIFS Windows file sharing
 Application Layer
• This layer also contains the relatively simple infrastructure
services
• Examples:
– BOOTP
– DHCP
– DNS
– NTP
• These infrastructure services are used by the infrastructure
itself
– Not necessarily used by upper layer applications
• If infrastructure services fail, usually the entire infrastructure
fails!
 BOOTP and DHCP
• BOOTP automatically assigns IP addresses to hosts
– Uses a centralized BOOTP server
– BOOTP requires manual configuration for each host in the network
• DHCP is an extension to BOOTP
– It superseded BOOTP because it has more options
• DHCP dynamically assigns network related parameters to hosts:
– IP addresses
– Subnet masks
– Default gateway to be used for routing
– DNS server to be used
• A DHCP assigned IP address has a limited life span
– Typically a few hours
– This is called a lease
 DNS
• DNS is a distributed database that links IP addresses with
domain names
• Translates domain names, meaningful to humans, into IP
addresses
• For example, [Link]
is translated to [Link]
• This IP address is used by the
browser to connect to the web
server
• DNS distributes the responsibility
of mapping domain names to IP
addresses by designating
authoritative name servers for
each domain
 DNSSEC
• DNS has a number of security issues
– DNS was not designed with security in mind
– Updates to DNS records are done in non-encrypted clear
text
– Authorization is based on IP addresses only
• DNSSEC is a set of extensions to DNS
– Provides origin authentication of DNS data
– Provides data integrity
• DNSSEC is not in wide spread use today
– All DNS servers must implement DNSSEC in order to
make full use of all benefits
 IPAM Systems
• IP address management (IPAM) systems are
appliances that can be used to plan, track, and
manage IP addresses in a network
• IPAM systems integrate DNS, DHCP, and IP
address administration in one high available
redundant set of appliances
 Network Time Protocol (NTP)
• NTP ensures all infrastructure components use the same
time in their real-time clocks
• Particularly important for:
– Log file analysis
– Clustering software
– Kerberos authentication
• NTP can maintain time:
– To within 10 milliseconds over the internet
– Accurate to 0.2 milliseconds or better in LANs
• When the time in an operating system is incorrect, the NTP
client in the operating system changes the operating system
clock
 Network Time Protocol (NTP)
• NTP servers can be implemented as:
– Software on operating systems, routers, and switches
– Dedicated hardware appliances – often using some
external signal like long wave radio clocks or GPS clocks
– NTP time synchronization services on the internet
• NTP provides time in Coordinated Universal Time
(UTC, previously known as GMT)
• The translation to the local time zone, including the
switch to and from daylight saving time, is done at
the operating system level, not in NTP clocks
 Network Time Protocol (NTP)
• NTP operates within a
hierarchy
• Each level in the
hierarchy is assigned a
number called the
stratum
• The stratum defines its
distance from the
reference clock