Introduction As an employee of ChipSet I have been asked to generate areport to evaluate the LAN Technologies available to ChipSet. This report willinclude detailed explanations one each available technology, details on trafficmanagement services, an evaluation on security issues as well an evaluation onreliability and performance issues.
To begin with we must understand where thetechnologies/standards come from, below is an explanation of the IEEE and thedevelopment of technologies/standards. IEEE stands for the Institute of Electrical and ElectronicEngineers. The IEEE are responsible for developing standards/technologies forthe computer and electronics industry.
The IEEE have stated “The first meetingof the IEEE `Local Area Network Standards Committee`, Project 802, was held inFebruary of 1980.” (Overview and Guide to the IEEE 802 LMSC, 2016).Standards are approved and defined by the IETF (InternetEngineering Task Force), standards are go through a series of stages, firststarting as a draft and then evolving into an RFC (Request for Comments). Ifthe IETF approve the RFC it will then become a standard (Techopedia.com, n.d.,b).
Standards are in place so that all machines use the same standards and thereare no two devices that cannot connect together. Standards are also in place tosimplify connection for manufacturers and help increase debug performance. Notall standards keep up with advancing technology, standard 802.4 has been knownto fail when a new device is added (Revolvy, n.
d.), this causes the wholenetwork to crash and therefore has been classed as not active.Services and protocols with the 802 map to the lower twolevels of the OSI model. The data link layer is split into two sub layers for802. These are known as the LLC and the MAC.LLC/MAC LLC stands for the Logical Link Control. This is concernedwith managing the flow control, frame synchronisation and error control.
MAC stands for Media Access Control and these addresses area standard designed to identify machines on networks. A MAC address is made upof 6 byte long binary numbers. The first section of a MAC address is designatedby the Manufacturer and the second section of the MAC address is designated bythe machine. Below is an example of a MAC address. 3A-34-52-C4-69-B8802 802 is a collective of standards for networks. There aremany 802 standards ranging from 802.3 which defines the MAC layer for busnetworks to 802.
11 which defines the standards for wireless networking. I willbe discussing standard 802.1, 802.1q, 802.2, 802.
3, 802.5, 802.11 and 802.15.
802.1 This is a standard for passing Extensible AuthenticationProtocol (EAP) over a wired network or a wireless network. EAP sits inside theprotocol of something called point-to-point protocol, this protocol is oftenused by ISP’s for DSL (Snyder, 2010). This standard packages the EAP intoEthernet Frames, which are the payloads of an Ethernet packet. 802.
1q 802.1q is reserved for VLAN traffic on an Ethernet. VLANstandards are distinguished by the insertion of an additional 4 bit tag. Thesehelp switches to distinguish between physical groups and logical groups of LANports (Juniper.net, 2017).802.2 This standard is for the LLC sub layer and can also identifyline protocols and may also assign sequence numbers to frames and trackacknowledgments (SearchNetworking, 2006).802.
3 This is the standard specification for ethernet, this is amethod for network communication in LAN’s. This defines the characteristics andphysical media of Ethernet and the original speed supports 10 mbps. Physicalmedia includes; optical fibre, twisted pair and coaxial cable(SearchNetworking, 2005).802.5 802.
5 is the standard for the token ring. This was developedin the 1970’s and connects end devices in a ring, the image below displaysthis. This sends tokens from host to host, only a host holding a token can senddata. This prevents packets from colliding. Token ring is unable to function ifone end device goes down (Wells, 2001).
802.11 802.11 is the most commonly used standard today. This isknown as the Wi-Fi standard and allows devices to connect to a network andsend/receive data wirelessly. There are many 802.11 standards ranging from802.
11a/b/g/n/ac(Lowe, 2013)”.Each one has its own benefits but as technologyincreases the need for quicker and better Wi-Fi also increases. Sending apacket to all devices on a device is known as broadcasting.802.15 This is a well known standard and is widely used.
This ishowever more commonly known as Bluetooth. This standard defines parameters forwireless communications across many devices, ranging from mobile devices toPC’s (SearchMobileComputing, 2005).Spanning Tree Protocol (STP) The image below is an example of a STP network. This isdesigned to prevent network loops when there are redundant paths in a network.
Process of election comes into play here and is where a switch becomes the mainpoint in the network. This allows the switch to choose which ports to forwardand which to block, hence allowing the network to prevent loops (Support et al.,2006). VLAN A VLAN is the process of creating virtual networks throughthe ports on a switch. This can mean we can separate a switch’s clients intothree different sub groups for different departments of a business, allowingthem to communicate within the department more efficiently and a lot safer.Within each VLAN created we can used what is known as trunking to send datafrom one switch to another. This is ideal for initial setup as we can send theinformation regarding the VLAN’s from one switch to another.
Hot Standby Router Protocol (HSRP) This is a protocol that provides back-up for a router in theevent of a failure. To utilise this protocol several routers are connected onthe token ring or other topologies. These work together to give the appearanceof a single router, this is completed by the routers having the same IP addressand MAC address. This will help in the event of a router failure as clients onthe network are still forwarding to the same addresses (Webopedia.com, n.d.).
Ether Channel Theimage below is an example of ether channelling, this type of network shouldusually have ports blocked by the STP in order to prevent network loops. Byusing a channel group command we can bypass this and create a network withincreased bandwidth. Inter Switch Link (ISL) IP As expected ISL is the linking of two switches, morespecifically the sending of encapsulated data between switches. This protocolcan support up to 1000 VLANS across switches.
The frames being sent from one switchto another are first encapsulated and then a header is added for when it is receivedby another switch over the trunk line. Cisco’s standard for this is known as802.1q and is capable of supporting up to 4096 VLAN’s (Support et al., 2006). Internet Protocol (IP) IP is a unique identifier given to machines on a network.
There are currently two standards for IP address; IPv4 and Ipv6. Ipv4 uses 32bits in the creation of an IP address and is expressed by four numbers separatedby full stops (Garden and Basics, n.d.). These created addresses can either bestatic or dynamic. Static addresses are ones that are manually configured forthe machine. Dynamic addresses utilise the protocol known as DHCP (dynamic hostcontrol protocol), this allows routers or servers to allocate the IP addressesto all devices on the network.
These dynamic addresses can also be set intopools and this tells the DHCP protocol to what IP address to send each devicedepending on the VLAN it is associated with. DHCP uses a lease system for theIP address and this must either be renewed or a new one leased once the timehas limit has expired. OSI The OSI (Open Systems Interconnection) is a way in which wecan break down network architecture into seven different layers. The tablebelow shows what each layer is designated for and the protocols within eachlayer. Data Layer Protocols and Device Data Application Layer SMTD, POP, HTTP, FTP Data Presentation Layer JPEG etc.… Data Session Layer Handshake Segments Transport Layer TCP/UDP IP Packets Network Layer (Internet) IP Routers Frames Data Link Layer MAC Address Switches Bits Physical Layer Hub, Cables, Connectors Data Encapsulation & Decapsulation As the data is passed from one layer of the OSI model to thenext it goes through a process called encapsulation. This allows each layer toadd its own header containing information regarding the next node, protocolinformation and the destination address.
Completing this process in reverseorder is known as decapsulation.Switches A switch serves as a controller to enable devices withinnetworks to communicate with each other effectively and efficiently. Someswitches use different layers of the OSI which can enable network engineers tocomplete different tasks and save money on hardware.Layer 2 Switch The layer two switch learns mac addresses automatically.This creates a mac address table and can allow for the network to selectivelyforward packets (Stevens and Pro, 2006). Layer 3 Switch A layer three switch is different in that it focuses aroundIP address rather than mac addresses. This switch acts like a router andcontains the routing information protocol.
Due to this the switch can completeinterVLAN routing which can divide the network into multiple broadcast domains(Stevens and Pro, 2006).Layer 4 Switch The layer four switch can control the network traffic andmakes decisions based upon the inspection of each packet. This switch is mostuseful in larger networks, for instance, if a server was offline the switchcould redirect the traffic on the network.
This switch can also decide whetherto use TCP or UDP when an end device wants to do different things on theinternet (Techopedia.com, n.d., c).Wireless Technologies As the internet grows so does the different types of filesizes and the speed at which we need to access them. As this has developed sohave the standards used to access the internet wirelessly. Below are threedifferent wireless technologies that are commonly used today. 802.
11g offers a wireless speed of up to 54mbps over a shortrange. This uses the 2.4ghz frequency. This standard was specifically designedfor cross compatibility.
The 802.11n standard was specifically designed forspeed and can use either the 2.4ghz frequency or the 5ghz frequency. This wascapable of speeds of up to 450mbps. The latest 802.11 standard is 802.11ac andoffers theoretical speeds of up to 1gbps but this has yet to be recorded withthe highest recorded speed reaching 800mbps.
This primarily uses the 5GHzfrequency. Client Devices There are many client devices available to chipset. Theseare printers, computers, laptops and mobile devices. Printers are available tobe used either wirelessly or connected to various computers, these will allowfor reports and other such documents to be printed. Having these wireless meansChipSet only need one printer for many end-devices. Most available clientdevices, for example laptops or mobile devices, will be able to connect toChipSet’s network whether it’s wirelessly or through a cable. These allow forthe exchange of emails, the exchange of files and can help with market researchby browsing the internet.
The final client device I would like to discuss is acomputer. This is the most valuable client device that can be used in anybusiness. This can allow for the creation of documents, the browsing of theinternet, the sending/receiving of emails and can even be used to alter aspectsof the network infrastructure. Due to new management systems being designedaround a business’s niche this client device will ultimately help to improvethe efficiency and profits of ChipSet. How Data Is Sent The image above is of a network with two PC’s connected indifferent locations. If one PC wants to send data to other it goes through thelayers on the OSI model to get encapsulated and when the other device receivesthe packets it will then decapsulate then. To start with the PC’s NIC converts the data into packetsand then sends it over the ether cable to the switch. The switch receives thepackets and reads the mac-address associated with the transmission, from hereit is sent to the router.
The router will then read the mac address and ARPwill then locate the associated IP address. From here it will send it throughthe ISP to R2 where the IP address will be read and then converted back intothe mac-address. The receiving switch will then begin decapsulating the packetsfor the PC to be able to read it as data. Quality Management As ChipSet is looking to use many services that requiretraffic to constantly be flowing through the network, such as VOIP and videoconferencing. Below are technologies that can be implemented to guarantee theseservices will run efficiently.
Differentiated Services Code Point (DSCP) Differentiated services code point is a method ofcontrolling network traffic in way that certain traffic can gain preferenceother others. Voice traffic is a perfect example of this, because it requires aconstant flow it is given precedence over others. The differentiated servicesallocates the packet with an IP header containing a 6-bit code. These are howthe network can identify the priority level of the packets (WhatIs.com, 2005). IP Precedence Where DSCP uses 6-bits of a packet, IP Precedence uses3-bits. These are given priority numbers so the network can understand whichpackets take more precedence over others.
The table below shows how each 3-bitsare relevant to the different levels of priority. Scale Precedence Code 0 Best Effort 000 1 Medium Priority 001 2 High Priority 010 3 Call Signals 011 4 Video Conference 100 5 Voice 101 6 Reserved 110 7 Reserved 111 This is however the old way in which to manage traffic overa network and DSCP should be go to unless the router is too old to support it(Hallak, 2011).Queues When the precedence of the packets have not been defined thenetwork is likely to develop queues. A queue is a collection of packetsawaiting transmission across to a networked device.
This works similarly to astandard queue within a supermarket, by issuing the first in first out rule wecan reduce the amount of packets with the queue. Generally the queue is reducedaccording to the packets arrival, priority and smallest task (Techopedia.com, n.d.,a).
Base Rules This is a method used by a server acting as a firewall. Thisis policy based and governs what is and what is not allowed through a network.This works in one of two ways, either it allows nothing through (unlessspecified otherwise) or it allows everything through (unless specifiedotherwise). Generally this works on a top down basis, this means the rulelisted first will be acted upon (SearchNetworking, 2007).Frame Tagging This is also known as the 802.
1q standard and is used totell which VLAN a packet belongs to. These packets are tagged with a 32 bitheader. The image below show the what is included in a packet which has a frametag.
16 bits 3 bits 1 bit 12 bits TPID TCI PCP DEI VID The first 16 bits are reserved for the Tag ProtocolIdentifier (TPID), the next three bits are reserved for the Priority code point(PCP), the next 1 bit is reserved for the Drop Eligible Indicator (DEI) and thefinal 12 bits are reserved for the VLAN Identifier (VID). The second half ofthe frame tag is where the Tag Control Information (TCI) is located. The PCP isused for quality service and the VID is used for the VLAN number (Understandingthe native Vlan and 802 1Q tagged fram, 2014).UDP/TCP For packets to be received by a client on a network thereare two standards that can be used.
The first being Transmission ControlProtocol (TCP), this allows for the packets to be sent once the connection hasbeen established. This standard is commonly used for general transfer aspackets, due to the fact it double checks all packets have been received andresends the ones that haven’t. This prevents packet loss.User Datagram Protocol (UDP) is mainly used for video callsand voice chats over a network. This is different to TCP because there is noerror checking. While this may seem as a disadvantage, it guarantees that aquicker transmission of the packets. Therefore the constant stream of packetsis better suited to being used with UDP. Security There are many methods of securing a network, ChipSet willneed to implement these to make sure the performance and the reliability oftheir network is secure and running.
Below are technologies that can helpChipSet to successfully do this.Policies Every business or organisation has its own policies andprocedures as well legislation that employees must be following. Thelegislation is so the company does not come under any scrutiny but the policiesare so that all tasks are completed in a way which is universal and makes theentire enterprise conglomerate into one effective and efficient company. The policies will identify what is acceptable to do on anetwork or on the internet.
For example, ChipSet could use policies specifyingpasswords, email filters, wireless communications and many more. If brokenthese could cause harm to the network and could ultimately be a violation of anemployee’s contract. Policies can also be set from the server. These policiesspecify what each machine on the network can access.
For example, setting thegames as disabled will mean the workforce will not have the access to the gamesand can help to prevent them from getting distracted. Locks Padlocks and other kind of security locks are used foreverything ranging from bicycles to cash safes. Setting up a network can bevery expensive and must be secure.
Using combination locks for the server roomand lock boxes for the switches will help to prevent unnecessary tampering withthe network. Similarly blocking unauthorised programs on the computers canprevent tampering. A newly integrated safety precaution is being widely used,this is biometric locks. These utilise the fingerprints and retinas of peoplein order for minimal access to restricted areas. These can also be used byChipSet to prevent access to areas such as the server room but will be highlyexpensive.Switch Port Control Port control on a switch is vital, when linking manyswitches together and creating VLAN’s we can use what is known as trunking.This allows for the specified ports on a switch to forward the configurationsbased on VTP domains. We can also create security measures on the switches,this can be done through mac-addresses and allows us to specify the maximumamount of devices that can be used on specific ports.
We can also create whatis known as sticky. This is a method of allowing a port to allocate amac-address once a device has been connected and tells the port to only allowaccess to the designated mac-address. This method can be overruled by thenetwork administrator but keeps ChipSet safe from additional devices beingconnected without authorisation.Access Control Lists An Access Control Lists is a table that, when created in amultilayer switch or router, can allow different sections of the network tocommunicate or not allow them to communicate. This can also be done based onVLAN’s through a multilayer switch. Each VLAN must be given an IP address andfrom here we are able to define which parts of the network these VLAN’s canaccess. For ChipSet this can be a very good technology to implement. By allowingeach VLAN access to only the server’s means that the VLAN’s can onlycommunicate within themselves and stops any files on the networked machinesbeing accessed from other departments/VLAN’s.
Mac Address Filtering This a technology ChipSet can implement to allow only selectdevices onto their wireless network. By ascertaining the Mac-address of adevice a list can be created doing just this. This is all good in theory butcan be spoofed relatively easily, meaning that an attempt to gain unauthorisedaccess to network is possible.
Wireless Security Wireless security is much safer than Mac-address filtering,ChipSet have the availability of using many methods to encrypt a password onthe wireless router. These are known as WEP, WPA and WPA2. The current standardis WPA2 and is the safest option to use. Changing the password regularly canalso prevent the network from having a device gain unauthorised access. As well as encryption methods the wireless technology ofusing SSID’s to name the wireless broadcasts can help ChipSet greatly. Havingaccess points for each office, with different SSID’s, means that only deviceson that VLAN can gain access to the networks wireless.Port Spanning This is also known as port mirroring. This is the process ofcopying and sending packets from one port to another.
This is a networkmonitoring technique and can allow ChipSet to monitor the activity on itsnetwork for breaches in security or machines accessing unauthorised content onthe internet. The biggest benefit to implementing this is that it is hiddenfrom the source and other nodes on a network meaning that the implementationand use of this technique will go undetected (Techopedia.com, n.
d., d). Reliability ChipSet will require a reliable network for all of its day today activities.
Many features can affect a network from being reliable;latency, device reliability and packet loss are some such issues. Latency isthe delay in which packets are being received by devices, applications such asvoice and video require a constant stream and specifying these applications toreceive packets using UDP can ensure that the stream is constant. Devicereliability is a must, ChipSet can implement HSRP in order to prevent routersfrom failing and can also implement STP which will reroute packets if a switchis offline. Packet loss can be prevented by using TCP as this will double checkall packets have been received successfully and will resend the packets if theyhaven’t.
Performance A networks performance can be affected by reliability aswell as the speed of the network. By implementing the methods describe aboveChipSet can guarantee the performance of their network will not drop outsuddenly. The network can also be implemented using etherchannels, this willdrastically increase the speed of the network and allow for more bandwidth. Byetherchannelling from a multilayer switch to a switch for each office ChipSetcan give each room double or even triple the expected bandwidth.