Internet Engineering Comprehensive Notes

Intranet

  • A centralized hub for internal organizational communication and information sharing.
  • Accessible to authorized personnel within the organization, ensuring sensitive data and confidential information are protected from external threats.
  • Limited to a specific group of users, typically employees of an organization, unlike the internet which is a global network of computers and servers accessible to everyone.
  • The main goal is to facilitate efficient communication and collaboration within an organization.
  • It provides a platform for employees to access important documents, company policies, procedures, and other relevant information.
  • This information-centric access eliminates the need for physical copies of documents, reduces the time spent searching for information, and ultimately increases productivity.

Extranet

  • A private, controlled network that uses internet technologies and public telecommunications systems to share a part of a business's information or operations with suppliers, vendors, partners, customers, or other businesses.
  • Can be viewed as part of a company's intranet or as a way to do business with other companies and sell products to customers.
  • Often the private part of a website.
  • Restrictions for user access are enforced through user IDs, passwords, and other authentication mechanisms.
  • Requires security and privacy, which can be achieved through firewall server management, issuance and use of digital certificates (a non-forgeable document), user authentication methods, message encryption, and the use of virtual private networks (VPNs) that tunnel through the public network.
  • May be viewed as an intranet over the public internet or over some private network.

Extranet Advantages

  • Ability to exchange large volumes of data using Electronic Data Interchange (EDI).
  • Sharing product or catalog data with business partners.
  • Collaboration and training of employees within a company.
  • Sharing services, such as online banking applications, among affiliated banks.
  • Sharing news of common interest exclusively with company partners.

Extranet Disadvantages

  • Expensive implementation and maintenance if hosted internally.
  • Costly information maintenance, even if hosted by an application service provider.

Network Topology

  • Definition: The configuration of various network components used to transmit data and create connections between nodes and links.
  • Components: A network consists of devices (nodes) and connections (links) which can be arranged logically or physically.
  • Analogy: Comparing a city to a computer network, the city's road map is analogous to the network topology.

Considerations for Network Topology Selection

  • Traffic load the network must handle.
  • The size of the network.
  • The purpose of the network.
  • Budget constraints.
  • Just as city road map planning considers traffic volume, key routes, alternative routes, city size, traffic, and government budget, selecting a network topology requires similar considerations.

Types of Network Topologies

  • Physical Topology: The physical design of the network represented by visible physical links.
  • Logical Topology: The data transmission path and flow details, not visible by eye.

Network Topology Advantages

  • Understanding the interactive structure of network devices if the network topology is known.
  • Identifying firewalls or bottlenecks that can cause data traffic.
  • Identifying connection points and failures in components and communication links.
  • Facilitates future network development by understanding the strengths and weaknesses of the current topology.
  • Similar to how knowing a city's map allows for detailed planning of future route development.

Network Topology Disadvantages

  • Security and vulnerability are directly affected by the network topology.
  • Simpler topologies are more exposed to security risks, while more complex topologies offer higher security but are more expensive and difficult to implement.

Wide Area Network (WAN)

  • More complex structure than a local area network, covering devices across geographically distant areas.
  • Allows various low-voltage computers and devices to connect remotely within a large network over distances of several miles.
  • The internet is the most common example, connecting computers from all over the world.
  • Due to the vast coverage area, ownership and maintenance responsibilities are typically distributed among several admins or public entities.

Network Protocol

  • Protocols are sets of guidelines and rules that define how different devices communicate with each other.
  • Computer systems and associated equipment use various hardware, operating systems, and software to communicate with the network.
  • All these components must be able to communicate with each other in a language they understand.
  • Smart devices that can connect to local networks and the internet must reach mutual agreement for information exchange.
  • They must be able to send a specific volume of information based on a structured architecture.
  • Without this, an imbalance may occur where one node sends more information than the other can handle, wasting network bandwidth and disrupting the transfer process.
  • Example: One node may send 128-byte packets while the receiver expects 256-byte packets, leading to disorganized data and lost information.

Routing

  • Definition: The process of selecting a path across one or more networks.
  • Applicability: Routing principles can be applied to any type of network, from telephone networks to public transport.
  • Packet Switching Networks: In packet-switching networks like the internet, routing involves selecting the path for IP packets, determining their source and destination.
  • Routers: Internet routing decisions are made by specialized network hardware called routers.

TCP/IP Model

  • Stands for Transmission Control Protocol/Internet Protocol, a suite of communication protocols for connecting devices to the internet and within private computer networks (intranets or extranets).
  • It acts as an abstraction layer between internet applications, routing, and switching fabric.
  • Specifies how data is exchanged over the internet by establishing end-to-end communications, defining how data should be broken into packets, addressed, transmitted, routed, and received at the destination.
  • Requires minimal central management and is designed to ensure automatic recovery of network devices in case of failure.

TCP/IP Model Layers

  1. Application Layer: Enables the standard exchange of data for applications; protocols include HTTP, FTP, POP3, SMTP, and SNMP.
  2. Transport Layer: Responsible for maintaining end-to-end network communications; TCP manages communication between host servers, providing flow control, multiplexing, and reliability.
  3. Network Layer: Also known as the Internet Layer, it deals with network packets, connecting independent networks for packet transfer across network boundaries; protocols include IP and Internet Control Message Protocol (ICMP) for error reporting.
  4. Physical Layer: Also known as the "Network Interface Layer" or "Data Link Layer," it includes protocols that operate only on a link; protocols at this low level include Ethernet for local networks and Address Resolution Protocol (ARP).

IP Address

  • An IP address is a unique address that identifies a device on the internet or a local network.
  • It is a set of rules governing the format of data sent over the internet or local network.
  • IP addresses are identifiers that allow information to be sent between devices on a network because they contain location information.

IP Address Format

  • An IP address is a string of numbers separated by periods.
  • Expressed as a set of four numbers, for example: 192.158.1.38
  • Each number in the set can range from 0 to 255, therefore, the complete IP addressing range is from 0.0.0.0 to 255.255.255.255.
  • IP addresses are assigned by the Internet Assigned Numbers Authority (IANA), which is part of the Internet Corporation for Assigned Names and Numbers (ICANN).

IPv4 Class Types

  • IP addresses are divided into 5 Class: A, B, C, D, and E.
  • Classes D and E are used for special purposes.

Class A

  • The largest network in terms of addressing.
  • The first octet specifies the network number, and the remaining three octets specify the number of hosts.

Class B

  • The first two octets are the network number, and the remaining two octets are for HostId.
  • The first two bits of the first octet start with 10, which cannot be changed.
  • This leaves 14 bits for Netid and 16 bits for Hostid, amounting to 2^{16} - 2 = 65,534 usable IP addresses for internal network systems.

Class C

  • The first three octets are for NetId (network number), and only the last octet is for HostId.
  • The first three bits of the first octet are 110, specific to Class C, leaving 5 bits that can vary.
  • There are 21 bits for Netid, and the number of Hostid addresses is 2^8 - 2 = 254.

Class D

  • Used for multicasting.
  • The fourth bit of the first octet is zero, although the first 4 bits of this octet are 1110 and cannot be changed.

Class E

  • The first four bits are 1111.
  • Reserved for research and experimental purposes and cannot be used.
  • Can be remembered as 'Experimental'.

Classless IP Address

  • This system reduces the number of zeros used in the SubnetMask, meaning fewer addresses in the network.
  • Instead of a Classfull system requiring 16 ones in the subnet mask, this method allows for a variable number, reducing the total available addresses in the network.

Classless IP Address and Subnetting

  • Subnetting: manipulating the sequence of ones and zeros in the SubnetMask to create smaller address ranges.

  • Example: An administrator of a two-story building is given the range 192.168.10.0 /24 and must allocate an independent Net-ID to each floor.

  • Original SubnetMask: 11111111.11111111.11111111.00000000

  • By changing one zero in the fourth octet to one:

  • Modified SubnetMask: 11111111.11111111.11111111.10000000 (255.255.255.128)

  • The number of ones is increased to 25, dividing the range into two subnets because each bit has two states (zero and one).

  • The binary representation shows that the number of available addresses is reduced by 4 because each network loses two addresses for id-Net and Broadcast.

  • Adding another bit would create 4 networks, losing 8 addresses, but provides smaller network segments with fewer addresses.

Variable Length Subnet Mask (VLSM)

  • Internet service providers may need to allocate IP subnets of different sizes based on customer needs.
  • One customer may need 3 IP addresses from a Class C subnet, while another may request 10 IPs.
  • ISPs cannot divide IP addresses into fixed-size subnets; VLSM allows subnets to be further subnetted, minimizing IP address wastage.
  • Example: A network admin has 192.168.1.0 /24 and needs to allocate IP addresses to different departments.
  • The departments have various host requirements:
    • Sales: 100 computers
    • Purchasing: 50 computers
    • Accounting: 25 computers
    • Management: 5 computers
  • With CIDR, subnets have a fixed size, which may not meet all department requirements.

VLSM Implementation Steps

  1. Create a list of possible subnets.
  2. Sort IP requirements in descending order (highest to lowest):
    • Sales: 100
    • Purchasing: 50
    • Accounting: 25
    • Management: 5
  3. Allocate the largest number of IPs to the highest requirement:
    • Assign 192.168.1.0 /25 (255.255.255.128) to Sales.
    • This subnet provides 126 valid IP addresses, meeting Sales requirements.
    • Subnet mask: 10000000 for the last octet.
  4. Allocate the next largest range to Purchasing:
    • Assign 192.168.1.128 /26 (255.255.255.192) to Purchasing.
    • This subnet provides 62 valid IP addresses, easily accommodating all Purchasing PCs.
    • Subnet mask: 11000000 for the last octet.
  5. Allocate the next largest range to Accounting:
    • The requirement of 25 IPs can be met with subnet 192.168.1.192 /27 (255.255.255.224), which includes 30 valid host IPs.
    • Network number for Accounting: 192.168.1.192.
    • Last octet of the subnet mask: 11100000.
  6. Allocate the highest range to Management:
    • The Management department has 5 computers.
    • The subnet 192.168.1.224 /29 with the mask 255.255.255.248 provides exactly 6 valid IP addresses.
    • Last octet of the subnet mask will include 11111000.
  • With VLSM, an administrator can subnet an IP network in a way that minimizes the wastage of IP addresses.
  • Even after allocating IPs to each department, the administrator still has a large number of IP addresses remaining, which is not possible with CIDR.

Network Address Translation (NAT)

  • NAT (Network Address Translation) is mainly for private addressing.
  • Originally a temporary solution for IP exhaustion, it allows organizations to create private IPv4 addresses on their LANs while still communicating correctly with the internet.
  • NAT enables the creation of private IPv4 addresses on local area networks, allowing internal devices to communicate with the Internet.

Internet Control Message Protocol(ICMP)

  • Used for error checking in computers, routers, and hosts, verifying signal presence, and generally checking the communication status between routers and servers.

Address Resolution Protocol (ARP)

  • The task of ARP is to find the MAC layer 2 address that is linked to a certain IP.
  • It transforms a layer 3 address to a layer 2 address.
  • Layer 2: data link layer
  • MAC address: 48 bit hardware identifiers.

Reverse Address Resolution Protocol (RARP)

  • The protocol’s function is the other way as compared to ARP

IP Security (IPsec)

  • Set of protocols for secure information exchange at the IP layer.
  • Used for authentication, confidentiality, integrity, and key management for networks operating at Layer 3.
  • Common in VPN technologies.
  • Provides network-level security by managing keys.
  • Sender and receiver share a public key and use it for secure data transmision.
  • Key management lets the receiving side get a public key and recognize a digital signature.

IPSec Protocols

  • Tunnel Mode: IP packets are completely encrypted and encapsulated within a new IP packet with an IPSec header. Used to create secure tunnels between two networks.
  • Transport Mode: Only the payload of the IP packet is encrypted, and the IPSec header is added to it. Used to set up an encrypted connection between two hosts.
  • Authentication Header (AH): and Encapsulating Security Payload (ESP) can be used seperately or together. When they are put together, AH is applied prior to ESP and ensures the data isnt modified. After that ESP is used to encrypt the data.

Open Shortest Path First (OSPF)

  • A link-state routing protocol that manages traffic for the IP protocol.
  • Has multiple versions, but version 2 is the most widely used.
  • Unlike proprietary protocols, OSPF is fully comprehensive and independent of any brand; nearly all routers support it.
  • Uses Dijkstra's Shortest Path First (SPF) algorithm to prevent routing loops in network topologies, creating a loop-free network.

Open Shortest Path First (OSPF) Features

  • Fast convergence and incremental updates using Link State Advertisements (LSAs).
  • A classless protocol that allows easy use of VLSM and Route Summarization for hierarchical network design.

Open Shortest Path First (OSPF) Disadvantages

  • Requires more RAM to maintain lists of OSPF neighbors, a topology database of all routers and routes, and the router's routing table.
  • Needs more CPU power to run the SPF algorithm, making it a complex protocol.

Open Shortest Path First (OSPF) Concepts

  1. Autonomous System
  2. Area
  • Areas create a hierarchical routing structure, defining how routing information is shared.
  • OSPF has two hierarchy layers: the backbone or Area 0, and non-backbone areas ranging from 1 to 65535.
  • Areas allow for route summarization, compacting routing tables.
  • All areas connect to Area 0, with all routers in this area using a consistent topology.

Open Shortest Path First (OSPF) Configuration Items

  • Router ID: Each router needs a unique Router ID for identification within the OSPF topology.
  • Loopback Interface: A virtual interface on the router, which can be created and assigned an IP address. It acts as a real physical interface.
  • Area Border Router (ABR): A router that connects one or more OSPF areas to the backbone network. It’s a member connected to all areas.
  • Internal Router: A router having an OSPF relationship with other routers in the same area.
  • Backbone Router: An integral part of the OSPF backbone, including all ABRs and routers connected to different areas.
  • Designated Router (DR) and Backup Designated Router (BDR): The DR is an interface router elected as the selected router in a network segment.
  • The BDR is a backup for the DR. DRs reduce network traffic by defining specific routes for routing updates. The DR is responsible for maintaining the complete network topology table with all updates and sends this information in multicast format to other routers in the area. All routers in an area use DRs to create a master/slave relationship.

Border Gateway Protocol (BGP)

  • A routing protocol used for routing at the internet level, between service providers, etc. Most enterprises use an IGP internally and BGP for external communications.
  • Designed to handle very large networks.
  • Allows routing based on policies in place, rather than the metric.

Learning, Selection, and Convergence

  • learning routes, choosing the right path (when there are multiple ways to get to the destination, the route should select the right option), and merging routes.IGP focuses on new subnet routes and uses metrics to choose the optimal route.

Advertising Routes

  • BGP starts with a router knowing information about one or more networks, then uses a BGP message protocol (BGP) to share route information with another router and exchange the routes based on the update from the BGP packet

  • advertise routes to routers in other organizations, while IGPs are defined for routers within the same company.
    BGP can be used to advertise a company’s IPv4 public prefix to their local ISP .With BGP – ASNNumber is a key and very important hint!

  • Internal (ibgp = internal BGP)

  • External (ebgp = external BGP) : in it’s simplest form eBGP is used for implementation between asns, while iBGP is used for in asns,

  • Transmision modes in Edge Design BGP is checked in Multihomed (there may be over 2 states!

Multiprotocol Label Switching (MPLS)

  • An advanced routing technology designed to improve the performance of wide area networks (WANs).
  • Instead of using IP addresses, uses numerical labels for routing data.

Architecture of Multiprotocol Label Switching (MPLS)

  • Label Edge Router (LER): The first router in the MPLS network, assigning labels to incoming packets.
  • Label Switching Router (LSR): Internal routers that forward packets based on MPLS labels without needing to check the IP routing table.
  • Label Distribution Protocol (LDP): Manages MPLS label distribution between routers.
  • Forwarding Equivalence Class (FEC): A group of packets routed based on the same criteria, assigned the same label.

Functioning of Multiprotocol Label Switching (MPLS)

  1. When a packet enters an MPLS network, the LER assigns a numeric label.
  2. The packet is forwarded through predetermined paths (Label Switched Path - LSP).
  3. Intermediate LSRs read the MPLS label and forward the packet faster without checking the IP address.
  4. The exit LER removes the MPLS label and sends the packet to its final destination.

Multiprotocol Label Switching (MPLS) Advantages

  • Reduced routing latency through label-based packet forwarding.
  • Improved security and reliability compared to the public internet.
  • Quality of Service (QoS) capabilities to optimize performance for latency-sensitive applications like VoIP and video conferencing.

Software-Defined Wide Area Network (SD-WAN)

  • An innovative technology that manages wide area networks via software.
  • Unlike MPLS, which requires dedicated routes, SD-WAN uses multiple communication paths (such as internet, MPLS, LTE, etc.) to optimize data transfer.

Software-Defined Wide Area Network (SD-WAN) Architecture

  • SD-WAN Edge Devices: Boundary devices that steer data within the network.
  • SD-WAN Controller: A central controller that identifies optimal routes and manages security policies.
  • Overlay Network: A virtual network that guides data over various physical paths.

Software-Defined Wide Area Network (SD-WAN) Operation

  1. The SD-WAN controller identifies the best path for each type of traffic. For example, video conferencing may use public internet, while sensitive data is sent over MPLS.
  2. Data is dynamically distributed over multiple WAN links to optimize bandwidth usage.
  3. If a path fails, SD-WAN automatically reroutes traffic to another path (Failover).

Comparison Chart: Multiprotocol Label Switching (MPLS) vs. Software-Defined Wide Area Network (SD-WAN)

FeatureMultiprotocol Label Switching (MPLS)Software-Defined Wide Area Network (SD-WAN)
CostHighLower
SecurityMediumHigh (Internal Encryption)
FlexibilityLowHigh
Route ManagementStaticDynamic

IPv6

  • IPv6 was developed to overcome the limitations of its previous version, IPv4, with the primary goal of preventing address saturation.
  • Developed to prevent exhaustion of IP addresses of the latest version IPv4.
  • The 128-bit IPv6 addressing system is designed to accommodate diverse arrays of devices.
  • Features
    • Easy and automatic configuration
    • Broad addressing and high scalability
    • Simple and efficient heading structure
    • No need for NAT
    • Advanced security with IPsec
    • Can transfer mechanism from IPv4 to IPv6

Advantage of IPv6

  • Ability to extend addressing, which allows greater and easier connection.
    Increased efficiency: the heading in IPv6 has a simpler structure and allows improved packet processing. Provides better network performance with its higher bandwidth.

  • automatic configuration. Devices can automatically generate IP addresses, making it easier to operate a network.

  • Advanced Security: Including IPsec as a common setting delivers built-in security and authentication.

  • 6Ipv has enhanced IPsec setting for end-to-end encryption.

  • Transfer mechanism, which make transfer easier.

Disadvantages of IPv6

  • Curve Learning: Presenting new addressing and format concepts can be challenging to understand.
  • Compatibility: 6Ipv Is similar and not fully backward compatible with old IPv4 protocols.

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

  • TCP is connection based for accurate data exchange, while UDP puts most of its emphasis on speed

The way TCP operates

  • TCP Flow Conttol ensures the receiver gets data fast. Also TCP controls congestion to give better speed if there is network congestions
  • TCP has Acknowledgement (ACK)that has the data being verified to make sure the data is accurate and send to receivers. Also delivers data with maximum security.

TCP performance

  • The Client has a ( SYN ) for data transmission, and server replies with the AcK SYN . To finalize, the CLient sends and Ack for transmissions.
  • Data Tranfers are sent in the right order, and once confirmed, the receiver send Ack,s.
  • Connections Ends as Ack sends to a party through Fin

Architectural Performance with UDP

  • UDP can transmit data quickly without creating an connection.

Functions of UDP

  1. data is sent directly to the destination without connecting to anything first, that is also no need to connect.
  2. The device gets the data, but if its lost the sender won’t re-send and still function with better speed.
  • The method increase data transfer speed, but will not guarantee data delivery.

Comparison Between UDP and TCP

featureUDPTCP
connectionNoYes
Control CongestionNoYes
Data DeliverNoYes
Transmission SpeedHighLow
Is Best ForVoipWebs

HTTP AND HTTPS protocols difference

  • In the manner of a sealed and open letter. It provides data transfer between different systems.

  • https is https:// is a web address that says websites create safe or encrypted for your activity There is no point of access for a third-party who gets between an user and the website.

  • To use the https protocol, you need an SSL certificate

TSL Versus SSL difference

  1. The main difference is that SSL (secure socket layer) is the predecessor of Transport Layer Security(TLS).
  2. SSL protocols are old and have security gaps, therefore, can not be used
  3. TSL Can work with any port, therefore it has better flexibility
  4. Websites or applications that use it must have a TSL installed server system

TSL Handshake Protocol

  • Starts between web and user browser as they connect. TSL Handshake are a communication connection
    That establish setting to occur. The purpose are: The handshake negotiates encryption algorithms and verifies the server’s identity. The handshake is a vital portion for securing website transactions and overall security.

Follow the Steps to Activate TSL Protocol

  1. purchase a certificate.
  2. Install your servers’ web, etc.
  3. Set up your web.
  4. Check security setting
  5. Validate and test.

The WEB Service Description

  • Web offerings are programs that provide records to XML that use the world huge net. Can consist of programs, gadgets, messages or XML documents.
  • All communique is encoded to a web offerings for conversation for instance: XML calls on web offerings to wait on XML.
  • In the same manner, all conversation is in XML and net offerings aren't associated with any gadget, working system or programming system (java/perl)
  • web offerings is a device device to communicate between in process in machine.
  • a fixed of standards ot trade data is referred as web offerings.

The WEB access on The Internet

  • A message for an XML can be exchange through networks privately and are non depended on the internet. Web offerings may be built on Java HTML, and XML and protocols to communicate each other properly.
  • To fully understand, take a look at the shape offered:Types of internet offerings there are kinds such as

The First Type of Web Services: SOAD and Simple Object Access Protocol.

  • It’s An XML that exchange information. The information has the process and protocols to interact each other to make communication happen.
  • Messages: the method and the protocols for making connection to web systems happen for offerings.

The second Type: Restful, Transfer state representational

  • Transfer State Representational only gives the directions and architectural system to process from start to finish.

The Web server Description

The Most popular and well known. They work as systems or a free running source that has no access fee's. They all include the Apache HTTP that were all licensed for 2 sources that will be available next to the list:

  1. The Appache Http Server. Has over 31 users and they all run on HA panel.
  2. Nginx 2004 - this is the goal and this particular web server has limited operation function/ performance.
  3. Garrett Owen: The manager of the projects to fix the function of what Apache has.
  4. They can be used together on the same web and that it runs apache while also providing 50% faster server function. Its a scaler and run 2 version of license or access to what they can.

Nginx Plus Benefits

  • 5 servers from basic version.
  • If optimized and completed, it preforms 50% function for a traffic load.
  • Linkedln, adobe, Xerox, and Facebook are examples that use nginx.

Lighttpd

  • Designed and has basic rate and the program runs with speed of almost 1 MgB. They work for PHP python which works with languages easily.
  • It is available to window systems.
  • This can be operated by many and provides simple popular easy access function for support. Has point’1 capacity for internet usage.

LiteSpeed web

  • They create protection, optimization , and pace.
  • They are alternate brands, and they have a 12 per cent rate higher.
  • Low cost to operate, that are used over c panel and also has easy file loading to provide better operating function.
  • Ranges from all codes and is certified for codes as well.

caddy

  • Written in code go and program for applications with HTTPS support of codes being 6 IPv that provides for fast functions.
  • Has point’1 per cent for market access.

Apache Tomcat

  • Runs Java apps and good for developers based java.
  • For making it a Java service that enables expansion is has the capacity by a website code.
  • The Web is not able to operate because is un advanced that is not good to operate the apache and nginx

Microsolf IIS

  • Microsolf has released for windows system that has basic speed it does not have good operation speed making other speed to be the top popular than it used to be.

Nodejs

  • js code set that work the server and its connected through module which offers expansion on code system.
  • The node also give support 0.2 percent for operation.

CND Information

  • CND - one of many excellent Site access is used to control site/traffic for offerings and improve the volume of your internet site.

  • Content Delivery Network (CDN) allows you to extend the speed and display for any site.

. Definition With CDN

  • (CDN) is a huge and expanded server throughout the world and can provide volume/wide bandwidth to assist through a web.

  • Sites use their personal data to stay through a server and can hand all codes,data switch over rate,eCt and volume. CDN can hand code system for information.

Conclusion

  • CDN transfers and works for quick access that gives a data and transmission process to provide function.