Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Revised August 2013.

Published byShania Garwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 9 Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Revised August 2013."— Presentation transcript:

1 Chapter 9 Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Revised August 2013

2 Chapter (s)CoverageLayers 1–41–4Core concepts and principlesAll 5Single switched networks1–21–2 6–76–7Single wireless networks1–21–2 8–98–9Internets3–43–4 10Wide Area Networks1-4 11Applications5 © 2013 Pearson 2

3  Chapter 8 ◦ Major TCP/IP standards ◦ Router operation  Chapter 9 ◦ Managing Internets ◦ Securing Internets © 2013 Pearson 3

4 IP Subnetting Network Address Translation (NAT)DNS and DHCPSNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 4

5  Companies are given host parts by their ISP or an Internet number authority.  They divide the remaining bits between a subnet part and a host part.  Larger subnet parts mean more subnets, but this results in smaller host parts, which means fewer hosts per subnet.  The reverse is also true. © 2013 Pearson 5

6  If a part has N bits, it can represent 2 N - 2 subnets or hosts per subnet. ◦ 2 N because if you have N bits, you can represent 2 N possibilities. ◦ Minus 2 is because you cannot have a part that is all zeros or all ones. © 2013 Pearson 6 Part Size (bits) 2N2N 2 N -2 42 4 = 1616-2 = 14 8?? 124,0964,094 65,53665,53416 10??

7 © 2013 Pearson 7 DescriptionStep 32 Total size of IP address (bits) 1 Size of network part assigned to firm (bits) 216 Remaining bits for firm to assign 316 Selected subnet/host part sizes (bits) 48 / 8 Number of possible subnets (2 N - 2) 254 (2 8 - 2) Number of possible hosts per subnet (2 N - 2) 254 (2 8 - 2) By definition Assigned to the firm Bits for the firm to assign The firm’s decision

8 © 2013 Pearson 8 DescriptionStep 32 Total size of IP address (bits) 1 Size of network part assigned to firm (bits) 216 Remaining bits for firm to assign 316 Selected subnet/host part sizes (bits) 46/10 Number of possible subnets (2 N - 2) 62 (2 6 - 2) Number of possible hosts per subnet (2 N - 2) 1,022 (2 10 - 2) By definition Assigned to the firm Bits for the firm to assign The firm’s decision

9 © 2013 Pearson 9 DescriptionStep 32 Total size of IP address (bits) 1 Size of network part assigned to firm (bits) 28 Remaining bits for firm to assign 324 Selected subnet/host part sizes (bits) 412/12 Number of possible subnets (2 N - 2) 4,094 (2 12 - 2) Number of possible hosts per subnet (2 N - 2) 4,094 (2 12 - 2) By definition Assigned to the firm Bits for the firm to assign The firm’s decision

10 © 2013 Pearson 10 DescriptionStep 32 Total size of IP address (bits) 1 Size of network part assigned to firm (bits) 28 Remaining bits for firm to assign 324 Selected subnet/host part sizes (bits) 48/16 Number of possible subnets (2 N - 2) 254 (2 8 - 2) Number of possible hosts per subnet (2 N - 2) 65,534 (2 16 - 2) By definition Assigned to the firm Bits for the firm to assign The firm’s decision

11 © 2013 Pearson 11 DescriptionStep Size of network part assigned to firm (bits) 220 Remaining bits for firm to assign 312 Host part size (bits)4? Number of possible subnets (2 N - 2) ? Number of possible hosts per subnet (2 N - 2) ? Selected subnet part size (bits) Added4 Exercise Size of IP address232

12 © 2013 Pearson 12 DescriptionStep Size of network part assigned to firm (bits) 220 Remaining bits for firm to assign 312 Host part size (bits)4? Number of possible subnets (2 N - 2) ? Number of possible hosts per subnet (2 N - 2) ? Selected subnet part size (bits) Added6 Exercise Size of IP address232

13 IP Subnetting Network Address Translation (NAT) DNS and DHCPSNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 13

14  NAT ◦ Sends false external source IP addresses and port numbers that are different from internal source IP addresses and port numbers. ◦ For security purposes. ◦ To have many more internal IP addresses than your ISP gives you external IP addresses. © 2013 Pearson 14

15 © 2013 Pearson 15 NAT Firewall puts the real source IP address and port number in the table.

16 © 2013 Pearson 16 NAT Firewall replaces the source IP address and port number of the packet with a false source IP address and port number. Adds to table. NAT Firewall replaces the source IP address and port number of the packet with a false source IP address and port number. Adds to table.

17 © 2013 Pearson 17 NAT Firewall reverses the process for incoming packets.

18  NAT is Transparent to Internal and External Hosts. ◦ The NAT firewall does all the work. ◦ Neither host knows that NAT is taking place. ◦ So there is no need to modify how hosts work. © 2013 Pearson 18

19  Security Reasons for Using NAT ◦ External attackers can put sniffers outside the corporation. ◦ Sniffers read IP addresses and port numbers. ◦ Attackers can send attacks to these addresses and port numbers. ◦ With NAT, attackers learn only false external IP addresses. Cannot use this information to attack internal hosts. © 2013 Pearson 19

20  Expanding the Number of Available IP Addresses ◦ Companies may receive a limited number of IP addresses from their ISPs. ◦ There are roughly 4,000 possible ephemeral port numbers for each client IP address. ◦ So for each IP address, there can be up to about 4,000 external connections. ◦ If a firm is given 248 IP addresses, there can be roughly one million external connections. © 2013 Pearson 20

21  Expanding the Number of Available IP Addresses ◦ If each internal device averages several simultaneous external connections, each one will require a different port number. ◦ However, there should not be a problem with this many possible external IP addresses and port numbers. © 2013 Pearson 21

22  Companies often use private IP addresses internally.  These can be used only within companies— never on the Internet.  There are three Private IP address ranges. ◦ 10.x.x.x ◦ 172.16.x.x through 172.31.x.x ◦ 192.168.x.x (most popular) © 2013 Pearson 22

23  There Are Protocol Problems Caused by NAT ◦ IPsec, VoIP, and other applications have a difficult time with NAT firewall traversal. ◦ They must know the real IP address and port number of the host on the other side of the NAT firewall. ◦ There are NAT firewall traversal techniques, but they must be managed carefully. © 2013 Pearson 23

24 IP SubnettingNetwork Address Translation (NAT) DNS and DHCP SNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 24

25 © 2013 Pearson 25

26 © 2013 Pearson 26 Originating host needs the IP address of host dakine.pukanui.com. Asks its local DNS server at Hawaii.edu. Originating host needs the IP address of host dakine.pukanui.com. Asks its local DNS server at Hawaii.edu.

27 © 2013 Pearson 27

28 © 2013 Pearson 28 Sends response to local DNS server, not the client host.

29 © 2013 Pearson 29 Note that the local DNS server always sends back the response message.

30 © 2013 Pearson 30 The DNS really is a general naming system for the Internet. A domain is a set of resources under the control of an organization. There is a hierarchy of domains. The DNS really is a general naming system for the Internet. A domain is a set of resources under the control of an organization. There is a hierarchy of domains.

31 © 2013 Pearson 31 The root is all domains. There are 13 DNS root servers. The root is all domains. There are 13 DNS root servers.

32 © 2013 Pearson 32 There are two kinds of top-level domains. Generic top-level domains indicate organization type (.com,.edu,.gov, etc.). Country top-level domains are specific to a country (.UK,.CA,.CH, etc.). There are two kinds of top-level domains. Generic top-level domains indicate organization type (.com,.edu,.gov, etc.). Country top-level domains are specific to a country (.UK,.CA,.CH, etc.).

33  Traditionally, generic top-level domains were strongly limited in number.  There have been a few additions over the year, such as.museum,.name, and.co.  As of 2013, any individual or company can propose to administer a generic top-level domain. © 2013 Pearson 33

34 © 2013 Pearson 34 Companies want second-level domain names. (Microsoft.com, apple.com, panko.com, etc.). Competition for these names is fierce. Companies want second-level domain names. (Microsoft.com, apple.com, panko.com, etc.). Competition for these names is fierce.

35 © 2013 Pearson 35 Most companies divide their organizations into subdomains or subnets.

36 © 2013 Pearson 36 At the bottom of the hierarchy are individual hosts.

37 © 2013 Pearson 37

38 © 2013 Pearson 38

39 © 2013 Pearson 39

40 © 2013 Pearson 40

41  Typical configuration information: ◦ IP address for the DHCP client to use ◦ The subnet mask for the client’s subnets ◦ The IP address of the client’s default router ◦ The IP addresses of the firm’s multiple DNS servers © 2013 Pearson 41

42  The two are often confused because both give a client PC an IP address. ◦ DHCP gives a client PC its own dynamic IP address. ◦ DNS gives a client PC the IP address of a host the client wishes to send packets to. © 2013 Pearson 42

43 IP SubnettingNetwork Address Translation (NAT)DNS and DHCP SNMP Multiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 43

44  Core Elements (from Chapter 4) ◦ Manager program ◦ Managed device ◦ Agents (communicate with the manager on behalf of the managed device) © 2013 Pearson 44 Managed Devices Agents Manager

45  Core Elements (from Chapter 4) ◦ Management information base (MIB). ◦ Stores the retrieved information. ◦ “MIB” can refer to either the database on the manager or to the database schema. © 2013 Pearson 45 Manager MIB

46  Messages ◦ Commands (sent by a manager to an agent)  Get (to get information from the agent)  Set (to tell the agent to change how the managed devices is operating) ◦ Responses (sent from agent to manager) © 2013 Pearson 46 Get or Set Command Response

47  Messages ◦ Traps (alarms sent by agents). ◦ SNMP uses UDP at the transport layer to minimize the burden on the network. © 2013 Pearson 47 Trap

48  Set Commands ◦ Dangerous if used by attackers. ◦ Many firms disable Set to thwart such attacks. ◦ However, they give up the ability to manage remote resources without travel. ◦ SNMPv1: community string shared by the manager and all devices (poor). ◦ SNMPv3: each manager–agent pair has a different password (good). © 2013 Pearson 48

49  Objects (Figure 9-8) ◦ Specific pieces of information ◦ Number of rows in the routing table ◦ Number of discards caused by lack of resources (indicates a need for an upgrade) © 2013 Pearson 49 Objects are NOT managed devices! Objects are specific pieces of data about a managed device. Objects are NOT managed devices! Objects are specific pieces of data about a managed device.

50  Categories of Objects ◦ System objects (one set per managed device)  System name  System description  System contact person  System uptime (since last reboot) © 2013 Pearson 50

51  Categories of Objects ◦ IP objects (one set per managed device)  Forwarding (for routers), Yes if forwarding (routing), No if not  Cause of resource limitations  Number of rows in routing table  Rows discarded because of lack of space  Individual row data © 2013 Pearson 51

52  Categories of Objects ◦ TCP objects (one set per managed device)  Retransmission time  Maximum number of TCP connections allowed  Opens/failed connections/resets  Segments sent  Segments retransmitted  Errors in incoming segments  Data on individual connections (sockets, states) © 2013 Pearson 52

53  Categories of Objects ◦ UDP objects (one set per host)  Traffic statistics ◦ ICMP objects (one set per host)  Number of ICMP errors of various types © 2013 Pearson 53

54  Categories of Objects ◦ One set per managed device:  System  IP  TCP  UDP  ICMP  Interface objects: one set per interface (port) © 2013 Pearson 54

55  Categories of Objects ◦ Interface objects (one set per interface)  Type (e.g., 69 is 100Base-FX; 71 is 802.11)  Status: up/down/testing  Speed  Errors: discards, unknown protocols, and so on © 2013 Pearson 55

56  SNMP Manager program collects data. ◦ Places it in the MIB.  Visualization Program. ◦ The administrator’s interface to the MIB. ◦ Helps the administrator visualize patterns in the MIB data. ◦ Can order the SNMP Manager to collect certain data or to send set commands to change the configurations of managed devices. © 2013 Pearson 56

57  User Functionality ◦ Reports, diagnostics tools, and so on, are very important. ◦ They are not built into the standard. ◦ They are added by network visualization program vendors. ◦ Critical in selection of a network management vendor. © 2013 Pearson 57

58 IP SubnettingNetwork Address Translation (NAT)DNS and DHCPSNMP Multiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 58

59  Routers route each packet individually, going through the three steps we saw in the last chapter. ◦ Even if the next packet is going to the same destination IP address, the router will go through all three steps. ◦ This consumes a great deal of processing power per packet. ◦ This makes traditional routing expensive. © 2013 Pearson 59

60  MPLS addresses this issue. ◦ Routers identify the best route for a range of IP addresses before sending data. ◦ That route is given a label number. ◦ Each packet in a stream gets a label with this label number. ◦ Routers do only a quick table lookup per packet. ◦ Table lookups require little processing power. ◦ So multiprotocol label switching is much less expensive than traditional routing. © 2013 Pearson 60

61 © 2013 Pearson 61

62 © 2013 Pearson 62 Label Number is 123

63  Label sits between the frame header and the IP packet header. © 2013 Pearson 63 IP Packet Header MPLS LabelFrame Header

64 © 2013 Pearson 64 Router 3 sends the packet out through Interface 1

65 © 2013 Pearson 65

66 © 2013 Pearson 66

67  Implementing MPLS is difficult.  Many individual ISPs and corporations do it.  Some individual ISPs have “peering” arrangements with other individual ISPs to do it.  There is no general way to move MPLS out to all ISPs and organizations. © 2013 Pearson 67

68 IP SubnettingNetwork Address Translation (NAT)DNS and DHCPSNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 68

69  Security was not addressed in the initial design of TCP/IP.  Jon Postel, who edited the main Internet RFCs, explained to the first author, “It just wasn’t a problem then, and we were stretched thin.”  Today, firms are adding security to their transmissions through IPsec VPNs. © 2013 Pearson 69

70  A virtual private network (VPN) is a cryptographically secured transmission path through an untrusted environment. ◦ The Internet ◦ A wireless network ◦ Communication in a foreign country  Like having your own private network in terms of security. ◦ However, not a real private network. © 2013 Pearson 70

71 © 2013 Pearson 71

72 © 2013 Pearson 72 There are two types of VPN: Remote access VPNs connect a remote user to a corporate site. The user connects to a VPN gateway at the site. There are two types of VPN: Remote access VPNs connect a remote user to a corporate site. The user connects to a VPN gateway at the site.

73 © 2013 Pearson 73 There are two types of VPNs: Site-to-site VPNs protect all traffic traveling between two sites. Each site has a gateway to encrypt outgoing traffic and decrypt incoming traffic. There are two types of VPNs: Site-to-site VPNs protect all traffic traveling between two sites. Each site has a gateway to encrypt outgoing traffic and decrypt incoming traffic.

74  IPsec has two modes (ways) of operating: ◦ Transport mode ◦ Tunnel mode  Each mode has strengths and weaknesses.  Selecting an IPsec mode option is very important to security. © 2013 Pearson 74

75 © 2013 Pearson 75 In transport mode, IPsec provides protection over the Internet and also over site networks between the hosts.

76 © 2013 Pearson 76 Transport mode requires a digital certificate and configuration work on each host. This is expensive.

77 © 2013 Pearson 77 In tunnel mode, IPsec only provides protection over the Dangerous Internet—not within site networks.

78 © 2013 Pearson 78 Only the two IPsec gateways need digital certificates and configuration work.

79 CriterionTransport ModeTunnel Mode SecurityBetter because it provides host-to- host protection. But firewalls cannot read encrypted traffic. Not as good because it only provides security over the Internet or another trusted network (a wireless network, etc.). CostHigher because of configuration work on each host. Lower because IPsec operates only on the IPsec gateway. © 2013 Pearson 79

80 © 2013 Pearson 80

81 © 2013 Pearson 81

82 82 © 2013 Pearson

83  Purpose ◦ To provide a secure connection between a client browser and a webserver application on a webserver host ◦ Use is indicated by https:// in the URL ◦ Very widely used © 2013 Pearson 83

84  Origin ◦ Created by Netscape as SSL. ◦ IETF took over the standard. ◦ IETF changed the standard’s name to Transport Layer Security (TLS). ◦ We refer to the standard, generically, as SSL/TLS. © 2013 Pearson 84

85  Attraction of SSL/TLS ◦ Universally supported by browsers and webserver applications. ◦ So no added cost on the client to use it! ◦ No extra software on the server is needed, but SSL/TLS must be configured, which usually is simple. © 2013 Pearson 85

86  Limitations of SSL/TLS ◦ Operates at transport layer so no protection for IP or transport headers ◦ Limited to applications written to work with SSL/TLS: HTTP and e-mail, primarily ◦ Cryptographically weaker than IPsec  Has been partially cracked ◦ No policy servers for centralized management © 2013 Pearson 86

87  Overall ◦ Decent quality, cheap, and easy security ◦ Limited in how it can be used and managed  Comparison with IPsec ◦ IPsec is more complex and so more expensive. ◦ Can be used for all types of VPNs. ◦ Can be managed well. ◦ Gold standard in TCP/IP security. © 2013 Pearson 87

88 IP SubnettingNetwork Address Translation (NAT)DNS and DHCPSNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 88

89  Transition from IPv4 to IPv6  IPv6 subnetting  IPv6 configuration  Other IPv6 standards ◦ ICMPv6 ◦ Extending DNS ◦ Replacing the Address Resolution Protocol © 2013 Pearson 89

90  Must transition all clients, routers, firewalls, and so on  The IETF’s plan ◦ No backward compatibility ◦ Instead, add both IPv4 and IPv6 protocol stacks at the internet layer to all new devices ◦ As soon as most devices have IPv6 protocol stacks, configure the devices and add IPv6 support to IPv4 support ◦ Eventually, turn off IPv4 support © 2013 Pearson 90

91  Problems and reactions ◦ IPv6 offered few benefits, so most companies ignored IPv6. ◦ The shortage of IPv4 addresses was handled (intelligently) through NAT. ◦ But now, IPv4 addresses are gone. ◦ Now some clients, such as mobile phones, only have IPv6 stacks at the protocol layer. ◦ To serve them, companies are rushing to turn on and configure IPv6 support. © 2013 Pearson 91

92  Must deal with global IPv6 unicast addresses ◦ Like public IPv6 addresses ◦ Have 3 parts but different names © 2013 Pearson 92 IPv6 Address PartCorresponding IPv4 Address Part Length of IPv6 part Routing PrefixNetwork PartVariable Subnet IDSubnet PartVariable Interface IDHost Part64 bits Total32 bits128 bits

93 © 2013 Pearson 93 Global Routing Prefix (network part in IPv4) Subnet ID (subnet part in IPv4) Interface ID (host part in IPv4)

94 © 2013 Pearson 94 Global Routing Prefix (network part in IPv4) Subnet ID (subnet part in IPv4) Interface ID (host part in IPv4) (Almost) Always 64 bits Interface ID is not of variable length like IPv4 host parts. “Waste” 64 bits, but have plenty to lose.

95 © 2013 Pearson 95 Global Routing Prefix (network part in IPv4) Subnet ID (subnet part in IPv4 Interface ID (host part in IPv4) (Almost) Always 64 bits m bits n bits 64 bits m + n = 64

96  An IP address registrar gives you a 32-bit global routing prefix.  How long is your subnet ID?  How many subnets can you have (approximately)?  Many companies have a two-layer hierarchy of subnets, using some bits for the main subnet and remaining bits for sub-subnets. © 2013 Pearson 96

97  Modified 64-bit Extended Unique Identifier (EUI) Format  First, display the MAC address in hexadecimal notation (48 bits) ◦ Remove dashes ◦ Convert text to lower case © 2013 Pearson 97 AD-B1-C2-D3-E5-F5 adb1c2d3e5f5

98  Second, divide the address in half  Insert fffe in the middle  This creates a 64-bit address © 2013 Pearson 98 adb1c2 fffe d3e5f5

99  Third, in the second nibble (d) (1101)  Invert the second bit from the right (1111) (f)  This is called Modified 64-bit EUI © 2013 Pearson 99 adb1c2fffed3e5f5 afb1c2fffed3e5f5

100  1. Begin with MAC in hexadecimal notation  2. Divide the 48 bits into 2 halves of 24 bits  3. Insert fffe between the two halves  4. Place into four-hex groups separated by colons  5. Flip the second-least significant bit in the first octet © 2013 Pearson 100

101  Hosts must be configured with IP addresses  IPv4 uses DHCP  IPv6 offers two configuration mechanisms ◦ DHCPv6 (very similar to IPv4) ◦ Stateless autoconfiguration, which does not use a DHCPv6 server ◦ Not available in IPv4 © 2013 Pearson 101

102  Stateless Autoconfiguration ◦ The client configures itself, without using a DHCPv6 server. ◦ First, the client creates a link-local IPv6 address. ◦ Second, the client creates a global unicast IPv6 address. © 2013 Pearson 102

103  Creating the Link-Local IPv6 Addresses ◦ Link-local IPv6 addresses can be used only within a single network (wireless or switched wired). ◦ If the client does not need a global IP address, the autoconfiguration process can stop here. © 2013 Pearson 103

104  Creating the Link-Local Address ◦ First create a 64-bit interface ID using the MAC address of the client. ◦ Add a routing prefix 111 1110 10 followed by 56 bits of zeroes. ◦ This is the link-local IP address: fe80::x, where x is the octets of the EUI-64. © 2013 Pearson 104

105  Testing the Link-Local Address ◦ Another host may be using this address. ◦ So the client uses the ICMPv6 neighbor discovery protocol to ask if any other host in the single network is using this address. ◦ If none reply, the client may use this address within its single network. © 2013 Pearson 105

106  Creating the Global Unicast IPv6 Address ◦ Needed for communication over the Internet. ◦ Begin with the link-local address. ◦ Keep the interface ID but get a new routing prefix and subnet ID. ◦ Client sends an ICMPv6 router solicitation message to the address FFF02::1, which all routers listen for. © 2013 Pearson 106

107  Creating the Global Unicast IPv6 Address ◦ Routers respond with IPv6 router advertisement messages. ◦ The router advertisement message may state that autoconfiguration is not allowed. ◦ If this is not the case, the message gives the routing prefix and subnet ID. ◦ The client now has a global unicast IPv6 address. © 2013 Pearson 107

108  Limits ◦ More limited than traditional DHCP autoconfiguration. ◦ At a minimum, router advertisement messages give only a routing prefix and subnet ID. ◦ Of course, the packet containing the router advertisement message gives the IPv6 address of the router, which becomes the default router. © 2013 Pearson 108

109  Uses ◦ How can a client get other IPv6 configuration information? ◦ If a client is a dual-stack client, the IPv4 stack can obtain full configuration information, which the IPv6 stack can use. © 2013 Pearson 109

110  Uses ◦ If the client is not a dual-stack client, it needs at least one more piece of configuration information—the IPv6 addresses of DNS servers. ◦ The IETF has extended router advertisement messages to provide the IPv6 addresses of DNS servers. ◦ However, this is only an option. © 2013 Pearson 110

111  Known Security Weaknesses ◦ An attacker might create an address that does not use its proper EUI-64. ◦ An attacker may create an address that uses the EUI-64 of another host to impersonate it. ◦ Several operations can be used to create flooding denial-of-service attacks. © 2013 Pearson 111

112  IPv6 Address Renumbering ◦ Stateless autoconfiguration may be used to renumber all IP addresses in a firm automatically, changing subnet IDs and even routing prefixes. © 2013 Pearson 112

113  ICMPv6 ◦ Many new types were created for neighbor discovery, stateless autoconfiguration, and so on. © 2013 Pearson 113

114  Domain Name System (DNS) ◦ The DNS information for a host is contained in several records. ◦ DNS A Record. The A record contains the IPv4 address for the target host. ◦ DNS AAAA Record. For IPv6 addresses, a new address record had to be added.  IPv6 addresses are four times as long as IPv4 addresses, so the added record is called the AAAA record. © 2013 Pearson 114

115  Address Resolution Protocol (ARP) Messages ◦ In IPv6, handled by the ICMP neighbor discovery protocol, which has two message types. ◦ Neighbor solicitation messages ask host to respond. ◦ Neighbor advertisement messages give the host’s data link address. ◦ There is no ARPv6. © 2013 Pearson 115

116 IP SubnettingNetwork Address Translation (NAT)DNS and DHCPSNMPMultiprotocol Label Switching Securing Internet Transmission IPv6 Management © 2013 Pearson 116 Where We’ve Been

117 Chs.TitleLayers 1-4Core ConceptsAll 5-7Single Networks1 and 2 8-9Internets3 and 4 10Wide Area Networks1-4 11Networked Applications 5 © 2013 Pearson 117

118 118 © 2013 Pearson

Download ppt "Chapter 9 Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Revised August 2013."

Similar presentations

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 26 IPv6 Addressing.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Module 4: Configuring Network Connectivity

Module 4: Configuring Network Connectivity
Understanding Internet Protocol

Understanding Internet Protocol
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
思科网络技术学院理事会. 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

思科网络技术学院理事会. 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Resolving IP Connectivity Issues Lesson 2. Objectives 2.

Resolving IP Connectivity Issues Lesson 2. Objectives 2.
Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.

Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 K. Salah Module 5.1: Internet Protocol TCP/IP Suite IP Addressing ARP RARP DHCP.

1 K. Salah Module 5.1: Internet Protocol TCP/IP Suite IP Addressing ARP RARP DHCP.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Introduction to TCP/IP

Introduction to TCP/IP
Subnetting.

Subnetting.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Similar presentations

Ads by Google