TCP/IP

What its all about, and How to get the best from your network

TCP/IP is actually a suite, or stack, of protocols that interconnect and work together to provide for reliable and efficient data communications across an internetwork. The major protocols of the TCP/IP suite are: Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Domain Name System (DNS) Internet Protocol (IP) Address Resolutions Protocol (ARP) File Transport Protocol (FTP) Simple Mail Transport Protocol (SMTP) Post Office Protocol (POP3) Interactive Mail Access Protocol (IMAP) Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Hypertext Transfer Protocol (HTTP) TCP/IP Utilities (PING, Telnet, IPCONFIG, ARP, and more)

A simpler way of thinking ?

Imagine the network as a postal service

The network supplies the routes to network addresses.

(e.g. The routes from one node to another, printers, servers etc), similarly to postal routes to postal addresses.
The postman then can be seen as the deliverer of data packets on the network

If there is only 1 postman to handle all deliveries in a town, say a small town and there is a lot of post to be delivered, then certain crucial effects will take place. The postman becomes overworked The postman will slow down The postal service will become congested and the post will be slow and/or delayed in reaching its destination. This scenario has the same impact on a network

From thisto This !!!..

An Office Network Layout which does not make use of Bandwidth savings

So what could we do ?
There

are many ways to make a network faster, more efficient, reliable, and safe.
look at just 2 possible solutions

Lets

Subnetting

VLANS

Subnetting Why do it ?

Increases the bandwidth available to each user:

Bandwidth is a shared entity, but each segment and its users have full use of the bandwidth available.
An example; if there are 100 users on a 100 Mbps segment, each user has an average of 1Mbps of available bandwidth. Not very much at all is it ? If this segment were broke up into 10 Subnets with 10 users on each, then every user would have an average of 10 Mbps of available bandwidth. E.g - Admin / Sales / Payroll / etc, etc

So then, finding our subnet and host requirements

Getting your subnet mask at this point is easy. Take all of your network bits, and add them up. Look at the diagram below for a visual guide.

Thats it! Youre done. We have successfully created a subnet mask that can be used on our network scenario.
Note that every computer must have the subnet mask set, in order for them to be on the same network. Also note that since we are using a class C network, the first three octets will always be 255. When Subnetting other classes, be sure to keep the network portions in mind. e.g. Class A = 255.0.0.0 Class B = 255.255.0.0 and Class C = 255.255.255.0

VLANS (Virtual Local Area Networks)

VLAN's offer a number of advantages over traditional LAN's. Performance

Formation of Virtual Workgroups

Simplified Administration Reduced Cost Security

In networks where traffic consists of a high percentage of broadcasts and multicasts, VLAN's can reduce the need to send such traffic to unnecessary destinations. For example, in a broadcast domain consisting of 10 users, if the broadcast traffic is intended only for 5 of the users, then placing those 5 users on a separate VLAN can reduce traffic

Different departments such as marketing, sales, accounting, and research are usually formed for a short period of time. During this period, communication between members of the workgroup will be high. To contain broadcasts and multicasts within the workgroup, a VLAN can easily be set up for them. With VLAN's it is easier to place members of a workgroup together. Without VLAN's, the only way this would be possible is to physically move all the members of the workgroup closer together.

Seventy percent of network costs are a result of adds, moves, and changes of users in the network. Every time a user is moved in a LAN, re-cabling, new station addressing, and reconfiguration of hubs and routers becomes necessary. Some of these tasks can be simplified with the use of VLAN's. If a user is moved within a VLAN, reconfiguration of routers is unnecessary, plus, depending on the type of VLAN, other administrative work can be reduced or eliminated.

VLAN's can be used to create broadcast domains which eliminate the need for expensive routers.
Periodically, sensitive data may be broadcast on a network. We can place only those users who have exclusive access to that data on a VLAN which can reduce the chances of an outsider gaining access to the data. VLAN's can also be used to control broadcast domains, set up firewalls, restrict access, and inform the network manager of an intrusion

How VLANs Communicate

Scenario

In our scenario we have 30 work stations and

2 servers

Connection to H/O via VPN NAT/Firewall to be used

Private addressing scheme

As automated as possible

Our scenario involves using a VPN (virtual private network).

A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together.

The VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee.
By using a VPN, businesses ensure security -anyone intercepting the encrypted data can't read it.

Lets think of them as islands. These islands (the companys private networks) are spread across the ocean, which is the internet. It is possible for you to travel from one island to another island using a boat. However, a boat has no privacy and everyone is able to see you. This leaves you open to security issues. VPN is like taking a submarine from one island to another island; just like a submarine protects your privacy when you are traveling to another island, VPN secures and encapsulates data as it travels across the open network.

Simplified version of our scenario using subnets and VLAN's with switch(s) for enhanced security, bandwidth and cost efficiency.

VPN

FIN

New office branch plan

Sections 4984 and 4985 Planning and troubleshooting TCP/IP, Routing and switching

Troubleshooting

In this section we will discuss routing Troubleshooting and TCP/IP troubleshooting

Systematic troubleshooting

There are 3 systematic troubleshooting methods Outside-in, inside-out and divide by half.

Outside-in
Troubleshooting by using the Outside-in approach begins at the remote system and works back to the local host one hop at a time

Outside In

Inside-out
With the Inside-out method of troubleshooting network activity you begin at the local host and work your way out to the remote host one hop at a time.

Inside OUT

Divide by half
The Divide by half method of troubleshooting network activity is a variation on the Outside-in and Inside-out approaches. When you divide by half you begin troubleshooting from the middle of the connectivity problem. You then divide the isolate area by half again and continue the troubleshooting until the problem is isolated.

Divide by half

Troubleshooting tools
There are different tools you can use to troubleshoot the different types of TCP/IP connectivity problems.

Local computer Config

Network Config

Tracing paths

DNS Config

Troubleshooting TCP/IP steps

There are several steps you need to follow when troubleshooting TCP/IP routing.

TCP/IP config

Client route and static route config

Demand dial routing config

Router Config

Questionnaire

Using the questions at the end of the sections, provide some questions for people to answer to check if they understand!