Fast switching vs Process switching

1. Process Switching:

Process switching is the traditional method of packet forwarding used in early routers. When a packet arrives at a router, the router's CPU interrupts the normal processing to examine the packet and determine its destination. This involves a series of steps, including a route lookup in the routing table and ARP resolution to obtain the MAC address of the next-hop device. Once these steps are completed, the router forwards the packet to the appropriate interface.

Process switching involves significant CPU involvement for each packet, making it slow and resource-intensive. It can cause performance bottlenecks, especially during high network traffic, and limits the overall capacity of the router.

2. Fast Switching:

Fast switching was introduced as an improvement over process switching to address its limitations. Fast switching involves the creation of a cache, known as the fast switching cache or fast cache, which stores the results of previous route lookups. When a packet arrives, the router checks the fast cache to see if it has a precomputed entry for the destination IP address. If a match is found, the router uses the cached information to forward the packet quickly, without involving the CPU in time-consuming route lookups.

Fast switching significantly reduces the CPU overhead associated with packet forwarding. Once the cache is populated, subsequent packets with the same destination address can be forwarded at wire speed, resulting in improved forwarding performance and reduced latency. However, it's important to note that the first packet for a particular destination still undergoes the slower process switching to populate the cache.

Differences and Trade-offs:

1. Performance: Fast switching offers superior performance compared to process switching. By minimizing CPU involvement, fast switching enables routers to handle higher packet forwarding rates, resulting in improved overall network performance.

2. Resource Utilization: Process switching consumes more CPU resources because it requires the router's processor to perform complex tasks for every packet. Fast switching, on the other hand, offloads these tasks to the fast cache, reducing CPU utilization and freeing up resources for other critical functions.

3. Flexibility: Process switching allows for greater flexibility in terms of protocol support and packet handling. It can handle complex scenarios that may require special treatment or customization. Fast switching, although more efficient, is relatively limited in terms of customization options.

4. Time to Convergence: In the event of network changes or link failures, process switching can adapt more quickly because it performs a route lookup for every packet. Fast switching, with its reliance on the fast cache, may experience a slight delay before adapting to new routing information.

Cisco Express Forwarding (CEF)

Cisco express forwarding (CEF) -  contributes to the vital performance of modern networks.

CEF switching is a high-performance, Layer 3 IP switching technology developed by Cisco Systems. It serves as a forwarding mechanism for routing packets through network devices, such as routers and multilayer switches. CEF enables efficient packet forwarding by employing advanced data structures and algorithms to build and maintain a Forwarding Information Base (FIB) and an Adjacency table.

How CEF Switching Works

Unlike traditional routing methods that rely on route lookup for each packet, CEF creates a precomputed Forwarding Information Base (FIB) table during initialization. The FIB contains the necessary information to forward packets based on their destination IP addresses. This precomputation eliminates the need for per-packet route lookups, resulting in significantly improved forwarding performance.

The FIB contains next-hop information, including Layer 2 (MAC) addresses, obtained through the Adjacency table. The Adjacency table stores Layer 2 information about directly connected neighbours, such as MAC addresses or ATM addresses. CEF populates the Adjacency table dynamically, reducing the need for Address Resolution Protocol (ARP) requests for each packet.

Benefits of CEF Switching

1. Enhanced Performance: By building and maintaining a precomputed FIB table, CEF eliminates per-packet route lookups, leading to faster packet forwarding. This acceleration improves overall network performance, reduces latency, and enhances the user experience.

2. Load Balancing: CEF supports multiple load-balancing algorithms, such as per-destination or per-packet load balancing. These mechanisms distribute traffic across available paths, maximizing network utilization and preventing congestion on specific links.

3. Scalability: CEF's efficient data structures and algorithms allow networks to handle high traffic volumes and scale seamlessly. Its ability to handle millions of routes with minimal impact on performance makes it suitable for large enterprise networks and service provider environments.

4. Traffic Engineering: CEF provides granular control over traffic flow by allowing administrators to manipulate the forwarding decisions. Policy-based routing, route maps, and access control lists (ACLs) can be used to direct traffic based on specific criteria, optimizing network resources and enabling traffic engineering.

5. Fault Tolerance: CEF enables fast convergence and minimizes network downtime in the event of link failures or network topology changes. It achieves this by maintaining accurate routing information in the FIB and using mechanisms like Cisco Express Forwarding-Independent Fast Convergence (CEF-IFC) to rapidly update forwarding tables

IPv6 Basic routing

By default ipv6 is not enabled on cisco routing. To enable ipv6 routing we use the simple command ipv6 unicast-routing. To allow Ipv6 and Ipv4 to work on the same interface we enter commands in the below format. This process is called dual stacking

Static routes 

As with IPv4 we can use the next hop principal for IPv6 but we do not need a subnet mask with IPv6. This looks like the below. 

Default routes 

Default routes as with Ipv4 have a set route in IPv6 this can be shortened to ::/0 and then the exit interface

Address resolution Protocol (ARP)

In the world of computer networking, efficient communication relies on the ability to identify and locate devices on a network. Address Resolution Protocol (ARP) plays a critical role in this process by mapping IP addresses to physical MAC addresses. In this article, we will explore the concept of ARP, its significance in network communication, and how it facilitates the seamless transmission of data.

Understanding ARP:

Address Resolution Protocol (ARP) is a protocol used in TCP/IP networks to associate an IP address with its corresponding MAC address. When a device wants to send data to another device within the same network, it needs to know the MAC address of the destination device to establish a direct connection. ARP provides a mechanism for devices to dynamically discover and resolve MAC addresses.

The ARP Process: The ARP process involves the following steps:

1. Address Resolution: When a device wants to communicate with another device, it first checks its ARP cache, a local table that stores previously resolved IP-to-MAC address mappings. If the destination IP address is found in the cache, the corresponding MAC address is retrieved, and communication can proceed.

2. ARP Request: If the MAC address is not found in the ARP cache, the sending device initiates an ARP request by broadcasting an ARP message to all devices on the local network. The ARP request includes the IP address of the intended recipient.

3. ARP Reply: The device with the matching IP address in the network responds with an ARP reply. This reply contains its MAC address, allowing the requesting device to update its ARP cache with the IP-to-MAC mapping.

4. Address Resolution Complete: Once the requesting device receives the ARP reply, it can establish a direct connection to the destination device using the resolved MAC address. Subsequent data transmission occurs using this MAC address, enhancing network efficiency.

ARP Spoofing:

While ARP is a vital component of network communication, it can be susceptible to security threats, specifically ARP spoofing. In ARP spoofing attacks, malicious actors manipulate ARP messages to associate their MAC addresses with legitimate IP addresses. This enables them to intercept, modify, or redirect network traffic. Network administrators implement security measures like ARP monitoring and intrusion detection systems to mitigate the risks associated with ARP spoofing.

ARP in Local and Remote Networks:

It's important to note that ARP operates at the local network level, facilitating communication between devices within the same network. For communication between devices in different networks, additional protocols like routing protocols and the Address Resolution Protocol for IP Version 6 (ARPv6) are used to resolve MAC addresses.

Domain Name System (DNS)

The Domain Name System (DNS) is a critical component of the internet infrastructure that translates human-readable domain names into machine-readable IP addresses. DNS records play a vital role in mapping domain names to specific IP addresses and defining various aspects of domain functionality. In this article, we will explore the different types of DNS records and their significance in managing domain name resolution and network services.

1. A (Address) Records: A (Address) records are the most fundamental DNS records and map domain names to their corresponding IPv4 addresses. They are essential for establishing basic connectivity between domain names and IP addresses.

2. AAAA (IPv6 Address) Records: Similar to A records, AAAA records map domain names to their corresponding IPv6 addresses. With the adoption of IPv6, AAAA records play a crucial role in enabling connectivity for IPv6-compatible devices.

3. CNAME (Canonical Name) Records: CNAME records establish an alias or canonical name for a domain. They redirect requests from one domain name to another. For example, a CNAME record can redirect www.example.com to example.com, simplifying the management of multiple domains and subdomains.

4. MX (Mail Exchange) Records: MX records are used to specify the mail servers responsible for handling email delivery for a domain. They define the priority and hostnames of the mail servers, allowing proper routing of email messages.

5. TXT (Text) Records: TXT records store arbitrary text data associated with a domain. They are commonly used for various purposes, including domain ownership verification, SPF (Sender Policy Framework) records for email authentication, and adding human-readable notes or descriptions.

6. NS (Name Server) Records: NS records identify the authoritative name servers for a domain. They specify which DNS servers are responsible for resolving queries related to the domain. NS records are crucial for proper delegation and management of domain names.

Introduction to IPv6

Ipv6 uses a hexadecimal format. The IP addresses are 128bits in length with each digit representing 4 bits. The IP addresses are divided into 8 16bit blocks separated by a : 

An IPv6 address is split into two parts network portion and the host portion each portion having 64bits.

2001:0001:0000:0000:0000:0000:0000:0001

Secondly the first 48 bits are ISP based the next 16 are the subnet portion and the final 64 is again the host portion. 

2001:0001:0000:0000:0000:0000:0000:0001

Omitting zeros

In Ipv6 leading zeros can be omitted and trails of zeros can be replaced by a double colon like below.

2001:0001:0000:0000:0000:0000:0000:0001 can be reduced to 2001::1/64

Dual stack

In the UK it is common for us to use both Ipv4 and IPv6 together, this is called dual stack.

Common IPv6 addresses

Link-local IPv6 addresses are a type of IPv6 address that are used for communication between devices on the same network segment. These addresses are automatically assigned to network interfaces when IPv6 is enabled and can be identified by their prefix, which is "fe80::/10".

Link-local addresses are important because they allow devices to communicate with each other on a local network without the need for a global, routable IP address. This means that devices can communicate with each other even if they are not connected to the internet or a larger network.

One of the benefits of using link-local addresses is that they are automatically generated by devices, which means that network administrators do not need to manually assign addresses to each device on the network. Additionally, link-local addresses are not subject to the same address exhaustion issues as global IPv4 addresses, which can be a problem in networks with a large number of devices.

Unique link local addresses are similar in function to private IPv4 addresses, which are used within a local area network (LAN) and are not routable on the public internet. Unique local addresses are also known as site-local addresses, although this term is deprecated in favor of ULA.

Unique local addresses have the prefix "fc00::/7" and are divided into two parts: a 40-bit global ID and a 16-bit subnet ID. The global ID is used to create a unique address within a site or organization, while the subnet ID is used to identify individual subnets within the site.

One of the benefits of using unique local addresses is that they are globally unique, meaning that they will not conflict with any other addresses on the internet. This is because the global ID portion of the address is generated using a pseudo-random number generator, ensuring that the address is unique within a site or organization. Additionally, unique local addresses can be used without the need for coordination with an internet registry or service provider.

Global IPv6 addresses are used for communication on the internet. These addresses are globally routable and can be used to communicate with devices anywhere on the internet.

Global IPv6 addresses have a 128-bit address space, which is much larger than the 32-bit address space used in IPv4. This allows for a much larger number of unique addresses, which is important as the number of devices connected to the internet continues to grow.

Global IPv6 addresses have the prefix "2000::/3" and are divided into two parts: a 48-bit global routing prefix and a 64-bit interface ID. The global routing prefix is assigned by an internet registry or service provider and identifies the network to which the device is connected. The interface ID is unique to each device and is typically based on the device's MAC address.

One of the benefits of using global IPv6 addresses is that they are globally routable, meaning that devices can communicate with each other anywhere on the internet. This makes it easier for devices and services to communicate with each other without the need for complex address translation mechanisms.

TCP

TCP

TCP is a connection oriented protocol, it creates a session between the source and destination and provides reliable delivery. 

Bits are ordered with sequence numbers and are reordered on delivery, if the data becomes corrupt TCP requests them to be sent again. TCP also uses flow control to regulate the amount of data that can be sent, it does this using windowing, reducing the bit size to 16 bits. The sequence number of is a 32 bit field used for reassembly of data. A visual is shown below;

Common applications that use TCP are email, web applications and file transfer. TCP is used because guaranteed delivery of all segments is essential. Alternatively UDP which doesn't use guaranteed delivery is the preferred protocol for online phone services such as Microsoft Teams and Google Meet and live streaming, this is due to the reduction in bandwidth and the need for real time data delivery without delay.

TCP (Transmission Control Protocol) uses various flags to control and manage communication between network devices. Here is an overview of the TCP flags commonly used in TCP packet headers:

SYN (Synchronize):

The SYN flag is used to establish a TCP connection between two devices. When a device wants to initiate a connection, it sends a TCP packet with the SYN flag set. The receiving device responds with a SYN-ACK packet, indicating acknowledgment of the request and its own readiness to establish the connection.

ACK (Acknowledgment):

The ACK flag is used to acknowledge received data or confirm the successful receipt of a packet. It is commonly used in combination with other flags to indicate the status of the connection. In a TCP header, the ACK flag is set when the acknowledgement number field is valid and acknowledging data received from the other device.

FIN (Finish):

The FIN flag is used to initiate the graceful termination of a TCP connection. When a device wants to close a connection, it sends a TCP packet with the FIN flag set. The other device acknowledges the FIN packet and responds with its own FIN packet. This exchange allows both devices to close the connection gracefully.

RST (Reset):

The RST flag is used to reset a TCP connection and abort communication abruptly. It is typically sent in response to an error or when a device encounters an unexpected or invalid state. The RST flag helps in recovering from connection issues and restoring the TCP stack to a known state.

PSH (Push):

The PSH flag is used to request immediate data delivery to the receiving application. When a device sets the PSH flag, it signals to the receiving device that the data should be pushed up to the application layer without delay, even if there is more data to be sent in subsequent packets.

URG (Urgent):

The URG flag is used to indicate the presence of urgent or priority data in the TCP packet. It is typically used in combination with the urgent pointer field to identify a specific section of data that requires immediate attention by the receiving application.

Understanding these TCP flags is crucial for analyzing network traffic, troubleshooting connectivity issues, and ensuring reliable communication between devices. By examining the flags in TCP packet headers, network administrators can gain insights into the status of TCP connections, identify anomalies or errors, and optimize network performance.

HTTP - GET, POST, PUT

When working with web applications, it's important to understand the different HTTP methods that are used to interact with servers. These methods are known as GET, POST, and PUT. Each method has its own unique purpose and usage, and understanding them is essential for developing efficient and secure web applications.

GET Method: The GET method is used to retrieve information from a server. When a user clicks on a link or types a URL into their browser, the browser sends a GET request to the server to retrieve the requested information. The request parameters are sent in the URL, making it visible to the user. This method is commonly used to retrieve web pages, images, videos, and other types of resources

POST Method: The POST method is used to send data to the server. Unlike the GET method, which sends the request parameters in the URL, the POST method sends the request parameters in the body of the request. This makes the request parameters invisible to the user. The POST method is commonly used to submit forms and other types of user input, such as search queries or login credentials

PUT Method: The PUT method is used to update existing resources on the server. It is similar to the POST method, but it is used to update resources rather than create new ones. The PUT request sends the updated data to the server in the body of the request, and the server updates the corresponding resource with the new data

More on routing....

Routing refers to the best path for network traffic to travel. Communication at layer 2 uses mac address tables whereas layer 3 communication uses routing tables. I will discuss the different types of routing below;  

Static Routing

Static routing is the most basic type of routing and involves configuring the routing tables manually. In static routing, the network administrator defines the routes that packets can take through the network. This routing type is ideal for small networks with a limited number of devices as it is easy to configure, but it is not scalable for large networks. They are also ideal for internal networks designed for no external communications. These networks are commonly called stub networks. In a fully specified static route both the exit interface and the next hop IP address are specified. We will work through this below;

Configuring static routes 

Build a simple topology and configure relevant interfaces and pcs with IP addresses.

On router 0 we want to configure the route back to the network. We only need to configure routes which are not directly connected. The command is shown below, the first IP is the network address on the furthest right followed by the subnet mask, then you need to specify the exit interfaces IP address as shown below;

On router 1 the same logic applies;

When we look up the routing table on Router 0 using the show ip route command we can see which networks are local(L), which are connected(C) and which are static (S) notice here the (L) - Local host routes have a /32 prefix with an administrative distance of 0, (more on administrative distance below). Cisco automatically installs a host route when the interface is configured on the router. It adds efficiencies for packets coming into the router rather than forwarding. 

Summary Static routing

A summary route is one route that represents multiple networks. Summary routes can also be called route aggregation. Summary routes are used to;

• Save memory 
• Save bandwidth
• Stability within the routing table
• Saves CPU cycles

To calculate a summary rout we convert each of the IP addresses to binary, so here we have 4 IP addresses that we want to summarise. 

172.16.0.0 /16

172.17.0.0 /16

172.18.0.0 /16

172.19.0.0 /16

Below are the IP addresses written in IP form then the next step is to match all all the matching bits that aren't all zeros (highlighted in green)

10101100.00010000.00000000.00000000 (172.16.0.0)

10101100.00010001.00000000.00000000 (172.17.0.0)

10101100.00010010.00000000.00000000 (172.18.0.0)

10101100.00010011.00000000.00000000 (172.19.0.0)

We can now add them bits to give us our CIDR notation of /14 (14 bits) 

To get out network address use the same 14 bits and add zeros until your get to 32 bits the form the complete answer below. 

172.16.0.0/14 - Subnet mask 

255.252.0.0

Practical application of summary routes

From the above topology configure the relevant IP addresses on devices.

192.168.1.0   11000000.10101000.00000001.00000000

192.168.2.0   11000000.10101000.00000010.00000000

192.168.3.0   11000000.10101000.00000011.00000000

192.168.0.0/22  subnet mask 255.255.252.0

Router1 configuration (notice here I have used the exit interface physical value

Same process on Router0 as the interface is the same

Default routes 

Default routing is a type of routing that is used when a router cannot find a specific route to a destination network. Instead, the router forwards the packet to a default gateway or next-hop router. This type of routing is useful for conserving network resources and reducing the size of routing tables.

Configuring default routes and the gateway of last resort

Using a similar topology as the prior example, configure the relevant IP addresses for devices, matching their networks.

Once IP addresses have been assigned, starting with router0 use the below command, the 0.0.0.0 and 0.0.0.0 are default network and subnet masks and the IP address is the gateway of last resort which is the next hop address.

Similarly on Router1

Now when will look up the routing table we can see the gateway of last resort is linked to the default network route.

Gateway of last resort

A gateway of last resort is used to forward IP packets where the destination is not listed in a routing table. in simple terms if the forwarding route is not known or specified it will be forwarded to the Gateway of last Resort. It is useful if a path becomes unavailable or you want to save space in a routing table and cut down on admin time.

Dynamic routing

Dynamic routing is a type of routing that automatically updates routing tables in response to changes in the network topology. In dynamic routing, routers use routing protocols such as OSPF (Open Shortest Path First), RIP (Routing Information Protocol), and BGP (Border Gateway Protocol) to exchange routing information with other routers in the network. This type of routing is suitable for large networks that are subject to frequent changes in topology.

Link to RIP article here

Administrative distance

Floating static routes are often used with dynamic routing. For example with two exit points out of a router one exit point may be configured for dynamic routing and the other for static routing. This is where administrative distance comes in. The router chooses the highest number for its chosen path. Administrative distance goes off the number of hops and each protocol has a specific default administrative distance for each router. Some of these are shown below;

Connected 0 

Static 1

Rip 120

OSPF 110

If a router is using the dynamic protocol of RIP for exit 1 and a static route for exit 2 the administrative distance needs to be set higher than the defaults for RIP to make that the primary route. (nb When the administrative distance is set to the same number the router sends packets equally across both paths)

For example; 

RIPv1 vs RIPv2 (Routing Information Protocol)

RIP (Routing Information Protocol) is an interior gateway protocol that exchanges information between routers on networks. Version 2 has seen improvements by allowing classless routing, multicasting and support for variable length subnetting. 

Features of RIPv2:

1. Classless Routing: RIPv2 supports classless routing, which means it can handle networks with different subnet masks. This is an improvement over RIPv1, which only supported classful routing.

2. Multicasting: RIPv2 uses multicast to send and receive routing updates, which reduces network traffic and improves scalability.

3. VLSM Support: RIPv2 supports variable-length subnet masks (VLSM), which allows for more efficient use of IP address space.

4. Authentication: RIPv2 supports authentication, which helps to prevent unauthorized updates to the routing table.

5. Hop Count Limit: RIPv2 has a hop count limit of 15, which means that routes with a higher hop count are considered unreachable.

6. By default routing updates are sent to other routers every 30 seconds

How RIPv2 Works:

RIPv2 uses distance vector routing to exchange routing information between routers. Each router sends its routing table to its neighbours, and each router updates its own routing table based on the information received from its neighbours.

RIPv2 uses a metric called hop count to determine the best path to a destination network. The hop count is the number of routers that a packet must pass through to reach the destination network. RIPv2 assigns a default hop count of 1 to directly connected networks, and adds 1 to the hop count for each router that the packet passes through.

Configuring RIP

Build a topology similar to the below and configure the the relevant interfaces on each router. 

Once the topology has been configured the simple commands for enabling and configuring RIP are below. I have added the network addresses with the highlighted green arrows for the addresses to be added to the RIP database

Show rip database...

Additional commands with RIP

default-information originate is used to generate a default route in the RIP database

passive-interface to stop routing updates on an interface

More additions can be found using the ? command