Networking Interview Q&A

1.There is a series of 2^n say 2,4,8 so on .. Given  a number say Y how do you find you whether it belongs to  the series or not?

Or Find whether a number is power of two of not. Give the Logic here.

Sample Example: 

Input : n = 4

Output : Yes

2² = 4

Input : n = 7

Output : No

Input : n = 32

Output : Yes

2⁵ = 32

Solution 1:

Solution is to keep dividing the number by two, i.e, do n = n/2 iteratively. In any iteration, if n%2 becomes non-zero and n is not 1 then n is not a power of 2. If n becomes 1 then it is a power of 2.

Solution 2:

All power of two numbers have only one bit set. So count the no. of set bits and if you get 1 then number is a power of 2

Powers of Two in a 32-bit Unsigned Integer

Power of Two	32-Bit Unsigned Integer Representation
20	00000000000000000000000000000001
21	00000000000000000000000000000010
22	00000000000000000000000000000100
…	…
229	00100000000000000000000000000000
230	01000000000000000000000000000000
231	10000000000000000000000000000000

From the table you can deduce that an unsigned integer is a power of two if and only if it has exactly one 1 bit.

For More Solutions refer to the following link.

http://www.geeksforgeeks.org/write-one-line-c-function-to-find-whether-a-no-is-power-of-two/

2.

   List a directory in linux              ls -d */

   List recursively directory tree    ls -R 

   How to make 100 directory in linux using one command.
   mkdir {A..Z}   
   mkdir {1..100}

   How to check if interface is up or not in linux.
   --$ ethtool eth0

Settings for eth0:

        Supported ports: [ TP ]

        Supported link modes:   10baseT/Half 10baseT/Full

                                100baseT/Half 100baseT/Full

                                1000baseT/Full

        Supports auto-negotiation: Yes

        Advertised link modes:  10baseT/Half 10baseT/Full

                                100baseT/Half 100baseT/Full

                                1000baseT/Full

        Advertised pause frame use: No

        Advertised auto-negotiation: Yes

        Speed: 1000Mb/s

        Duplex: Full

        Port: Twisted Pair

        PHYAD: 1

        Transceiver: internal

        Auto-negotiation: on

        MDI-X: on

        Supports Wake-on: pumbg

        Wake-on: g

        Current message level: 0x00000001 (1)

        Link detected: yes

3. What is difference between L3 Switch and Router.

  - L3 Switch do switching at layer 3 by preserving the source and destination mac and preserving the     TTL value of the IP header of the 1st routed packet, so  the first packet is routed using normal             routing lookup, but after that all packet are switched.

  - router do normal routing lookup, but by introducing fast switching and CEF, packets are also now      switched on a router.

  - Switches doesnt support some QoS features.

  - Switches doesnt support NAT.

  - The forwarding on switches is done on ASIC (Application Specific Integrated Circuits) which is        done in hardware rather than a software.

 - Forwarding on routers are done in a software.

 - router supports different WAN technologies (modules) unlike switches.

 - L2 switch is mac address based whereas L3 switch is based on logical address.

 - Creating vlans in L2 switch and communicating between vlans is not possible. Communication           between vlans is possible in L3 Switch.

 -With L3 switch we can connect to WAN link but it is not possible with L2 switch.

4.How switch operates? Concept on port based, mac address and normal mac address? How unicast and broad cast happens in these cases?

An Ethernet switch is mainly used to forward packets at the data link layer, that is, transmit the packets to the corresponding ports according to the destination MAC address of the packets. To forward packets quickly, a switch maintains a MAC address table, which is a Layer 2 address table recording the MAC address-to-forwarding port association. Each entry in a MAC address table contains the following fields:

Destination MAC address

ID of the VLAN which a port belongs to

Forwarding egress port numbers on the local switch

When forwarding a packet, an Ethernet switch adopts one of the two forwarding methods based upon the MAC address table entries.

Unicast forwarding: If the destination MAC address carried in the packet is included in a MAC address table entry, the switch forwards the packet through the forwarding egress port in the entry.

Broadcast forwarding: If the destination MAC address carried in the packet is not included in the MAC address table, the switch broadcasts the packet to all ports except the one receiving the packet.

Each hardware device that you connect to your Ethernet network has a unique MAC address assigned to it by the device’s manufacturer. For example, every network interface card (NIC) that you use to connect your computers to your network has a MAC address assigned to it by the adapter’s manufacturer.

The switch contains a MAC address table with a storage capacity of up to 16,000 entries. The switch uses the table to store the MAC addresses of the network nodes connected to its ports, along with the port number on which each address was learned.

The switch learns the MAC addresses of the end nodes by examining the source address of each packet received on a port. It adds the address and port on which the packet was received to the MAC table if the address has not already been entered in the table. The result is a table that contains all the MAC addresses of the devices that are connected to the switch’s ports, and the port number where each address was learned.

When the switch receives a packet, it also examines the destination address and, by referring to its MAC address table, determines the port where the destination node is connected. It then forwards the packet to the appropriate port and on to the end node. This increases network bandwidth by limiting each frame to the appropriate port when the intended end node is located, freeing the other switch ports for receiving and transmitting data.

If the switch receives a packet with a destination address that is not in the MAC address table, it floods the packet to all the ports on the switch. If the ports have been grouped into virtual LANs, the switch floods the packet only to those ports which belong to the same VLAN as the port on which the packet was received. This prevents packets from being forwarded onto inappropriate LAN segments and increases network security. When the destination node responds, the switch adds its MAC address and port number to the table.

If the switch receives a packet with a destination address that is on the same port on which the packet was received, it discards the packet without forwarding it on to any port. Because both the source node and the destination node for the packet are located on the same port on the switch, there is no reason for the switch to forward the packet. This too increases network performance by preventing frames from being forwarded unnecessarily to other network devices.

The type of MAC address described above is referred to as a dynamic MAC address. Dynamic MAC addresses are addresses that the switch learns by examining the source MAC addresses of the frames received on the ports.

Dynamic MAC addresses are not stored indefinitely in the MAC address table. The switch deletes a dynamic MAC address from the table if it does not receive any frames from the node after a specified period of time. The switch assumes that the node with that MAC address is no longer active and that its MAC address can be purged from the table. This prevents the MAC address table from becoming filled with addresses of nodes that are no longer active.

The period of time that the switch waits before purging an inactive dynamic MAC address is called the age-out time. The default value is 300 seconds (5 minutes) and the range is 15 to 3000 seconds. 

5. If switch is connected to four ports. Then how many mac address will be there in switch ?

For every port, there will be one mac address. Apart from this switch has one default mac address ie for vlan 1 used for management purpose(used in case of managed switch).

6. What happens when hub is connected in between of two switches . what will happen when one of the links connected to hub goes down . how stp work?

Hub won’t have any effect in topology since hub is L1 device.

7. Why is a MAC address not a true address?

An address specifies a location. A MAC address is not a true address because it is permanently associated with the interface of a specific device and moves whenever the device moves. A MAC identifies the device, not the location of the device.

8. What happens when one computer (C1) wants to communicate with another computer (C2) in a LAN segment?

When it comes to the Layer 2 communications between networked systems, IP address is not used. So, within a LAN segment computers identify each other and communicate with each other using the MAC Address. So, when Computer (C1) gets the target IP address of the Computer (C2) it wants to communicate with,

It first looks at its own ARP cache (which is a table that contains the IP addresses and their corresponding MAC addresses for computers/ systems within a network) to see if it already has the MAC address for the computer (C2), it wants to communicate with.

If the MAC address of C2 is present in its ARP cache table, it can then append the message with the corresponding MAC address and send it over the network (cable, switch).

If the MAC address of C2 is not present in its ARP cache table, C1 will broadcast an ARP request message to all the computers / systems in the network indicating that it wants the MAC address for the IP address in its possession.

This ARP request is received by all the systems in the network, but only the computer with the target IP address (C2) responds to C1 with an ARP reply message, indicating its MAC address.

Now since C1 has both IP address and MAC address of C2, it will communicate with C2 using this information. In the process, both C1 and C2 update their ARP cache tables with the newly acquired information so that the next time the ARP broadcast message can be avoided.

9. What is an ARP Cache / Cache Table?

Since computers cannot send broadcast messages every time they need to connect with another network device, they store the IP addresses and the corresponding MAC addresses of systems they frequently communicate with, in a table called ARP Cache table. All the systems in the LAN maintain this table. The entries in the ARP cache table are generally short lived and are updated every 15-20 minutes.

Since a LAN segment consists of a number of computing devices, some individual ARP table entries are removed if the system doesn’t communicate with certain devices for considerable amount of time. This is done mainly to limit the size of ARP cache.

10. What is ARP Poisoning?

The Address Resolution Protocol itself doesn’t come with any authentication / protection mechanism. So, ARP requests or/and replies can be forged by malicious systems under the control of hackers. If a forged ARP request/ reply is used to update the ARP cache of another system, the process is called ARP poisoning. This is mainly done to redirect network traffic for malicious purposes.

11. What is ARP broadcast storm?

The ARP traffic on a network can be around 10% of the network traffic during normal times and up to 85% of the network traffic during abnormal network conditions caused by ARP broadcast storm. Basically, ARP requests are broadcast multiple times or to multiple systems (sometimes more than thousand requests within a second) during an ARP broadcast storm thereby taking up a lot of network bandwidth and  thereby making normal network communications difficult.

This can happen due to a lot of reasons and some of them are given below:

ARP request for a non existent host triggers a series of ARP messages within a short interval of time. Its only eventually that ARP gives up.

Virus/ malware in a system can generate a lot of ARP broadcast messages in order to create a DOS type of network attack.                                                                                                                            

If there are loops within the network that are not prevented by using protocols like STP/ RSTP, ARP requests would be looped back and fourth between switches creating an ARP broadcast storm.

Incorrect router configuration, Network Interface Card/ Network Switch malfunction can also create ARP broadcast storms.

A large unsegmented network is especially susceptible to excessive ARP broadcasts/ broadcast storms and hence it is always a good practice to sub-divide a large network into various segments (using VLAN’s etc) and enable Inter-VLAN routing using Layer-3 switches. This limits the broadcast domain to a limited number of systems.

So, next time when there is a congestion in the network, you can monitor for ARP broadcast storms as well. You can use network monitoring tools like Wireshark to monitor for abnormal ARP activity.

12. What is default route?

Also known as the gateway of last resort, a default route is a special type of static route with an all-zeros network and network mask. The default route is used to route any packets to a network that a router does not directly know about to a next-hop router. By default, if a router receives a packet to a destination network that is not in its routing table, it drops the packet. When a default route is specified, the router does not drop the packet. Instead, it forwards the packet to the IP address specified in the default route.

13. What is an IP Helper address feature and why is it required in a DHCP environment

DHCP Discover packets are broadcast packets. This means that a DHCP Discover packet which is sent from the client would not reach the DHCP Server , if the server resides on a different network. This is because, routers are required for communication between different networks and routers do not forward broadcast packets. The IP Helper address feature is configured on the router. The feature informs the router the DHCP Servers IP address for the network. So, when the router receives the DHCP Discover packet, it would convert it from broadcast to unicast packet and then send it to the DHCP Server.

15. What are benefits of routing?

Broadcast control

Multicast control

Optimal path determination

Traffic management

Logical addressing

Layer 3 security

16. Benefits of L3 Switching?

Hardware-based packet forwarding

High-performance
packet switching

High-speed
scalability

Low latency

Lower per-port cost

Flow accounting

Security

QoS

Layer 3 switching is hardware-based routing. A full Layer 3 switch does everything to a packet that a traditional router does.

Layer 3 switching is a combination of Layer 2 switching and Layer 3 routing to that provides integrated switching and routing.

While a router is like a mailroom with a single chute, a switch provides multiple chutes to direct data. Traditionally, applications at Layer 2 are responsible for the validity and integrity of transmission from node to node. However, the advent of the Internet has meant that most network traffic is now on a backbone system. Smart switches are now able to do most of the functions of a router.

Layer 3 switches can be used to prioritize traffic and can control larger networks than Layer 2 switches, reducing the need to create subnets isolated by routers.

The primary difference between the packet-switching operation of a router and a Layer 3 switch is the physical implementation. In general-purpose routers, microprocessor-based engines typically perform packet switching. A Layer 3 switch performs packet switching with hardware.

Layer 3 devices can interrogate packets to determine priorities to allocate bandwidth, and this is where Quality of Service (QoS) features are usually implemented.

When performing Layer 3 functions, a switch reads the TCP and User Datagram Protocol (UDP) fields to determine what type of information the packet is carrying. The network manager can then program the switch to prioritize traffic by application.

When being used for QoS purposes, this means that a videoconferencing application might be granted more bandwidth than an e-mail message.

If the network is only at 50 percent capacity on the backbone, each user or application on the network is already getting the same QoS without Layer 4 switching.

18.What is auto-negotiation?

The Auto-Negotiation function is an optional part of the Ethernet standard that makes it possible for devices to exchange information about their abilities over a link segment. This, in turn, allows the devices to perform automatic configuration to achieve the best possible mode of operation over a link.

At a minimum, Auto-Negotiation can provide automatic speed matching for multi-speed devices at each end of a link Multi-speed Ethernet interfaces can then take advantage of the highest speed offered by a multi-speed hub port.

Stress: Auto-negotiation is not a fully implemented standard and, therefore, the behavior of the link cannot be guaranteed when using this feature. 

Cisco strongly recommends that each end of the link be manually configured for the desired duplex and speed.

19. What is ping used for?

The ping command sends a specified number of ICMP echo requests and measures the time the destination device takes to respond to each request

To test connectivity to remote hosts.

Switch (enable) ping destination ip address

The ping command will return one of the following responses:

Success rate is 100 percent or ip address is alive. This response occurs in 1 to 10 seconds, depending on network traffic and the number of ICMP packets sent.

Destination does not respond. No answer message is returned if the host does not respond.

Unknown host. This response occurs if the targeted host does not exist.

Destination unreachable. This response occurs if the default gateway cannot reach the specified network

Network or host unreachable. This response occurs if there is no entry in the route table for the host or network.

20. List the five Spanning-Tree Protocol port states and describe their function.

The five Spanning Tree states are Blocked, Listen, Learn, Forward, and Disabled.

Blocked is the initial state of the port.  A port will also be placed in a blocked state if there is a redundant path to the Root Bridge and the port does not have the best cost.  Blocked means that the port can send and receive BPDUs but cannot send or receive data.

21. Identify at least one network problem caused by Spanning-Tree Protocol.

Following are three network problems caused by Spanning Tree

-- Convergence time after a network failure.

-- The time that it takes a port to move into forwarding mode will cause many workstations to time out while attempting to attach to a service.

-- Paths can be sub-optimal if network is not designed correctly

22. Explain the solutions developed to improve STP convergence time. Spanning-Tree Protocol operation.

The following solutions improve spanning tree

PortFast – enables a port to bypass Spanning Tree operations

UplinkFast – creates an UplinkFast group of ports that can be used to perform a rapid failover in the case of a direct link failure.

BackboneFast – expires the Max Age timer when it stops hearing the superior BPDU but continues hearing the inferior BPDU

EtherChannel – bundles parallel ports together which allows Spanning Tree to treat them as one port

Root Bridge – correct placement of the Root Bridge and modification of the diameter will improve path selection and convergence time.

Port Priority and Port Cost – Used to influence the path selections made by Spanning Tree

23. How to perform inter vlan routing without layer 3 device?

Yes this is possible by configuring link between the two switches as access ports.

http://www.mplsvpn.info/2010/07/inter-vlan-routing-without-layer-3.html

24. What is the purpose of the TTL field in the IP header? How does the TTL process work?

The Time to Live (TTL) field prevents "lost" packets from being passed endlessly through the IP internetwork. The field contains an 8-bit integer that is set by the originator of the packet. Each router through which the packet passes will decrement the integer by one. If a router decrements the TTL to zero, it will discard the packet and send an ICMP "time exceeded" error message to the packet's source address.

25. What is the difference between the ip default−gateway, ip default−network, and ip route 0.0.0.0/0 commands?

The ip default−gateway command is used when IP routing is disabled on the router. However, ip default−network and ip route 0.0.0.0/0 are effective when IP routing is enabled on the router and they are used to route any packets which do not have an exact route match in the routing table

26. What is the difference between the two methods to create static routes?

There are two methods to create static routes:

The ip route 10.1.1.1 255.255.255.0 eth 0/0 command generates an ARP broadcast that looks for the next−hop IP address.

The ip route 10.1.1.1 255.255.255.0 172.16.1.1 command does not generate an ARP request. It keeps Layer 2 out of the routing process.

27. What is difference between distance vector and link state protocols?

28. Are Vlan locally significant?

http://packetlife.net/blog/2008/apr/11/vlans-are-locally-significant/

One common misconception regarding VLANs is that they are significant beyond a single switch. Of course, VLAN numbers have to match for trunking to work, and VTP can be used to automatically propagate VLAN information. However, a VLAN, being essentially little more than a number, is significant only within a device. Consider the following scenario:

All of the ports on switch A are set to access mode in VLAN 10, and all of the ports on switch B are set to access mode in VLAN 20. Note that the connection between the two switches is not a trunk; each end is configured as an access port in the respective VLAN. Our two hosts A and B are similarly connected to different VLANs, but still reside in the same IP subnet. Can hosts A and B communicate?

The answer is yes. Follow the path of a frame leaving host A destined for host B. Switch A receives this frame on a port in VLAN 10, so it can only egress out another port in VLAN 10 or a trunk port. It performs the usual MAC lookup to determine the appropriate outbound port is its link to switch B. Now, here's the key: the frame is forwarded to switch B without a VLAN tag, because this is an access port. Switch B receives the frame on an interface it considers VLAN 20 and performs the same switching decision to forward the frame to host B.

So, does it work? Yep! Is it a good idea? Probably not. In an instance where VLANs are used, you're probably using more than one. For this reason and others, it's recommended to always trunk between switches using IEEE 802.1q or (less favorably) Cisco ISL.

29. How to create host route in Linux?

http://linux-ip.net/html/tools-route.html

To add a static host route on Linux, run:

route add -host <destination IP address> gw <gateway IP address>

or

route add <destination IP address> gw <gateway IP address>

Example:

Security gateway's external IP address is 192.168.1.1

Security gateway's internal IP address is 10.1.1.1

The desired Static NAT IP address is 192.168.1.20

The internal host to be translated is 10.1.1.20

Use the following command:

route add -host 192.168.1.20 gw 10.1.1.20

or

route add 192.168.1.20 gw 10.1.1.20

Alternately,  the static routes can be entered in the /etc/sysconfig/static-routes file in this format:

eth1 net 192.168.1.20 netmask 255.255.255.255 gw 10.1.1.20

where eth1 is the gateway's internal interface.

The /etc/sysconfig/static-routes file will be parsed by Linux kernel at startup.

To verify that route was added successfully, check the routing table by running netstat –rn

30. Collision and broadcast domain difference

A switch has 4 ports. Now 2 ports are assigned to vlan 1 and next 2 ports are assigned to vlan 2 . How many collision domains will be there?

Collision domain should remain same.

31. How to create sub interfaces in Linux or host?

Create sub interfaces on CentOS and Redhat

Sub interfaces or virtual interfaces are used for a number of reasons. Normally for VLANs, but also if you want your machine to have multiple IP addresses.

This is relatively straight forward to do.

It can be done from the command line like this:

# ifconfig eth0:1 192.168.111.1

The above command has just created a virtual / sub interface on eth0 called eth0:1 and assigned it the IP 192.168.111.1

This however is not a permanent solution because when you reboot, this interface will be lost. To make it permanent we need to create a file in /etc/sysconfig/network-scripts/ called ifcfg-eth0:1

DEVICE=eth0:1

BOOTPROTO=none

HWADDR=00:16:17:90:a5:15

ONPARENT=yes

IPADDR=192.168.111.1

NETMASK=255.255.255.0

TYPE=Ethernet

Very similar to ifcfg-eth0 but note there is no default gateway set. Always remove the gateway line from the cfg file you will inevitably copy to create this.

The MAC or Hardware address must also match the parent interface.

If you need more than one virtual / sub interface, simply create more config files.

To bring an interface up after creating the config file use:

# ifup eth0:1

32. Define Bandwidth and Latency?

- Bandwidth/ Throughput – It means the number of bits which can be transmitted over the network in a specified time.

- Latency – It is the time taken by a message to travel from one side to another.

  Bandwidth and latency describe the performance of a network.

33. Where exactly vlan tag is placed in Ethernet header?

34. what  is difference between LAG and LACP?

LAG : Link aggregation group(LAG) – combination of multiple links between two devices to form a single(larger ) link

LAG is a process of inter-connecting two switches with two or more links between them (or between a switch and a server), so that multiple links are combined into one bigger virtual link that can carry a higher (combined) bandwidth. All these multiple links participating in a Link Aggregation Group act like a single large (virtual) link.

LAG is also used for increasing link reliability. Since multiple links connect two devices, even if one fails the other links keep carrying the information and the traffic on the failed link is also transferred to them. That way, loss of a single link between two switches doesn’t stop the communication between them. Multiple links participating in a LAG can also load-balance the traffic between them so that traffic is evenly distributed.

The number of links that can combine to form a larger link between two devices is generally restricted by the hardware vendor. LAG is a static protocol and needs to be configured individually for each pair of physical ports. LAG is a standard.

LACP – Link Aggregation Control Protocol

LACP is similar to LAG, where multiple ports/links between two switches combine to provide higher bandwidth links between them. Additionally, ports that are LACP enabled can automatically configure themselves into trunk groups, without any manual configuration/intervention.

The main purpose of LACP is to automatically add/delete individual links to the aggregate bundle, while adding new links and also after recovering from link failures. LACP can monitor to verify if all the links are connected to the right group. Basically, LACP helps automate the configuration and maintenance of LAG’s.

LACP is a dynamic protocol. It is sufficient if multiple ports on various devices are LACP enabled, once. LACP is a standard and hence LACP can be implemented between multi-vendor switches. LACP should be enabled on the trunk ports initially in order for both the participating switches/devices that support the standard, to use it. If there are more links (between two devices) than what is supported by the vendor for LACP, the additional links are placed in stand-by mode and activated automatically when a link fails.

LACP, otherwise known as IEEE 802.1ax Link Aggregation Control Protocol, is simply a way to dynamically build an EtherChannel. Essentially, the “active” end of the LACP group sends out special frames advertising the ability and desire to form an EtherChannel. It’s possible, and quite common, that both ends are set to an “active” state (versus a passive state). Additionally, LACP only supports full duplex links (which isn’t a concern for gigabit or faster links). Once these frames are exchanged, and if the ports on both side agree that they support the requirements, LACP will form an EtherChannel.

http://www.thomas-krenn.com/en/wiki/Link_Aggregation_and_LACP_basics

35.How does a router knows whether it has to fragment a packet or not?

IP Fragmentation

An IP packet that is larger than the Maximum Transmission Unit (MTU) of an interface, is too large for transmission over that interface. The packet must either be fragmented, or discarded (and an ICMP error message returned to the sender). In either case, the original data will be fragmented into smaller packets (less than the smallest MTU) in order to allow it to be received by the final destination system.

There are two approaches to doing this fragmentation:

IP Router Segmentation - performing the fragmentation in the routers

IP Path MTU Discovery - forcing the sender to perform the fragmentation

IP Fragmentation processing at a Router

The simplest approach from the end-system point of view is not to worry about the MTU size. In this simple approach, the sender simply has to ensure that each packet is less than the MTU of the link on which it is sent. (The router always knows this from the link interface configuration information).

Large IP packets that exceed the MTU of the link between R1 and R2 are fragmented by R1 in to two or more IP packets each smaller than the MTU size.

The network layer then has to arrange to cut packets up into smaller fragments whenever a router encounters a link with an MTU smaller than the received IP packet size. All the fragments of an IP packet carry the same ID in the IP packet header (allowing the final receiver to reassemble the fragmented parts into the original PDU). This is called "IP fragmentation" or "IP segmentation". The problem is, this offloads a lot of work on to routers, and in the worst case, can also result in packets being segmented by several IP routers one after another, resulting in very peculiar fragmentation.

Fragmentation Method

To fragment/segment a long internet packet, a router (R1 in the figure below) creates a new IP packet and copies the contents of the IP header fields from the long packet into the new IP header. The data of the long packet is then divided into two portions on a 8 byte (64 bit) boundary, so that the first packet is less than the MTU of the out-going interface. The more-fragments flag (MF) in the first packet is set to one (to indicate that more fragments of this packet follow). The More Flag may already be set in this packet if it has already been fragmented by another system. This packet is forwarded.

The second created new packet is then processed. The packet header field is identical to that of the original packet (including the same value of the packet ID, the total length field, the more-fragments flag (MF) and the fragment offset field in the original packet). The packet header field is updated with a new offset field, by adding the number of payload bytes sent in the first fragment. If this new packet is larger than the allowed link MTU, the packet is again fragmented.

IP Router Fragmentation

Any packet that has a more fragments (MF) flag set, must have an integral multiple of 8 bytes. (The final fragment, which does not have this flag set, may have an arbitrary number of bytes).

IP Router fragmentation is not recommended in the modern Internet, and this feature was not carried-forward when the next generation Internet Protocol (IPv6) was specified.

IP Fragmentation processing at a Sender

Path MTU Discovery allows a sender to fragment/segment a long internet packet, rather than relying on routers to perform IP-level fragmentation. This is more efficient and more scalable. It is therefore the recommended method in the current Internet. This is also the only method supported in IPv6.

IP Reassembly processing at the Receiving End System

IP fragmentation and reassembly employs updating and using the values in the second 32 bits of the IPv4 packet header. An end system that accepts an IP packet (with a destination IP address that matches its own IP source address) will also reassemble any fragmented IP packets before these are passed to the next higher protocol layer.

The system stores all received fragments (i.e., IP packets with a more-fragments flag (MF) set to one, or where the fragment offset is non-zero), in one of a number of buffers (memory space). Packets with the same 16-bit Identification value are stored in the same buffer, at the offset specified by the fragment offset field specified in the packet header.

Packets which are incomplete remain stored in the buffer until either all fragments are received, OR a timer expires, indicating that the receiver does not expect to receive any more fragments. Completed packets are forwarded to the next higher protocol layer.

36. What are the issues with IP fragmentation?

There are several issues that make IP fragmentation undesirable. There is a small increase in CPU and memory overhead to fragment an IP datagram. This holds true for the sender as well as for a router in the path between a sender and a receiver. Creating fragments simply involves creating fragment headers and copying the original datagram into the fragments. This can be done fairly efficiently because all the information needed to create the fragments is immediately available.

Fragmentation causes more overhead for the receiver when reassembling the fragments because the receiver must allocate memory for the arriving fragments and coalesce them back into one datagram after all of the fragments are received. Reassembly on a host is not considered a problem because the host has the time and memory resources to devote to this task.

But, reassembly is very inefficient on a router whose primary job is to forward packets as quickly as possible. A router is not designed to hold on to packets for any length of time. Also a router doing reassembly chooses the largest buffer available (18K) with which to work because it has no way of knowing the size of the original IP packet until the last fragment is received.

Another fragmentation issue involves handling dropped fragments. If one fragment of an IP datagram is dropped, then the entire original IP datagram must be resent, and it will also be fragmented. You see an example of this with Network File System (NFS). NFS, by default, has a read and write block size of 8192, so a NFS IP/UDP datagram will be approximately 8500 bytes (including NFS, UDP, and IP headers).

 A sending station connected to an Ethernet (MTU 1500) will have to fragment the 8500 byte datagram into six pieces; five 1500 byte fragments and one 1100 byte fragment. If any of the six fragments is dropped because of a congested link, the complete original datagram will have to be retransmitted, which means that six more fragments will have to be created. If this link drops one in six packets, then the odds are low that any NFS data can be transferred over this link, since at least one IP fragment would be dropped from each NFS 8500 byte original IP datagram.

Firewalls that filter or manipulate packets based on Layer 4 (L4) through Layer 7 (L7) information in the packet may have trouble processing IP fragments correctly. If the IP fragments are out of order, a firewall may block the non-initial fragments because they do not carry the information that would match the packet filter. This would mean that the original IP datagram could not be reassembled by the receiving host. If the firewall is configured to allow non-initial fragments with insufficient information to properly match the filter, then a non-initial fragment attack through the firewall could occur. Also, some network devices (such as Content Switch Engines) direct packets based on L4 through L7 information, and if a packet spans multiple fragments, then the device may have trouble enforcing its policies.

SOME NOTES:
---------------------
Tcp header is much larger than UDP header hence we use UDP over TCP . It reduces the overhead.
Seq no= no assigned to the 1st byte of data in the message.
Ack no= next seq no or byte of data that rx expect to receive.
Offset = specifies the size of the Tcp header in 32 bit word and indicates where data actually begins.
Reserved field is set to 0 and can be used for further purpose.
Window : this sets the size of the rx window apart from seq no. This comes under flow control.
Padding is used to confirm that TCp header end with 32 bits .
Option is used for synchronization purpose. 

To know the size of the data we should know the size of the header length in Ip header
Minimum size of ip header is 20 bytes and maximum is 60bytes 
4 bits is used for ip header length.
So if header bits are 0101 means 5 *4 = 20 bytes 
So always bits value is multiplied with 4 and header length is calculated .
Lets we have HL = 5base16 =5 *4 = 20bytes
TL =0028base16=40bytes ie 40-20 = 20 bytes is a data 
TL=HL + data 
So tL can be 20 bytes to 65,335bytes 

How Checksum is calculated ?
HL fileds in source side are are segmented/divided into 16 nbits. Initially Checksum is set to 0. All these n sets of 16 bits are added up together .say total bits value is Nbits .Do 1’s Complement of this. Say we get Ncbits .Update checksum with this value .send this value to destination.
Now we do same process in destination . but here we will add all 16 bits value with checksum value received from sender . Do 1’s complement of it and result should be zero. Otherwise data is corrupted.

In case of proc in tcl if we use return command it will return all the variables if return command is not mentioned it will return the last command.

Three way hand shake any host can initiate the connection
Client -------------------------server
Seq x ----------------------- received seq x
Seq y <------------ Ack x+1
Ack y+1 --------received Ack y+1 
Routing Loop Avoidance Techniques
Split Horizon: Updates received in an interface can’t be sent out the same interface.
Split Horizon with Poison Reverse: Updates sent back with infinite metric (hop count 16) for every update received in an interface
Count to Infinity: To avoid continuous looping of a (bad) routing update. RIP sets the count to infinity with a hop count of 16.
Triggered Updates: supported with RIP version 2. Also known as the flash updates. If a metric is changed it is immediately advertised to neighbors without waiting for the regular scheduled update timer.

What is a tagged VLAN [Virtual Local Area Network]?
The IEEE 802.1Q standard allows defining an ethernet interface for multiple logical locations (as opposed to specific physical locations). One port can belong to several 802.1Q tagged VLANs. Thus, many host servers may be connected to the same ethernet LAN switch without being in the same collision or broadcast domain inherent in ethernet technology.

What is an untagged VLAN?
Untagged VLANs are the way we physically separate host servers into different broadcast and collision domains. A port (assigned to each PC connected to the LAN) can only belong to one untagged VLAN. Think of these LANs as the physical LAN connections within the logical or virtual LAN.
this is all based on the IEEE 802.1Q standard...

basic rules:
1) a port can be untagged in at most 1 vlan at a time
2) a port can be tagged in as many vlans as are in the switch config

an untagged port is what you normally connect an endpoint device (computer, printer, server, camera, badege reader, sometimes a VoIP phone, etc)...

a tagged port is used "mostly" to interconnect switches that carry multiple vlans on that link...

a tagged frame has an extra 4 bytes in the middle, which has the vlan id, qos settings, and a few other bits of data...

"normal" endpoint devices are not configured to speak tagged...altho there can be exceptions to this rule given very specific configuration/operation requirements (servers, VoIP phones, AP's)...but generally a user computer speaks untagged...


Tcl - global, upvar and uplevel.
In Tcl, variables are "scoped" to the procedure in which they're used. That's a sensible default, since you want to be able to write main applications without the risk of interfering with variables within your procs.

A global command in a proc allows you to refer to a variable in the main code from within a proc. (No need to declare it global at the top level too)

An upvar command allows you to reference a variable in your calling code from within your proc, and is commonly used for "pass by name" requirements where you're writing a proc that must alter an incoming variable.

The uplevel command allows you to run a piece of code as if it was in the namespace of your calling code and not in your proc - and you can even specify a number of levels of code up or an absolute level number.

Suggestion. Use upvar whenever you need to call by name. Use global sparingly. And think very carefully before you ever use uplevel!

Example:
proc demo {what where} {
global counter
upvar $where hereitis
uplevel incr dc
append hereitis ", UK"
incr counter
puts "Demo run"
return "$what $hereitis"
}
#
set dc 0
set counter 0
set place Melksham
set rz [demo "eat in" place]
puts "function returns: $rz"
puts "place will have UK on the end: $place"
puts "counter is number of calls to demo: $counter"
puts "variable dc has become: $dc"

Expect:
When the matching string is finally typed, expect returns. But before returning, expect stores the matched characters in a variable called expect_out(0,string) . All of the matched characters plus the characters that came earlier but did not match are stored in a variable called expect_out(buffer) . expect does this every time it matches characters. The names of these variables may seem odd, but they will make more sense later on.

What Happens When Input Does Not Match

Once expect has matched data to a pattern, it moves the data to the expect_out variable as I showed earlier. The matched data is no longer eligible to be matched. Additional matches can only take place with new data.

Consider the following fragment:
expect "hi"
send "$expect_out(0,string) $expect_out(buffer)"
If I execute these two commands, Expect waits for me to enter hi . If I enter philosophic followed by a return, Expect finds the hi and prints:
hi phi

If I execute the two commands again, Expect prints:
hi losophi

Even though there were two occurrences of hi , the first time expect matched the first one, moving it into expect_out . The next expect started from where the previous one had left off.

When a MAC address itself is unique, why do we still need an IP address to uniquely identify a system on a network?

explain this in an easy way using an analogy. So here it goes -

Let’s say your name is ‘A’. Obviously some other people in the world might also have the same name ‘A’. This is not unique. Now let’s add your father’s name (say father’s name is ‘B’) along with your name, it becomes ‘B.A’. Now people with this same name will be in less number as compared to your earlier original name ‘A’. But still it is not unique. Let’s say we keep on adding the names of your forefathers  to your name – ‘A’, ‘B.A’, ‘C.B.A’, ‘D.C.B.A’, ‘E.D.C.B.A’, ‘F.E.D.C.B.A’, …………… a time will come when the name will become unique. This is like a MAC address which will never change once assigned to a device, as your father’s & your forefather’s name also won’t change and will be a unique combination.

This means you can now be uniquely identified in the world with your name. Now let’s say someone needs to send you a parcel (in computer terms a packet). He\She can simply write down your new name on it (and nothing else) and that should do the work – right? Yes, it may work. But just imagine the burden on the post office to deliver it to you without any address on the parcel. The post office will have to keep track of all the people in the world. (Similar burden will be incurred by a router – It will be impossible for the router to build a routing table other than a complete map that lists EVERY single MAC address ever seen). Now here comes the use and necessity of an address to be associated with your name and hence, use of an IP address to be associated with a device.

Let’s say you stay in Building number “#4”. Obviously there can be several areas/city which have Building number “#4”. So this address is not unique to you. Now let’s add some more details to it – Area code “0055” and it becomes – “0055.#4”. Still not unique to you. Let’s add some more details like street, state, city, country. It becomes – US.Chicago.MaryStreet62.0055.#4. Now, this is a unique address from which you can be uniquely identified. If anyone willing to send you a parcel can just address the parcel with this and the parcel will reach to you with ease. This is like having an IP address.

Obviously your address will keep on changing if you keep travelling from one place to another but your name won’t. Same is the case with MAC and IP address. MAC address won’t change once assigned to a device. However, IP will keep changing. 

if we have mac address why we need ip address and vice versa

and is it possible to have a network with only one of them

within a subnet using only mac we can work

but same mac can be used in differnet subnet

ip used to reach that subnet

then mac to reach the machine in that subnet