The goal is to walk through a scenario as two packets named "Bob" and "Sally" make their way through the network.
This is going to be more of a review then anything else.
Let's begin with the short story of Bob.
-----
Bob is going to represent local communication. That means he will only traverse within the confines of his local network. In our example below, he's moving from the top computer to the one right below it. Notice they are within the same network (subnet).
Assume that the subnet mask for Bob's network is 255.255.255.0.
Bob doesn't seem very adventurous does he....
Now let's assume that Bob represents a 'ping' packet. That means that someone opened up a command prompt or UNIX shell on the computer marked as 172.10.1.20 and decided to run:
ping 172.10.1.30
Now based on what you learned from the earlier lessons, what exactly will happen here?
1. The local machine will compare the IP address of the destination (172.10.1.30) with the subnet mask of the local network.
2. Now how exactly will the comparison work? If you answered: "The comparison works by comparing the first 3 octets of the destination IP address with the first 3 octets of our IP address"....then you answered correctly. Remember that since the subnet mask is 255.255.255.0, that we are going to be comparing the first 3 octets only. The last octet will represent the host.
3. In our case, the top computer will realize "Hey this guy is on the same network as me! I don't have to go through any router to reach him. So coooool".
4. What will the top computer have to do next? He'll have to figure out the MAC address of the computer below. Remember he has to have the destination MAC address to reach the other end. Now do you remember how we resolve an IP address to a MAC address? We use the ARP protocol.
5. I am sure you are bright enough to remember that ARP works by broadcasting a request out on the local network for the IP address its trying to resolve. So in our case, the top computer will just yell out loud to everyone on the local network: "Hey Guys! Who is 172.10.1.30? Whoever you are, could you please get back to me with your MAC address? Thanks!!!"
6. Now since this is a broadcast everyone on the local network will get the request....that includes the router that is connected to this network. He'll get the request and say "Hmm well this ARP request is for 172.10.1.30 and not for me. I guess I'll just drop this ARP request packet".
7. Now the computer below will receive the ARP request and he'll reply back to the top computer and he'll say "Hey Buddy! I am the guy you're looking for. My MAC address is AA00:BC33:3211".
8. Next, our host computer will say "This is good, very good. I now have the layer 2 destination MAC address to speak to you with!"
9. Finally our host computer will create a packet (Bob) who has a source IP of 172.10.1.20 and a destination IP of 172.10.1.30 and has a source MAC address of 342F:39BC:3923 and a destination MAC address of AA00:BC33:3211. The packet will be sent out on our local network and our switch fill forward it along to the destination computer.
That's pretty straightforward....now the fun stuff....
-----
Let's move onto the story of Sally. She's a bit of a complicated and adventurous woman....
Here is the preliminary setup:
Sally is also going to be a ping packet. However, unlike Bob, she'll be going from the top computer on the left side (172.10.1.20) over to a remote server at 192.168.0.100. Obviously you can see that these two boxes are on totally different networks (subnets) with several routers separating them.
I sense some serious router traversal about to take place....
Let's begin by zooming in on the network of the local machine which will send out the packet. We need to take care of some stuff before we can start bouncing around through the routers.
As mentioned before, someone begins Sally's life by opening up a command prompt or a Unix shell on the computer marked as 172.10.1.20 and running:
ping 192.168.0.100
Now based on what you learned from the earlier lessons, what exactly will happen here?
1. Well just as in the case of Bob our local machine will compare the network portion of the IP address of our destination with the network portion of our IP address. Based on the subnet for this network (255.255.255.0), the network portion of the IP address represents the first 3 octets.
2. The host machine will clearly see that 192.168.0.x does NOT mach 172.10.1.x.....what to do? The destination IP address is not on the same network as the sender....Sally is such a complicated woman.
3. Clearly now we can't just yell out and use the ARP request....Sally's destination is not on the same network as us. Remember that the ARP request is a broadcast for locally connected machines. An ARP request does not go past a router and our destination here lies past the router. I hope you remember our discussion on how the router's number one job is to stop broadcasts from leaving the local network....
4. Our local machine now realizes it has to send Sally out through the local router (it's default gateway). So it creates the Sally ping packet and throws on the source IP address (172.10.1.20), the destination IP address (192.168.0.100) and.......wait.....what do we put for the source and destination MAC addresses?
5. The answer is quite interesting. For the source MAC address we put our own MAC address: 342F:39BC:3923. But what about the destination MAC address?
6. To find the destination MAC address of the router we have to communicate with router just as it was another device within the network. Think of how Bob's story went. Remember that Bob had to communicate with a local member of the network. Well the router is also a local member of the network. So therefore we send a ARP request to find out the MAC address of our default gateway (172.10.1.1).
7. Our local machine will yell out: "Hey guys, who on the local network here is 172.10.1.1? I need your MAC address please!!". The router will respond with its MAC address to the calling machine.
8. The result of the router's reply is going to be our destination MAC address. Therefore before we send Sally out, we assign the destination MAC address to be 01AA:12AB:3212.
Let's take a break and look at an updated image:
You'll notice that the Sally ping packet now has the source and destination IP addresses explained above and the source MAC address of the host machine (ending in 3923) and the destination MAC address of the router (ending in 3212).
Let's move on....
9. The router will pick up the packet and observe that it is indeed for the router because the destination MAC address matches that of the router.
10. Then the router will open up the network portion of the packet and notice that the destination IP address does NOT match the router's IP address. The router feels sad and says "Gosh no one ever wants to directly talk to me. This is another case where someone wants to use me to get to another network. It's okay though, I'll help him out".
Since the router from our originating network has Sally at the current moment, let's take another short break and move into the the zoom of the router portion of Sally's story......
Notice that the blue arrow represents the router that Sally is currently at.
Moving on....
11. The router now thinks to itself: "Well I am not directly plugged into a network which would contain 192.168.0.100. However, my magical routing table has informed me that in such scenarios I should send all unknown traffic over to 10.10.1.2. He is the man that can bail me out and send Sally to the correct destination".
12. Next, the router will strip off the layer 2 MAC addresses in the Sally packet before sending Sally out. The router will however NOT touch the layer 3 IP addresses in said packet. Remember, the source and destination IP addresses are not to be changed! Only the MAC addresses will be changed as Sally swims from one router to another.
13. Well so what will go in the source and destination MAC address in Sally's packet? Well the source MAC address will be the MAC address shown for the interface of the router where the IP address is 10.10.1.1. This is because Sally will be sent out from this interface on the router. The destination MAC address in Sally's packet will be the MAC address of the interface represented at 10.10.1.2.
Here is a little bit of visualization:
Notice the arrows pointing to the source and destination MAC addresses as Sally traverses the 10.10.1.x network.
Also note that a router has a separate interface with a different IP configured for each network its connected to.
Moving on...
14. Now after replacing the MAC addresses, router A (as shown in the image above), will push Sally over to router B.
15. Router B now has Sally in his possession and he's thinking to himself: "Well this packet is not destined for me, since I am not 192.168.0.100. However I do have a routing table which has instructed me on what to do in such situations".
An updated image with the router details of where we are in Sally's progression through the network:
16. Just as the router before did, the new router that owns Sally will also push Sally along to the next hop router as specified in the routing table. Therefore you should be able to figure out that the source MAC address for Sally will be 35BB:1290:18FF and the destination MAC address will be 3222:AAAA:FFB1. Remember the source and destination IP addresses are not affected inside the Sally packet.
17. Saving you the trouble of repeating the steps above with the last router shown on the far right, let's move onto what happens as Sally approaches her destination:
18. Finally Sally has arrived at the last router she will have to go through. This router (shown as router D in the image above) says "Oh this is so neat. Looks like the destination IP address that Sally is destined for is in one of the networks I am connected to!".
19. Router D will then strip off the source and destination MAC addresses that allowed Sally to reach from router C to router D and replace them with some new information.
20. This new information will be a little tricky to obtain. Remember now that router D knows that the destination machine for which Sally is meant for lies on the network the router is connected to. However, just as every router has done before, router D will have to strip off the source and destination MAC address. The source MAC address is fairly straightforward; it's just going to be AF30:BC33:3211. What will the destination MAC address be?
21. Before the router can assign the destination MAC address for Sally's final stop, the router must issue an ARP request here to find out what it is. Remember that the router can't use its routing table to send Sally over to the destination as the routing table is just for speaking to other routers. Therefore router D will yell out loud "Who is 192.168.0.100? Please respond to me with your MAC address please!! Thanks!!".
22. The server shown in the image will respond to the ARP request and tell the router "Hey Mr. Router D, I am indeed the guy you're looking for. My MAC address is 88A8:12AF:0399
23. Lastly router D will now assign its destination MAC address to what the server replied with and send Sally out to her final resting place. Remember that this entire time the source and destination IP addresses haven't been touched.
The reverse of this whole process will also happen as the remote web server has to respond to the Sally ping request. Of course due to brevity, we won't go into the details.
As a general note whenever router to router communication takes place, we use the routing tables to figure out where to go next. Whenever local communication takes place within a specified network (think of Bob from earlier) we use ARP to resolve the destination.
This is very important knowledge and its imperative you understand it. Without this knowledge you'll have trouble has try to troubleshoot networks in the future.
If you get some time, play around with the "traceroute" command on Unix or the "tracert" command on Windows. It will show you every hop it takes for your packet to reach a specified destination.
Here is the wikipedia on traceroute: http://en.wikipedia.org/wiki/Traceroute
You have now become Layer 2/3 experts!! Well not really....
No comments:
Post a Comment