-
Notifications
You must be signed in to change notification settings - Fork 0
EN_Net_OSI_Routing
OSI layer 7 and TCP/IP layer 4 are both components of the network protocol stack. However, each constructs the hierarchy in a different way. Comparing the 7th layer of OSI and the 4th layer of TCP/IP, the top three layers of the OSI model, the session layer, presentation layer, and application layer, are responsible for functions related to application programs, and standard protocols are defined for them. On the other hand, in the TCP/IP model, the application layer includes TCP and UDP protocols, so it serves to connect the application layer and the transport layer.
While the session layer and presentation layer are responsible for functions such as data format conversion, data structuring, compression, and encryption, the TCP/IP model has no layer responsible for these functions. These functions can be handled directly in the application layer.
OSI layer 7 stands for Open Systems Interconnection model. This model is a reference model for the network protocol stack developed by the International Organization for Standardization (ISO).
Layer 7 consists of:
-
Physical Layer: A layer that transmits electrical and physical signals.
- Protocol:
Ethernet, Fast Ethernet, Gigabit Ethernet, Wi-Fi, Bluetooth, USB
- Protocol:
-
Data Link Layer: Responsible for reliable data transmission in the network.
- Protocol:
Ethernet, Token Ring, FDDI, HDLC, PPP, SLIP
- Protocol:
-
Network Layer: Selects the path to deliver data to the destination and manages packet transmission.
- Protocol:
IP, ICMP, ARP, RARP, OSPF, BGP, IS-IS
- Protocol:
-
Transport Layer: Ensures data transmission and is responsible for error detection and recovery.
- Protocol:
TCP, UDP, SCTP
- Protocol:
-
Session Layer: Manages the connection between users at both ends and controls the communication method.
- Protocol:
NetBIOS, RPC, SQL
- Protocol:
-
Presentation Layer: Converts the format of data or performs processing such as encryption and decryption.
- Protocol:
JPEG, MPEG, SMB
- Protocol:
-
Application Layer: This is a layer that provides services to applications.
- Protocol:
HTTP, FTP, SMTP, POP3, IMAP, Telnet, SSH
- Protocol:
TCP/IP layer 4 refers to the Transmission Control Protocol/Internet Protocol model. This model is a reference model for the Internet Protocol stack. The 4th layer is composed as follows.
- Network Interface Layer: Manages the physical network. It performs the roles of the physical layer and data link layer. Equipment such as network interfaces and LAN cards are used in this layer.
- Internet Layer: Data is transmitted using IP addresses. It performs the role of the network layer. The IP protocol is used in this layer.
- Transport Layer: Ensures data transmission using TCP or UDP protocols and is responsible for error detection and recovery. It performs a role corresponding to the transport layer of the OSI model.
- Application Layer: This is a layer that provides services to applications. It performs the roles of the application layer, expression layer, and session layer of the OSI model. Protocols such as HTTP, FTP, and SMTP are used in this layer.
AS stands for Autonomous System and is a group of routers managed by one network manager, a group of routers operated under one management regulation, or a group of routers composed of one management strategy.
- Protocol used by routers to exchange routing information between routers within the AS
- Types:
RIP, IGRP, EIGRP, OSPF
- Protocol used by routers to exchange routing information externally between ASs
- Type:
EGP, BGP (nowadays, the trend is to use BGP rather than EGP)
You can manage the information contained in the router efficiently and provide Internet services more easily. The routers in the AS only know the internal network information about the routers belonging to their own AS, and when going outside, that is, outside the AS, they ask the ASBR (Autonomous System Boundary Router), the gatekeeper router, for information and then go out to the external Internet. will be. The gatekeeper router ASBR has information about other ASs adjacent to its own AS and has It serves to provide information to the router coming from an external AS to its own AS. Because of this system, routers do not need to have information about all networks around the world even when connected to the Internet. All you need is information about the AS you belong to. At this time, the routing protocol used by the router inside the AS is called Interior Routing Protocols or IGP. The routing protocols used to exchange routing information between ASs, that is, outside the AS, are called Exterior Routing Protocols, or EGP.
BGP is Border Gateway Protocol. The protocol between BGs (Border Gateways) located at the edge of the AS is called BGP. Therefore, not all BGP protocols connect different ASs. So, of course, it is involved in connections between BGs belonging to different ASs, but it is also involved in connections between BGs within the same AS. According to these differences in roles, BGP is largely divided into two types.
BGP is responsible for connecting border gateways on the same AS.
BGP, inter-AS routing, is responsible for connecting border gateways on different AS.
Additionally, the BGP router uses the decision-making algorithm and policy set in the AS peering contract to analyze the data it collects through prefix declarations and select the optimal peer to send each packet stream to at that point. In most cases, the path with the fewest number of network hops is chosen, but longer paths may be faster due to congestion and delay. As traffic travels through an AS and reaches another BGP router connected to another AS, this process repeats until the data reaches the AS where the destination site is located. TCP port 179 is used and exchanged using unicast method. Unlike IGP, it is possible to form a BGP Peer (Neighbor) relationship with devices that are not directly connected.
Unicast (1:1)
- One-to-one communication where origin and destination must be accurate
- One-to-one method in which one transmitting node transmits data to one receiving node
Broadcast(1:All)
- A way to communicate with all devices in the network I belong to
- Affects the performance of individual PCs and overall network traffic.
Multicast(1:Group)
- Used when information needs to be sent to a specific group of people at the same time (ex. 8 out of 10 people)
- Prevent unnecessary traffic or performance degradation by selectively transmitting data
Anycast (1:1)
- Method of communicating with the nearest node
- The difference with unicast is that the sending node transmits data to only one of the receiving nodes connected to the network.
Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) are two network protocols used to prevent loop conditions in network environments. This is especially important in Ethernet networks that include multiple paths between switches.
STP, standardized as IEEE 802.1D, is designed to maintain a loop-free topology for Ethernet networks. It works by selectively blocking some of the redundant paths that could cause loops. STP requires network design to provide fault tolerance and automatic backup path activation if an active link fails, without the risk of bridge loops or associated broadcast emissions.
The way it works is as follows.
- Root Bridge Selection: All switches participate in the selection process to select the root bridge, which is the logical center of the network. The switch with the lowest bridge ID becomes the root.
- Path Selection: Each switch determines the shortest path from itself to the root bridge based on the path cost.
- Blocking Redundant Paths: To prevent loops, STP blocks redundant paths that could form loops but maintains them as backup links.
- Port States and Roles: Ports in an STP topology can be in one of several states: blocking, listening, learning, forwarding, or disabled. Each non-root bridge port has one of the following roles: root port (best port to reach the root bridge), designated port (port forwarding frames to and from network segments), or unspecified port (blocked port).
RSTP, defined in IEEE 802.1w, is an evolution of STP that provides faster convergence during network changes. It is designed to be backward compatible with standard STP.
The way it works is as follows.
- Faster Convergence: RSTP can achieve faster convergence through fast state transitions. By introducing new port roles and states, the switch can actively check whether a port can safely be moved to the forwarding state without having to wait for a timer to expire.
- Port Roles: RSTP defines roles such as root port, designated port, alternate port (backup to root port), and backup port (backup to designated port).
- Port States: RSTP uses only 3 port states compared to STP's 5 port states (discard, learn, and forward).
- Edge Ports: Ports connected directly to an end station are unlikely to create network loops, so these ports can be configured as edge ports to bypass the existing listen/learn state and transition directly to the forwarding state. there is.
- Link Type: RSTP can also identify the link type, and if the link is a point-to-point link, RSTP increases the convergence speed of the link.
The advantages are as follows. Provides much faster recovery in response to network changes or failures, reducing time from tens of seconds (using STP) to less than a second in many cases. Simplifies network troubleshooting and improves network stability and performance.
In summary, STP is effective at preventing network loops, but RSTP improves on STP by providing faster convergence. This can be very important in networks where minimizing downtime is important.
Hub & Spoke network architecture is a foundational model widely used in various sectors that require centralized control and efficient connectivity. It's particularly effective for organizations aiming to centralize management of a main office while efficiently expanding network infrastructure.
- Hub: Acts as the central node and common connection point for all other nodes in the network. The hub is pivotal, as all data traffic flows through it, facilitating centralized management of data.
- Spoke: These are the nodes that connect directly to the hub. Each spoke connects solely to the hub and not to each other, simplifying the network design by reducing the number of direct connections.
- Centralized Management: The architecture enables centralized control, easing the enforcement of policies and oversight of network operations.
- Resource Efficiency: Centralizing essential resources at the hub enhances bandwidth management and traffic prioritization, which is crucial for large-scale networks like WANs.
- Scalability: It's easy to expand the network by adding spokes, which connect back to the hub without altering existing connections.
- Advantages:
- Simplified Infrastructure: Lowers network complexity by limiting the number of direct connections between nodes.
- Cost Efficiency: Less infrastructure is needed compared to mesh networks, where each node is interconnected.
- Streamlined Maintenance and Troubleshooting: Centralizing administrative tasks at the hub simplifies updates and problem-solving.
- Disadvantages:
- Single Point of Failure: The hub's critical role makes it a potential failure point that can disrupt the entire network.
- Bottleneck Risks: The hub can become a bottleneck if not adequately equipped, especially under high traffic conditions.
- Extended Hub & Spoke: Introducing a secondary hub can help distribute the load and add redundancy, reducing the risks associated with a single hub setup.
Hub & Spoke network architecture is a foundational model widely used in various sectors that require centralized control and efficient connectivity. It's particularly effective for organizations aiming to centralize management of a main office while efficiently expanding network infrastructure.
- Hub: Acts as the central node and common connection point for all other nodes in the network. The hub is pivotal, as all data traffic flows through it, facilitating centralized management of data.
- Spoke: These are the nodes that connect directly to the hub. Each spoke connects solely to the hub and not to each other, simplifying the network design by reducing the number of direct connections.
- Centralized Management: The architecture enables centralized control, easing the enforcement of policies and oversight of network operations.
- Resource Efficiency: Centralizing essential resources at the hub enhances bandwidth management and traffic prioritization, which is crucial for large-scale networks like WANs.
- Scalability: It's easy to expand the network by adding spokes, which connect back to the hub without altering existing connections.
- Advantages:
- Simplified Infrastructure: Lowers network complexity by limiting the number of direct connections between nodes.
- Cost Efficiency: Less infrastructure is needed compared to mesh networks, where each node is interconnected.
- Streamlined Maintenance and Troubleshooting: Centralizing administrative tasks at the hub simplifies updates and problem-solving.
- Disadvantages:
- Single Point of Failure: The hub's critical role makes it a potential failure point that can disrupt the entire network.
- Bottleneck Risks: The hub can become a bottleneck if not adequately equipped, especially under high traffic conditions.
- Extended Hub & Spoke: Introducing a secondary hub can help distribute the load and add redundancy, reducing the risks associated with a single hub setup.
IPsec (Internet Protocol Security) and SSL (Secure Socket Layer) along with its successor, TLS (Transport Layer Security), are protocols used for securing network communications. Both provide data integrity, confidentiality, and authentication over the Internet, but they operate at different layers of the network stack.
- Function: Suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.
- Layer: Operates at the network layer, capable of securing all traffic that passes through it.
- Modes: Includes transport mode (encrypts only the payload of each packet) and tunnel mode (encrypts the entire packet).
- Use Cases: Particularly useful for setting up Virtual Private Networks (VPNs) across untrusted networks like the internet.
- Function: Protocols for securing connections between networked computers, widely used for secure communication over the internet.
- Layer: Operates at the session layer, securing specific applications that are designed to utilize SSL/TLS.
- Features: Uses encryption algorithms to encrypt data before transmission and uses certificates for authentication.
- Use Cases: Commonly used to secure credit card transactions, data transfers, and logins on websites.
-
Operational Layer:
- IPsec operates at the network layer.
- SSL/TLS operates at the session layer.
-
Certificate Management:
- SSL/TLS typically uses a hierarchy of trusted certificate authorities for endpoint authentication.
- IPsec can use certificates but often uses pre-shared keys or network-level authentication.
-
Setup and Flexibility:
- SSL/TLS is generally easier to set up per application.
- IPsec requires more comprehensive setup as it integrates into the network infrastructure.
-
Usage Scenarios:
- IPsec is favored for VPNs that secure all network traffic.
- SSL/TLS is preferred for securing specific applications, particularly for web security over HTTPS.
| Feature | IPsec | SSL/TLS |
|---|---|---|
| Layer | Network (IP layer) | Session (Application) |
| Security | Encrypts entire packet | Encrypts session data |
| Usage | VPNs, site-to-site | Web browsers, specific applications |
| Authentication | Certificates, pre-shared keys | Certificates, often from a CA |
| Configuration | Complex, network-level | Simpler, application-specific |
| Encryption Modes | Transport and Tunnel | Secure channel per session |
| Characteristics | IPsec VPN | SSL/TLS VPN |
|---|---|---|
| Definition | Protocol suite that protects Internet protocol communications by encrypting and authenticating all IP packets (TCP/UDP supported) | Protocol that encrypts and protects the connection, encrypting only the data portion (TCP/UDP supported) |
| Encryption | Works at the network layer, encrypting all traffic at the IP level and is ideal for full network encryption | Operates at the session layer and encrypts at the application level to secure specific applications or services |
| Protocol | IP | TCP |
| Tier | Works at the network layer of the OSI model (3 Layer) | Works at the session layer of the OSI model (6 Layer) |
| Ease of Use | More complex to set up and manage. Works at network level and requires more comprehensive configuration | Easy to use and implement through your browser for standard secure web browsing |
| Certification | Can use certificates, pre-shared keys, or other forms of network-level authentication | Primarily uses certificates and keys managed by a trusted certification authority |
| Distribution | Best for full network access, site-to-site VPNs, or entire subnets requiring secure access | Ideal for remote access to individual applications or services via the Internet |
| Flexibility | Provides strong security features with less flexibility in client settings | More flexible for web-based access and can be used without installing client software using Web SSL VPN |
| Typical Use Cases | Preferred for securing site-to-site connections, often used in corporate environments | Commonly used to secure connections to web applications, SaaS products, and other web-based resources |
| Security | Offers strong security at the cost of complexity, covering all data transmitted over the network | Provides good security and is easy to set up and manage over an Internet connection, especially for temporary access |
| Features | Requires 2 server devices, requires software installation, can be used as if connected directly to a private network | Requires 1 server device, uses only a web browser, connects through SSL portal |