Hardware and the OSI Model for the CCNA Exam

By James G. Jones,Sheldon Barry

Date: Mar 26, 2004

Sample Chapter is provided courtesy of Que.

Return to the article

---

Let James H. Jones and Sheldon Barry prepare you for the CCNA exam by explaining networking hardware and techniques.

---

Terms you'll need to understand

• Hub

• Bridge

• Layer 2 switch

• Router

• Layer 3 switch

• Repeater

• Star topology

• Bus topology

• Coaxial cable

• Twisted pair

• Collision domain

• Segment

• CSMA/CD

Techniques you'll need to master:

• Ethernet operation

• Store and forward bridging

• Network segmentation

• Strengths and weaknesses of a star topology versus a bus topology

• Identify hardware typical of Layers 1 through 3 of the OSI model

• Understand the functions of and differences of bridges and Layer 2 switches

• Understand the operational differences and functions of Layer 1, 2, and 3 devices

When IBM released its first PC it started a veritable buying frenzy among corporations. What separated the IBM PC from others of the time was not so much technology as it was the IBM logo displayed prominently on the front of each PC. The IBM logos made the PC acceptable for deployment in a corporate environment, and deploy it they did! At the time, businesses were largely dependent upon timesharing vendors to run ad hoc analysis and simulations. The benefit of these real-time applications more than warranted the cost, which in many cases exceeded $40,000 to $50,000 per month. A PC, however, could often run the same application for a one-time cost of $6,000 to $12,000, making deployment a foregone conclusion.

"Give a man a fish and he will surely want a steak" is a parable that holds true for corporations as well as individuals, and it wasn't long before organizations were demanding even more savings from PC installations. It didn't take a rocket scientist to realize the major cost of PC deployment was in the peripherals, not the PCs. A letter-quality printer could cost as much as a PC and a really big hard drive, say 5MB, could exceed the cost of a PC. With the exception of running back and forth with 5 1/2-inch diskettes (sneaker-net) those peripherals were un-shareable and grossly underutilized. Ahh, if only peripherals could be shared, think of the savings!

Early Bus Networks (10BASE-5 and 10BASE-2)

About this time a consortium of manufacturers working at Xerox's PARC (Pacific Area Research Center) released a really strange device called "Ethernet" that would do exactly what was needed—namely share PC resources. Ethernet used signaling that was well into the radio frequency spectrum and utilized a long coaxial cable (up to 500 meters) as a medium to connect PCs and peripherals. A coaxial cable consists of a single copper center conductor, covered by a dielectric material (insulator), which in turn is covered by a braid of copper wire, all of which is covered by a polyvinyl chloride (PVC) or Teflon jacket. (See Figure 3.1.)

Figure 3.1 Coaxial Cable.

It is easy to see why installers preferred 10BASE-2 cable (right) over 10BASE-5 cable (left).

This type of cable is relatively immune to radio frequency interference from the outside, and also does a good job of containing radio frequency signals on the inside. Without these two properties, the cable would actually become a huge antenna, with all kinds of nasty consequences.

However, there is a downside to this type of cable, and all other cables, including fiber optics. The downside is that an impedance mismatch will reflect a signal. An impedance mismatch occurs where the properties of the cable change. Joining a cable to another with different properties will create an impedance mismatch. Nicking a cable will also create a mismatch, or we can go for the biggest mismatch of all and just whack the thing in half. Of course, all cables must end one way or another, so to avoid the resulting impedance mismatch, both ends of the coaxial cable were terminated with resistors (terminators). These terminators would dissipate the electrical energy rather than reflect it (see Figure 3.2). This assembly in its entirety is called a backbone or bus topology.

Figure 3.2 Bus topology.

A bus topology provides a single transmission cable called a bus. Network nodes connecting to the bus share its transmission capacity. When coaxial cable is used for the bus, a terminator (resistor) must be installed at each end to eliminate reflections. Notice how the Ethernet symbol in the lower right resembles the bus design.

The resulting reflections from a cut or nicked coaxial cable or fiber-optic cable can bring an entire Ethernet system down. In fact, the nick or cut is located by launching a signal down the cable and then timing the reflection. The device used for this is called a Time Domain Reflectometer (TDR) for copper cable and an Optical Time Domain Reflectometer for fiber optics. Both will provide the distance from where the device is connected to the cut or nick by timing the reflected signal.

The backbone cable was a really good idea but without a way to attach stations or nodes it was useless, and this is where things got messy. Originally, nodes or stations were attached to the bus by way of a tap, which physically pierced the cable (see Figure 3.3).

These taps were quickly nicknamed vampire taps for obvious reasons, and the name has stayed with them ever since.

The tap included a transceiver (transmitter/receiver) for signaling, and was attached to the PC by an attachment unit interface (AUI) cable. The AUI cable was often called a drop cable and closely resembled today's serial cable. The PC itself was provided an interface card for attaching the drop cable and a piece of software called a redirector that routed resource requests either to the transceiver for transmission on the bus or to a locally attached resource, such as a printer or hard disk.

Figure 3.3 10BASE-5 taps.

The layout of a single transmission medium, like a coaxial cable, providing connectivity to a number of stations or nodes is referred to as a bus topology (actually, the proper name for the backbone is bus but in practice the terms are used interchangeably). Although multiple stations (Multiple Access) were connected to the bus, only one signal could traverse the bus at any one time (Baseband).

Multiple signals were eliminated because each of the network interfaces had a circuit that sensed voltage on the bus (Carrier Sense). If a voltage or carrier was present, the interface would delay transmission until the voltage again dropped to zero. So, a situation where two or more signals ended up on the bus at the same time would be highly unlikely.

A signal takes time to move from one end of the bus to the other, so it is quite possible a station on one end would transmit, not knowing there was already a signal on the other end of the bus. Two or more signals on the bus would create an over-voltage condition, which (you guessed it) would be sensed (Collision Detection) by the same circuit that was monitoring the voltage in the first place. When this occurred, the network interface would send a jam signal to busy out the entire bus, wait for a random time period of no carrier or voltage on the bus, and then retransmit the original signal. The random period of time was to prevent a second collision when the two or more network interfaces that originally caused the collision retransmit. Now you know why all Ethernets are categorized as Carrier Sense, Multiple Access, Collision Detection (CSMA/CD) networks.

Pushing Distance Limitations (Repeaters)

The network we described previously was standardized as a 10BASE-5 (10Mbps, baseband, 500 meters) network and theoretically, if you stayed within the standards, everything would work fine. However, it was a lot cheaper to extend the bus a little over the 500 meter limit than to install a whole new bus, and that is what many people did. The problem was that as a signal travels down a medium, it loses a bit of its strength (attenuates) for every meter it travels. All standards tend to be conservative so in most cases this did not create a major problem. As people pushed the distance more and more, or used lower quality materials, attenuation began to cause problems. So it was not long before a nifty device called a repeater was developed to address signal attenuation.

A repeater is a Layer 1 (Physical layer) device installed between two segments of a bus (the bus is actually cut and then reconnected through the repeater). A repeater does not care about addresses, frames, packets, or any of the upper-layer protocols we have discussed. A repeater simply senses a voltage or signal on one side, rebuilds and retimes the signal, and then sends it out the other side (repeats). Do not make the assumption, however, that repeaters eliminate distance restrictions. Like railroads, all networks operate on a foundation of timing. It takes time for a signal to move down a cable and it takes even more time for a repeater to rebuild, retime, and retransmit a signal. So long as we stay within the established timing standards for our type of network, everything is fine. If we exceed those standards, things get ugly fast (see Figure 3.4).

Pushing Station Limitations (Bridges)

So now we have a flexible network that can be easily expanded and provides sharing of expensive resources. The requirements have been met and everybody is happy. Well, not quite. The economies generated by shared resources provided a very real and tangible incentive for adding more stations to the network, and that is exactly what companies did. After all, an Ethernet segment could have as many as 1,024 nodes, which should be far more than anybody would ever need. The problem was that very few organizations made it to 1,024 nodes. Degradation in response time and throughput became a problem long before the magic number 1,024 was ever reached. Even more disturbing were traffic studies that revealed an incredibly high number of collisions with very little data transiting the network.

So what was happening? Well, it turns out that every node or station added to an Ethernet network increases the probability of a collision. When a collision occurs, the node interface sends out a jam signal that stops all transmission on the network. The interface then waits for a random period of silence before retransmitting the original frame of data. All of this takes time, and although the network is busy, very little data is moving across the network. At some point the network reaches its capacity of 10Mbps with the majority of that capacity used for collision recovery. Depending on the type of traffic, that ceiling is usually reached when approximately 4Mbps of data are moving across the network. Furthermore, if we attempt to push even more data through a saturated Ethernet, the total capacity available to data will decrease as the number of collisions increase. In short, Ethernet has the remarkable characteristic of providing excess capacity when you don't need it and reduced capacity when you do.

Well, no engineer can tolerate this kind of situation so it was not long before another nifty device called a bridge was developed. A bridge allows you to cut the Ethernet cable and then reattach it using the bridge. The bridge, like a repeater, has two network interfaces, with each attached to a segment of the cable. When a frame is launched on one segment (let's call it "A"), the bridge copies the entire frame into a buffer, reads the source address and destination address, and performs a Cyclical Redundancy Check (CRC) to ensure the frame is complete and accurate.

A Cyclical Redundancy Check is a number attached to the end of a frame that was derived by running the digits of the frame through a specific computation. The bridge performs the same computation and if the resulting number is equal to the one stored in the CRC field, then the frame is considered accurate and complete.

Because the bridge reads the entire frame, it is considered a Store and Forward device. The bridge then writes the source address of the frame to a reference table for segment "A" and checks to see if the destination address has also been logged as a source address on segment "A". If the destination address is in fact listed in the table, the bridge then knows that both the source and destination addresses are on segment "A" and the frame is discarded. However, if the destination address is not already listed in the table, the bridge assumes the address must be located on segment "B" and the frame is passed on through the second interface to segment "B". Of course the same thing is happening at the interface for segment "B". Within a few seconds the bridge will have compiled tables for the stations on both segments of the network and frames will either be checked and passed or stopped and discarded based on destination address and completeness of the frame. The ability of bridges to automatically build and update network tables led many to call them learning bridges.

So, what did all of this really accomplish? First, traffic that is moving between stations on the same segment stayed on that segment and did not tie up the resources of the other segment. It was like gaining the capacity of two networks with all of the benefits of a single network. Secondly, because a CRC was performed on each frame needing transit across segments, only good frames were actually passed. This effectively limits collisions to a single segment which also frees the other segment to carry traffic. When a network is segmented with a bridge, each of the segments is considered a separate collision domain (see Figure 3.4). Prior to segmentation, the entire network was one collision domain. We can also add multiple bridges, and create multiple collision domains, which would greatly expand our capacity for additional stations.

Figure 3.4 A segment is always a subset of a network (1). Both a repeater and a bridge will divide a network into segments (2 & 3). However, only a device with bridging functionality will create separate collision domains as well as segments (3).

So, with all of these benefits, was there a downside to using bridges? Of course, it took time for a bridge to read and analyze each frame. Multiple bridges could easily exceed the timing restrictions of a network. When this happened, stations or entire segments at one end of the network would be completely unaware that stations at the other end of the network had begun transmitting. The resulting collisions storms could and did shut down entire networks. It was also possible to accidentally create a loop with multiple bridges that would cause frames to endlessly race around the loop until the network got so clogged it could no longer function. The Spanning Tree Protocol (STP) was eventually developed so that bridges could communicate with each other to determine which bridges would be active and which would be held in reserve. This not only eliminated loops but also allowed for redundancy in the network. Even with these drawbacks, the bridge solved many more problems than it created and greatly advanced the capabilities of networking.

Layer 3 Expansion (Routers)

However (you knew this was coming didn't you?), there was one limitation to bridges that could not be overcome. That limitation had to do with scalability or size. I am sure you noticed how many times the term "frame" was used in the previous paragraphs.

You already know from Chapter 2 that in the OSI model, "frame" is the PDU for Layer 2, and Layer 2 is where MAC addresses are defined. So it would not be unreasonable to assume that bridge functions were based on the MAC address of the network interface attached to stations in the network. If you made that assumption you are absolutely correct!

Bridges are Layer 2 devices and the foundation of their operation is the MAC address. You will probably also recall from Chapter 2 that MAC addresses have a problem with scalability. Maintaining a unique address across many networks required going to a higher level (Layer 3) where a logical network address was defined.

The MAC address is physical because it is burned into a chip on the network interface. There is nothing virtual about it. What is on the chip is what you get and only what you get, period. The network address is "logical" in that it is derived from a routing protocol and assigned to a network. The network address is not burned into a chip or physically attached to a device in any way. It is a part of the software in use and can be readily changed. The concept is identical to logical drives on a PC. You may have only one physical drive, but that drive could, and usually is, configured as several logical drives.

The need for a different address scheme was not the only problem encountered when data was passed across or between different networks. There was almost always a change in media type, signaling requirements, and interface hardware. The whole issue of network overhead also became a major problem. Network stations needed a way to identify the addresses of other stations on the network. One popular network software package accomplished this by having each station broadcast its MAC address every three seconds. Now imagine you bridged the networks of two remote corporate divisions over a 56Kb leased line that costs $100,000 a month. With every station broadcasting its address across that link every three seconds, how much real data could get through? Some other device was clearly needed and that device was called a router.

Routers and bridges differ in that bridges use the MAC address (Layer 2) to perform their functions while routers use the network address (Layer 3). That, folks, "is the difference, the whole difference, and nothing but the difference"! Routers rely on a routing protocol for the definition and establishment of network addresses, and there is more than one protocol.

You are already familiar with at least one routing protocol named IP, which is a part of TCP/IP and stands for Internet Protocol. Others include Novell's IPX and Apple's AppleTalk. However, regardless of protocol, all routers fall into one of two types: static or dynamic. Most smaller, single site applications use static routers.

A static router, or fixed configuration router, is initially configured by the user and then it stays that way until the user goes back and manually changes the configuration. Configuring a router is done using a command-line interface or a Web-based interface developed by the manufacturer. Most static routers today have a Web-based interface with very limited options so it will be easier for the end user to configure. Simplicity is good in a static router because most of those end users have little if any computer training. The good news is that once a static router is configured it will merrily chug away forever, which is great for single location with a stable network environment. The bad news is that every time the environment changes, somebody has to physically change the operating parameters of the router. The really bad news is that if the environment changes and the organization has multiple sites, somebody, hopefully not you, has to reconfigure each router individually. This reconfiguration can usually be done through a utility such as telnet, but in many cases requires a personal visit. So if you get into a situation which uses static routers in multiple locations, keep your bags packed and be prepared to make house calls.

The limitations of static routers were a major problem for big decentralized companies with "big bucks" budgets, so it did not take long for a new type of router to arrive on the scene. A router that could automatically adjust to changes in the network environment, be configured and managed remotely, and provide even more filtering capability would be perfect, and that folks is exactly what a dynamic router or flexible configuration router does.

A major hurtle to development of dynamic routers was finding a way to make the router aware of changes in the network and then provide it with a method for determining the best route to a given address. Therefore, it should not be surprising that the advent of dynamic routers coincided with advent of routing protocols. A routing protocol provides a way for routers to exchange information from their routing tables and then determine the best route to a network given that information. Each protocol handles this function slightly differently, and each has its own set of benefits and drawbacks. RIP (Routing Information Protocol) and IGRP (Interior Gateway Routing Protocol) are examples of protocols that use a distance vector algorithm for determining the best route. A distance vector routing protocol requires each router to exchange information with its direct neighbors. In this way, information travels from router by router throughout the network. Some refer to this approach as "routing by rumor." OSPF (Open Shortest Path First) and IS-IS (Intermediate System to Intermediate System) are examples of protocols that use link state routing. Link state routing requires each router to exchange information with every other router in the network. We will be going into each of these approaches in Chapter 7. However, for now it is enough to know that:

• Routable protocols provide a framework for addressing networks and a structure (Packet) to carry user data across networks.

• Routing protocols provide a way for routers to exchange routing table data and a method for determining the best rout to a given address.

Configuring a static router or fixed configuration router can be intimidating, and they are designed for simplicity. Configuration of a dynamic router or flexible configuration router can be downright otherworldly. Initial configuration of a dynamic router is usually done through a command-line interface. However, instead of having a dozen or so parameters like a static router, a dynamic router can easily have thousands. The scary part is that not only do you have to find where a parameter is set in a complex command-line interface, but you also have to know the ramifications that setting will have on all of the other parameters that interact with it. We are not trying to scare you here (well maybe a little). The real thing we want to get across is that setting up large dynamic routers is not a task to be taken lightly. Becoming a Cisco Certified Network Associate (CCNA) is your first step to joining the elite few who can really handle these complex systems.

We have arrived at a point where we have large bridged coaxial cable-based networks connected by dynamic routers that are talking to each other and keeping the whole system running like a top. In fact, the new coaxial cable standard called 10BASE-2 (see Figure 3.1) largely replaced the bulky 10BASE-5 systems. 10BASE-2 installations use a much thinner coaxial cable and replaced the dreaded vampire tap with a simple "T" connector (see Figure 3.5). So now everybody should be ecstatic, right? The problems of installation were greatly reduced, networks could be segmented with bridges to allow more users, and routers provided long distance connectivity. What more could possibly be needed? The answer is something other than coax.

Figure 3.5 10BASE-2 Networking.

Figure 3.5 shows the "T" connector used to attach the bus to the station. The leg of the "T" (facing forward) attaches to the interface card in the station, while the top of the "T" provides a straight through connection for the cable.

Development of 10BASE-T Wiring

Even though 10BASE-2 made coaxial networks a little easier to work with, the installations were still prone to catastrophic failures when the cable was nicked, expensive to install and maintain, and difficult to work with. However, what was the alternative? Well, a lot of people were asking why networking could not be more like telephones and utilize a simple pair of wires. Actually, there were some good reasons why networks could not use paired wires. Networks operated at frequencies that were well into the radio spectrum. At those frequencies a pair of wires would act like a giant antenna and radiate all over the place. The pair of wires would also receive the signals of other radio frequency devices such as fluorescent lights, monitors, and CPU units. All in all not a good thing, and the very reason coaxial cable was used in the first place.

It would be nice to use paired wire in networks, but it just wasn't going to happen. And it did not happen until a couple of engineering types figured out that if the wires were twisted the radiation would be cancelled out, and that sending two signals down the wires 180 degrees out of phase and then measuring the difference would make other sources of radio frequency noise irrelevant.

The world of networking changed overnight. The twisted-pair cable required by the new network was later standardized as Category 5 cable, and the whole configuration was standardized as 10BASE-T (10 megahertz, base band, twisted pair). Ethernet would remain a bus topology, but the coaxial cable that formed the bus was shrunk to about a foot long. The taps, which included repeaters, were attached to the bus at the factory, and each tap/repeater was terminated in a modular receptacle much like the RJ-45 jack used by the telephone company. The whole assembly was encased in a box with the receptacles mounted on the outside. Today we call that box a hub (see Figure 3.6) and its use created a topology called a star wired bus.

The new topology was called a star wired bus because the bus remained within the cabinetry of the hub. Of course, the coaxial cable was replaced by traces on a printed circuit board, but the functionality of the bus was still there. 10BASE-T cables radiated out from the hub to each station on the network, which is why it is called "star wired."

Figure 3.6 A typical star wired bus topology.

The advent of the hub and 10BASE-T wiring eliminated most of the problems inherent in a coaxial cable based bus network. The hub cabinetry protected the physical bus, taps, and repeaters, eliminating damage from nicks, cuts, and leaky tap connections. The difficult job of tapping into the bus was performed and tested at the factory, which allowed field connections to be as simple as snapping a Category 5 connector into the jack on the hub. That plagued coaxial cable-based networks. Because each station had a dedicated cable connecting it to a repeater in the hub, individual cable runs could be up to 100 meters with cable faults like cuts isolated to a single station. The dedicated hub connection also isolated damage caused by cable faults to a single station. Lastly, when compared to coaxial cable, 10BASE-T cable was extremely easy and inexpensive to install.

Enter the Switch

Today, Layer 1 repeaters and hubs and Layer 3 routers are used extensively in networking, but we do not hear much about Layer 2 bridges. The reason is that to a large extent bridges have been replaced. Remember that bridges read the entire frame, check it for accuracy, and then forward or drop it depending on the bridge's address tables. Also remember that this took time, and in highly populated networks a store and forward device like the bridge could actually become a bottleneck. So a couple of engineering types reasoned that to perform a bridging function it was only necessary to read the source and destination address from the beginning of the frame.

Based on this, a decision to drop or forward could be made and address tables could be populated. Well, the cost of high-speed memory and processors had dropped so much that rather than apply this approach to existing bridges and gain an incremental speed advantage, it was decided that the time was right to come out with a whole new class of device.

The new device read the source and destination address of the frame, populated its bridging tables, and either passed or dropped the frame based on this information. Sounds just like a bridge doesn't it? Well, here is where the plot thickens. Instead of connecting just two segments, the new device connected six or more. Forwarding a frame entailed building a virtual circuit between two segments and then once the frame was passed the circuit could be used to connect two other segments. Now if you had six segments you would only need to run three virtual circuits to connect all of the segments. Or, if you only had one virtual circuit, you could switch it between segments at three times LAN speed and accomplish the same thing, namely a non-blocking switch. (See why the high-speed processors and memory were needed?)

The term non-blocking means a device has the capacity to forward frames between all possible segments at the same time. In short, if there is a bottleneck in the network it won't be the switch. Each port connecting to a segment maintained its own bridging table and when forwarding to another segment, the frame was moved to what is often called the switching matrix. The switching matrix established a virtual circuit between the two segments for just enough time for the frame to transit the matrix to the destination segment. The device was called a Layer 2 switch and its meteoric rise in popularity was only exceeded by a plummet in popularity of the bridge.

But was there a downside to the capacity of the Layer 2 switch? At first the answer appeared to be no, but then it was noticed that when a switched network began to reach capacity, its operation became strangely erratic. It turned out the key to the erratic behavior was linked to the very thing that gave the Layer 2 switch its awesome capacity and speed.

The bridge read the entire frame and checked the CRC to ensure the frame was complete and accurate before passing it on. The switch, however, only read the source and destination address from the beginning of the frame. So only the first few bytes of the frame would need to survive a collision to be passed on to another segment. This did not become a problem until the segment approached saturation. As the number of collisions rose, the switch would begin passing a significant number of damaged frames. In essence, the switch was creating a different collision domain every time it set up a virtual circuit and those collision domains were changing so fast it was almost impossible to diagnose.

Most switches were put in environments that would never get close to saturation, and in these situations they performed beautifully. Unfortunately, the erratic performance usually occurred in large complex networks and it became enough of a problem to prompt a redesign of the switch.

The first generation of switches became known as cut-through switches. The second generation switch implemented a full store and forward operation identical to the original bridges and accordingly was called a store and forward switch. However, the store and forward technology came at the expense of speed and price. So you could have a fast and cheap switch that would work fine in some situations or a slow expensive switch that would work in all situations. Seems like a compromise was needed, doesn't it? The compromise, which was developed by Cisco, is called a fragment-free switch. A fragment-free switch reads the first 64 bytes of the frame. Statistically, there is over a 90% chance the remainder of the frame is intact if the first 64 bytes are. Cisco takes the best of all three approaches by offering switches that can be configured to operate in any of the three modes.

Token Passing Topologies

We have already covered a lot in this chapter, but we really can't move on without going over one last network technology. That technology is Token Ring, a la IBM. You will not see Token Ring questions on the CCNA test per se, but you will need to know about wide area token passing networks, and they are easier to understand if you know about their LAN counterparts.

The Token Ring network architecture has become closely identified with IBM and for good reason. Way back in 1972, IBM announced a Token Ring control method for LANs which was remarkably similar to one developed by a Mr. Willemjin. The IBM announcement sparked a host of license and patent disputes which resulted in Mr. Willemjin becoming a very rich man. This was an apt beginning for IBM's long and painful journey into local area networking.

At the time, IBM owned the global mainframe computing market with few able to compete. Others realized there was no way to take on IBM in the mainframe market, but the new interest in distributed computing held promise. Distributed computing utilized small computers tied together in a network and offered user groups a level of control not possible in mainframe computing. Although IBM now had the Token Ring Architecture free and clear sitting on a back shelf, it viewed the whole trend toward distributed computing as detrimental to continued expansion of the mainframe and as a result nothing happened for more than 10 years. Finally, as IBM watched companies like Digital, Network General, and Wang grow, they decided to act. Of course IBM was not about to legitimize the technologies these upstart companies were using, so something different was needed, and something that was really different had been sitting on a back shelf for over 10 years.

Token Ring was released as a whole new architecture, including special cables, hardware, and even different terms to describe its operation. The concept was sold to large IT departments and while the DP guys didn't especially like the idea, it did give them a way to offer additional services to the user communities and reclaim some of the budget and control they had lost to distributed processing.

Token ring, as the name implies, used a ring structure where each node was physically attached to its neighbors (see Figure 3.8). Data passes from one node to the next in a counterclockwise direction as it traverses the ring. Typically, IBM type one cable was used, which was not much smaller than the old 10BAEE-5 cable. The cable contained heavy gauge twisted pairs of wires wrapped in one or more shields of high density braid and foil. The cable was terminated in a complex connector measuring about 2 inches square, which would allow cables to be joined together or attached to devices such as Multi-Station Access Units (MSAU), which provided a central attachment point for the ring.

The operation of the ring began when the first station was attached or started. That station would send a query over to the ring to see if any other stations were active. If not, the station would assume the role of active monitor and release a token (see Figure 3.7).

Figure 3.7 Token Ring Operation.

Unlike a bus where each node attaches to one shared cable, Token Ring uses a dedicated cable between neighboring nodes. Data must flow from the upstream neighbor, through a dedicated cable to the next downstream node. That node repeats the frame and launches it on the cable attaching it to its next downstream node.

A token is like a data frame but only has a starting delimiter, access control field, and ending delimiter (see Figure 3.8). It is used to notify a node that it may now send data. If the node has data to send, it will change the ID bit in the token to indicate it is now a data frame, attach the data, and transmit the data frame to the next downstream neighbor (see Figures 3.7, 3.8, and 3.9). If there is no data to transmit, the token will be repeated and sent to the next downstream neighbor as is.

Figure 3.8 The Token in Token Ring

If the frame is not addressed to the next downstream neighbor, that node retransmits it to the next downstream node. This process continues until the data frame arrives at the node it is addressed to. That node reads the data frame, changes the frame status field to indicate the frame has been received, and then retransmits the updated frame on to the sending node. At the sending node, the frame is compared to the frame that was sent originally, and if they are identical the node releases a token frame and the whole process starts over. This is the process followed by the standard 4 megabit Token Ring network. A variation of this process has the receiving station release a token after it has read, updated, and sent the original data frame. This variation is called "early token release" and it is used in 16 megabit Token Ring networks. No matter what variation is in use, there can only be one token on the ring at any one time. I think you can see why IBM liked this approach: no collisions, few if any retransmits, and control of cable quality.

So, what happens when a cable is severed? That should stop ring operation, shouldn't it? Well, yes, but even in this situation Token Ring offers some benefits over Ethernet. Each node monitors traffic from its nearest active upstream neighbor (NAUN). There is always a Token frame or Data frame on the ring so there is always traffic. When traffic stops coming from a node's NAUN, that node goes into beacon mode, which will be heard and repeated by all of the downstream nodes. The presence of a beacon on a ring indicates the ring has stopped functioning and a serious problem exists. In addition, the address of the beaconing node indicates the problem is somewhere between it and its NAUN. So not only are serious problems reported, but their location is also identified. Neat eh?

Traffic that moves from one ring to another is handled somewhat differently than Ethernet. To begin with, each ring is a network in its own right, so routing and bridging get a bit mixed. This is one architecture that definitely stretches the OSI model. Notice the routing information field, which is a part of the data frame in Figure 3.9. When data is bridged in a Token Ring environment, a process called source route bridging is used. The initiating node sends several special frames to the receiving node, which echoes the frames back. The route of the frame that returns first is added to the routing information frame of the data frame and the frame is sent to the bridge.

Figure 3.9 The Token Ring Data frame.

Although Token Ring is a Layer 2 architecture, its frame has a large field for routing information. In this case, the field is used to store instructions for source route bridging.

The bridge does not have to check any tables or determine any routes because the routing instructions are included with the data frame in the routing information field; hence, source route bridging. Data frames can also be encapsulated in routable protocols and follow a more traditional way of moving between networks. This procedure would have to be adopted if the route passed across non-Token Ring networks.

This is as far as we are going to go in Token Ring. Introducing Token Ring earlier in the chapter would have really confused things; we mention it here because it will help build a foundation for things to come. On the test, assume you are dealing with Ethernet unless told otherwise. Speaking of tests, why don't you try the following questions and see how you do?

Exam Prep Questions

Question 1

Your company has upgraded all of its hubs to switches. One of the switches appears to be working overly hard, with its overall traffic indicator lit continuously, as are the port lights. Your boss is afraid there is a bottleneck and dispatches you with one of the company's $70,000 protocol analyzers to diagnose the problem. However, when you plug the analyzer into an open port, it reports extremely light and sporadic traffic. What, if anything, is the problem?

1. Indicator lights on networking equipment are notoriously inaccurate. If the protocol analyzer reports light traffic then the switch is well below capacity and there is no problem.

2. The switch probably has address filtering activated on the analyzer's port. Deactivating the filtering option will give the analyzer access to all traffic.

3. Switches build virtual circuits between two ports. If the analyzer's port is not part of the current circuit, it will not see activity.

4. There is no problem. Unlike a hub, activity lights on a switch should be on constantly.

Answer C is correct. Okay, this was a nasty way to start because we haven't even mentioned activity lights and protocol analyzers. Nevertheless, if you know how a switch works, it should not be hard to deduce the answer. Switches do create virtual circuits between two ports. If a port were not part of the circuit, it would not be aware of the activity. That makes answer C a likely candidate. Activity indicator lights are not accurate, but if every port's indicator is lit constantly, that switch has to be really working. Therefore, A is probably not correct. Filtering sounds good, but even without filtering, the analyzer would still only see activity broadcast or addressed to its port. That rules out B as a correct answer. Lastly, if every port activity indicator is constantly lit, it would be logical to assume there is activity. A switch only connects two ports at a time, so having all of the port activity lights continually on is probably not normal. Therefore D is questionable as a correct answer.

Question 2

Which type of switch can create multiple temporary collision domains when segments approach saturation?

1. Cut-through switches

2. Non-blocking switches

3. Switches running in fragment-free mode

4. Store-and-forward switches

Answer A is correct. Early cut-through switches read the source and destination addresses and dropped or forwarded frames based on that information alone. As segments approached saturation and the number of collisions escalated, cut-through switches could and did pass the remains of collisions provided the source and destination address fields survived intact. When this occurred, both segments would essentially be in the same collision domain connected by the switch. Answer B is incorrect because non-blocking means the switch has the capacity to switch frames between all segments at the same time. Answer C could be correct because a fragment-free switch examines only the first 64 bytes of the frame. However, it has been shown that if the first 64 bytes of a frame are correct then there is greater than a 90% chance the remainder of the frame is also correct, so few if any damaged frames would be passed. Answer D is incorrect because a store-and-forward switch is the only type of switch that will stop all damaged frames by performing a cyclical redundancy check (CRC) prior to passing the frame on.

Question 3

How did the 10BASE-T standard put an end to the cumbersome bus structure of early Ethernets?

1. 10BASE-T eliminated the bus in favor of star wiring that was far less expensive and more reliable.

2. Networks using the 10BASE-T standard moved the signaling frequency below the radio spectrum so common twisted-pair wire could be used.

3. A network using the 10BASE-T standard was far more reliable than a bus network because severing a cable only brought down a segment of the network.

4. A network using the 10BASE-T standard is a bus network.

Answer D is correct. Networks using the 10BASE-T standard did not require coaxial cable. The bus structure however remained as a part of the Hub. The correct way of describing an Ethernet using the 10BASE-T standard is a "star wired, bus network." Answer A is incorrect because the 10BASE-T standard did not eliminate the use of a bus. Answer B is incorrect because signaling remained in the radio spectrum despite the use of cabling meeting the 10BASE-T standard. Answer C is incorrect because severing a cable would only bring down the node or station using the station.

Question 4

Your uncle has a problem with his 10BASE-2 Ethernet and he has asked for your help. He has several geographically dispersed offices in a shared tenant office building. There are only 10 stations connected to the network but 2 of the stations located in adjoining offices experience erratic network behavior when communicating with each other. With the exception of these 2 stations, the network performs well. You take a look at each of the problem stations and find that each station has the network cable attached to only one side of the "T" connector. The other side of the "T" connector has a 3-inch black plug attached. Knowing your uncle is short on cash, what would you recommend he buy to remedy the problem with the 2 adjoining stations?

1. A patch cable to connect the stations in the adjoining offices and complete the network path.

2. A 10BASE-2 repeater.

3. A non-filtering bridge.

4. A static or fixed configuration router.

Answer B is correct. Okay, this question really rambles but so will some of the questions on the exam. The key to the question is seeing the 10BASE-2 cable attached to only one side of each station's "T" connector. The plug attached to the other side of the "T" connector should be a giveaway. Although these stations are in adjoining offices, they are each at the end of the network cable. Even if you have never seen one, you could probably guess that the black plug is actually a terminating resistor, which confirms these stations as the ends of the network. To communicate, these stations must send data across the entire network. While we don't know the exact length of the cable, we do know it streams off to connect the other geographically diverse offices and then loops back almost to the starting point. That is probably a "pretty good distance" (technical term). As only the end stations are having problems, this is most likely an attenuation problem, which is a Layer 1 (Physical) issue. The most efficient way to deal with Layer 1 attenuation is with a Layer 1 repeater. Okay, there are a lot of assumptions here and not much in the way of cold hard facts, but that's the way it is in the real world and, of course, it did make you think. Answer A is incorrect because it would create a loop. Signals introduced to a loop would continue around the loop until dissipated by attenuation, which would effectively bring down the network. Answer C could be correct because bridges provide a Layer 1 repeater function, but they are really designed to provide Layer 2 capabilities, which would not be used. Besides, bridges are more expensive than repeaters and your uncle is strapped for cash. Answer D is incorrect because routers are even more expensive than bridges and they operate at Layer 3. Of course routers could be made to work, but you would need a pair of them and you would end up with two separate networks. Definitely a square peg in a round hole approach.

Question 5

How does a transmitting station on an Ethernet recognize a collision when it takes place?

1. A CRC is performed and if results do not match then a collision has occurred.

2. The transmitting station cannot determine that a collision has taken place while it is transmitting. It must wait until the receiving interface recognizes the collision and sends an error report in the form of a jam signal.

3. The interface does not monitor network errors. That is done at Layer 2 when the frame is checked for accuracy.

4. A voltage comparator on the transmitting interface senses an over-voltage condition on the line.

Answer D is correct. This is an area where there are a lot of old wives' tales and any one of them will get you in trouble. Collision detection is a Layer 1 issue for Ethernet dealing with voltage levels on the line. A voltage comparator on the interface (it is really a $.22 chip) monitors the voltage of the line even when the interface is transmitting. So long as the voltage stays within a predetermined range, everything is okay. However, when two or more signals are on the line at the same time, the combined voltage exceeds this level. The comparator senses the over voltage and it initiates the recovery process. Answer A is incorrect because the Cyclical Redundancy Check is performed at Layer 2 and indicates a fault with the data, which may not have been caused by a collision. Answer B is incorrect because the voltage is monitored during transmission. Answer C is incorrect because the question is asking about a Layer 1 collision, not Layer 2 error detection.

Question 6

What is the Protocol Data Unit (PDU) used at Layer 4?

1. Frame

2. Segment

3. Packet

4. Data

Answer B is correct. Layer 4 is the Transport layer and Segment is the name of its PDU. Answer A, Frame, is the PDU for Layer 2, Data Link. Answer C, Packet, is the PDU for Layer 3, Network. Answer D, Data, generally describes the PDUs for Layers 5 through 7.

Question 7

A network administrator is charged with connecting LANs from the Memphis production site to LANs at the Detroit headquarters. The administrator leases a 56Kb line between the locations and terminates the line with bridges to make the link as maintenance free and as transparent as possible. The link meets all expectations but it is carrying far more traffic than anticipated. In fact, the administrator is growing increasingly concerned about degradation of response times. What would you recommend?

1. Replace the bridges with cut through switches to increase throughput.

2. Lease a second line to cover peak loads.

3. All of the above.

4. None of the above.

Answer D is correct. The administrator is linking networks at Layer 3 with a bridge, which is a Layer 2 device. Bridges would pass all of the administrative traffic from both networks across the link, which could easily fill whatever bandwidth was available. Although there are special purpose bridges that could work in this situation, the real solution would be to use routers. Routers would eliminate Layer 2 administrative traffic from the link and free up bandwidth for data traffic. Answer A is incorrect because a switch would also pass administrative traffic only faster. Answer B is incorrect because it is addressing the symptom not the problem. And now, will the administrator and all those choosing A, B, or C please report to your new job in Marketing tomorrow morning.

Question 8

Which protocols are Layer 3 routable protocols? (Choose all that apply.)

1. Internet Protocol (IP)

2. Routing Information Protocol (RIP)

3. Internet Packet Exchange (IPX)

4. AppleTalk.

Answers A, C, and D are routable protocols that carry data between networks. Answer B is a distance-vector routing protocol that is used by routers to exchange routing table information and determine optimum paths for packets.

Question 9

People working at the end stations of a 10BASE-5 network are constantly complaining that information they send each other is slow and often has errors. Which devices may alleviate the problem? (Choose all that apply.)

1. A bridge

2. A hub

3. A repeater

4. A static or fixed configuration router

Answers A and C are correct. The most likely cause of the problem is attenuation of the signal as it crosses the cable. The end stations would experience a majority of the problems because they have the most cable between them. A repeater which rebuilds, retimes, and then retransmits the signal would be the ideal short-term solution. Although a bridge is designed to separate collision domains, its operation includes rebuilding, retiming, and retransmitting frames just like a repeater. The bridge provides more than is needed, but its repeater function would fix the problem. Hubs are not used in a 10BASE-5 network so answer B is wrong and answer D could go either way. If you could find a router with both ports configured for 10BASE-5 networks, it could conceivably work in this situation by rebuilding the signal as it was sent between networks. The user, however, would have to be willing to accept the higher costs of the router and the need to readdress many of the stations and configure them all to use the router as a gateway. Certainly not an elegant solution, and if this were the test I would not select it as a viable solution.

Question 10

A wiring technician was directed to extend a 10BASE-2 network cable to provide service to a new suite of offices. The existing cable was too short so the technician spliced a piece of cable that looked exactly like the network cable but had different numbers printed on the jacket. When the network was initialized the following morning, the entire network experienced erratic operation. What would be the most likely problem?

1. 10BASE-2 cable cannot be cut without introducing a high level of attenuation. This attenuation can be great enough to stop all but the strongest signals.

2. Joining even slightly dissimilar cables (the numbers didn't match) would almost certainly create an impedance mismatch. The resulting reflected signals would create erratic performance and could bring the whole network down.

3. 10BASE-2 cable is extremely tolerant of mismatches so it is doubtful the extension cable, even with a less than perfect splice, would cause erratic operation. A more likely culprit would be a malfunctioning vampire tap on the new cable.

4. None of the above.

Answer B is correct. We know that even a slight impedance mismatch will reflect signals on any cable. Dissimilar cables, joined with a splice, would be an invitation for disaster. So answer B would be the most likely candidate. A splice would have to be unbelievably awful to create an attenuation problem. Impedance mismatch yes, attenuation, not very likely, which would make answer A incorrect. No cable is tolerant of mismatched characteristics and besides that, vampire taps are not used on 10BASE-2 cable so C is also incorrect. Answer B is related to the material presented in the chapter and consistent with other examples. So answer D can be ruled out.

Need to Know More?

It is a very good idea to have several books on basic networking. However, there are so many good books coming out each day it is impossible to recommend the one or two that are most relevant at any given time. A search on the Internet followed by a visit to Amazon.com has always produced results. However, you do have to be careful that the materials are consistent with Cisco or at least be aware of any differences. One of the books we like for Ethernet is Ethernet Tips and Techniques by Byron Spinney, CRM books, Fort Washington, PA. ISBN 1-878956-43-4. We are not going to recommend it here because it does not track closely with the CCNA program. Besides, Byron sees routing as a Layer 4 function. (See what I mean?)

The three books listed below track well with Cisco and the material in this chapter. They are also applicable to the entire CCNA curricula and as such are good to have.

Castelli, Matthew. Network Sales and Services Handbook. Cisco Press, Indianapolis, Indiana, 2003. ISBN 1-58705-090-0. Although this book is targeted at sales, it does a very good job of explaining technologies and Cisco products without getting into mind-boggling minutia. A good book to have!

Odom, Wendell. Cisco CCNA Exam Certification Guide. Cisco Press, Indianapolis, Indiana, 2000. ISBN 0-7357-0971-8. Cisco is almost always the best place for reference books relating to Cisco. They print incredibly detailed and comprehensive books and this one is excellent. I would not want to read it as a primary text but as a reference it cannot be beat.

Dictionary of Internetworking Terms and Acronyms. Cisco Press, Indianapolis, Indiana, 2001. ISBN 1-58720045-7. Don't leave home without it!

---