This is the first real module that takes you closer to earning your CCNA. This module is over the OSI Model and is the real foundation for all networking everywhere regardless of the company that you are trying to get certified with.
In all my experiences in taking the CCNA tests (way back when they were in the 400 series), I have learned that there are three core components that students generally make mistakes on. Failing to understand any one of these three subjects pretty much leads to the same end conclusion which is failing the test. Those three subjects are : OSI Model, understanding of the IOS command line, and access lists. In relation to the test, I go far deeper into the OSI Model than what is required. I teach this way because I teach all sorts of course besides just Cisco so I combined all the information from all the courses into one master OSI class.
First a little history about the OSI Model. The OSI Model was developed by the ISO and is the basic foundation that all networks (regardless of the manufacturer) rely on. The OSI Model is composed of 7 layers and each layer can only communicate with the layer directly above and below in function. Each layer is independent of each other as well. The OSI Model allows us to troubleshoot our network easier, allows for networks/networking to grow faster and easier, clarifies general functions rather than specifically stating how each layer must function, complexity of networking is more manageable, standard interfaces between layers to make it easier to understand, allows for specialization of one area of the OSI Model without having to be a master in the whole thing, and structured approach to making changes to the OSI Model as in developers can make a change to one layer without having to change the whole model.
As I indicated in the previous paragraph, the OSI Model is composed of 7 layers, but different organizations or protocols can break the OSI Model into different groupings of layers. For example the DoD model is composed of only 4 layers. The 4 layers that make up the DoD model is the same as the 7 layer model, just compressed differently.
There are several methods of remembering the order they go in as well. One way is to say All People Seem To Need Data Processing....another way is Please Do Not Throw The Sausage Pizza Away. To be honest, I like the pizza one and I still use it today to teach newcomers the OSI Model.
The general functions of each layer vary as well. We'll go over the details of each layer in a minute (in great detail too..) but the general functions are listed below :
7. Application - provides user interface
6. Presentation - presents data, handles processing such as encryption or data conversion.
5. Session - keeps application data seperate from other applications
4. Transport - provides reliable or unreliable delivery of data depending on what protocol is used.
3. Network - provides logical addressing and route selection.
2. Datalink - provides access to media (ie. network card) using a MAC address.
1. Physical - moves bits (1's and 0's) between devices.
OK, now down to the nitty gritty and lets start with the 1st layer of the OSI Model and build our solid foundation on that. The first layer is the Physical Layer.
Called the Physical Layer because there are a LOT of physical components found here. These components would be wire, modem, mux/demux, T-connectors, barrel connectors, transceivers, vampire taps, csu/dsu, terminator, etc... basically anything that is a piece of hardware and unintelligent. The data found at the Physical Layer is called a bit (1 or a 0) and the responsibilities of the Physical Layer are electrical properties, transmission media, transmission devices, physical topology, data signaling, data synchronization, and bandwidth.
Transmission media - Transmission media is how the data is getting from point A to point B. Is it over wire, fiber optic, wireless, RF, laser, IR, etc... Media can be either bound or unbound.
transmission devices - transmission devices are basically everything that isn't considered media. For example, if we sent data over a phone line then the media would be the actual phone line and the transmission device would be the modem. Remember we are dealing only with unintelligent devices, modems are pretty dumb. Some devices classified as a transmission device are :
Physical topology - How is the wire laid out? What physical topology is the network designed after. If you need to go over topologies again, then please look at the pre-course material. Some topologies are :
Synchronous - data is sent in a timed manner and an example would be an ATM network where the 53 byte cells are always happening on a schedule.
Asynchronous - data is being sent in an untimed manner. When the data is needed it is sent and an example would be your standard Ethernet network.
Bandwidth - How is the cable broken down in channels? For example, Ethernet is baseband, meaning that the entire cable is used for one channel. The other option is broadband where the cable is divided into multiple channels with each channel having its own frequency.
Datalink is the 2nd layer of the OSI Model and this is where we start to delve into what we are taking this test for. Primarily because switches are found at the Datalink Layer and we will have a LOT to do with switches. The name of the data as it passes through the Datalink Layer is a frame and the Datalink Layer provides for the flow of information from one device to another. CRC checks are done and will help to determine if retransmitting the data is necessary.
Probably the biggest thing to understand about the Datalink Layer is that it is composed of two sublayers : Logical Link Control ( LLC) and Media Access Control ( MAC)
LLC - The LLC sublayer provides Service Access Points (SAP) that other computers can use to attach to so they can send information. The LLC controls frame traffic and is primarily responsible for establishing and terminating links. A good way of remembering this is that the Logical LINK Control sublayer establishes and terminates LINKS.
MAC - The MAC sublayer is where NICs are found in relation to the OSI Model. NIC's have a MAC address on them and the MAC sublayer is where MAC addresses are processed. The MAC sublayer allows for shared access to the NIC and actually does the framing portion of the Datalink Layer as it changes 1's and 0's from the Physical Layer into frames. The MAC sublayer is responsible for physical addressing identifying the source and destination devices, delimiting frames, and error checking. (CRC)
Hardware found at the Datalink Layer is Bridges, switch, and Network Cards ( NIC). There are also protocols found at the Datalink Layer and they are listed below. We will go into greater detail into these protocols in other modules, for the purpose of the OSI Model though, you just have to know where they are.
HDLC - High level data link control - this is a protocol for serial interfaces and is proprietary for each vendor.
The Network Layer is the 3rd layer of the OSI Model and the one we will be spending most of our time at during this online CCNA course. Why...well, it's simple... routers are found at the third layer and we want to learn about routers!!! Without routers the 3rd layer doesn't even have a reason to exist!!!
Data at the Network Layer is called packets, some companies call them datagrams but most call them packets. Packets are sent on their way based on the routing decision (made by the router) to either the destination or to another router if the destination is more than one link away. These routing decisions are based on route discovery and route selection. Route discovery is when the routers talk to one another and advertise the routes that they know about. Once all the routers know about all the routes that all the other routers know about the network is considered to be "converged". When a packet is sent on it's way to the destination, this is known as packet switching. The packet is "switched" from one port to another to move on. These ports could be different types also, for example we could go from token ring to ethernet or ethernet to serial. For the purpose of the labs we'll do, most of the switching is serial to ethernet and vice-versa.
Routers work intensely with the Datalink Layer to translate logical addresses ( IP address) into physical addresses ( MAC Address). There is also a basic form of error control. The number one form of addressing found here is IP Addresses. IP Addresses can be broken down into halves with the first half being the network address and the second half being the host address. We'll get more into that later, but for now, you should be aware that IP addresses are found at the 3rd layer.
We also mentioned that the type of data found here is called a packet. Well there are two different types of packets that we might see : Data packets and Route Update Packets. Data packets is the actual data that traverses the router and moves along. Route Update Packets are the packets that the routers use to talk to one another.
The hardware found at the Network Layer is primarily a Router, but you can also find Gateways and some higher end switches. Before I spoke about Layer 3 switches. I don't want to get into them for this course, but the best way to think of them is absolutely NOT a switch but a router with a lot of ports on it.
IPX - This was Novells main protocol but it has gone to the wayside due to limitations it has. That doesn't mean that the technology to make it work has gone though. And we will discuss some of that technology.
NWLink - this was Microsoft's answer to IPX so their servers could remain competitive with Novells servers and also provided a smooth transition protocol to take business away from Novell.
The 4th layer in our OSI Model is the Transport Layer and there is a LOT of good information to know here!!! Just like at the Network Layer we have our own name for the type of data that is found here and it is called a segment. Also, just like the Network Layer, some companies do have their own name as well and , unfortunately, it is also sometimes called a datagram. This may be confusing for you in that data found at the Network and the Transport Layer can have the same name. For the purposes of Cisco the data is called a segment and that is what you whould be trying to remember.
The Transport Layer has quite a big job on it's hands also as the primary purpose of the Transport Layer is to provide for error checking with no duplicate packets. There are a few other duties it has though and they are :
to provide end to end transport services and hiding the lower layers from the higher layers. This is done by providing for transparent data transfer between the higher and lower layers. An example of hiding data transfer between lower and higher layers would be MS Word knot knowing or caring if it was accessing data on an IP or IPX based network.
Allows for the building and tearing down of virtual circuits and maintains flow control.
Connection oriented and connectionless protocols are found here. We'll discuss more of that in a minute.
There are two general types of protocols found at the Transport Layer and they are connection oriented and connectionless. There are a variety of protocols that you will recognize that will fall into both of these categories too. But first lets talk about the general categories they are.
Connection oriented is when a transmission is sent and the sending computer waits for an acknowledgement (ACK). If no acknowledgement is recieved then it assumes the destination didn't get it and resends the data. TCP (as in the 1st half of TCP/ IP) is the number one example of a connection oriented protocol, to be more specific HTTP, FTP are all connection oriented.
Connectionless protocols are the exact opposite in that they could care less if you got the data or not. Connectionless protocols just send the data and if you didn't get the middle portion then you have to start over. UDP is the name of the general category of connectionless protocols and a good example of a UDP based protocol is TFTP. FTP is connection oriented and TFTP is connectionless.
We previously mentioned talking back and forth with computers with a connection oriented protocol...well how does that happen? Do the computers just start talking? Not exactly, the easiest way to understand this is by comparing it to a phone call. Caller 1 calls caller 2. Caller 2 picks up the phone and says "Hi this is Bob". Caller 1 listens to ensure he is talking to the right guy and then says "Hi this is John". This concept is known as a 3-way handshake and all connection oriented protocols go through this process to establish the initial connection.
OK, now that we are connected, how fast do Caller 1 and Caller 2 talk to each other? There are some fast talkers out there that basically wear my ear out. The solution to this is called flow control. That keeps those fast talkers from overwhelming the conversation. There are a few different ways of doing flow control and you pretty much have to know all of them :
Windowing - Windowing is how many packets a sending computer will send before waiting for an ACK. This process speeds up the network a lot because it reduces the amount of ACKs that are expected and also transmitted over the network. Now how do both computers know what to expect before needing an ACK? Well first then talk to one another to determine what amount can be transmitted before expecting an ACK.
Source Quench - Source quench is data is transmitted at max speed until the recieving computer tells the sending to back off a bit. The sender slows down a little bit so the receiver can catch up but will gradually start to increase the speed until it gets another "slow down" message. The goal of the sending computer is to hope that the recieving computer will drop some of it's other connections so it can accept more data.
Buffering - Buffering is almost a combination of the above examples yet also takes into account massive amounts of RAM. Buffering is when data is accepted and held in RAM until it can be processed by the computer. This is one of the main reasons why servers have to have so much RAM in them. When you copy a file to a server, it is first stored in RAM while the server figures out how to put it on the hard drive. Buffering also happens with routers and switches though.
The protocols found at the Transport Layer vary greatly and cover a wide range of companies and technologies. These protocols are :
TCP - this is the first half of TCP/ IP and stands for Transmission Control Protocol and falls under the connection oriented category.
UDP - User Datagram Protocol and falls under the connectionless category
SPX - Sequenced Packet Exchange and is outdated. One of Novells protocols for their IPX protocol suite.
NWLink - Netware Link and Microsofts implementation of the IPX Protocol suite. It's important to know, and I didn't mention this earlier, that IPX and NWLink both broadcast once every 60 seconds to stay in touch with each other. When we get into protocols that were developed based on IPX, you will see the same thing there.
NETBeui - NETBeui is one of the first networking protocols out there that relies primarily on broadcasting. Since NETBeui relies on broadcasting to function that means it will not pass through a router and is non-routable.
ATP - Appletalk Transport Protocol - This was Apples solution to networking...didn't work out and I hope no one runs across ATP. ATP broadcasted every 10 seconds to discover neighbors or to function. Not a good protocol to have with lots of computers.
The Session Layer is the 5th layer in the OSI Model and yet once again provides crucial functions to the grand scheme of things. The Session Layerprovides name lookup/recognition, security, and error checking....and the data that is found here is called a message. The Session Layer is essentially what allows applications to share the same network connection and should the sender crash at this point the reciever will only ask for a resend of the data that is missing, not the whole thing.
Data is transmitted by one of three methods :
Simplex - simplex is when an entire message is transmitted across and the reciever either gets it or not. Any mistakes requires another resend of the whole thing.
Half Duplex - Half Duplex is a major upgrade to simplex in that both sides can commuNICate but only one at a time. Half Duplex is similar to a polite conversation between two people where one person talks and another person listens then they switch. An example picture of a HD process is below.
Full Duplex - Full Duplex is a massive upgrade to everything!!! FD allows for both computers to talk and listen at the same time, or essentially have two different conversations while still not getting confused. There are some requirements of FD though and they are : switches (no hubs), FD capable NIC, and collision detection turned off. Because Collision Detection is turned off FD becomes much more efficient and capable of faster speeds. FD is commonly referred to when someone indicates they doubled their bandwidth by upgrading to switches. Below is an example picture of FD, isn't it much easier to understand than the HD picture above?
Just like every other layer there are protocols associated with the Session Layer that you will have to know about. Those protocols are :
NFS - Network File System which is commonly associated with UNIX networks
DNA SCP - DNA SCP is also known as DECNet and was Digital (bought out by Compaq whom was then bought out by HP) implementation of a networking protocol.
The Presentation Layer is the 6th layer of the OSI Model and the data found at this layer is known as a message. The general function of this layer is to translate the data from the format that the network uses to the format that the computer wants to see. The specific functions of the Presentation Layer is data translation, encryption, and compression.The Presentation Layer has the ability to change the format of the data, for example ASCII and EBCDIC.
There are specific file formats found at the Presentation Layer and I'll list them below, however the easiest way to remember what file formats that are found at the Presentation Layer is any file that is either an audio (meaning you can hear it) or visual (meaning you see it) file. Examples would be PICT, TIFF, JPEG, JPG, MPEG, MPG, MP3, MP4, MIDI, QUICKTIME, AVI, etc... All those are either files that can be seen or heard.
Obviously this is the easiest layer to remember because we all listen to MP3s or watch some sort of short video on the internet. Why are these files found here? Well because when we have an MP3 audio file to listen to, the end user may use a Macintosh, or a PC, or a cell phone, or an IPod to listen to that file.
The Application Layer is the highest of all the layers in the OSI Model and supports the applications that the user happens to be running. User applications such as MS Word or Excel are NOT found at the Application Layer. The Application Layer only supports the programs that the user is running.
The Application Layer also allows applications to commuNICate with other applications as if they were on the same computer.
There are also protocols found at the Application Layer, but the easiest way of remembering the protocols is if the protocol name is also a command. For example, FTP is a protocol and also a command that can be typed in the command line, so is TFTP. Another example is Telnet.
The specific functions of the Application Layer is to identify and establish the availability of the remote partner and decide if the remote partner has the resources to handle the commuNICation.
Telnet - a well known terminal emulation program that allows you to execute commands as if you are actually on the remote device. Telnet uses TCP port 23 and is extremely common in configuring or troubleshooting Cisco devices
SMTP - simple mail transfer protocol using TCP port 25 and is also associated with POP2 (port 109) or POP3 (port 110). SMTP sends email and POP retrieves email
FTP - file transfer protocol using TCP port 20 and 21 that allows you to upload or download files from an FTP server. FTP normally requires authentication but some servers are configured to allow anonymous connections.
TFTP - trivial file transfer protocol using UDP port 69 which means it is a program that is connectionless. TFTP requires no authentication in order to work and is far faster than FTP as it allows for data to be transported in smaller chunks with no ACK required from the reciever.
SNTP - simple network time protocol that allows for devices to have their time synchronized across the entire network and uses UDP port 123
NNTP - network news transport protocol is what allows us to have newsgroups on the internet and uses TCP port 119.
LPD - line printer daemon is a protocol that allowed for printing over the internet. LPD is still in use today and most companies that use a printer attached via an IP address might be using LPD in the background to work. Any network that has a unix host on it will most likely still have LPD in use.
SNMP - simple network management protocol using UDP port 161. SNMP is an extremely popular protocol with network administrators or network engineers as this protocol allows SNMP based network management programs to help monitor or configure network devices remotely.
DNS - Domain Name Service allows for names such as ( http:// www.paladinintellects.com) to be translated into an IP address so you can access that site. DNS allows for humans to remember names rather than numbers in order to function and uses TCP port 53.
BootP - bootstrap protocol was the precursor to DHCP and used port 67 and 68. BootP allows for a machine to get an IP address from a BootP server.
DHCP - Dynamic Host Configuration Protocol is the upgrade to BootP and uses the same ports (67 and 68) in order to function. DHCP was invented due to the massive amount of configuration that couldn't be done with BootP. DHCP also opened many areas such as DHCP relay agents. Cisco routers can be configured as DHCP servers as well as DHCP relay agents to forward the IP request to another DHCP server.
ARP - address resolution protocol allows us to map an IP address to a MAC address
RARP - reverse Address resolution protocol allows us to map a MAC address to an IP address.
ICMP - Internet Control Message Protocol and this protocol allows for information in relation to using the PING command. Examples would be destination unreachable, buffer full, ping results, number of hops, and traceroute results. A good example of the ICMP protocol is the PING or Traceroute command.
Email Gateways - Microsoft Exchange
Gopher - a text based search engine for online documents...very outdated.
WAIS - wide area information servers which basically was a non-standard implementation of a search engine
Search Engines (google, yahoo, etc...)
FTAM - file transfer access and management and was an attempt to replace FTP
X.400 - very old way of handling email, was replacd by X.500
X.500 - old way of handling email, was replace by SMTP
SMB - server message block commonly associated with Microsoft networks and uses TCP port 445
NCP - netware core protocol commonly associated with legacy Novell networks but portions have been implemented on Unix/Linux based networks. NCP is the primary protocol used to access file, print, directory, etc.. services and runs on both TCP and UDP using port 524
AFP - appletalk filing protocol is Apple's protocol that allows for file services to be offered to Macintoshes. AFP uses ports 548 or 427 to commuNICate.
Now that we went through each and every portion of the OSI Model, how does it all come together and work? Well, the answer is rather simple. Data travels down the stack and each layer it goes through it picks up a header for that layer. This is called encapsulation. When the data travels through the wire to the destination computer it goes back up through the stack (on the recieving computer) and the header is removed.
The above graphic shows the data encapsulation for computer to computer commuNICation. The same concept of commuNICation occurs when routers talk to one another but the encapsulation starts at the Network Layer . For switches the encapsulation starts at the Datalink Layer.
This process happens all the time and allow data to be transported from one place to another regardless of what type of computer is at either end.
As I mentioned before there are different implementations of the OSI Model. One such model is the Dept of Defense ( DoD) model. Cisco sometimes refers to the DoD model so you should be able to refer from the 7 layer OSI Model to the 4 layer DoD model. Considering that we have all ready gone over 99% of the DoD model all ready there is no real reason to re-invent the wheel here. I'll just touch on some subjects that need to be reinforced.
How does it breakdown? The easiest way to remember is to understand completely the 7 layer model and then remember a set of numbers 3,1,1,2. 3,1,1,2 is the translation of the 7 layer model to the 4 layer model starting with the Application Layer.
3 - Application Layer - composed of the application, presentation and Session Layer. The easiest way to remember this layers name is that from the 7 layer model is the "application" layer.
1 - Host to Host - composed of the Transport Layer. The easiest way to remember this layer name is that the Transport Layer is responsible for end to end communication...thus host to host. This layer also breaks down into two different types of protocols that can be found here :
TCP - TCP is the same as discussed in the 7 layer model but I'll go over the features again.
Creates a virtual circuit (end to end commuNICation) between the sender and the reciever.
breaks data down into more manageable segments
numbers the segments so the destination machine can order them correctly
the sender waits for an ACK and retransmits data for the ones that no ACK was recieved.
UDP - Again, this is the same as discussed in the 7 layer model.
no virtual circuits
smaller and faster protocol due to lack of error checking.
1 - Internet - composed of the Network Layer. Where are IP Addresses found? At the Network Layer...what does the I in IP mean? Internet!!! Just like the 7 layer model the protocols found there are also found here. Specifically the ones that seem to get mentioned the most are :
ARP - Address Resolution Protocol allows us to map IP addresses to a MAC Address. There is also an ARP cache on the requesting device and you should know that the default ARP cahce on a router is 4 hours.
RARP - Reverse Address Resolution Protocol allows us to map MAC Addresses to an IP address.
ICMP - Internet Control Message Protocol and this protocol allows for information in relation to using the PING command. Examples would be destination unreachable, buffer full, ping results, number of hops, and traceroute results.
2 - Network - datalink and physical...well no real easy way to remember this one...guess you will just have to memorize it.
Ethernet Frame Types
Lastly, we'll discuss Ethernet Frame types before wrapping up this module. Knowing the frame types is EXTREMELY important not only on the test but for troubleshooting the network using a network sniffer.
There are essentially only four types of ethernet frames and depending on what network or server you are building then you may or may not use more than one.
Ethernet II - aka TCP/ IP. When looking at a packet of data as it travels over the wire if there is a "type" field in it then it is TCP/ IP. Seeing this could mean that you are running a unix network, routing protocols, IPv6, but is so common now that it most likely means you are running a network. Common type fields would be :
IEEE 802.3 - this frame type is mostly associated with Novell v3.X and IPX or NWLink. Seeing this would tell me that the network is probably broadcasting too much because I would know that 802.3 means IPX or NWLink which broadcasts every 60 seconds. You will know if it is an 802.3 frame by checking for the existance of a length field.
IEEE 802.2 - this frame type is most commonly associated with Novell 4.X and still IPX or NWLink. Get this...802.2 and 802.3 are not compatible with one another so if someone wanted to talk to both a Novell 3.X and a Novell 4.X network then they would have to load both frame types on their computer. Not the most efficient way of doing things. Microsofts NWLink though will work with both though. I guess this also explains a big part of why Novell is hardly heard any more. You will know if the frame is 802.2 if you see a DSAP or SSAP field in the frame.
SNAP - subnetwork access protocol is commonly associated with token passing technology such as ***Token Ring*** or FDDI.
This wraps up this module on the OSI Model. My best advice to you in relation to the OSI Model is to know it like the back of your hand. You need to be able to accurately recite 95% of everything discussed here in order to have the confidence to pass the CCNA test.
Remember there are three subjects that make the test hard. Access Lists, IOS Command line, and the OSI Model. Take this module very seriously and you will do fine not only with Cisco certifications but with CompTIA, Microsoft and the rest also.