1
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
2
Networking Theory
Terms you’ll need to understand:
✓ Open Systems Interconnection
(OSI) model
✓ Peer-to-peer communication
✓ Transmission Control Protocol (TCP)
✓ Internetwork Packet Exchange (IPX)
✓ Split horizon
✓ Holddowns
✓ Triggered updates
✓ Poison reverse
✓ Routing table
✓ Convergence
✓ Routing loop
✓ Distance vector
✓ Link state
✓ Windowing
✓ Acknowledgment
✓ Fragmentation
✓ Maximum transmission unit (MTU)
✓ Handshaking
✓ Termination
Techniques you’ll need to master:
✓ Identifying and describing the
functions of each layer of the
OSI model
✓ Comparing IP and IPX, and
explaining the protocols’ functions

✓ Comparing TCP and UDP, and
explaining the protocols’ functions
✓ Using common routing commands
on Cisco routers
✓ Understanding frame formats for
IP, TCP, UDP, and IPX
2
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
This chapter addresses the CCIE blueprint objectives as laid out by the Cisco
Systems CCIE program. Specifically, the chapter reviews the following topics:
➤ OSI model—Encompasses understanding the functions of the OSI model’s
layers and how each layer compares to the other layers.
➤ General routing concepts—Includes reviewing split horizon, poison reverse, rec-
ognizing the differences between switching and routing, the importance and
techniques of route summarization, comparing link state versus distance vec-
tor protocols, discussing routing loops, understanding tunneling, and review-
ing IP routing tables.
➤ Protocol operation—Includes understanding Windowing/Acknowledgments
(ACK), fragmentation, maximum transmission units (MTU), handshaking,
and termination.
➤ Protocol descriptions and use—Reviews Internet Protocol (IP), IP fragmenta-
tion, Transmission Control Protocol (TCP), User Datagram Protocol (UDP),
and Internetwork Packet Exchange (IPX).
➤ IEEE 802.x standards—Reviews the various 802.x protocol descriptions.
Open Systems Interconnect (OSI) Model
Before discussing any protocols, you need to have a thorough understanding of
the OSI model. This chapter focuses on the function of each layer of the OSI
model. By working through this chapter, you will obtain an understanding of the
functions performed by each layer. If you can understand how each layer per-

forms, then you will be able to understand how a protocol functions. Therefore,
this section focuses on the OSI model and what you, as a potential CCIE profes-
sional, need to know.
OSI Model Structure
The OSI model consists of seven layers and is an international standard that
enables vendors, such as Cisco, to adhere to certain criteria. This will enable, for
example, a Windows PC to communicate with a Unix workstation. Table 2.1
displays the framework of the OSI reference model.
Peer-to-Peer Communication
Each layer of the OSI model has its own function and interaction with the layers
above and below it. Furthermore, there is also peer-to-peer communication be-
tween end devices through each corresponding layer of the OSI model. Peer-to-
peer communication means that each layer of the OSI model uses its own protocol
to communicate with its equivalent peer layer in another system. For example,
3
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
the Transport layer of Device A in Figure 2.1 will communicate with the Trans-
port layer in Device B, assuming there are no intermediate devices. The layers
between the two end stations communicate via protocol data units (PDUs).
In other words, each layer communicates to the corresponding layer above and
below it and also exchanges protocol data units (PDU is an OSI term for a packet)
between end systems. Figure 2.1 shows how each layer of the OSI model pro-
vides services to the layers above and below. The PDU exchanges are represented
by the horizontal lines in Figure 2.1.
Note: Layers 1 and 2 of the OSI model are implemented with hardware. Layers 3
through 7 are implemented in software.
Table 2.1 The OSI reference model.
Layer Service
Layer 7 Application

Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical
Figure 2.1 OSI layer peer-to-peer communication.
Layer
Communication
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physical
Peer
Communication
Device A Device B
4
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
OSI Model Layers

The following sections provide descriptions and typical examples of each OSI
layer. Furthermore, examples of communication methods and functions follow
each layer description.
Layer 1: Physical Layer
The Physical layer consists of standards that describe bit ordering, bit transmis-
sion rates, connector types, and electrical specifications. Information is transmit-
ted as binary bits (ones and zeros). Examples of Physical layer standards include
the following:
➤ RS-232
➤ V.24
➤ V.35
➤ RJ-45
➤ RJ-12
Layer 2: Data Link Layer
The Data Link layer will focus on getting data reliably across any particular kind
of link. Flow control and error notifications are other functions of the Data Link
layer, as well. The Data Link layer applies to all access methods whether they are
LAN or WAN methods. Information being processed at this layer is commonly
known as frames. Examples of data link frame types include the following:
➤ ISDN
➤ SDLC
➤ HDLC
➤ PPP
➤ Frame Relay
Layer 3: Network Layer
The Network layer is used to determine the best path to a destination. Device
addressing, packet fragmentation, and routing all occur at the Network layer.
Information being processed at this layer is commonly known as packets. Ex-
amples of Network layer protocols include the following:
➤ Internet Protocol (IP)

➤ Internetwork Packet Exchange (IPX)
5
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
At the Network layer, a packet is associated with a connection-oriented
protocol, while a datagram is associated with a connectionless protocol.
Layer 4: Transport Layer
The Transport layer is responsible for segmenting upper-layer applications and
establishing end-to-end connections between devices. Other functions of the
Transport layer include providing data reliability and error-free delivery mecha-
nisms. Information being processed at this layer is commonly known as segments.
Examples of Transport layer protocols include the following:
➤ Transmission Control Protocol (TCP)
➤ Novell’s Sequenced Packet Exchange (SPX)
➤ User Datagram Protocol (UDP)
Layer 5: Session Layer
The Session layer performs several major functions, including managing sessions
between devices, and establishing and maintaining sessions. Examples of Session
layer protocols include the following:
➤ Database SQL
➤ NetBIOS Name Queries
➤ NetBEUI
Layer 6: Presentation Layer
The Presentation layer handles data formats and code formatting. The functions
of this layer are normally transparent to the end user, because this layer will take
care of code formats and present them to the Application layer (layer 7) where
the end user can examine the data. Examples of Presentation layer protocols in-
clude the following:
➤ GIF
➤ JPEG

➤ ASCII
➤ MPEG
6
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
Layer 7: Application Layer
The Application layer is closest to the end user, which means that the application
is being accessed by the end user. The major function of this layer is to provide
services to end users. Examples of Application layer services include the following:
➤ File Transfer Protocol (FTP)
➤ Telnet
➤ SMTP
➤ HTML browsers
How Data Flows through the OSI Layers
To get a better understanding of how the OSI layers function, it is important to
know how data flows between the layers. In this section, we’ll trace the data as it
flows through the layers of the OSI model. As you will see in this section, each
layer adds (or encapsulates) some form of header or trailer. (Layer 2, the Data
Link layer, is responsible for adding a trailer.) Figure 2.2 shows the data flow
from Device A to Device B.
Note: The example in Figure 2.2 demonstrates how end user packets (header and data)
flow through the OSI model. The figure assumes there are no intermediate devices.
When the end system receives the unstructured bit stream from the physical
wire, each layer removes the header information applicable to it until the applica-
tion receives the data. The following depicts what occurs in the OSI model’s
layers when an email is sent from Device A to Device B:
1. An application, such as an email program, creates data that will be sent
by an end user, such as an email message. The Application layer (layer 7)
places a header (encapsulation) field that contains information such as
screen size and fonts, and passes the data to the Presentation layer (layer 6).

2. The Presentation layer places layer 6 header information. For example,
the text in the message might be converted to ASCII. The Presentation
layer will then pass the new data to the Session layer (layer 5).
3. The Session layer follows the same process by adding layer 5 header in-
formation, such as information that the Session layer will manage the
data flow, and passes this data to the Transport layer (layer 4).
4. The Transport layer places layer 4 information, such as an acknowledg-
ment that the segment was received in the header, and passes it to the
Network layer (layer 3).
5. The Network layer places layer 3 header information, such as the source
and destination address so the Network layer can determine the best
7
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
delivery path for the packets, and passes this data to the Data Link layer
(layer 2).
6. The Data Link layer places layer 2 header and trailer information, such
as a Frame Check Sequence (FCS) to ensure that the information is not
corrupt, and passes this new data to the Physical layer (layer 1) for trans-
mission across the media.
7. The bit stream is then transmitted as ones and zeros on the Physical
layer. It is at this point that the Physical layer ensures bit synchroniza-
tion. Bit synchronization will ensure the end user data is assembled in
the correct order it was sent.
8. Steps 1 through 7 occur in reverse order on the destination device. De-
vice B collects the raw bits from the physical wire and passes them up the
Application
Presentation
Session
Transport

Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physical
Data Link
header
(DH)
Data (Bits)
DH
Data
NH
Data
TH
Data
SH
Data
PH
Data
AH
Data
Network
header
Transport
header (TH)

Session header (SH)
Presentation header (PH)
Application header (AH)
Device A
(Sending
Device)
Data
Device B
(Receiving
Device)
Path to Device B
Bits received
by Device B
Data link
trailer
Figure 2.2 End user header and trailer flow.
8
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
Data Link layer. The Data Link layer removes the headers and trailers
and passes the remaining information to the Network layer and so forth
until data is received by the Application layer. Eventually, Device B will
receive an email notification displaying a message to indicate that a new
email message has been received.
Familiarize yourself with the OSI model and each layer’s responsibility.
You should be able to recognize a function of each layer of the OSI
model. The seven layers of the OSI reference model are typically
divided into two categories: upper layers (layers 4 through 7) and lower
layers (layers 1 through 3).
As you can determine from the example of encapsulation, the OSI model pro-

vides a service that allows information to flow smoothly from one layer to an-
other. Eventually, the information will be presented to the end device in a readable
format. Now that we’ve reviewed the OSI model, the next section takes a look at
how packets are sent across a network using a routing algorithm.
General Routing Concepts
Routing simply means moving a packet from one location to another. Routing
uses best-effort delivery and occurs at layer 3 (the Network layer) of the OSI model.
An example of a routing protocol that routes IP is Routing Information Protocol
(RIP). Routing protocols provide the information required to determine the to-
pology of the internetwork and the best path to a destination. A routed protocol
is one that is routed by a routing protocol such as RIP. IP is an example of a
routed protocol. The following sections discuss the differences between a routed
and routing protocol and provide some common examples.
In contrast to routing,
switching
is the moving of a frame or frames
from one location to another. Switching occurs at layer 2 in the OSI
model. An example of a switching protocol is transparent bridging.
Note: Chapter 3 describes the available bridging and switching modes available on a
Cisco router.
Routing Vs. Routed Protocols
Routing protocols apply a set of rules to a network topology to determine the best
path to a destination from a given reference point. They also communicate net-
work topology information to other routers in their networks. Routing protocols
build routing tables from the gathered information. Examples of routing proto-
9
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
cols are Open Short Path First (OSPF) and IPX’s Routing Information Protocol
(IPX RIP).

In contrast, a routed protocol is a protocol that contains layer 3 information that
allows it to be moved from one destination to another. Examples of a routed
protocol include IP and IPX.
Routing protocols can be divided into three types—distance vector, link state,
and hybrid. These three routing protocol classifications are discussed in the fol-
lowing sections.
Distance Vector Protocols
Distance vector protocols, such as RIP, determine a path to a network using hop
count as the metric. A hop count is a number that increments each time a packet
traverses a router.
Convergence—the process that ensures all routers in a network have the same
network information as quickly as possible—of distance vector protocols is con-
siderably slower, and periodic updates are sent at set intervals. Figure 2.3 shows
how networks are discovered when using a distance vector protocol.
Each router in Figure 2.3 will have the same IP routing table and will send and
receive periodic updates. Not every routing protocol sends out periodic updates
at the same interval. The distance vector protocol IP RIP sends a periodic update
every 30 seconds.
Link State Protocols
Link state protocols, such as IS-IS and OSPF, create a topology of the network
with each router running that protocol as the root of the tree. Link state proto-
cols implement the shortest path first (SPF) algorithm to determine the path to
a network. The metric used by these protocols is cost, which is determined by an
administrator or calculated by the routing protocol based on a mathematical for-
mula. A network with the lowest cost is chosen as the preferred path to a remote
network. Link state protocols have no concept of hop count. The speed of con-
vergence with link state protocols is much faster when a network change occurs.
This is because a faster algorithm is used and the CPU is heavily utilized to
compute changes rapidly. When using link state protocols, updates are only sent
when a topological change occurs or at an interval set by an administrator.

Link state protocols use hello packets to discover neighbors. A hello packet is an
IP packet sent at regular intervals. When a topology change occurs, a link state
packet is sent to all neighbors with information regarding any new neighbors,
metric changes, or down networks. When a router receives a link state packet, it
records the information in its local database and reconstructs a path to the new
network. If a remote network goes down, the routing table entry will be removed.
10
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
Link state packets are used to notify remote neighbors of available networks. The
aim is to form a link state database that contains all the available networks. The
steps needed to form the database are as follows (Figure 2.4 depicts these steps):
1. Send link state packets to describe the links in a network.
2. Combine link state packets to form a link state database.
3. Run the shortest path first (SPF) algorithm.
4. Create a link tree with the router running the SPF algorithm as the root.
5. Insert networks into the routing table.
Hybrid Routing Protocols
Cisco has created a routing protocol called Enhanced Interior Gateway Routing
Protocol (EIGRP). EIGRP combines the characteristics of both link state and
distance vector routing protocols. This protocol is called a hybrid protocol because
of this combination. A hybrid routing protocol uses distance vector characteris-
tics for choosing a routing path and link state characteristics for changes. EIGRP
maintains neighbor and topology tables instead of a link state database.
Routing Table
show ip route
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.1 is directly connected, Loopback0
D 137.10.255.0/24 [90/2681856] via 137.10.253.2, 1w1d, S0
Routing Table

.......
.......
Routing Table
.......
.......
Updates sent and received
Updates sent
and received
Updates sent
and received
Figure 2.3 Learning networks using distance vector protocols.
11
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
Now that you have a general appreciation for routing protocols, let’s talk about
some common routing protocol characteristics.
Common Routing Characteristics
Routing protocols use certain features to ensure that valid routing information is
gathered as accurately as possible and without corruption. This section discusses
IP RIP as an example.
IP RIP is widely used in the Unix industry and is relatively easy to configure and
maintain. To enable RIP on a Cisco router, you simply type the command router
rip and then enable the networks you wish to be advertised with the network
<address> command.
Note: Chapter 6 provides a detailed example of IP RIP operation and
configurations.
One of the main functions of any routing protocol is to discover remote networks
that are reachable via neighboring routers and to converge as quickly as possible.
This ensures that all routers in a network have the same network information.
1. Router R2 sends a

link state packet
advertising the new
Ethernet network.
2. Router R1 receives the link state packet
and installs the new netork into the link
state database.
3. Router R1 runs shortest path algorithm
to determine shortest cost path to the
new network.
4. R1 forms a tree, with itself as the root
of the tree.
5. The new network is inserted into the IP
routing table.
Router R2
activates new
Ethernet networ
k
R1
S0
E0
R2
S0
E0
Figure 2.4 Steps taken by link state protocols to form the link state database.
12
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
When a change occurs, flash or triggered updates are sent, which takes time to
propagate to all routers. The better the convergence time, the more likely net-
work devices will have correct information about all available networks. RIP has

a poor convergence time compared to other protocols, such as OSPF.
IP RIP uses holddowns, triggered updates, split horizon, and poison reverse up-
dates to ensure valid routing updates are sent. When using holddowns, triggered
updates, split horizon, and poison reverse updates, routing protocols (such as IP
RIP) can avoid routing loops, which helps to speed up convergence.
Let’s take a closer look at holddowns, triggered updates, split horizon, and poi-
son reverse updates, as well as summarization.
Holddowns
Holddowns prevent updates about networks that have been altered, disappeared,
or broken from being inserted into a routing table. This, of course, is not the most
accurate routing information, and it should be prevented from being placed in
the routing table. Holddowns ensure that invalid routes are not relearned thus
preventing problems, such as routing loops, within a network, unless the new
route metric is smaller than the original.
Most routing protocols, such as RIP, will base a decision to place a route
into the IP routing table on a metric. In the case of RIP, the network with
the lowest hop count will be chosen.
Triggered Updates
A triggered update is a method used by routing protocols to send updates to neigh-
boring routers outside the normal update interval. Triggered updates are used to
prevent routing loops in networks by sending an update whenever a network
event triggers it. An example of this would be a link going down, which causes a
triggered update.
Distance vector protocols send their full routing table of all active links at set
intervals. In the case of RIP, updates are sent every 30 seconds. What happens if
a network becomes unreachable in between the update interval? In this instance,
a triggered update is used to notify other routers of the network event. This speeds
up convergence time.
Let’s view an example of a triggered update by turning on the following debug
options: debug ip rip and debug ip rip events. Let’s say you have three networks

learned via RIP. Listing 2.1 shows what happens when RIP receives an update
from another IP RIP router. The IOS command show debug in Listing 2.1 also
displays that IP RIP events and protocols updates have been enabled.
13
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
Listing 2.1 Debug IP RIP display.
R1#show debug
IP routing:
RIP protocol debugging is on
RIP event debugging is on
RIP: sending general request on Ethernet0 to 255.255.255.255
RIP: received v1 update from 150.100.1.1 on Ethernet0
150.100.1.0 in 1 hops
0.0.0.0 in 1 hops
199.172.3.0 in 1 hops
199.172.2.0 in 1 hops
199.172.4.0 in 1 hops
Now, let’s say that network 199.172.2.0 goes down. As a result, the triggered
update shown in Listing 2.2 would occur.
Listing 2.2 Triggered update debug output.
RIP: received v1 update from 150.100.1.1 on Ethernet0
0.0.0.0 in 1 hops
199.172.3.0 in 1 hops
199.172.2.0 in 16 hops (inaccessible)
199.172.4.0 in 1 hops
RIP: Update contains 4 routes
Notice that you still get the full routing table, but the network 199.172.2.0 is
marked as inaccessible or with a hop count of 16. This value of 16 tells the router
that the remote destination is no longer reachable and to drop any packets des-

tined for this network. This specification prevents the router from installing the
network in its routing table or sending an update to another router. The router
drops any packets that are received for the network. Therefore, any chance of a
routing loop occurring is prevented.
Distance vector protocols primarily use periodic updates that send the
entire routing table to neighboring routers. Triggered updates are used
when an event occurs outside the normal periodic update interval.
Split Horizon
Split horizon is when a router that has learned of a network (via a route advertise-
ment) from another router and that network will not be re-advertised back to the
sending router. Split horizon is enabled by default on Cisco routers. Split horizon
helps to prevent routing loops by ensuring all routing information is accurate,
which enables information to be properly routed from source to destination.
14
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
Poision Reverse Updates
Poison reverse updates are used in conjunction with split horizon to prevent rout-
ing loops on a larger scale. Poison reverse updates occur when a network is marked
as invalid. For example, when a router receives a route through an interface, it
advertises the same route back out the interface as a poisoned reversed update.
The receiving router receives the invalid entry in the routing table, but with a hop
count of 16, so it removes the network from the routing table. Then, when the
routers converge, the holddown timer expires. In large networks, convergence
takes longer for all routers due to the size of the network. Poison reverse places
networks that have disappeared into an “unreachable state” for a period of time
sufficient enough so that all routers in the network will have the same routing
table through normal convergence.
Other Network Occurences
Some of the more advanced topics of routing include loops and tunneling. A

routing loop is detrimental to an IP network, because the IP packet will never
end up at the correct location. A field in the IP frame called the Time-To-Live
field will prevent IP packets from traversing the networks forever, but the result
will be a disgruntled end user. A tunnel, on the other hand, is a software interface
on a Cisco router that is used to transport non-routable protocols across an IP
network. You may for instance have clients running the native AppleTalk proto-
col. (Note that you can tunnel both routable and non-routable protocols.) In-
stead of enabling AppleTalk along the entire path across your Wide Area Network
you can create a tunnel interface at both remote points and enable AppleTalk
over the IP network. Tunneling AppleTalk over an IP network involves encapsu-
lating AppleTalk in IP and then sending “through” the tunnel to the destination
where it is de-encapsulated.
Route Summarization
Route summarization is used to reduce the number of entries in a routing table.
A routing table consists of entries that define how a remote network can be reached.
The larger the routing table, the more memory required. This is because each
entry takes up available memory. Therefore, if you can reduce the number of
networks to be advertised, you can increase performance and the delivery of packets
across the network because you have now reduced the IP routing table size that
leads to less bandwidth and time required to advertise the network to remote
locations. Summarization is typically used in very large networks, such as the
World Wide Web.
Note: Chapter 6 provides some common commands used on Cisco routers regarding
summarization on IP networks.
15
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Networking Theory
Routing tables can be as large as the memory installed on the router.
For example, an IP RIP table consisting of 1,000 networks will consume
20,000 bytes of memory. Each IP RIP entry consumes 20 bytes of

memory. If your router does not contain enough memory, some of the
remote networks will not be inserted into the IP routing table.
Examining the Cisco IP Routing Table
Routing tables are generated by devices learning new remote networks using
some form of a routing protocol. Routing tables are used by routers, for example,
to make intelligent decisions regarding where packets should be sent so that user
data is sent as efficiently as possible. Hence, one of the most common IOS com-
mands used on a Cisco router is to display a routing table. The command to
display the IP routing table on a Cisco router is:
show ip route
This command can also be written as:
sh ip ro
The Internet routing table consists of almost 70,000 IP routing entries. Listing
2.3 displays a sample IP routing table.
Listing 2.3 An IP routing table.
R1>show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2,
E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate defaultU - per-user static route, o - ODR
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.1 is directly connected, Loopback0
137.10.0.0/16 is variably subnetted, 4 subnets, 3 masks
D 137.10.255.0/24 [90/2681856] via 137.10.253.2, 1w1d,S0
C 137.10.253.0/24 is directly connected, Serial0

D 137.10.17.0/28 [90/688128] via 137.10.253.2, 1w1d, S0
D 137.10.16.0/27 [90/793600] via 137.10.253.2, 1w1d, S0
16
○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○○
Chapter 2
The first half of Listing 2.3 summarizes the codes used to identify how networks
have been learned dynamically, statically, or from directly connected networks
(for example, those networks assigned directly to a router’s interface).
Note that directly connected networks are identified on the left side as C, and D
represents EIGRP discovered networks. IPX and AppleTalk maintain similar
tables. The IP table lists the remote network, the next hop and metric, and how
long the route has been valid. No layer 2 information, like MAC addresses, is
listed in the routing table.
You must familiarize yourself with IP routing tables. An IP routing table
displays how remote networks are reachable. A switch or bridge will
maintain a layer 2 table called a bridge table or content addressable
memory (CAM) table, which lists layer 2 information only, such as
MAC addresses.
Protocol Operation
You must have a good understanding of Windowing/Acknowledgments (ACK),
fragmentation, maximum transmission unit (MTU), handshaking, and termina-
tion. This section deals with common networking concepts so that when we re-
view TCP/IP and other protocol suites in detail in Chapters 4 and 5, you’ll have
a good understanding of how the protocol suites operate from layer 1 of the OSI
model through layer 7.
This section starts by covering connection and connectionless protocol mechan-
ics. Then, the discussion moves on to windowing and acknowledgments as well
as other pertinent protocol operational mechanics.
Connection-Oriented and Connectionless Services
A connection-oriented service is a service that guarantees delivery of informa-

tion to that service whether it is FTP or HTTP. A service that is guaranteed will
provide reliability, ensure segments are delivered and reassembled in order, and
are error free. When data cannot be sent reliably or in order, an error is sent to the
user’s application layer. These connection-orientated protocols, such as TCP, es-
tablish a connection to a destination before any form of data is transferred.
A telephone service is a good example of a connection-oriented service. Before
you can start a conversation, the call setup and data transfer phases must be com-
pleted. After those stages have completed, you can start talking. When you finish
the conversation, the call termination phase takes place. Each of these phases in
a telephone call are characteristics of connection-oriented services. Connection-
oriented services consist of: