LECTURE NOTE THREE

THE NETWORK INTERFACE LAYER

In this lecture note, we’ll examine the SLIP protocol, Point-To-Point protocol and some other
protocol/technologies used by LANs, WANs, and WLANs

1. THE SLIP PROTOCOL (Serial Line Internet Protocol)

SLIP is just a very simple protocol designed quite a long time ago and is merely a packet framing
protocol. It defines a sequence of characters that frame IP packets on a serial line, and nothing
more.

The initial purpose of this protocol was to connect Sun workstation to the Internet over a dial-up
line using modem.

Using this protocol, workstations sends raw IP packets over the line with a flag byte (OXCO) at
the end for framing purpose.

If the flag byte occurs inside the IP packet, then character stuffing technique is used to solve this
problem. For this a two-byte sequence (OXDB, OXDC) is sent in its place.

THE FRAME STRUCTURE

Fig 2.1 SLIP frame structure

A special END character (equivalent to decimal 192) marks the end of data. If an End character
occurs naturally in data, SLIP includes a special ESC character before the END character so that
receiving computer does not prematurely stop receiving the packet.

HOW DOES SLIP WORKS

Here's how SLIP framing works. An IP datagram is passed down to SLIP, which breaks it into
bytes and sends them one at a time over the link. After the last byte of the datagram, a special byte
value is sent that tells the receiving device that the datagram has ended. This is called the SLIP
END character and has a byte value of 192 decimal (C0 hexadecimal, 11000000 binary). And
that's basically it: take the whole datagram, send it one byte at a time, and then send the byte 192
to delimit the end of the datagram.

A minor enhancement to this basic operation is to precede the datagram by an END character as
well. The benefit of this is that it clearly separates the start of the datagram from anything that
preceded it. To see why this might be needed, suppose at a particular time we have only one
datagram to send, datagram #1. So, we send #1, and then send the END character to delimit it.
Now, suppose there is a pause before the next datagram shows up. During that time, we aren't
transmitting, but if there is line noise, the other device might pick up spurious bytes here and there.
If we later receive datagram #2 and just start sending it, the receiving device might think the noise
bytes were part of datagram #2.

Starting datagram #2 off with an END character tells the recipient that anything received between
this END character and the previous one is a separate datagram. If that's just noise, then this “noise
datagram” is just gibberish that will be rejected at the IP layer. Meanwhile, it doesn't corrupt the
real datagram we wish to send. If no noise occurred on the line between datagrams then the
recipient will just see the END at the start of datagram #2 right after the one at the end of #1 and
will ignore the “null datagram” between the two.

Fig 2.1.1 SLIP frame structure

SHORTCOMINGS
Although SLIP is the simple protocol but it has some major problems. These are:

1. It does not perform any error detection and correction.

2. SLIP support only IP (Internet Protocol). So, it cannot be used for other networks that do not
make use of IP (for e.g. Novell LANs).

3. It does not Support the allocation of dynamic IP address. Both the communication sites should
be assigned a specific IP address before hand and both sites should know each other's address.

4. SLIP does not provide any authentication. So, both the communicating sites do not know with
whom they are communicating.

5. SLIP is not an approved Internet standard; so many different and incompatible versions exist
that makes networking difficult.
 2. THE POINT TO POINT PROTOCOL (PPP)

The problem with the Serial Line Internet Protocol was that it was too simple and didn't include
enough features. As the saying goes, “be careful what you wish for”, especially when the complaint
is too much simplicity. The Point-to-Point Protocol (PPP) corrects the lack of features in SLIP, but
you could figure out, without really trying, what the cost is: significantly more complexity. Where
the operation of SLIP can be explained in a few paragraphs, PPP is much more involved, including
a number of specific processes that need to be explained.

A point-to-point connection is one of the most common types of WAN connection. PPP
connections are used to connect LANs to service provider WANs, and to connect LAN segments
within an organization network. A LAN-to-WAN point-to-point connection is also referred to as
a serial connection or leased-line connection because the lines are leased from a carrier (usually a
telephone company) and are dedicated for use by the company leasing the lines.

Simply, when you establish a connection to your ISP (Internet Service Provider) through a modem.
The connection between the ISP and you make up two points on the network. Therefore, the
protocol that is used for establishing this connectivity between the two of you is the Point-to-Point
Protocol or the PPP.

Note: The default serial encapsulation method when you connect two Cisco routers is HDLC. This
means Cisco HDLC can only work with other Cisco devices. However, when you need to connect
to a non-Cisco router, you should use PPP encapsulation.

The basic purpose of PPP at this point is to transport layer-3 packets across a Data Link layer
point-to-point link. This is one of many advantages to using PPP, it is not proprietary.

Main PPP Components

The PPP standard itself describes three “main” components of PPP:

PPP Encapsulation Method: The primary job of PPP is to take higher-layer messages such as IP
datagrams and encapsulate them for transmission over the underlying physical layer link. To this
end, PPP defines a special frame format for encapsulating data for transmission, based on the
framing used in the HDLC protocol. The PPP frame has been specially designed to be small in
size and contain only simple fields, to maximize bandwidth efficiency and speed in processing.

Link Control Protocol (LCP): The PPP Link Control Protocol (LCP) is responsible for setting
up, maintaining and terminating the link between devices. It is a flexible, extensible protocol that
allows many configuration parameters to be exchanged to ensure that both devices agree on how
the link will be used.

Network Control Protocols (NCPs): PPP supports the encapsulation of many different layer
three datagram types. Some of these require additional setup before the link can be activated. After
the general link setup is completed with LCP, control is passed to the PPP Network Control
Protocol (NCP) specific to the layer three protocol being carried on the PPP link. For example,
when IP is carried over PPP the NCP used is the PPP Internet Protocol Control Protocol (IPCP).
Other NCPs are defined for supporting the IPX protocol, the NetBIOS Frames (NBF) protocol,
and so forth.

PPP General Operation

The fact that the PPP suite includes literally dozens of protocols often makes it seem like it must
be a really complex technology. In fact, the general operation of PPP is really quite straight-
forward. The existence of all those PPP protocols allows PPP to be flexible and extensible,
supporting many higher layer datagram types and various features.

The bottom line, however, is that PPP operation involves just three basic steps. Beginning in a
state where there is no PPP link between the devices, these are the operations that occur in PPP.

Link Setup and Configuration: Before the two devices can exchange information, they must
make contact and set up a link between them. During link setup, all the parameters needed to
manage the operation of the link are agreed upon by the two devices. The LCP begins this process
and invokes the help of support protocols as they are needed, for options like authentication. After
the link is set up in general terms, the appropriate NCP is called for whatever layer three technology
is being carried on the link to complete link setup.

Link Operation: The devices on the link use it to send datagrams. Each device transmits by taking
layer three datagrams, encapsulating them and sending them down to layer one to be transmitted.
Each device receives by taking PPP frames sent up from its own physical layer, stripping off the
PPP header and passing the datagram up to layer three. Where appropriate, optional feature
protocols are used here, such as CCP for compression.

Link Termination: When either device decides it no longer wants to communicate, it terminates
the link. The link can of course be re-established if desired.
Fig 2.2 Overview of PPP Operation

PPP AUTHENTICATION
PPP Authentication is the method of identifying remote device. Through authentication we can
find out whether remote party is genuine or imposter. For example, there are two routers (R1 and
R2) communicating over a serial link. Now R1 has some data for R2. But before sending this data,
R1 want to be sure that remote device which is claiming itself as R2, is real R2. In this case R1
will initiate authentication process. In authentication process R2 will prove its identity. PPP
supports two authentication protocols; PAP and CHAP.

PAP (Password Authentication Protocol)

In this protocol, password is sent in clear text format that makes it less secure in comparison with
CHAP. PAP authentication is a two steps process. In step one, Router that want to be authenticate
will send its user name and password to the Router that will authenticate it. In second step, if user
name and password match, remote router will authenticate originating router otherwise
authentication process will be failed. Following figure illustrate this process in detail..
In step one, R1 sends user name and password in clear text format to R2 which will authenticate
R1.

In step two, R2 will match received username and password with locally stored username and
password. If both credential match, R2 will assume that R1 is real R1. R2 will send back an
acknowledgment to R1 stating that it has passed authentication process and R2 is ready for data
transmission.

PAP authentication is only performed upon the initial link establishment. Once link is established, no more
sequential authentications are done for that particular session. PAP sends user name and password in clear
text format. Username and password are case sensitive.

CHAP (Challenge Handshake Authentication Protocol)

CHAP is used at initial startup and once link is established, sequential authentication are performed
to make sure that router is still communicating with same host. If any sequential authentication is
failed, connection will be terminated immediately. CHAP authentication is a three steps process.

Step1

In first step R1 (Source) sends its username (without password) to the R2 (Destination).

Step2

 Routers running CHAP need to maintain a local authentication database. This database
contains a list of all allowed hosts with their login credential.
 R2 will scan this database to find out whether R1 is allowed to connect with it or not.
 If no entry for a particular host is found in database then that specific host is not allowed
to connect with it. In such a case connection will be terminated at this point.
  A database entry for R1 (with password) will confirm that R1 is allowed to connect with
it. R1’s password would be picked up for next process.
 At this moment a random key will be generated.
 This random key with password will be passed in MD5 hashing function.
 MD5 hashing function will produce a hashed value from given input (Random Key +
Password).
 This hashed value is known as Challenge.
 R2 will send this Challenge with random key back to R1.

Step3

 R1 will receive hashed value (Challenge) and a random key.

 R1 will pass received random key and locally stored password in MD5 hashing function.
 MD5 hashing function will produce a hashed value from given input (Random Key +
Password).
 Now R1 will compare this hashed value (generated from MD5 hashed function) with
received hashed value from R2.
 If both hashed value do not match, process will be terminated and connection will be
rejected.
 If both hashed values (locally generated and received) match, R1 will assume that password
used by remote router (R2) must have been same as password used by itself. Thus, R2 is
real R2 and permission for this connection can be granted.
 R1 will update R2 about authentication result with Accepted or Rejected acknowledgement
signal.
CHAP uses one-way hash algorithm (MD5) to generate a hashed value. This hashed value is valid
only for one time. So, you need not to worry about those users who intentionally make a copy of
this hashed value for later use. In CHAP authentication actual password is never sent across the
link. So, anybody tapping the wire will never be able to reverse the hash to know the original
password.
CHAP uses three-way handshake process to perform the authentication. In CHAP protocol actual
password is never sent across the link. CHAP uses a hashed value for authentication that is generated from
MD5 hashed function. MD5 uses locally store password and a random key to generate hashed value. This
hashed value is valid only for one time.

SHORTCOMINGS OF PPP
Low Security Standards
To start with, PPTP is said to have poorer security compared to the other protocols. Secondly,
PPTP does not offer data integrity or data origin verification. This means that you cannot be sure
whether the data that is sent over this protocol is authentic or has been tampered with. This
significantly lowers the reliability of using the protocol especially if your company is dealing with
very sensitive information.

Lower Performance on Unstable Connections

The other disadvantage associated with this protocol is that it normally has performance issues
when used on unstable networks. Generally, it can be termed as an acceptable way to connect
workers and share documents. However, it will not be of much help if you have a lot of private
information that you need to share.

Differences between PAP and CHAP authentication protocol

PAP CHAP
Perform authentication in two steps. Perform authentication in three steps.
Username and password are sent Only username is sent across the link.
across the link.
Actual password is sent across the Actual password is never sent across the link.
link.
Password is sent in clear text format. Password is hashed with a random key through the
MD5 hashed function.
It is a less secure authentication It is a secure authentication protocol. Since actual
protocol. Anyone tapping the wire password is never sent across the wire, no one can
can learn password. learn password from wire-tapping.
PAP authentication is performed only CHAP authentication is performed at initial startup
at initial link establishment. and if required, any time during the session.
 3. FRAME RELAY
Frame Relay is one of the most popular WAN service deployed over the past decade. Even though
several advanced technologies (such as VPN, ATM) are available today, Frame Relay still rocks
and will be in near future due to its features, benefits and lower cost in comparison with other point
to point wan services.
Let’s take a simple example. Suppose you are working in a big company and your company has
just expanded to two new locations. The main site is connected to two branch offices, named
Branch 1 & Branch 2 and your boss wants these two branches can communicate with the main
site. The most simple solution is to connect them directly (called a leased line) as shown below:

To connect to these two branches, the main site router, HeadQuarter, requires two serial
interfaces which a router can provide. But what happens when the company expands to 10
branches, 50 branches? For each point-to-point line, HeadQuarter needs a separate physical serial
interface (and maybe a separate CSU/DSU if it is not integrated into the WAN card). As you can
imagine, it will need many routers with many interfaces and lots of rack space for the routers and
CSU/DSUs. Maybe we should use another solution for this problem? Luckily, Frame Relay can
do it!

By using Frame Relay, we only need one serial interface at the HeadQuarter to connect to all
branches. This is also true when we expand to 10 or 50 branches. Moreover, the cost is much lesser
than using leased-lines.

Frame Relay is a high-performance WAN protocol that operates at the physical and data link
layers of the OSI reference model. It offers lower-cost data transfer when compared to typical
point-to-point applications, by using virtual connections within the frame relay network and by
combining those connections into a single physical connection at each location. Frame relay
providers use a frame relay switch to route the data on each virtual circuit to the appropriate
destination.

Maybe these terminologies of Frame Relay are difficult to understand so we will explain them in
more detail in this lecture
DTE
DTE (Data Terminal Equipment) is a device (usually a router or PC) that converts data frame
into signals and reconvert received signals in data frame. DTE device communicates with DCE
device.

CSU/DSU
A CSU/DSU (Channel Service Unit/Data Service Unit) is a device that converts data signal
between LAN network and WAN network. LAN network and WAN network uses separate
communication technology. A CSU/DSU understands both technologies. DSL and cable modems
are the example of CSU/DSU.
DCE
DCE (Data circuit terminating equipment) is a device (usually modem, CSU/DSU or Frame
Relay switch) that provides clock rate and synchronization.
Access Link
Connection line between DTE and DCE.
Frame Relay cloud
Frame Relay cloud refers Telco companies internal infrastructure.
Access Rate
This is the maximum speed of purchased connection. Access link should be clocked on this speed.
Access rate is the maximum speed at which data can be transmitted.

VC (virtual circuit)
A VC is the logical path between two endpoint DTEs. The term “virtual” here means that the two
DTEs are not connected directly but through a network. For example, the HeadQuarter & Branch
1 (or Branch 2) can communicate with each other as if they were directly connected but in fact
they are connected through a Frame Relay network with many Frame Relay switches between
them.

There are two types of VCs.

switched virtual circuits (SVCs): are temporary connections that are only used when there is
sporadic data transfer between DTE devices across the Frame Relay network. SVC is set up
dynamically when needed. SVC connections require call setup and termination for each
connection.
permanent virtual circuits (PVCs): A predefined VC. A PVC can be equated to a leased line in
concept.

Nowadays most service providers offer PVC service only to save additional costs for signaling
and billing procedures.

CIR (Committed Information Rate)

This is the guaranteed bandwidth that we will get from provider for a VC. In congestion we could
be sure about this bandwidth. CIR is the maximum bandwidth at which data will be delivered
guaranteed.
Let’s understand these value with an example. Suppose, there are three networks connected with
a frame relay switch sharing single path. Network1 and Network2 purchased a connection with
access rate of 128Kbps and CIR of 64 Kbps. Network3 purchased connection with access rate of
64Kbps and CIR of 64 Kbps.

If access rate and CIR rate is equal then Frame relay connection is pretty much works like a leased
line. Network3 is paying for 64Kbps speed and in return, getting a guaranteed speed of 64Kbps
from frame relay company. So for network3 this connection will work just like a leased line of
64Kbps where you will get what you will pay for.

Instead of fix bandwidth, network1 and network2 opt for a flexible connection where access rate
and CIR rate is different. For this connection they have to spend a little extra money. They will be
charged for 64Kbps guaranteed (CIR) + additional bandwidth (if available under certain terms and
conditions). Additional bandwidth will be provided on share basis. If all other users are transferring
data at any particular time then they will get a minimum bandwidth of 64Kbps at that time.

If no other user is transferring data at any specific time then they will get a maximum bandwidth
of 128 Kbps on that time. For example, if no other user is transferring data at any specific time
then R1 is allowed to use additional 64Kbps bandwidth at that particular time.
  If no other user is transferring data then maximum (128 Kbps) bandwidth would be
available.
 If all other users are transferring data then minimum (64 Kbps) bandwidth would be
available.
 If some users are transferring data then bandwidth speed may be anywhere between
64Kbps and 128 Kbps.

Anything beyond the CIR is marked as burst. There are two types of burst:-

BC (committed burst rate)

A small amount of additional bandwidth that is allowed to handle small burst in traffic.

BE (excessive burst rate)

Remaining amount of bandwidth. If Telco allows, we can also set bandwidth at this rate.
Connection rarely works at this speed.

Oversubscription

When we add up all CIRs (CIR + Bc + BE ) and sum exceed the access rate then it would be
considered as oversubscription.

Usually oversubscription is not allowed. So any data that fall in oversubscription category will
be dropped.

Frame Relay Congestion Control

Since users share bandwidth, congestion is common in Frame Relay. We should avoid sending
additional data if network is facing congestion at any particular time. Frame Relay uses three bits
to manage congestion: -

Discard Eligibility (DE)

Any packet beyond CIR is eligible to discard if Frame Relay network is facing congestion. DE bit
is set in header. During congestion, Frame Relay switch will drop all the packets that are marked
(set to on) with DE bit. If there is no congestion, packet will be allowed to cross the frame relay
network.

Forward Explicit Congestion Notification (FECN)

If there is congestion in network then frame relay switch will set FECN bit to on (1) in data frame
header. This way destination router will learn about congestion in VC.

Backward Explicit Congestion Notification (BECN)

Once the frames with congestion bit on arrived at destination router (DTE), the destination router
will send back a frame in reverse direction with BECN bit on in header of frame. Once source
receive this frame it will learn about the congestion and slow down the data transmission on that
VC.

Frame Relay DLCI (data link connection identifiers)

Although the below picture shows two VCs from the HeadQuarter but do you remember that the
HeadQuarter only has only one serial interface? So how can it know which branch it should send
the frame to?

Frame-relay uses data-link connection identifiers (DLCIs) to build up logical circuits. The
identifiers have local meaning only, that means that their values are unique per router, but not
necessarily in the other routers. For example, there is only one DLCI of 23 representing for the
connection from HeadQuarter to Branch 1 and only one DLCI of 51 from HeadQuarter to Branch
2. Branch 1 can use the same DLCI of 23 to represent the connection from it to HeadQuarter. Of
course, it can use other DLCIs as well because DLCIs are just local significant.
By including a DLCI number in the Frame Relay header, HeadQuarter can communicate with both
Branch 1 and Branch 2 over the same physical circuit.

DLCI values typically are assigned by the Frame Relay service provider (for example, the
telephone company). In Frame Relay, DLCI is a 10-bit field.

Before DLCI can be used to route traffic, it must be associated with the IP address of its remote
router. For example, suppose that:

+ HeadQuarter’s IP address is 9.9.9.9

+ Branch 1’s IP address is 1.1.1.1
+ Branch 2’s IP address is 2.2.2.2

Then the HeadQuarter will need to map Branch 1 IP address to DLCI 23 & map Branch 2 IP
address to DLCI 51. After that it can encapsulate data inside a Frame Relay frame with an
appropriate DLCI number and send to the destination. The mapping of DLCIs to Layer 3 addresses
can be handled manually or dynamically.

Frame Relay LMI (Local Management Interface) protocol

Local Management Interface (LMI) is a signaling standard protocol used between your router
(DTE) and the first Frame Relay switch. The LMI is responsible for managing the connection and
maintaining the status of your PVC.
Before data transmission DTE confirms the status of remote end. It sends data only if remote end
is up. To know the status of each other’s, devices exchange Keepalive messages. If one end does
not receive a Keepalive message from other end in specified time then it would assume that remote
end is down. Keepalive messages are exchanged between directly connected devices. For example,
in leased line where two devices connect with each other via direct link, will exchange Keepalive
messages. But in Frame Relay devices connect with each other via the Frame Relay switches, so
they will exchange Keepalive message with Frame Relay switches.

Frame Relay uses LMI protocol to exchange the Keepalive messages between DTE (connection
end point) and DCE (last frame relay switch that is directly connected with the end point). DTE
(Routers) send LMI status enquiry messages to the connected DCE (Frame Relay switch). If DCE
(Frame Relay) is up then it will respond with LMI status reply message. If DTE does not get
response form DCE then it will assume that either access link or frame relay switch is down.

Besides LMI status enquiry DTE also asks for full status updates. In response DCE respond with
all information that is related to DTE. This information includes the status of VCs which are
connected to the DTE and their configuration values (CIR, BC, BE and DLCIs).
LMI status enquiry: - A simple query asking simple question “Are you there”. Response of this
query is also simple “Yes I am here”.

LMI full status enquiry: - A complete query seeking full information “Tell me everything that
is related to me”. Response of this query contains all information that is related to DTE “Here is
all information which is related to you”.

There are three types of LMI Cisco, ANSI, and Q.933A. Each LMI type is slightly different from
other two. Therefor they are not compatible with each other. We must have to use same LMI option
on both ends. In next part of this article we will learn how to configure LMI type.