CCNA Chapter 6 Network Layer

The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across the network.

The network layer uses four basic processes: 
 - Addressing end devices - devices must be configured with a unique IP address for identification on the network. An end device with a configured IP address is referred to as a host. 
 - Encapsulation (creating IP packet) - The network layer receives a protocol data unit (PDU) from the transport layer. In a process called encapsulation, the network layer adds IP header information, such as the IP address of the source (sending) and destination (receiving) hosts. 
 - Routing - The role of the router is to select paths for and direct packets toward the destination host in a process known as routing. A packet may cross many intermediary devices before reaching the destination host. Each route the packet takes to reach the destination host is called a hop. 
 - De-encapsulation - When the packet arrives at the network layer of the destination host, the host checks the IP header of the packet. If the destination IP address within the header matches its own IP address, the IP header is removed from the packet. This process of removing headers from lower layers is known as de-encapsulation. After the packet is de-encapsulated by the network layer, the resulting Layer 4 PDU is passed up to the appropriate service at the transport layer.

Network layer protocols 
 - Internet Protocol version 4 (IPv4)
 - Internet Protocol version 6 (IPv6)

Other legacy network layer protocols that are not widely used include:
 - Novell Internetwork Packet Exchange (IPX)
 - AppleTalk
 - Connectionless Network Service (CLNS/DECNet)

IP Protocols
IP is the network layer service implemented by the TCP/IP protocol suite. 
The protocol was not designed to track and manage the flow of packets. These functions, if required, are performed by other protocols in other layers.

The basic characteristics of IP are: 
 - Connectionless - No connection with the destination is established before sending data packets.
 - Best Effort (unreliable) - Packet delivery is not guaranteed.
This allows IP to function very efficiently. If reliability overhead were included in IP, then communications that do not require connections or reliability would be burdened with the bandwidth consumption and delay produced by this overhead. In the TCP/IP suite, the transport layer can use either TCP or UDP based on the need for reliability in communication.
 - Media Independent - Operation is independent of the medium carrying the data.
MTU -  the maximum size of the PDU that each medium can transport.
 The basic fact in networking is that not all networking technologies were created equal. One of the differences between various layer-2 technologies is the maximum payload (commonly called Maximum Transmission Unit – MTU) a layer-2 frame can transport.
For example, regular Ethernet packets can be up to 1518 bytes long (including the CRC bytes), but they can transport only a 1500-byte payload if you’re using the default encapsulation.
On the other hand, slow-speed serial links used lower MTU sizes to reduce the serialization delay (transmitting a single 1500-byte IP packet on a 64 kbps link takes almost 200 milliseconds).

Encapsulation and tunneling techniques add their own limitations: for example, if you’re using PPP-over-Ethernet, the PPPoE header takes eight bytes from the Ethernet payload, leaving 1492 bytes for the IP packet. Similarly, Generic Route Encapsulation (GRE) uses 24 bytes headers, reducing the MTU on GRE tunnels to 1476 bytes. Obviously, the combination of various encapsulation techniques further reduces the MTU size; the MTU of a GRE tunnel running over an ADSL is 1468 bytes.

The data link layer passes the MTU value up to the network layer. The network layer then determines how large packets should be.
In some cases, an intermediate device, usually a router, must split up a packet when forwarding it from one medium to a medium with a smaller MTU. This process is called fragmenting the packet or fragmentation.
To avoid IP fragmentation, Maximum Segment Size (MSS) messages are sent between two end points to find the maximum frame size that can be transmitted intact. 
In a network with multiple data links, the router uses Path Maximum Transmission Unit Discovery (PMTUD) to send error messages back to the sender whenever a link with a smaller frame size is encountered. The host then reduces its TCP packet size and retransmits. PMTUD does not work with UDP, only TCP.

The PMTUD is enabled by default in almost all modern TCP/IP implementations; it’s thus mandatory that your packet filters and firewalls don’t block the PMTUD-related ICMP messages.

IPv4 has been in use since 1983 when it was deployed on the Advanced Research Projects Agency Network (ARPANET), which was the precursor to the Internet. The Internet is largely based on IPv4, which is still the most widely-used network layer protocol.
IPv4 header

IPv4 Header, image from

ICMP Header, image from
Significant fields in the IPv4 header include:
* Version - Contains a 4-bit binary value identifying the IP packet version. For IPv4 packets, this field is always set to 0100.
Differentiated Services (DS) - Formerly called the Type of Service (ToS) field, the DS field is an 8-bit field used to determine the priority of each packet
DSCP (Differentiated Services Code Point) is used by a quality of service (QoS) mechanism.
ECN - 2 bits identify the explicit congestion notification, value that can be used to prevent dropped packets during times of network congestion.
* Protocol - This 8-bit binary value indicates the data payload type that the packet is carrying, which enables the network layer to pass the data to the appropriate upper-layer protocol. Common values include ICMP (0x01), TCP (0x06), and UDP (0x11).
* Time-to-Live (TTL) - Contains an 8-bit binary value that is used to limit the lifetime of a packet. It is specified in seconds but is commonly referred to as hop count. If the TTL field decrements to zero, the router discards the packet and sends an Internet Control Message Protocol (ICMP) Time Exceeded message to the source IP address. Router is decreased by one each time the packet is processed by a router, or hop.
* Source IP Address - Contains a 32-bit binary value that represents the source IP address of the packet. 
* Destination IP Address - Contains a 32-bit binary value that represents the destination IP address of the packet.

The fields used to identify and validate the packet include
* IHL - Internet Header Length (IHL), which is the number of 32-bit words in the header. (minimal is 20 bytes header, maximal is 60 bytes)
* Header Checksum - The 16-bit field is used for error checking of the IP header. The checksum of the header is recalculated and compared to the value in the checksum field. If the values do not match, the packet is discarded.
* Total Length - defines the entire packet (fragment) size, including header and data, in bytes. The minimum-length packet is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 bytes.

A router may have to fragment a packet when forwarding it from one medium to another medium that has a smaller MTU. When this happens, fragmentation occurs and the IPv4 packet uses the following fields to keep track of the fragments:
* Identification - This 16-bit field uniquely identifies the fragment of an original IP packet. 
* Flags - This 3-bit field identifies how the packet is fragmented. It is used with the Fragment Offset and Identification fields to help reconstruct the fragment into the original packet. 
* Fragment Offset - This 13-bit field identifies the order in which to place the packet fragment in the reconstruction of the original unfragmented packet.
Note: The Options and Padding fields are rarely used and beyond the scope of this chapter.

IPv4 still has three major issues:
 - IP address depletion
 - Internet routing table expansion
 - Lack of end-to-end connectivity (because of NAT)

Improvements that IPv6 provides include:
 - Increased address space - IPv6 addresses are based on 128-bit hierarchical addressing as opposed to IPv4 with 32 bits. This dramatically increases the number of available IP addresses.
 - Improved packet handling - The IPv6 header has been simplified with fewer fields. This improves packet handling by intermediate routers and also provides support for extensions and options for increased scalability/longevity.
 - Eliminates the need for NAT - With such a large number of public IPv6 addresses, Network Address Translation (NAT) is not needed. Customer sites, from the largest enterprises to single households, can get a public IPv6 network address. This avoids some of the NAT-induced application problems experienced by applications requiring end-to-end connectivity.
 - Integrated security - IPv6 natively supports authentication and privacy capabilities. With IPv4, additional features had to be implemented to do this.
The IPv6 simplified header offers several advantages over IPv4:
- Better routing efficiency for performance and forwarding-rate scalability
- No requirement for processing checksums
- Simplified and more efficient extension header mechanisms (as opposed to the IPv4 Options field)
- A Flow Label field for per-flow processing with no need to open the transport inner packet to identify the various traffic flows
IPv6 packet header
The fields in the IPv6 packet header include:
 - Version - (4-bit binary value) identifying the IP packet version. For IPv6 packets, this field is always set to 0110.
 - Traffic Class - This 8-bit field is equivalent to the IPv4 Differentiated Services (DS) field. It also contains a 6-bit Differentiated Services Code Point (DSCP) value used to classify packets and a 2-bit Explicit Congestion Notification (ECN) used for traffic congestion control.
 - Flow Label - This 20-bit field provides a special service for real-time applications. It can be used to inform routers and switches to maintain the same path for the packet flow so that packets are not reordered.
 - Payload Length - This 16-bit field is equivalent to the Total Length field in the IPv4 header. It defines the entire packet (fragment) size, including header and optional extensions.
 - Next Header - This 8-bit field is equivalent to the IPv4 Protocol field. It indicates the data payload type that the packet is carrying, enabling the network layer to pass the data to the appropriate upper-layer protocol. This field is also used if there are optional extension headers added to the IPv6 packet.
 - Hop Limit - This 8-bit field replaces the IPv4 TTL field. This value is decremented by one by each router that forwards the packet. When the counter reaches 0 the packet is discarded and an ICMPv6 message is forwarded to the sending host, indicating that the packet did not reach its destination.
 - Source Address - This 128-bit field identifies the IPv6 address of the sending host.
 - Destination Address - This 128-bit field identifies the IPv6 address of the receiving host.

An IPv6 packet may also contain extension headers (EH), which provide optional network layer information. Extension headers are optional and are placed between the IPv6 header and the payload. EHs are used for fragmentation, security, to support mobility, and more.

Note: Interfaces in IPv6 commonly have two IPv6 addresses: a link local address and a global unicast address. Also, notice that there are no broadcast addresses in IPv6. IPv6 addresses will be discussed further in the next chapter.

Another role of the network layer is to direct packets between hosts. A host can send a packet to:
- Itself - This is a special IP address of which is referred to as the loopback interface. This loopback address is automatically assigned to a host when TCP/IP is running. The ability for a host to send a packet to itself using network functionality is useful for testing purposes. Any IP within the network refers to the local host.
- Local host - This is a host on the same network as the sending host. The hosts share the same network address. Local hosts can reach each other and share information without the need of any additional devices.
- Remote host - This is a host on a remote network. The hosts do not share the same network address.

Routing is the process of identifying the best path to a destination.

The router connected to the local network segment is referred to as the default gateway.
If the host is sending a packet to a device on a different IP network, then the host must forward the packet through the intermediate device to the default gateway

Hosts must maintain their own, local, routing table to ensure that network layer packets are directed to the correct destination network. The local table of the host typically contains:
- Direct connection - This is a route to the loopback interface (
- Local network route - The network which the host is connected to is automatically populated in the host routing table.
- Local default route - The default route represents the route that packets must take to reach all remote network addresses. The default route is created when a default gateway address is present on the host. The default gateway address is the IP address of the network interface of the router that is connected to the local network. The default gateway address can be configured on the host manually or learned dynamically.

In fact, by not configuring a default gateway address on the printer, you are effectively denying Internet access, which may be a wise security choice.

On a Windows host, the route print or netstat -r command can be used to display the host routing table.

On a Cisco IOS router, the show ip route command can be used to display the routing table of a router. A router also provides additional route information, including how the route was learned, when it was last updated, and which specific interface to use to get to a predefined destination.

The routing table of a router stores information about:
- Directly-connected routes - These routes come from the active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated. Each of the router's interfaces is connected to a different network segment. Routers maintain information about the network segments that they are connected to within the routing table.
- Remote routes - These routes come from remote networks connected to other routers. Routes to these networks can either be manually configured on the local router by the network administrator or dynamically configured by enabling the local router to exchange routing information with other routers using dynamic routing protocols.

When a packet arrives at the router interface, the router examines the packet header to determine the destination network. If the destination network matches a route in the routing table, the router forwards the packet using the information specified in the routing table. If there are two or more possible routes to the same destination, the metric is used to decide which route appears on the routing table.

Route Source 
- C - Identifies a directly connected network. Directly connected networks are automatically created when an interface is configured with an IP address and activated.
- L - Identifies that this is a link local route. Link local routes are automatically created when an interface is configured with an IP address and activated.

Networks directly connected to a router have no next-hop address, because a router can forward packets directly to hosts on these networks using the designated interface.

If a route representing the destination network is not in the routing table, the packet is dropped (that is, not forwarded). 

show ip route  -  command output
A) Route source - Identifies how the route was learned.
B) Destination network - Identifies the address of the remote network.
C) Administrative distance - Identifies the trustworthiness of the route source.
D) Metric - Identifies the value assigned to reach the remote network. Lower values indicate preferred routes.
E) Next-hop - Identifies the IP address of the next router to forward the packet.
F) Route timestamp - Identifies when the route was last heard from.
G) Outgoing interface - Identifies the exit interface to use to forward a packet toward the final destination.

Cisco routers are designed to address the needs of:
- Branch - Teleworkers, small business, and medium-size branch sites. Includes Cisco 800, 1900, 2900, and 3900 Integrated Series Routers (ISR) G2 (2nd generation).
- WAN - Large businesses, organizations, and enterprises. Includes the Cisco Catalyst 6500 Series Switches and the Cisco Aggregation Service Router (ASR) 1000.
- Service Provider - Large service providers. Includes Cisco ASR 1000, Cisco ASR 9000, Cisco XR 12000, Cisco CRS-3 Carrier Routing System, and 7600 Series routers. 

Regardless of their function, size or complexity, all router models are essentially computers. Just like computers, tablets, and smart devices, routers also require:
- Operating systems (OS) -  provide routing and switching functions
- Central processing units (CPU) - execute OS instructions, such as system initialization, routing functions, and switching functions.
- Random-access memory (RAM)
- Read-only memory (ROM)
A router also has special memory that includes Flash and nonvolatile random-access memory (NVRAM) 
A router has access to four types of memory: RAM, ROM, NVRAM, and Flash.
Cisco devices use light emitting diode (LED) indicators to provide status information. An interface LED indicates the activity of the corresponding interface. If an LED is off when the interface is active and the interface is correctly connected, this may be an indication of a problem with that interface. If an interface is extremely busy, its LED is always on.

There are several ways to access the CLI environment on a Cisco router. The most common methods are:
-  Console - Uses a low speed serial or USB connection to provide direct connect, out-of-band management access to a Cisco device.
- AUX port - Used for remote management of the router using a dial-up telephone line and modem.
- Telnet or SSH - Two methods for remotely accessing a CLI session across an active network interface.

The console and AUX port are physical port on the router, telnet os SSH are logical remote connections.

Router boot-up
The IOS file itself is several megabytes in size and similar to Cisco IOS switches, is stored in flash memory. Using flash allows the IOS to be upgraded to newer versions or to have new features added. During bootup, the IOS is copied from flash memory into RAM. DRAM is much faster than flash; therefore, copying the IOS into RAM increases the performance of the device.

A router loads the following two files into RAM when it is booted
Boot-up process:
1. Perform the POST (Power-On Self Test) and load the bootstrap program - executes diagnostics from ROM on several hardware components, including the CPU, RAM, and NVRAM.

2. Locate and load the Cisco IOS software - The main task of the bootstrap program is to locate the Cisco IOS and load it into RAM
If the IOS image is not located in flash, then the router may look for it using a TFTP server. If a full IOS image cannot be located, a scaled-down version of the IOS is copied from ROM into RAM. This version of IOS is used to help diagnose any problems and can be used to load a complete version of the IOS into RAM.

3. Locate and load the startup configuration file or enter setup mode.
a) The bootstrap program then searches for the startup configuration file (also known as startup-config), in NVRAM.
The running-config file contains interface addresses, starts routing processes, configures router passwords, and defines other characteristics of the router.
b) If the startup-config file does not exist in NVRAM, the router may search for a TFTP server.
If the router detects that it has an active link to another configured router, it sends a broadcast searching for a configuration file across the active link.
c) If a TFTP server is not found, then the router displays the setup mode prompt. Setup mode is a series of questions prompting the user for basic configuration information.

Difference between the bootstrap (RXboot) program (0x2101) and ROMMON (0x2120)
diagnostic software, the bootup instructions, and a limited IOS
Bootstrap is more like BIOS.
It will initialize the basic device drivers and then will execute the IOS image. So, ideally, when the device is working in good condition, the bootstrap will initialize the flash disk and then copy the IOS into the RAM, and initialize IOS execution. If, for some reason, IOS execution fails, then it will copy the ROM Monitor software into the RAM and then execute that. ROM Monitor software (ROMMON) is a recovery console through which you can recover the device from software failures.
cisco-router-7200#sh ver | inc 12.
Cisco IOS Software, 7200 Software (C7200-P-M), Version 12.4(25b), RELEASE SOFTWARE (fc1)
ROM: System Bootstrap, Version 12.2(8r)B, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.2(25)S9, RELEASE SOFTWARE (fc1)
It depends on the platform.  Some routers have the rommon as a physical chip that you have to upgrade.  Others have to boot image that is just a normal file on flash.
On Cisco 7200 for example, The bootldr image should be in flash then.  All you need to do is upload the new file and change the bootldr: variable.

show version command
Verify and troubleshoot some of the basic hardware and software components of the router:
- IOS version - Version of the Cisco IOS software in RAM and that is being used by the router.
- ROM Bootstrap Program - Displays the version of the system bootstrap software, stored in ROM that was initially used to boot up the router.
- Location of IOS - Displays where the bootstrap program is located and loaded the Cisco IOS, and the complete filename of the IOS image.
- CPU and Amount of RAM - The first part of this line displays the type of CPU on this router. The last part of this line displays the amount of DRAM. Some series of routers, like the Cisco 1941 ISR, use a fraction of DRAM as packet memory. Packet memory is used for buffering packets. To determine the total amount of DRAM on the router, add both numbers.
- Interfaces - Displays the physical interfaces on the router. In this example, the Cisco 1941 ISR has two Gigabit Ethernet interfaces and two low-speed serial interfaces.
- Amount of NVRAM and Flash - This is the amount of NVRAM and the amount of flash memory on the router. NVRAM is used to store the startup-config file and flash is used to permanently store the Cisco IOS.
- CONFREG displays the current, configured value of the software configuration register in hexadecimal. If there is a second value displayed in parentheses, it denotes the configuration register value that is used during the next reload.
The configuration register has several uses, including password recovery. The factory default setting for the configuration register is 0x2102. This value indicates that the router attempts to load a Cisco IOS software image from flash memory and load the startup configuration file from NVRAM.

Cisco IOS Boot Process  -
R1# show version
CPU Processor board ID FTX152400KS
RAM Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
NVRAM 255K bytes of non-volatile configuration memory.
FLASH 249856K bytes of ATA System CompactFlash 0 (Read/Write)
IOS Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Platform cisco1941 uptime is 10 minutes, 30 seconds
INTERFACES 2 Gigabit Ethernet interfaces
System returned to ROM by power-on
IOS_boot_from System image file is "flash0:c1900-universalk9-mz.SPA.151-1.M4.bin"
LAST_RELOAD_MODE Last reload type: Normal Reload
CONFREG Configuration register is 0x2102
RAM is 512MB or 524288K sum of (491520K/32768K)
32768K - memory is hidden for securing the boot images (secure boot-image / secure startup-image)

Initial Router configuration
- hostname 
- enable secret
- line con 0 / password <some_password> / login
- line vty 0 4 / password <some_password> / login
- service password-encryption 
- banner motd
- copy run start  
- show version
- interface <type-and-number> / ip address <some ip> <some netmask>

By default, LAN and WAN interfaces are not activated.  The interface must be activated using the no shutdown command. The interface must also be connected to another device (a hub, a switch, or another router) for the physical layer to be active.

 - ping / traceroute Exclamation marks verify connectivity.
 - show ip interface brief
 - show ip route - Displays the contents of the IPv4 routing table stored in RAM. 
 - show interfaces - Displays statistics for all interfaces on the device.
 - show ip interface - Displays the IPv4 statistics for all interfaces on a route

Configure default gateway:
1) Switch
S1(config)# interface vlan1
S1(config-vlan)# ip address
S1(config-vlan)# no shut
S1(config)# ip default-gateway

2) Router 
R1(config)# ip route