Network Hardware

Network Hardware

There are many types of hardware devices used to construct an Ethernet network running TCP/IP protocols. These include nodes, Network Interface Cards (NICs), cables, hubs, switches, routers and firewalls.

A node is a device (usually a computer) that can do processing and has some kind of wired or wireless  connection(s) to a network. Examples of nodes are: desktop computers, notebook computers, netbooks, smart phones, hubs, switches, routers, wireless access points, network printers, network aware appliances, and so on. A node could be as simple as a temperature sensor, with no display and no keyboard, just a connection to a network. It could have a display and keyboard, or be a “headless node” with a management interface accessed via the network with Telnet, Secure Shell (SSH) or a web browser. All nodes connected to a network must have at least one valid IP address (per interface). If a node has only one network interface, such as a workstation computer, it is called a host. If a node has multiple interfaces connected to different networks, and the ability to forward packets between them, it is called a gateway. Routers and firewalls are special types of gateways that can forward packets between networks and or control traffic in various ways as it is forwarded. Gateways make it possible to build internetworks. They are described in more detail under IPv4 Routing in this chapter.

A NIC (or Network Interface Card) is the physical interface that connects a node to a network. It may also be called an Ethernet adapter. It should have a female RJ-45 connector on it (or possibly coax or fiber optic connector). It could be an actual add-in Peripheral Computer Interconnect (PCI) card. It could be integrated on the device’s motherboard. It could also be a something that makes a wireless connection to a network, using Wi-Fi, WiMAX or similar standard.  Typically all NICs have a globally unique, hard-coded MAC address (48 bits long, assigned by the manufacturer). A node can have one or more NICs (also called interfaces). Each interface can be assigned one or more IP addresses, and various other relevant network configuration items, such as the address of the default gateway and the addresses of the DNS servers.

Network cables today are typically unshielded twisted pair (UTP) cables that actually have four pairs of plastic coated wires, with each pair forming a twisted coil. They have RJ-45 male connectors on each end. They could also be fiber optic cables for very high speed or long run connections. Often today, professional contractors install UTP cables through the walls, and bring them together at a central location (sometimes called the wiring closet) where they are connected together to form a star network. Cables typically are limited to 100 meters or less in length, but the maximum acceptable length is a factor of several things, such as network speed and cable design. Modern cables rated as “CAT5” or “CAT5E” are good up to 100 Mbit/sec, while cables rated as “CAT6” are good up to a gigabit. Above that speed, you should be using fiber optic cables. It is also possible for twisted pair cables to be shielded if required to prevent interference from (or with) other devices.

A network hub is a device that connects multiple cables together so that any packet transmitted by any node connected to that hub is relayed to all the other nodes connected to the hub. It typically has a bunch of female RJ-45 connectors in parallel (called ports). In effect it ties together the network cables plugged into it into a star network. Hubs have a speed rating, based on what speed Ethernet they support. Older hubs might be only 10 Mbit/sec. More recent ones might be “Fast Ethernet”, which means they support 100 Mbit/sec. If you have 5 nodes (A, B, C, D and E) connected together with a hub, and node B sends a packet to node D, all nodes, including A, C and E will see the traffic. The nodes not involved in the transaction will typically just discard the traffic. This dropping of packets not addressed to a node is often done by the hardware in the NIC, so that it never interrupts the software driver. Many NICs have the ability to be configured in promiscuous mode. When in this mode, they will accept packets (and make them available to any network application) whether those packets are addressed to this node or not. If this mode is selected, the dropping of packets not addressed to you must be done in software. However sometime you want to see all traffic on the subnet. For instance, this would be useful with Intrusion Detection, for diagnostic troubleshooting, or for collecting network statistics. Hubs come in various sizes, from 4 ports up to 48 ports, and can even be coupled with other hubs to make large network “backbones”. You can also have a hierarchy of hubs, where several hubs distributed around a company actually connect in to a larger (and typically faster) central hub. Hubs do no processing of the packets, they are really just a cluster of repeaters that clean up and relay any incoming signals from any port to all the other ports. Actually, hubs are quite rare today, most such devices today are actually switches.

A network switch is similar to a network hub, but has some control logic in that minimizes unnecessary traffic. It partitions a LAN into multiple collision domains (one per switch port). Again, say you have a switch with cables connected to nodes A, B, C, D and E. If B sends a packet to D, that packet will be sent out only to the port to which D is connected. Switches learn what nodes are connected to what ports by maintaining a table of MAC addresses versus port number. When a switch is first powered on, this table is empty.

If node A (connected to port 1) sends a packet to node B (connected to port 2), the switch adds the MAC address of A, and the port it was seen on (1) to its table. In the future, when packets for A’s MAC address come in any port, they will only be sent out port 1. Since the switch hasn’t previously seen the MAC address of B (as a source address), it doesn’t know where B is located, so it sends this first packet out all ports. If B replies to A’s packet, the switch adds B’s MAC address and port (2) to the table. In the future, packets sent to B’s MAC address will only be sent out port 2. Each addition to the table expires after a certain amount of time, to allow nodes to be moved to other ports. An incoming packet sent to a broadcast address will always be sent out all ports. This behavior holds down excessive traffic that would normally just be dropped anyway by the unaddressed nodes (not to mention unnecessary packet collisions). It also provides a small degree of privacy, even if someone enables their NIC in promiscuous mode. If your LAN is built using switches instead of hubs, you can typically only sniff traffic originating or terminating on the network segment connected to your port of the switch. Most switches are oblivious to IP addresses – they work only with MAC addresses. Because of this, they are IP version agnostic. This means they will carry IPv4 or IPv6 traffic (or even other kinds of Ethernet traffic) so long as that traffic uses Ethernet frames with MAC addresses.

If you are using a switch, but one of your connected nodes really does want to see traffic from other network segments, some switches have a mirror port function that will allow all traffic from any combination of ports to be copied to one port, to which you connect the node that wants to monitor that traffic. This must be configured, which requires a management interface of some kind. Like hubs, switches come in various speeds, from 10 Mbit/sec up to 1000 Mbit/sec (Gigabit). Unlike hubs, you can mix different speed nodes (10 Mbit/sec, 100 Mbit/sec and even 1000 Mbit/sec) on a single switch, so the speed rating it the maximum speed for nodes connected to it. Switches also come in sizes from 4 ports up to 48 ports, and better ones can be “stacked” (linked together) to effectively build a single giant switch. Lower end (cheaper) switches may have few if any configuration options, and may not even have a user interface. Smart (or managed) switches typically have a sophisticated GUI management interface (accessible via the network, usually over HTTP), or Command Line Interface (accessible either via serial port, telnet or SSH) that allows you to configure various things and/or monitor traffic. Switches also typically include support for monitoring or control using SNMP (Simple Network Monitoring Protocol). Very advanced switches have the ability to configure VLANs (Virtual Local Area Networks), which allow you to effectively create multiple sub-switches that are not logically connected together. Some of these advanced functions process IP addresses (layer 3 functionality), hence are IP version specific (an IPv4-only smart switch cannot process IPv6 addresses, but the basic switch functionality may work fine). Very recent smart switches do support both IPv4 and IPv6 (dual stack), for layer 3 functionality.