Introduction to Computer Networking for Broadcast Engineers

This course was written by Paul Claxton, CPBE, CBNT. Mr. Claxton is a retired US Navy Master Chief Petty Officer and has been an SBE member for more than ten years. He is active in the Society as current and past SBE chapter 131 chairperson and certification chairperson for his chapter. He holds certifications from Novell, Microsoft, CompTIA, and SANS in various computer networking, security, and administration areas and has presented IT subject papers at the NAB's engineering sessions. Currently he is employed at the American Forces Network Broadcast Center in Riverside, California as an IT management specialist and project engineer.

The purpose of this course is to give the student an introduction to the fundamental concepts of computer networking. The course will cover computer topologies (both physical and logical), media types, the OSI model, and local area networking. It will cover some legacy material but is primarily about Ethernet, TCP/IP and other current computer networking protocols. Hardware, such as switches and routers will be covered and software, such as VLAN, VPN, and NAT as well. Some basic troubleshooting, security, and administrative procedures will be covered.

The course is meant as an introduction, covering many subjects at a high level in order to assist the broadcaster in passing the Certified Broadcast Networking Technologist exam.

Disclaimer: Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.

Physical Media: Copper, Wiring Standards Fiber, Optic, RF, and Connectors

The fundamental purpose of a network is to link computer nodes together so that they can communicate and share information with each other. Copper wire, fiber optic cable, and radio frequency waves can be used to connect the many different types of nodes together. Copper cables come in many types including coaxial, twisted pair, USB, serial, and parallel types.

There are several types of connectors used and a couple of wiring standards in use which will be covered. Network signals are sent at radio frequencies so many of the principles of RF cable are used in networking.

Physical Media: Copper

Coaxial Cable

Coaxial cable is one of the oldest methods of connecting computer network nodes together. The network cables are similar in construction to video cables but are of 50 ohm construction. Either RG-58A/U or RG-8 cable is used in thinnet and thicknet applications. Like other types of copper cables the outside plastic jacket can be constructed of PVC or Teflon-type covering. PVC cabling is not plenum rated and where that is a concern the low smoke Teflon-type or other plenum rated cabling must be used. Coax cable is relatively rugged but its larger and can be more difficult to work with than other types of copper cables. The standard connector for coax cable is a BNC. Coax cable networks sizes are limited due to the high cable losses. One caution broadcasters that still use coaxial cable for networking is to avoid mixing the computer network's 50 ohm cable and connectors with RF's 75 ohm cable and connectors. Twisted Pair

A second type of copper cable is twisted pair where individual wires are twisted together at a precise rate and bundled together inside a common cable. There are shielded twisted pair (STP) and unshielded twisted pair (UTP) varieties. Advances in cable technology have allowed for speed increases across twisted pair cables. The original speed of cable was 10 megabits per second and now 100 megabit and 1000 megabit (gigabit) twisted cables are common with distances limited to 100 meters. Twisted pair is expected to suit 10 Gbit/s rates over short distances. Twisted pair can support Ethernet, token ring, ISDN, and ATM. There is a 100 meter limit on distances between active nodes. The standard connector for twisted pair cable is an RJ-45.

The IEEE has set standards of twisted cable which are often referred to their category name with category 5 and 6 in common use today.

Category 1 - Pre-1983 not suited for network

Category 2 - 4 Mbps

Category 3 - 4 twisted pairs for 10 Mbps

Category 4 - 20 MHz

Category 5 - 100 Mbps

Category 5e (enhanced) - Gigabit Ethernet

Category 6 - Gigabit Ethernet

With category 5 and 6 cabling special care must be taken when handling and "pulling" cable to not put excessive stress or kinks into the cabling. No network cable should be abused but gigabit Ethernet is especially sensitive and cable should be laid into place rather than pulled when ever possible. Maintaining the twist ratios throughout the entire length of the cable is required including inside the connector and connector boot. As an example with category 5 twisted cables there can be no more than half an inch of untwisted wire. Current installation techniques avoid the use of traditional wire ties and hook-and-loop straps are used instead.

Twisted pair cable is cheap, easy to work with, and fast making it commonly used in broadcasting network applications. Network interface cards for twisted pair are commonly included on motherboards by manufacturers. The cables are susceptible to radio frequency interference (RFI) so they should be installed with distance between them and power or other signal cables. Shielded twisted pair cables include a foil shielding to help reduce EMI/RFI and cross-talk concerns but are more expensive and slightly more difficult to install.

Twisted Pair Wiring Standards

There are two wiring standards for twisted pair cables: T568A and T568B. Officially the US National Communications Systems Federal Telecommunications Recommendations do no recognize T568B but none the less it can be found in use in the United States. The only difference is that the colors for pairs 2 and 3 are reversed. Other Copper Cables

Other copper cables found in use include serial and parallel cables, USB, and IEEE 1394 "FireWire". Serial cables often use the RS-232 standard and D-subminiature 9-pin or 25-pin connectors to interconnect devices together. Parallel cables use DB-25 or 36-pin "Centronics" connectors and were often used to connect personal computers to printers. The parallel port is considered legacy in most applications having been replaced by the Universal Serial Bus (USB). USB cables use several different connectors of various sizes with the type A, type B, and their mini- and mico- types being the most popular. USB comes in four speeds: 1.5 Mbit/sec, 12 Mbit/sec, 480 Mbit/sec, and 4.8 Gbit/sec with the 480 Mbit/sec USB 2.0 being the most popular. IEEE 1394 "FireWire" use two different connectors and have data rates of 400 Mbit/sec, 800 Mbit/sec, 1.6 Gbit/sec, and 3.2 Gbit/sec.

Physical Media: Fiber Optics (or Fibre Optics)

Fiber optic cable uses very thin strands of special glass to send visible or infrared colors of light signals between nodes. Fiber optic cables allow the transmission of signals over great distances due to low losses which can be as low as 0.3 dB per kilometer or 0.5 dB per mile. Another benefit of fiber optic cable is that it is immune to both RFI and EMI interference. Fiber optic cable comes in two broad types: single mode and multi-mode. Single mode fiber cables have finer core diameters and are generally used for longer runs runs. Multi-mode cables have larger core diameters and are generally used for shorter cable runs. Often multiple strands of fibers are bundled together inside a protective jacket. Caution must be used when working with fiber optic cables as their bending radius is limited so sharp turns, bends, and kinks must be avoided. It is common practice to run fiber optic cables inside of protective innerduct when running cables through a plant or even between equipment racks. The laser light sources for single mode cable can be very powerful and care must be taken to avoid exposing the unprotected eye to the light source. Never look into the end of a single mode fiber optic cable. When preparing connectors care must be taken with the very sharp glass core which can penetrate the skin or eye.

There are many types of fiber optic connectors with about 12 of them in common use including the common ST, SC, FC, LC, FDDI, MT-RJ, and Opti-jack connectors.

Fiber optic cables allow for sending signals great distances and provide good security. The initial expense of the cable and installation can be higher than with copper as fiber optic network cards are normally added in as riser cards to the motherboards in personal computers. Test equipment is more expensive and terminating and splicing for fiber optic cables is more expensive and time consuming than the copper cable counterparts.

Physical Media: Radio Frequency Networking

Radio frequencies can be used to connect two transceivers together to allow computer communications. RF has found use both in the LAN and in WAN applications connecting computers together within an office and allowing mobile connections on-the-road.

Within the LAN there are four approved standards, two legacy and two currently popular. The standard authority is the IEEE LAN/MAN Standards Committee (IEEE 802). Legacy standard 802.11a was released in 1999 and provides for a 20 Mbit/s throughput using a 5.4 GHz band. Legacy standard 802.11b was also released in 1999 and provides for a 11 Mbit/sec throughput using a 2.4 GHz band. 802.11a was popular among businesses due to its higher throughput where 802.11b was popular among home and small businesses due to its lower equipment cost.

802.11g was released in 2003 was provides for 22 to 54 Mbit/s throughput using a 2.4 GHz band. This standard was widely accepted and built into many laptops for years. The 802.11g standard is popular with both home and businesses users.

802.11n was released in 2009 and provides for 50 to 600 Mbit/s throughput using both 2.4 and 5 GHz bands using multiple antennas and links. Many draft-n products were sold prior to the final standard being published and they require updating to be fully standards compatible. 802.11n equipment is backwards compatible with 802.11g equipment at the slower 802.11g data throughput rates.

It is not common practice to use wireless networking for any production or highly critical communications like using in an automation system due to limitations on throughput and the possible loss of packets. Security is also a very large concern and any sensitive traffic sent across a wireless network needs to be encrypted to prevent interception. Troubleshooting wireless network connections can require expensive equipment and can be difficult.

Physical Network Topologies: Bus, Ring, Star, Mesh, Cellular, and Hybrid

The definition of a computer network is a system of computers, printers, audio or visual display devices, or telephones interconnected to transmit, store, and receive data. The physical topology between those devices used to interconnect network nodes can be one of several types of design: a bus, ring, star, mesh, cellular, or hybrid. The physical topology often is different than the logical topology which will be discussed in another lesson. The first pair of network topologies are legacy and the last three are in current use.

The Bus Physical Topology

The earliest computer networks used bus topology to interconnect computers together using coaxial 50 ohm cables. Only one computer can be transmitting on the bus at a time. The cables came in two diameters.

Thinnet (10base2) means 10 megabits per second, base band modulation, and 185 meters maximum distance between network ends. Thinnet used RG-58A/U or similar cable to daisy chain one machine to the next with 50 ohm BNC type connectors on each cable. A BNC T-connector attached the bus to the back of each computer. The very end computer on each end of the daisy chain has to be terminated with a 50 ohm terminator. Common mistakes with this type of network within a television station was to accidently introduced common 75 ohm cable, connectors, and even terminators into the system causing packet reflection problems.

Thicknet (10base5) means 10 megabits per second, base band modulation, and a 500 meter maximum distance between network ends. Thicknet used RG-8 cable which ran the length of the network. Drops to individual computers were made using vampire taps which were attached with a coring tool designed to cut through the outer skin of the coax cable to expose the center conductor. Similar to thinnet, each end of the network required a 50 ohm terminator and the introduction of 75 ohm parts into the system caused packet reflection problems.

Advantages: Uses the least amount of cable, somewhat rugged cables.

Disadvantages: Termination problems, slow, difficult to trouble shoot, hard to work with cable and connectors, one fault can take down the entire system.

Both thinnet and thicknet fell out of common use in the mid to late 1980s. There are still legacy networks using bus technology but new installations should avoid the use of bus hardware.

The Ring Physical Topology

In a ring physical topology each node connects to two other nodes receiving signals from one and sending them to the other. These computers form a ring where each computer handles every packet in a "bucket brigade" with messages being passed from one machine to the next reaching the intended communication partner. Because a single broken link would break communications with the entire network often dual ring networks were set up with a counter-rotating ring to form a redundant link. A single break in the cable would be healed back around the counter-rotating ring segment. Advantages: Dual ring networks have a degree of redundancy, good security.

Disadvantages: Slow, expensive.

The first implementations of 100 megabit used a fiber-optic using dual ring topology. Fiber Distributed Data Interface (FDDI) often served as the backbone connecting together data closets. FDDI became obsolete in the mid-1990s but legacy networks can still be found.

The Star Physical Topology

In a physical star topology nodes connect to a centralized device like a hub or switch with a single cable run between them. The cable is typically a unshielded twisted pair (UTP) cable but can also be shielded twisted pair (STP) or fiber-optic. Currently the star topology is the most common in use today. Physical star topology scales to larger sizes very well with centralized devices plugging into other devices to form a larger star or a star of stars.

Ethernet typically uses a star physical topology with 100 megabit or gigabit switches forming the centralized device which connects the various nodes together. A failure in one cable will only disrupt communications between the two end nodes. Advancements in cabling design have seen the physical topology move from 10 megabit per second communication rates to 100 megabit, gigabit and beyond. Advantages: Fast, easy to trouble shoot, cheap, easy to work with cables and connectors.

Disadvantages: Uses the most cable of any topology.

The star network topology has been the most popular one since the mid-1980s and continues to replace both bus and ring physical topologies. Typical local area networks found within broadcasting use the star physical topology.

The Mesh Physical Topology

In a mesh topology is a very special physical topology where every node is connected to every other node with a dedicated communications circuit. A mesh topology is used where nodes have a very high requirement to be interconnected with every other node.

Because of the large number of connections between nodes as a mesh network grows in size a partial mesh topology is normally implemented where a high number of nodes are interconnected with many connections. Advantages: Highly redundant.

Disadvantages: Uses the most amount of cabling, difficult to configure, expensive.

The Cellular Physical Topology

In a cellular topology mobile nodes connect to fixed connection points using radio frequency communications. These fixed bases allow the mobile nodes to roam within their radio coverage. If coverage overlaps the node is allowed to cross between coverage zones with no loss of service. The fixed nodes are connected together using copper or fiber-optic cables forming a network.

Because radio frequency waves can spread across large distances security is a large concern. Any traffic sent to or from a node that is private or sensitive needs to be encrypted to prevent interception. Troubleshooting radio frequency coverage and interference can be difficult and time consuming.

Advantages: Mobile nodes can roam within the coverage area.

Disadvantages: Security concerns, coverage and troubleshooting problems, slow data speeds, expensive.

Lack of network speed and security concerns limit its use in broadcasting plants but using the telecom's network delivery of streaming audio and lower resolution video is popular and a growing use of this physical network topology in smart phones, netbooks, and laptops.

The Hybrid Topology

Often one topology will not support all the requirements of a design. A hybrid topology will use two or more of the other physical topologies. As an example an Ethernet network using a star topology might add a number of 802.11 wireless access points to create a cellular topology extension. Advantages: Ability to combine two or more topologies.

Disadvantages: Each network's topology own disadvantages plus a small amount of additional complexity and expense.

Logical Network Topologies: Bus and Ring and Connection Types

Physical media can be arranged in one of several different topologies: bus, ring, star, mesh, cellular, and hybrid. These describe the path that the cables or signals follow. On top of this physical topology is a logical topology, how the computer protocols use the physical topology to exchange information between each other.

In a LAN when a computer node uses the physical media it uses the entire bandwidth, in other words it is not channelized so only one computer node can be transmitting successfully at a time. Computer nodes use the media for tiny slices of time to allow other nodes a chance to communicate.

A single computer node can send signals to three different groups. It can send a data packet to one specific computer; these are called unicasts. It can send a data packet to every computer in the network; these are called broadcasts. And finally it can send a data packet to more than one computer but less than all the computers in the network; these are called multicasts.

If two stations attempt to transmit at the same time a collision results and the data becomes corrupt and unreadable. In packet communications contention is the method that is used to share the physical media.

The Ring Logical Topology

In a ring logical topology a special packet called a token is used to designate which computer node has permission to use the physical media. The token is passed between computers in order until the last node is reached and it passes the token back to the first computer on the list. The token travels around this logical ring of computers until a computer node has traffic to send to the network. The computer with the token packet then transmits a data packet into the physical network. This data packet follows the token's ring being passed from one computer node to the next like a bucket brigade. Eventually the packet is returned around the ring back to the transmitting computer.

The transmitting computer can examine the packet to see that it arrived as it was sent to detect any errors or corruption of the data. If the ring includes the intended communication partners and the packet was returned the sending computer can then also infer that the message was delivered.

The token ring list can favor some nodes over others allowing them to have higher priority access to the ring.

This token passing method of contention was used by ARCNET, token ring, token bus, and FDDI and offered some speed advantages over the bus logical topology of Ethernet as there are no collisions due to the use of a token. Advancements in cable technology allowed Ethernet to offer 100 Mbit/sec speeds and this led to the decline of the use of 4 to 16 Mbit/sec ring networks.

The Bus Logical Topology

In a bus logical topology network every computer has the opportunity to attempt to transmit a signal without waiting for permission as given by a token in a ring logical topology. Since it is possible that two computer nodes could attempt to transmit at the exact same instant or nearly the same instant, collisions do occur and there needs to be a method of detecting them, reducing their occurrence, and retransmitting the lost packets of the collision.

Carrier sense, multiple access, with collision detection (CSMA/CD) is a network access method which is used by bus logical topologies. CSMA/CD isn't difficult to understand if you break it into three parts. First when a computer has a data frame to send to the network it performs a carrier sense - it listens for other computer nodes already using the physical media. When the transmission stops multiple stations now have the chance to access the media, first come first served. And finally since it is possible and common that more than one station is going to attempt to transmit a signal a collision detection method is needed.

A computer node detecting that the physical media has been idle transmits the first portion of its frame containing the header portion of the data packet. If another station transmits its frame the two sets of one and zeros will electrically collide producing an abnormal signal voltage on the media. Any computer node detecting that abnormal signal will send out a jamming signal to notify every node that it has detected a collision.

The two computer nodes that were transmitting a signal receive the jamming signal and note that they were at least part of the collision cause because they were transmitting a frame the instant prior to receiving the jamming signal. The two computers then pick a random number and wait that many milliseconds before attempting to retransmit. If they collide again the pick a random number from a larger range and wait again. This is repeated until eventually a third computer breaks up the two causing collisions or they pick different random numbers and one of the two machines goes first retransmitting the failed frames.

CSMA/CD is used by Ethernet up to the 1 Gbit/sec speeds.

A second method of media contention in a bus logical network is carrier sense, multiple access with collision avoidance (CSMA/CA). Collisions are better avoided than detected so in a network using CSMA/CA a computer node listens and waits for a clear carrier and the transmits out a small frame telling other stations not to transmit. Once the media is clear it then transmits its data frames. Optionally request to send (RTS) and clear to send (CTS) packets can be used to implement collision avoidance.

CSMA/CD is used by Apple's LocalTalk and wireless IEEE 802.11 among others. In wireless networking the CTS/RTS protocol can have "hidden" nodes maintain a quiet period even when they can not "hear" the transmitting computer.

In the example below access point 2 and therefore computer H are beyond the transmit range of computer T's wireless network card. Computer R receives computer T's request to send and responds back with a clear to send. Access points 1 and 2 receive and repeat that signal so that computer T and computer H receive the CTS signal. Even though computer H never "heard" computer T's RTS it can infer that some hidden computer is using the network due to computer R's CTS signal.

Collisions are a normal part of a bus network and depending on the physical length of the network cables, the number of nodes, and the amount of data throughput the collision rate can rise. The collision rate of a network can be measured with network analysis software. Any increase in the collision rate should be investigated for the cause.

Connection based and connectionless based network sessions

When two computers exchange data there are two methods in which they can establish a connection in order to send data.

In a connection based data exchange there is a back and forth exchange of acknowledgements of the data packets sent and received. The two computer nodes exchange very large random numbers and with each data packets sent between them they increment that by the number of packets sent. In this way a receiving computer can detect if some of the packets were lost or damaged in transmission and request that the missing packets be retransmitted. Watching the physical media for data there is a back and forth data flow with the transmitting computer sending data, the receiving computer making acknowledgements, and then the transmitting computer sending more data. If the receiving computer receives fewer packets than the transmitting computer claims the receiving computer asks for a retransmission of the last packets sent. Most data exchanges between computers are connection based. The primary advantage of connection based networking is accurate data transfers.

In a connectionless based data exchange once the two computers have negotiated all the parameters to set up the session data the data flows from the transmitting computer to the receiving computer without concern if all packets made it to the receiving computer. The primary advantage of a connectionless based data exchange is speed as the sending computer does not have to wait for the acknowledgements of the receiving computer. Connectionless based networking is used for streaming audio and video applications.

The Open Systems Interconnection Model and Data Encapsulation

The Open Systems Interconnection (OSI) model is an International Organization of Standardization (ISO)/International Electro-technical Commission (IEC) reference model and international standard (ISO/IEC 7498-1:1994(E)) which documented the concepts and fundamentals of the functions of the software to hardware interface for computer networking. The model is a framework which allows software writers to integrate their work with the existing work of others. It gives engineers and technicians a common model to use for designing and troubleshooting networks. The model describes how one computer system transfers data into another. Or, in other words, how local area networks function.

Seven Layers

The OSI model breaks the process of data such as key strokes, mouse clicks, and HTML web pages crosses the physical media and reaches another computer into seven layers. The seven layers form a stack. Each layer passes information coming or going to the next layer up or down the stack.

Computers such as servers and personal computers will implement all seven layers of the OSI model but devices such as switches and routers will not as they do not need the functions and services of the upper layers to do their job. More details about routers will be discussed in a later lesson. Each layer of the OSI model communicates with intelligence to its peer layer in the opposite stack. In the example below the presentation layer of computer A is trying to negotiate a mutual encryption method with the presentation layer of server B. The only way for the two to exchange a data is by using all the layers below them to act as liaisons, passing the data downwards toward the physical media and then upwards from the physical media. These layers simply move the data without understanding what the two presentation layers are 'discussing'. The session, transport, network, data link, and physical layer protocols 'stay in their lane' and tend to their tasking simply moving the presentation layers data for them.

This layer-to-layer communication method works in a similar fashion with the other layers. Each layer requires the assistance of lower layers to get to and from the physical media and communicates with its peer layer in the opposite OSI model stack about some part of its function or service.

Encapsulation

As data is sent from the users applications down the protocol stack, the protocol software adds a small amount of data to the beginning of the packet, called a header, and sometimes to the end of the packet, called a trailer. This small amount of data is how the protocol software communicates with its peer software in the opposite computer.

As a packet comes into the receiving computer, each layer of protocol software reads the header (or trailer data), takes action on it, and then strips off the header and sends the remainder of the message up the protocol stack.

The OSI Model Layers

Layers one, two, and three are considered the lower layers and are concerned with the media and hardware. Layers four, five, six, and seven are considered the upper layers and are concerned with the host layers dealing with software primarily. An easy method to help remember the layers first initial from bottom to top is Please Don't Never Throw Sausage Pizza Away. A method for the top to the bottom is All People Seem To Need Data Processing. Please note that both the physical layer and presentation layer start with the letter P so don't get those two confused.

Layer 1: Physical Layer

The physical layer controls the functional interface like the transmission technique, pin layout, connector type, timing, and maximum transmission distances. The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Repeaters, transceivers, and hubs operate at this layer taking frames and converting them to electrical 1's and 0's (bits). Examples of Physical layer protocols include Ethernet, Token Ring, SONET, 802.11 wireless, T1, FDDI, RS-232 and HSSI.

The physical layer interfaces the computer's software to the physical media sending streams of bits between computers. Layer 2: Data Link Layer

The data link layer takes raw data bits up from the physical layer and gives it logical structure called frames. Using a header it adds information like where the data is to go, which computer sent the data, and the overall validity of the bytes sent using an error detecting method when sending frames down to the physical layer. It takes action on the acknowledgement signal sending another frame. The data-link layer is concerned with physical addressing which is uniquely identifying each computer in a network with a hardware address. It is also concerned with network topology (star, ring, mesh etc.), line discipline, error notification (but not correction), the ordered delivery of frames, and optional flow control.

The IEEE divided this layer into two sub-layers: the MAC sub-layer and the LLC sub-layer.

The Media Access Control (MAC) sub-layer is the lower of the two sub-layers of the data link layer defined by the IEEE in 802.3. The MAC sub-layer handles access to shared media, such as whether token passing or contention will be used, physical addressing and topology. The Logical Link Control (LLC) sub-layer handles optional error control, flow control, and framing. The most prevalent LLC protocol is IEEE 802.2, which includes both connectionless and connection-oriented variants.

When creating frames the data link layer identifies the network protocol and then encapsulates the packet with a header. The LLC header tells the data link layer what to do with a packet once the frame is received. Switches and bridges operate at this layer working with tables of Media Access Control (MAC) addresses transmitting frames. Examples of data link protocols are Ethernet, Token Ring, FDDI, AppleTalk, Fibre Channel, Frame Relay, ARP, SLIP and PPP.

The Data Link Layer ensures data finds its way within a local area network.

Layer 3: Network Layer

The network layer manages communications addressing, routing, and delivery of packets between networks. Routing occurs at this layer with the network layer protocols trying to decide the fastest route between computers that are not locally attached. The network layer protocols take logical addresses (like 124.135.72.5) and matches them with the physical device addresses called Media Access Control (MAC) addresses. The network layer handles Quality of Service (QoS) prioritizing data if needed. The network layer controls congestion using window sizes, routes data from source to destination, it builds and tears down packets. This layer provides connectivity and path selection between two different networks. Routers work at this layer working with tables of logical network addresses sending packets. Examples of Network layers are IP, ICMP, IPX, RIP, OSPF and NLSP.

The Network Layer ensures data finds its way between two different networks.

Layer 4: Transport Layer

The transport layer provides reliable or unreliable delivery to ensure data is delivered error-free and in the correct sequence. It segments data message or combines several smaller messages to fit within frame size length. The transport layer provides mechanisms for the establishment, maintenance, and termination of virtual circuits, transport fault detection and recovery, and information flow control. The layer puts data segments received out of order back into proper order. Transport layer protocols include TCP, UDP, PPTP and SPX.

The transport layer transfers data between computers providing efficiency and accuracy by setting up connection or connectionless based communications.

Layer 5: Session Layer

The session layer manages simplex, half-duplex, and full duplex dialogs between computers defining how the two computers are going to handle, synchronize, maintain and end a virtual conversation. The session layer keeps different applications data separate along a common data path. Retransmission requests occur and error reporting for the application and presentation layer takes place in session layer protocols. Session layer protocols include SQL, SAP, NFS, Named Pipes and RPC.

The session layer controls the dialogues between computers.

Layer 6: Presentation Layer

The presentation layer formats data exchange into an agreed upon format and presents it to the user. Character sets are converted; data is encrypted or decrypted, and compressed or decompressed. The presentation layer is also concerned with the data structures used by programs and therefore negotiates data transfer syntax for the application layer. Some standards are involved with multi-media operations like MPEG, JPG, MIDI, GIF, ASCII and QuickTime. The presentation layer ensures that information sent by the application layer of one system will be readable by the application layer of another.

Layer 7: Application Layer

The application layer provides network services directly to user's applications including file, print, terminal emulation, and message services advertisements. The application layer identifies and establishes the availability of intended communication partners and the resources required to connect with them, it synchronizes cooperating applications, and establishes agreement on procedures for error recovery and control of data integrity. Operating system call interception allows for file service requests across the network. Examples of application level protocols are Telnet, SMTP, FTP, DNS, SNMP and NCP.

The application provides an interface to the network for user applications.

Above the application layer of the OSI model is where the user's applications function. This is where Internet Explorer, Fire Fox, PowerPoint, Word, OpenOffice, Video Editing software and others.

OSI Layer blending

Those writing the code for the software that performs a function on an OSI level are allowed to incorporate other features. Often, things like error detection and encryption can and are performed at additional layers.

The TCP/IP Model

The TCP/IP model predates the OSI model. It can be loosely compared to the OSI seven levels. The TCP/IP model has four layers: the link layer, the Internet layer, the transport layer and the application layer.

Introduction to Network Devices: Repeaters, Transceivers, Hubs, Switches, Routers and Spanning Tree Protocol

The local area network is interconnected using repeaters, transceivers, hubs, and switches. Routers are used to interconnect local area networks to other networks. Spanning Tree Protocols are implemented to prevent physical loops from being formed by redundant network paths.

Repeaters

A repeater is a simple two port device that works on the physical layer and is used to extend the length of a physical media segment. In Ethernet, using twisted pair copper wire the maximum distance between a computer node and its hub or switch is 100 meters (328 feet). If a computer node needed to be connected beyond this distance an active repeater could be put into the line to act as an amplifier and re-clocker allowing for a longer distance. Signals need to be re-clocked by the repeater as there are timing restrictions as well. In wireless networking, a repeater is an access point which extends the network signal past the primary access point's range. Transceivers

A transceiver in networking works at the physical layer and takes one type of media signal and converts it to another. As an example, a copper Ethernet cable connects to a transceiver for conversion to fiber optic. Fibre channel gigabit and 10 gigabit Ethernet use standardized transceivers know as GBIC, SFP, XFP, and XAUI (pronounced "zowie"). In larger broadcast facilities copper Ethernet runs become too long and often fiber optic is used and transceivers will convert the signals back and forth as required.

Hubs (also known as concentrators)

A hub works on the physical layer connecting Ethernet devices together to form one larger network segment. If the hub receives a signal on one of its input ports, it sends it out to all other ports acting like a multiport repeater. Active hubs regenerate the signal to remove any noise present on the incoming signals prior to transmitting it out. Intelligent hubs have firmware programming which can be used to gather use data, control the hub remotely, and to detect error and segregate individual ports if they're causing problems. Hubs come in two main form factors, a stackable hub that comes with its own enclosure and chassis hubs that slide into a chassis frame that contains a power supply and back plane. Chassis hubs can allow for very high port density for larger installations.

A major disadvantage of hubs is they form larger physical layer collision domains as they interconnect more and more computers. Hubs work on the physical layer dealing with raw bits and are unaware of the upper layer protocols passing though them. Hubs do introduce a minor amount of delay, or latency, into the network signal while passing bits. In recent years the use of hubs has declined as the price of network switches have dropped. Switches

A network switch operates on the data link layer learning MAC addresses and makes switch decisions based on that address. A switch maintains tables in its RAM of which MAC address is connected to which port. Switches are not upper level protocol aware but can only switch on data link protocols that they can understand. As long as the link layer protocol is understood, the switch will send that frame to the correct receiving computer node regardless of the type of data contained within the packet. Switches connect the computer nodes together at the physical and data link layers.

Switches cannot connect networks or subnetworks together. That function is performed by routers uniquely. In the example below the computer nodes in blue are connected together physically by the switch and logically by the IP protocol subnet assignment. Likewise the computer nodes in yellow are physically connected through the same switch but are segregated from the blue computer nodes with a separate network IP address assignment. To connect one of the yellow computers to the blue computer's logical domain, the IP address would simply have to be changed to match the IP subnet of the blue computers. Security is very low in this sort of arrangement. In a later lesson Virtual Local Area Networks (VLANs) will expand on this principle and improve security.

When a switch first boots up it has an empty switching table so it looks at every inbound frame to read the "from" portion of the protocol. The switch then makes an entry into its switch table for that MAC address. Then, like a hub, it sends that frame out every port. In this learning mode the switch continues to send out frames to unknown computer nodes while watching for return traffic back to the originating computer. If a computer responds to the initial message, the switch learns that address. Going forward, the switch will directly connect those two ports. This is unlike a hub, which will always send every frame to every computer node connected to it.

As the switch learns the location of every computer node connected to it there is less and less traffic broadcast out every port. Depending on the size of the network and number of computer nodes this learning period can be a few minutes long, as switches can have hundreds of switch ports. Once the table is complete, also called converged, the switch makes a one-to-one connection along its backplane between ports active in a virtual conversation. This breaks the collision network to a pair of computers which are normally connected with full duplex, meaning there are no collisions possible.

The switch isn't 100% efficient, as there is normally a small amount of broadcast traffic on a network which the switch is going to have to transmit out all ports. Switches also make monitoring traffic difficult as a network analyzer will be kept out of the virtual conversation by the switch. Some switches come with special features which will perform port mirroring to the analyzer's port. Switches can lead to overload where many clients attempt to connect to the same server port at the same time.

Network switches separate a port's physical layer connection until they need to be connected. This reduces collisions. Switches keep the local area network functional by reading and understanding the data link header. Like hubs, switches can come in two form factors; the stackable type that come with their own enclosure which can be desktop, or rack mounted and in chassis form with cards that slide into a chassis with backplane.

Switch Modes

There are four different modes that a switch can use. Depending on the level of quality of the switch it can implement one or more of the modes. Modern switches have backplane speeds fast enough that there is very little, if any, latency added as the switch operates.

In the store and forward mode the switch buffers the entire frame and then inspects it for errors using the cyclic redundancy check hash included with every frame. This mode is the slowest as the entire frame has to be buffered into memory before the CRC check can begin; however, it sends out only frames that are error free.

In the cut through mode the switch reads the data link header's hardware destination address and starts forwarding the frame as the rest of the frame arrives. This mode is fastest as the frame doesn't buffer before moving out; however, it can lead to packets with errors sent out.

In the fragment free mode the switch reads the entire data link header and then like the cut through mode starts moving the frame out the correct port. In theory any collision errors should take place only in the data link header. This fragment free mode adds a bit more latency over the cut through mode, but it detects more errors in return.

In the adaptive switching mode, the switch operates as a fast cut through mode while watching for errors. After detecting a number of errors over a period of time, the switch changes modes to the store and forward mode to detect and remove damaged frames from the network. After a given number of good frames have been transferred the switch then changes modes back to the cut through mode.

Higher end managed switches can incorporate router functions with the ability to route packets between networks. Often called layer 3 switches, they have the ability to both switch packets between ports using the MAC address and route packets using the IP address. These layer three switches, and the switched routers taught later in this lesson, are blending the traditional layer 2 and layer 3 functions together to create faster networks.

Routers

A router is a network layer device that connects two or more networks together using logical addresses. Like a switch, a router also maintains internal address tables, but rather than the MAC addresses of the data link layer, the router maintains logical addresses of the network layer. In a TCP/IP network the Internet Protocol (IP) addresses are the ones that the router uses. If you looked at your network's MAC addresses they would be fairly random, which would make finding distant MAC addresses a very large challenge. IP addresses, on the other hand, are assigned logically and can be located fairly easily. A router also has the ability to filter out packets based on the IP address and the protocol contained in the packet based on the router's administrator settings. These filters can affect incoming packets, outgoing packets, or both. This allows the router's administrator to limit the amount of traffic that a router forwards to improve performance or security. As an example, HTML (web pages) and POP3 (email) traffic might be allowed into a server but the router could block all other traffic to limit the security risks when exposing the server to public traffic. FTP (file transfers) might be allowed inwards to a cache server allowing affiliates the ability to send stories into a file server but block outwards traffic to keep the stories from public viewing.

When a router receives a packet it examines the network layer protocol and reads the source and destination address. If the two addresses are in different networks the packet can be routed. The router then looks at its rule set to see if the administrator has permitted packets from or to the IP addresses of the packet and that the protocol is permitted. The router then forwards the packet off to the destination network or to other routers that will forward the packet to the correct distant network. If a router receives a packet inbound to its network to an unknown computer and determines it to be safe, it drops the packet blocking its entry into its network.

Normally a broadcast facility could have routers in two different locations: internally and between their networks and at the border between their networks and their Internet Service Provider (ISP). Internal core routers interconnect various departments' networks together, as an example the non-linear editor production network might be separate from the automation system or the on-the-air play out server network. An internal core router would allow packets to travel between these networks as needed while at the same time limiting traffic which will improve performance and reduce security concerns. The broadcast facilities' internal networks are connected with the ISP's edge routers with subscriber edge routers that pass packets to and from the Internet. The ISP provides inter-provider routers to move the packet to the correct distant network as part of their service.

Routers can come with physical layer and data link layer interfaces to match the local and ISP networks such as Ethernet, ATM, MPLS, Standard Optical Carrier (OC) and wireless 802.11. Unlike a switch a router has to receive the entire packet before it can start processing it. If the packet is routable, unlike a switch, the router will alter the packet's logical address and recalculate the CRC sums before sending the packet out. This cuing of the entire packet and altering introduces some latency as the packet travels through the router.

Routers are complex devices with an operating system in their firmware. Routers communicate with other routers using routing protocols. They exchange information with each other about which networks or other routers they are connected to. This communications builds a route table with lots of data about lots of communication possibilities. Often there exist many different paths to the same destination. Some of these routes will be faster than others. Through the use of some very interesting and complex mathematical algorithms the router sorts its route paths to find the fastest potential path to every distant network that it knows about.

A good analogy of a router is the mail service. Let's say you're in Los Angeles and you are trying to mail a package to New York City. You address the package with the sender's and receiver's addresses. When you mail the package the postal clerk asks a series of questions about the package to determine that it can be mailed. If the package is acceptable the clerk takes the package for mailing. The clerk in Los Angeles doesn't actually know the address of the far end destination but can read and understand the format and sees that the package is heading to New York State. If the package was destined for another address in Los Angeles the clerk wound have had the package delivered by his own post office. Since the package is destined for another post office it is sorted by handling equipment and people routing the package towards New York City, moving between package handling centers across America. Along the way if there's trouble along the route the package may get diverted and shifted through another city. For instance, a snow storm in Chicago might have the mail being routed through Atlanta. Eventually the package arrives at a post office that handles mail to and from the New York City address; the package gets put on a truck and delivered.

The router that connects your facility to the ISP's edge router looks over packets looking for packets destined for other networks. The packet contains the IP addresses of the sender and receiver. The router looks over the packet to make sure it complies with the IP address and protocol filters as set by the administrator. The edge router doesn't connect to the destination router but it does know of other routers which are connected to other routers ... and eventually the distant ISP has a router that connects to the destination server. If a router along the fastest route fails or becomes too congested, the routers on either side of it will discover this and start communicating this with their neighbors. Packets can then be routed around the troublesome router automatically.

If you'd like to see the router path between your computer and a distant server you can use the Windows TRACERT command. Open a Windows command line by going to the Run menu and typing CMD and hitting the return key. This will open a command line interface. Now type in TRACERT WWW.SBE.ORG or to any other web server. Windows will slowly start to build a table of those routers between your computer and the distant one. Note that some routers do not respond to the requests being made and will show up as an asterisk character rather than their name.

Normally a firewall is implemented between the Internet and internal networks. Routers can perform Network Address Translation (NAT) by converting private internal IP addresses to public routable IP addresses; this will be discussed in a later lesson.

Spanning Tree Protocol

In computer networking, like broadcasting, it is very common to have redundant pieces of equipment to ensure maximum up time. Critical pieces of equipment will often have a failover device installed which can take over the role of another. In the drawing below, network switch 2 is put into service parallel to network switch 1 for redundancy.

Computer A sends out an Ethernet frame destined for computer B. That frame arrives at switch 1 and switch 1 looks up the MAC address for the destination computer and finds it in the opposite interface, so it knows it needs to forward that packet out to the other interface to reach computer B. At this point all is well. But what prevents switch B from also receiving that same Ethernet frame off of network segment A, also looking up computer B's MAC address, and also forwarding that packet to computer B? Nothing! Each switch will perform its duty, forwarding a packet to between the two network segments. This will result in two packets on the second network segment, or more likely, a collision. If computer B receives two frames it will respond back to both of them. The switches will each see each of those two frames and forward them both, resulting in four responses back to computer A. This loop fails very quickly and the switches "count to infinity", creating collisions on both networks and bringing both network segments down with a packet storm. A broadcast frame can also cause this same sort of loop with each switch forwarding the broadcast frame back-and-forth between them.

To prevent this from happening Spanning Tree Protocol IEEE 802.1D was designed to allow switches to talk to each other and to discover these logic loops before they cause problems.

Now assume that switch 1 has been turn on and switch 2 is still off. Switch 1 sends out STP packets out of its physical layer interfaces looking for other switches. Since switch 2 is off it does not respond and switch 1 goes about its job of forwarding frames as required between the two network segments.

At some point later switch 2 is turned on and it then sends out STP packets in an attempt to discover other switches. It sends STP packets on to network segment A and switch 1 hears those STP packets and responds back. Switch 2 sends out STP packets onto network segment B and once again switch 1 hears those packets and responds back. Switch 2 'hears' switch 1 off of both of its interface ports and 'learns' that those two ports are in parallel with switch 1.

So switch 2 blocks the ports that would create a logical loop with switch 1. Every few seconds STP packets are sent out with each switch saying "hello" to each other to keep the two switches informed of each other's status. If switch 1 were to fail switch 2 would stop hearing its STP traffic and eventually take over passing traffic between the two network segments. This failover process can take 30 to 50 seconds which in some cases is too great of a time period. Rapid Spanning Tree Protocol (RSTP) IEEE 802.1w was designed to reduce this time to 18 seconds or less depending on administrator settings.

In practice sometimes the two switches are not physically sitting side-by-side in the same rack, but due to the depth and size of a network two or more switches may find themselves creating a loop. STP or RSTP will discover this topology and prevent switches from saturating the physical media with echoes and broadcast storms.

Routers will often incorporate software to work on OSI layer 2. These are sometimes called switched routers. When a packet arrives, they examine the layer two destination MAC address. If the address is known, it operates like a switch, forwarding the packet to the correct interface port. If the MAC address is unknown, it will examine the IP address and attempt to route the packet. The advantage is speed, as switching a packet is faster than routing a packet. Like layer 3 switches, these switched routers are crossing the traditional lines between switches and routers.

Ethernet and Network Interface Cards

This lesson starts to put it all together by combining the physical copper media using twisted pair, the logical bus media using CSMA/CD, the OSI physical and data link layers, and the network devices of the local area network: the computer node's Network Interface Card (NIC) and switches.

The Ethernet protocol was standardized by IEEE 802.3 and has been in existence since the mid-1980s. Ethernet defines both OSI physical and data link layer properties. Ethernet provides standards for cables, jack and plug combination, voltages, frequencies, and physical addressing formats.

Ethernet NIC cards are very common and come in many form factors to match the requirements of the various computer nodes.

Ethernet at the OSI Physical Layer

Ethernet dates back to the early years of networking when 10Base2 and 10Base5 physical bus topologies were used. Today the parts to assemble these networks are difficult to impossible to find as twisted pair cables and a star physical topology have replaced the more difficult to work with coax cable. Today more than 90% of local area networks use Ethernet twisted pair. Ethernet being packet based as a variable delay delivery means that the sending computer makes a best effort to get packets delivered to the receiving computer but there is no guarantee. This can prove to be an issue with broadcasters because media servers do not tolerate lost or missing packets very well. For this reason Ethernet is normally used to deliver programming to a media server where it is cached for playout sometime later.

Twisted pair technology has advanced over the last 25 years allowing copper cables to carry network signals from 10 Mbits/sec up to 1 Gbit/sec. Unshielded Twisted Pair (UTP) is the most common cable used in computer networking and is a four pair, eight conductor cable. The Telecommunications Industry Association and Electronic Industries Alliance (TIA/EIA) standard 568B established categories of telecommunications cable standards which are capable of carrying a designated speed of network signals.

Each TIA/EIA cable has a matching registered jack (RJ) connector to match. The standard connector in Ethernet is the RJ45 and it has eight connectors and a locking key. The standard TIA/EIA 568B wiring code is: P1= white with orange stripe, P2=orange, P3=white with green stripe, P4= blue, P5=white with blue stripe, P6=green, P7=white with brown stripe, P8=brown.

TIA/EIA category 5 cable was the standard network cable for many years and was suitable for 100 Mb/sec signals. This cable is now unrecognized and current practice is to use category 5e or better. Category 5e cable is designated for 100 Mb/sec and 1 Gb/sec signals and category 6 more doubles the maximum frequency and is the cable typically used in gigabit networks today.

Ethernet does have 10 Gbit/sec and 40 Gbit/sec standards but they require fiber optic cables.

The twisted pair cable has a velocity factor that limits the length of the cable to 100 meters (328 feet). Standard practice is to limit cable runs to 90 meters (295 feet) to allow for patch panels and cross connects.

Ethernet normally uses a star physical topology with a central device like a network switch to link computer nodes together.

Ethernet at the Data Link Layer

At the data link layer Ethernet is a bus logical topology and uses Carrier Sense, Multiple Access and Collision Detection (CSMA/CD) to share the common logical bus between computers. Ethernet has several valid frame types with the Ethernet II being the one most commonly used. NIC cards are normally left in autoframe type detection.

Every protocol has a published definition as to the location and length of each data field and what type of data is allowed inside of each field. An Ethernet header has four parts, including the preamble, the destination address, the source address and the type field. Ethernet also attaches a one field trailer to the frame.

The Preamble

The preamble field consists of two parts: a seven byte synchronization pattern of alternating ones and zeros and a one byte start frame delimiter of 10101011 which designates the start of the next field.

The Destination and Source Address

Each Ethernet Network Interface Card (NIC) is assigned a fixed and unique 48-bit/6 byte Media Access Control (MAC) address at the time of manufacture. Card manufactures are assigned blocks of MAC addresses by the IEEE with the first 24-bits indicating the card manufacturer and the last 24-bits of the address reserved for the unique address. When an Ethernet card communicates it marks the send and to fields of the data link layer frame with its unique 48-bit address and the unique 48-bit address of the destination computer.

The normal format is to reduce those 48-bit addresses down to hexadecimal and to separate each byte with a colon as in "00:0C:46:54:C7:FC". To discover the MAC address of a Windows computer go to a command line and type in the command "IPCONFIG /ALL". Windows will display the physical address of each of the network cards in the computer. It is possible for a computer to have more than one network card but each of the addresses will be unique to that one adapter.

When a computer receives an Ethernet frame it looks at the destination address to determine if the frame is addressed to it uniquely, or a broadcast destined for all computers. If it meets one of those conditions, the frame is destined for that computer. The Ethernet protocol strips off the Ethernet header and hands the packet to the network layer protocol for further processing.

The broadcast address for Ethernet is FF:FF:FF:FF:FF:FF which is a series of 48 logical ones.

The Type Field

If the Ethernet protocol is going to hand the packet to a network layer protocol it needs to know which of several network layer protocols are going to understand the packet. The type field contains a value which is compared to a loop up table to decide which network layer protocol to hand the packet to for processing. Since the sending computer built the packet it knew which network layer protocol it put into the Ethernet frame so it fills in the type field to help the receiving computer decode the network packet correctly.

As an example the hex value of 0800 in the type field tells Ethernet at the data link layer that its frame contains the network layer protocol Internet Protocol V4 (IP) and to pass the remainder of the frame to the IP code for further processing. The code 8037 in that same field would indicate Novel Netware's IPX.

The Data Field

The actual payload is the data field and can be a minimum of 46 bytes. If data smaller than this needs to be sent the packet is padded. This keeps the minimum size of the entire frame above 64 bytes. Frames smaller than this are considered runts and are dropped. By default a maximum of 1500 bytes of data can be sent in each packet. If data exceeds that size the protocol at the network layer will break the data up into smaller pieces to fit the maximum frame size. Some 1 gigabit Ethernet networks support "Jumbo Frames" which allow for up to 9000 bytes worth of data or more to be sent in each frame. Jumbo frames can be more efficiently processed by a computer's CPU and are more bandwidth efficient, but all network devices in path must support jumbo frames; a switch that doesn't support jumbo frames will drop them.

The Frame Check Sequence

The Frame Check Sequence (FRS) is a checksum added to the tail end of the frame prior to it being placed on the physical media. Before the source computer sends the frame it uses a mathematical algorithm on the data creating a 16-bit checksum result which represents the data. The destination computer upon receiving a frame performs the exact same check using the same algorithm to create a second result. If the result at the designation computer does not match the source computers exactly the data has been corrupted in transit and that frame is dropped. If the two checks match the data has integrity and is passed up the protocol stack for processing. The algorithm used in an Ethernet FCS is a cyclic redundancy check (CRC).

Network Cards

Each NIC card is designed to link the outside physical layer media with the computer's internal bus. Twisted pair Ethernet ports are normally built into mother boards but higher end Ethernet ports are typically daughter cards that are plugged into the computer's motherboard. Some higher end cards can have two or four Ethernet ports on them and offer TCP/IP processing on the card reducing the load on the computer's CPU processor.

The Ethernet protocol also sets the duplex mode with autonegotiate, which is recommended for 10/100 networks and required for gigabit networks. In autonegotiate, the two nodes will attempt to find a matching duplex and network speed. The network can slow down if there is a duplex mismatch with two computers in a conversation set to different duplex modes. Due to the nature of Ethernet hubs half duplex is the only duplex mode supported. Ethernet switches are typically left in autonegotiate.

Internet Protocols (IP), Addressing and Subnetting, and DNS Servers

Just as Ethernet holds a dominant position as a local area network physical and data link layer protocol, the Internet Protocols holds the default network to application layer use. The Internet protocols are a set of a few dozen protocols which emerged in the middle 1980's from research conducted by the Defense Advanced Research Projects Agency (DARPA). The Internet Protocols pre-date the OSI model by a few years. Two of the most important protocols in the Internet protocol are the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which together are commonly known as TCP/IP.

An understanding of numbering systems will help you understand networking and specifically IP addressing and network and sub-network masks.

Numbering Systems

The numbering system we commonly used is base 10 was likely selected because most of us have ten fingers. In digital circuits we use base 2 (binary) because the two states of one and zero are very robust and easy to design a circuit around. Base 8 (octal) and base 16 (hexadecimal) are three binary and four binary digits worth of base 2. The base number is indicated by a subscript with the base so 72 base 16 can be expressed as 7216 as an example.

To convert from one numbering system to another a number line is used along with some simple addition. To create a number line simply raise the base to each power needed. The base ten number line looks very familiar. It's helpful to start a number line to remember that any number to the zero power is 1 and that any number to the power of 1 is that number. Start from the least significant digit on the right and work your way left. Using the number line we can now read the base 10 number 675,126 as 6 hundred thousands, 7 ten thousands, 5 thousands, 1 hundreds, 2 tens, and 6 ones " or more commonly six hundred and seventy five thousand, one hundred and twenty six. This looks silly because we're "programmed" to think in decimal from an early age.

In binary the number line looks like this. Remember any number to the zero power is one and any number to the power of 1 is that number.

Using this binary number line it is now easy to convert a binary number to decimal. Just put the binary number along the bottom, multiply down and then add across. To convert the number 100110 to decimal using the number line created line up the binary number across the number line starting off at the least significant digit. Now multiply down, 32 times 1 is 32, 16 time zero is zero, 8 times zero is zero, 4 times 1 is 4, 2 times 1 is 2, and 1 times zero is zero. Now add those products across: 32 + 0 + 8 = 4 + 2 + 0 equals 46 base 10. Using this method and longer numbering lines any numbering base can be converted to decimal.

Below is a base 8 number line to convert octal numbers into decimal.

In base 16 we need 16 unique characters to represent the concepts that in decimal we call zero though 15. We use the digits zero though 9 and then borrow the letters A though F to represent the quantities 10 though 15.

Below is a base 16 number line to convert hexadecimal numbers to decimal.

Converting a hexadecimal number to decimal is a bit odd as letters are converted to decimal numbers first but the concept is the same as we used in binary, multiply down and then add the products across. The hexadecimal number A7B9F2 is converted to decimal on the number line below.

A7B9F216 equals 1099211410.

Internet Protocol (IP) The current IP protocol version is version 4 and is abbreviated IPv4. Version 5 was an experimental protocol and was never released to the public. The next generation IP, IPv6, has been released and its use is limited but growing. IPv6 is backwards compatible with IPv4 and provides a vastly increased address space. IP addresses are regulated and issued by the Internet Assigned Numbers Authority (IANA).

In IPv4 the address space is limited to 32-bits or four eight-bit bytes. The normal notation for the address is a dotted decimal such as 66.39.27.70. Each of the four eight-bit bytes is represented by its decimal equal. From the example below you can see that it's much easier to repeat a dotted decimal notation across the telephone rather than the binary notation when doing a trouble call.

The first part of the IP address designates the network and the remaining bits were used to designate the unique node within that network. Originally there were five classes were defined: Class A, B, C, D, and E, with Class A, B, and C being most commonly used for computer networks, Class D was reserved for multicasting, and Class E was left for experimental applications. The three IP classes set up fixed sizes of networks with Class A having almost 17 million nodes, Class B having over 65 thousand nodes, and Class C having just 254 nodes. A mask was used to tell the computer how much of the IP address was used for the network and how much reserved for the host node ID. The mask address designates which bits are the network address and which are the node address.

In a Class A address the first 8-bits, the first-byte, is reserved for the network address and the remaining 24-bits, three-bytes, are used for the host node ID. The default Class A subnet mask is 255.0.0.0.; and the first byte has a value between 1 and 127. The network 127.0.0.0 is reserved to be used as a loop-back address.

In a Class B address the first 16-bits, the first two-bytes are reserved for the network address and the remaining 16-bits, two-bytes, are used for the host node ID. The default Class B subnet address is 255.255.0.0.; and the first byte has a value between 128 and 191.

In a Class C address the first 24-bits, the first three-bytes, are reserved for the network address and the remaining 8-bits, the last byte, are used for the host node ID. The default Class C subnet mask is 255.255.255.0; and the first byte has a value between 192 and 223.

The three fixed sizes of network classes ended up wasting many millions of IP addresses as much of the address space went unused. If a company needed five hundred IP addresses they might be issued a Class B address and leave sixty four thousand addresses unused.

In the early 1990's with the expansion of the Internet the number of IP addresses was running out so a Classless Inter-Domain Routing (CIDR) (pronounced "cider") system was designed to allow for finer allowances of the limited number of IP addresses. This and Network Address Translation (NAT) allowed for the recovery of millions of unused IP addresses and added life to IPv4.

In CIDR the old Class A, B, and C fixed length subnet masks are gone and are replaced with a variable length mask indicating the number of bits reserved for the network. The length of the network subnet mask is indicated with a slash and the size of the network prefix. As and example the old 255.0.0.0 subnet mask of the Class A address would be represented by a /8 so that the old Class A address would be 66.39.27.70/8.

Using CIDR it is possible to create networks that are a better match to the requirements of the user. Rather than the old fixed /8, /16, and /24 sizes many sized network can created such as a /23 which would be a bit larger than the old Class C, or like in the example below, a /9 which would be smaller than a Class A network. In this manner millions of IP addresses were recovered and put to use.

Private IP Addresses

Three sets of IP addresses were reserved for private use, that is, non-Internet use. These addresses do not require outside coordination for use nor a license fee. They cannot be routed onto the Internet and are instead used internally on local area networks.

The entire 10.x.x.x network is private providing for a huge /8 network for LAN use. The networks between 172.16.x.x to 172.31.x.x are private providing for several very large /16 networks. Finally all the networks starting with 192.168.x.x are private providing for many /24 networks for LAN use.

IP at the OSI Model Network Level

IP is a network level protocol used by routers to direct, to route, packets between networks. The router looks at the IP protocol on the network layer, and looks at its network mask to determine if the packet is destined to another network. If the network portion of the IP packet matches the router's interface IP address network portion the router "knows" that the packet does not need forwarding. The switch will connect the two host nodes together inside the LAN. However if the IP address's network portion is different than the router's interface IP address network portion the router "knows" that the packet needs to be forwarded to reach the other network and processes the packet, checking to see first if the packet is allowed to be forwarded, and then seeking out a route path to the distant network.

IP addresses are logically organized and grouped unlike MAC addresses. Using the post office analogy again the post office is able to locate all the homes on Main, Oak, and Broad Street in Springfield but would have much more difficulty finding all the Smiths, Browns, or Johnsons spread across the nation.

There are three methods that a computer node can be assigned an IP address: manually, with Dynamic Host Configuration Protocol (DHCP), and through Automatic Private IP Addressing.

An administrator can manually enter in the computer's IP address, subnet mask, gateway, and DNS server. This is the preferred method of assigning an IP address to the network infrastructure like any sort of server.

When using DHCP as a computer boots up it will send out special packets seeking the services of a DHCP server. A DHCP server runs an application that an administrator has configured to automatically respond to requests and issue out IP protocol information. The DHCP server receives the DHCP request and responds back with the required settings "leasing" the IP address to the client for a specified length of time, normally for several days. The client will attempt to renew the lease prior to it expiring so that its IP address remains usable. If the client boots up and seeks the DHCP server and it is either not responsive or even not installed the Windows computer will self assign itself a Automatic Private IP Address (APIPA). This allows for zero configuration assigning of IP addresses. If the client is using IPv4 it will self-assign itself an address using the special block of addresses in the 169.254.0.0/16 network. These are considered private addresses and are not routable. If the network normally uses a DHCP server to assign addresses and it is down for maintenance or due to a failure the clients with addresses assigned using APIPA will not be able to communicate with those addresses assigned by the DHCP server. They will be able to communicate with each other, however. Once the DHCP server is restored to operation the clients with APIPA addresses can be rebooted to obtain normal IP addresses.

Internet Protocol Version 6 (IPv6)

IPv4 has 32-bits of logical address space providing for about 4 billion IP address. With the expansion of the Internet in the 1990s it became apparent that a larger address space was needed. IPv6 has 128-bits of logical address space providing for 3.4x1038 (340 trillion, trillion, trillion) addresses. That's enough for 670 quadrillion IP addresses per square inch of the earth's surface. At this time IPv6 has very little penetration, about 1-2%, but is growing.

It implements mandatory IP security (IPsec) which authenticates and encrypts each IP packet. IPv6 uses a fixed size (sub-)network identifier of 64-bits and a host identifier of 64-bits. IPv6 introduces a new type of address called an Anycast where the nearest or best destination can be connected to for increased reliability.

IPv6 uses hexadecimal with eight groups of numbers separated with colons. Because of their length there are three rules used for shortening these addresses.

1. Leading zeros can be dropped.

Original address - 2001:0db8:3c4d:0012:0000:0000:1234:56ab

Dropping leading zeros - 2001:db8:3c4d:12:0000:0000:1234:56ab

2. Whole blocks of zeros can be removed leaving the colons behind.

Dropping leading zeros - 2001:db8:3c4d:12:0000:0000:1234:56ab

Dropping blocks of zeros - 2001:db8:3c4d:12:::1234:56ab 3. One and only one set of consecutive blocks of zeros can be removed. In the example below this allows the removal of the colons

Dropping blocks of zeros - 2001:db8:3c4d:12:::1234:56ab

Dropping one consecutive blocks of zeros - 2001:db8:3c4d:12:1234:56ab

Using rule number three the following IPv6 addresses are all equal addresses.

2001:0DB8:0000:0000:0000:0000:1428:57ab

2001:0DB8:0000:0000:0000::1428:57ab

2001:0DB8:0:0:0:0:1428:57ab

2001:0DB8:0::0:1428:57ab

2001:0DB8::1428:57ab

Domain Name System (DNS) Servers

DNS servers convert human friendly domain names like www.sbe.org to IP addresses like 66.39.27.70. These name servers look up the domain hierarchy name and provide an IP address in response. Internet Service Providers (ISP) provide DNS servers as one of their services. The ISP's DNS server provides a method for clients browsing the Internet to find a distant web server. They can also provide IP addresses for distant clients attempting to find the address of the station's public web page.

DNS servers are set up in a hierarchy where they have authority for a specific area of the domain name space. As a hypothetical an example there is a DNS server responsible for the root DNS suffixes like .com, .org. and .edu, there is DNS server for just the .edu (Education) domain, another for the .uc (University of California) domain, and another for any individual schools like the ones in Los Angeles, Berkley, and San Diego. Each DNS server has links up and down the hierarchy pointing to the next authority up or down the chain. The local ISP's DNS server will query these servers on behalf of a browsing client and cache the authoritative answers for later use.

Routing and Route Discovery, and Network Address Translation

Routing Protocols

Routing is the process of moving packets from one network to another. There are two types of network protocols used in routing - the routing protocols and the routed protocols. Routing protocols are special protocols that routers use to share information with each other about the Internet or network infrastructure. Some routing protocols are Routing Information Protocol (RIP) and Open Shortest Path First. A routed protocol is one used by a host looking for a distant host like IP or UDP these are the packets that routers actually move. Routing protocols are used to discover how to move the routed protocols.

Router's Logical Knowledge

Routers are among the most advanced pieces of hardware in a network. They have an embedded operating system within their firmware which gives them the programming code to do several things.

The first ability a router has is to read network layer protocol addresses like IP and understand the destination and source addresses. Using the network mask or sub-net mask the router can determine what portion of the IP address refers to the network and which refers to the individual host within the network.

The next capability a router has is knowledge of all of its neighboring routers. If a router is connected to another router they will discover each other using one of the routing protocols and "introduce" themselves to each other and start sharing information.

Routers build tables of routers that they are connected to and share that with those routers. Those routers share that with the routers they are connected to and so on and so on until the knowledge about a particular router, its networks, and its connection circuits is spread far and wide. When a router table is fully complete with the entries for all routers and paths, it is said to be converged. Inside the router is an algorithm, a mathematical formula, which is used to figure out the shortest or fastest path between any two networks. A router goes through a step-by-step process to route a packet. First, it determines if the source and destination addresses are in different networks. In the example above there is a packet being sent from the computer on the left with the network address of 192.168.100.x to the network 192.168.110.x. The router can connect these two different networks together.

The next step the router takes is to see if the packet is permitted to be moved between the networks. An administrator can prohibit or allow traffic based on address and the protocol being used. If permitted, the router will then look into its route table to find a route that connects the two networks together. In this example the router is directly connected to the destination network. The effect is that the router receives the packet on its E0 interface and sends it out its E1 interface. If it wasn't, it would seek out another router to forward its packets in the correct direction. Normally this would be the ISP's router.

In the example above, router A is directly connected with the ISP router. Router A shares its information about sub-net A with the ISP router. Likewise router B is connected directly to the ISP router and router B shares its information about sub-net B with the ISP router. The ISP router in turn will share the information it knows about sub-net B with router A and sub-net A with router B acting as a go-between connecting the two physically separate networks. When router A gets a packet for sub-net B it "asks" the ISP router to handle that traffic and direct the packet to router B. In this way a router fabric is formed connecting computers together across Internet service providers, cities, states, and the world.

Router Tables

There are two types of router tables: static and dynamic. With a static router table an administrator enters the data about distant routers manually. With over 300,000 routers on the Internet manually entering data can be a problem. Normally, static routes are only used for highly secure networks that need to segregate their traffic to known routers. In dynamic route tables the routers are allowed to share information with each other about neighbors. Dynamic routing uses the routing protocols Open Shortest Path First (OSPF) and Router Information Protocol (RIP) to carry the table data between routers.

Network Address Translation

Network Address Translation (NAT) decreases the requirements for public IP address on internal local area network nodes and allows for subnetting a larger network. Typically NAT takes place on the border router that connects the internal private network to the external public one. In the example below the Automation router and the Programming and Traffic routers send their outward bound packets to the Border router which would be running the NAT process. The NAT process allows privately addressed nodes to access the Internet by substituting a public IP address for those packets that need to be forwarded by the router to the Internet. Internally, the node uses a private IP address. When that node connects through the router, the router readdresses the packet so it has a public IP address. When the router receives a return packet, it does the opposite by removing the public IP address and substituting the internal private IP address.

This translation has a second benefit in that the packet's internal address is obscured and is never exposed to the outside world. The router running NAT acts as a proxy exchanging packets between the internal and external sources. If the external source is unable to discover the true internal IP source of the packets and this provides some level of security.

NAT can be done in three different ways. In static NAT each internal address as a waiting private IP address resulting in a one-for-one mapping. In dynamic NAT there is a pool of public IP addresses that are shared. When an internal IP addressed node needs to connect outside the network it borrows one of the public IP addresses from the pool returning it when completed. The most common method of NAT is port address translation (PAT) also known as overloading. In overloading many internal clients share the same external public IP address with the NAT server assigning each internal client a different port to communicate upon. Using PAT overloading there can be hundreds or thousands of clients using one public IP address.

Troubleshooting Procedures, Hardware and Software Tools and Equipment

Troubleshooting network equipment is much like troubleshooting any other electronic equipment except that a different set of hardware and software based troubleshooting tools are used. In radio and television broadcasting seconds count and often there will be redundant or fail-over equipment available. The first step should always be to get the system back on-the-air. Normally that means failing over to the back up system as quickly as possible. Learn your system and policies so that in an equipment failure you are able to act quickly.

The standard method of troubleshooting normally includes steps similar to these:

1. Symptom recognition

2. Symptom elaboration

3. Test, measurements, and analysis

4. Determine the probable faulty component or setting

5. Fault correction or adjustment

6. Post repair check

7. Fault analysis and documentation

Symptom recognition means looking at the problem as it presents itself. Don't focus too closely in the beginning. Look around at other related systems nearby. If one media server cannot communicate with an automation server can the other media servers still communicate? What might appear to be a problem with the media server might in fact be a problem with the automation system or the network. Focusing too quickly on a narrow area might mean overlooking the root cause of the problem. Look, listen, smell and feel to gather symptoms. Look for error messages on the screen, flashing warning lights and disconnected cables. Look at equipment and software logs for past error messages. Listen for warning tones, fans failing, or an air conditioner that is shut off. Listen to the equipment operator's explanation as to what happened. This can be a key clue into what happened. Smell for any burned components or for things overheating and starting to give off odors. Feel connectors to ensure they are connected and locked into place. In order to do this effectively, you have to know what good looks like and what bad looks like. Becoming familiar with your unique networks while they are functioning properly helps you troubleshoot them should they fail.

Symptom elaboration follows the gathering of symptoms. You begin to make educated guesses about where the problem lies. If one media server is having difficulty retrieving files from the archive and the other media servers are not, you can start to focus on things unique to that one media server rather than the network or the archive system. If all the media servers cannot pull files from an archive system then focus on what is common with all of them, like the switch and the archive system itself. You take the raw symptoms and try to come up with an idea on what is possibly causing the symptoms that you are seeing. "I'm not getting any files out of archive, the network switch, archive manager, or archive robot could possibly be having problems." This is normally the point where you can fail-over back up systems to cover on-the-air problems.

In tests, measurements, and analysis you start to try to prove your thoughts in symptom elaboration. You use hardware and software tools to make tests on that which you cannot see in symptom recognition. If none of the media servers can pull files from the archive, you might open up the archive manager and see if it is getting requests, check its self diagnostics, ping from the manager to the robot archive and back to the media server and watch the robot to see if it is retrieving tapes. Measurements and tests normally start half-way along the signal path looking to see if the problem is upstream or downstream. In analog video or audio production the stream runs in one direction from camera or microphone toward recording or transmitter. In computer networking that "stream" runs in both directions in that computer nodes chat back and forth, meaning communications have to be bidirectional.

Next, determine the probable faulty component or setting. While making measurements and observations, you are attempting to narrow down the fault to one component or setting. Most of the time a faulty component is swapped with a shelf spare and the bad unit is pulled for bench repair or replacement. Some times there are methods of patching around a bad piece of equipment to maintain valuable air time. Determining the bad part gets easier with time and experience.

In fault correction or adjustment the failed part is repaired, replaced, or adjusted back to proper operation. Often software based problems can be traced back to the operating system or application, simply losing control of the random access memory assignments and letting a piece of data over write code space or visa-versa. Rebooting such a failed computer or server will flush out the memory and allow the system to rebuild afresh.

The post repair check means that following the repair, replacement, or adjustment you check and double check the repaired work. If you discover the fault was not repaired you simply return back to step one and start over again until you get it right. During a post repair check, carefully monitor all operation parameters to make sure that fixing one problem didn't unmask another. Discovering an empty toner cartridge in a printer might expose a problem where the paper handler is wrinkling copy jobs. Rebooting a media server might reset the parameters to an earlier saved version of codec so the machine starts playing back or recording in a different format. If the repair is successful, provide feedback to the reporting person so they know that the equipment is back in use. Following the post repair check is normally the point where the equipment is put back into service on-the-air.

Finally, the fault analysis and documentation takes place. In analysis you attempt to determine why the problem started in the first place. In many cases that answer might be that you do not know an initial cause or its cause is beyond your control. Other cases where analysis might be more worthwhile are problems caused by the environment or with training. If equipment is overheated or subject to high levels of moisture or humidity it can lead to failure. High levels of dirt and dust can cause overheating. Excessive vibration can cause connectors to shake lose or lead to premature failure of disk drives. If operators are having trouble with the equipment it might be due to a lack of training or a misunderstanding of operating procedures. Documentation serves as a long term memory for you and other people in your shop. The documentation ought to be shared among all and can serve as a method of training the maintenance personnel.

Make sure you know your facility policies and procedures and follow them.

Common Network Problems

The software and hardware tools used to discover and solve these common problems are discussed in the next part of this lesson.

On new equipment first put into service that is experiencing network connection problems, check the IP settings looking for common mistakes like incorrect IP addresses or subnet masks. Check the link light on the NIC card to see if the cables are connected on both ends. The link light glows green to only confirm physical connection between the node and the switch, not that the protocol settings are correct. If using DHCP ensure that the DHCP server is accessible from the DHCP client location. If the IP settings are manually entered check for an incorrect IP, subnet, or DNS address. Check for the correct auto detection of port speed and port duplex setting. Make sure the gateway address is correctly entered. Check the cable and connector to ensure they are wired correctly.

On existing networks, cable problems can be difficult to troubleshoot. Special test equipment can be used to check for opens, shorts, and reversals. This equipment can range from the very simple LED indicators to a complex software based time domain reflectometer (TDR) which can provide great detail. Cables that are marginally too long may work under light network conditions but fail as traffic increases. Cables laid along side power cables can have stray voltages induced to them. Items like fluorescent lights, electric motors in freezers or hand dryers, radio transmitters like in cell phones, and 2-cycle motors like in some garden tools can all radiate RFI or EMI causing network interruptions.

Wireless networks bring in a whole set of unique problems of their own. Interference from other near-by networks can cause the network to slow. Using the incorrect encryption can prevent client connection. If the client is set to manual channel selection it might not find the correct access point channel to connect to. The SSID has to match between the client and the access point too. As the distance from the access point increases the signal level and speed drops.

Software can have its own set of network problems. Computer programs that have been updated need to be watched very closely across many days for subtle changes. An upgraded firmware may cause problems with a second piece of equipment which connects only once a day at midnight for configuration upgrades as an example. Programs that use Java need to be watched to match the correct Java version with the application. Likewise with a program that uses a browser client window to ensure that it has the correct browser version. Updates and versions need to be managed very closely to balance security and improvements with the chaos they can raise. Version creep is where one program affects another which affects another.

Less common problems include switching and routing loops introduced by the installation of new equipment or creating a bridge though a Windows client between two NIC cards. NAT servers and DHCP servers need to be watched for proper function.

Software Tools

The command line tools provided by Windows and Linux are invaluable go-to tools. Since they are normally installed by default, they are almost always available. Mastering the most common of these tools is important. ipconfig (IP Configuration)

Ipconfig for Windows and ifconfig for Linux and Mac operating systems will display the current configuration settings for the TCP/IP client. This is a quick way of displaying the IP address, subnet, DNS server, WIN server and the default gateway. Like any command line program a list of the options in Windows type "/?" is brought up following the command. Below is the command without options and the program displays only the basic information.

Using the common /all switch brings up a more complete display, including additional information like the network cards MAC address, NIC manufacturer and other detailed information. This switch allows checking the DHCP and the DNS server entries. Ipconfig's /release and /renew switches will return a leased IP address back to the DHCP server and reacquire one. On machines running Windows Vista or Windows 7, this requires elevation of the command prompt to run as administrator. To do this, right click on the command prompt icon and choose 'run as administrator', entering the administrator password if prompted. Note below in the window the addition of 'Administrator:' to the command prompt title.

Once elevated to administrator, ipconfig/release and ipconfig/renew can be run. This verifies connection with and operation of the DHCP server. ifconfig (Linux)

Linux distributions use ifconfig to display information about their interfaces.

tracert (Traceroute)

Trace route can be used to discover where packets are getting delayed or lost along a set of routers. The program sends out a string of ICMP packets with an increasingly long time-to-live (TTL). The first packet is sent out with a TTL of one so the first router that gets that packet subtracts one from the TTL of one and drops the packet. Depending on whether the administration configured the router to reply or not the router will reply back to the client which sent the ICMP packet providing its name. The client then increases the TTL to two and sends out the packet looking for the second router along the line to drop the packet and respond back. This process continues on until the target of the trace route is reached. A router that refuses to respond or takes too long will be marked with asterisks. The client provides a list of all routers and the minimum, maximum and average time to reply. From the command prompt simply enter tracert target_name with the target name either in IP or domain form. In the example below the target's name is www.lammle.com and the DNS server resolved that to the IP address of 174.132.212.194 providing the check of the DNS server. It can be a challenge to read the router's names but in the example below you can see the packet traveling through the Verizon ISP network before being passed to the ATT ISP network and then to target server being hosted at "theplanet.com" in 70 to 72 milliseconds. ping

Ping sends packets to a destination and requests that they be echoed back. The response delay is displayed providing a minimum, maximum, and average route trip times. You can ping with either a name or an IP address.

Hardware Tools - Cable Testers

Cable testers can run from the very simple to the very complex and there are normally different test sets for copper Ethernet, fiber optic and serial cables. Within a broadcast facility it's common to find all three types of cables used in data and automation systems. Cable testers can be simple go/no-go sets to simply verify the correct pairing of the wire pairs in an Ethernet jack. The problem with these go/no-go sets is that they simply verify DC connections and do not run a full battery of tests to certify a cable's ability to carry rated bandwidth. Current practice is to use higher end test sets to certify a cables ability to carry Ethernet at the common 1 Gb data rate. Hardware Tools - Protocol Analyzers and Packet Capture

Protocol analyzers and packet capture software and hardware allow for a view of the packet traffic on the network. Either running on specialized hardware or a software application they capture and display packets allowing for detailed examination. Dedicated hardware devices are often required to capture the level of traffic on a busy 100 Mb or faster network. Optimized hardware and software are designed to capture all packets and provide a detailed break down to the bit level. Hardware devices will often include a time domain reflectometer and provide some of the cable testers' functions. They'll provide a graphical user interface that allows a skilled maintenance person the ability to "drill down" looking for trouble causing hosts. These hardware based devices are invaluable tools that can be life savers but require training and experience to use.

Packet capture software can be substituted in cases where missing a percentage of packets is not a concern or where the traffic to just one computer needs to be monitored. The software runs on a laptop or other computer using the computer's NIC card to capture traffic. A typical packet capture software has three main windows with the upper window displaying a summary of the packets with each packet on a separate line. The middle window will display a close up of a selected packet with each line displaying one protocol layer of the packet. The bottom window will show the raw packet's bits and bytes. Some software packages will also have a "dash board" display with gauges to display error rate and the media utilization rate.

Hardware Tools - Time Domain Reflectometer (TDR)

TDR's pulse signals down a length of copper or fiber optic cable and look for reflections which represent points of attenuation or loss. They can also detect cable breaks and identify where the break is in a distance from the test point. Like packet protocol analyzers and packet capture devices they can be life savers but they tend to be expensive and require some training to operate correctly.

Virtual Local Area Networks (VLANs) and Virtual Private Networks (VPNs)

Virtual Local Area Networks (VLANs) and Virtual Private Networks (VPNs) use software to create virtual domains and connection which improve security and network performance while helping to reduce expenses.

VLAN

In a Local Area Network (LAN), computers are physically connected through a common network switch to create one broadcast domain. In the diagram below the data link layer broadcast traffic is passed by the switch between IP subnets. The IP subnets reduce the amount of network layer traffic passed between computers, but they are still one broadcast domain at the data link layer. As networks grow in size, the collision rate rises as each network adds to the amount of broadcast traffic at the data link layer.

In a VLAN, special software is run on an advanced network switch which allows an administrator to assign switch ports to a virtual network with software rather than physically relocating devices. In the diagram below, the VLAN software running on the switch blocks the data link layer broadcast traffic from crossing between the two VLANs. The VLAN also allows flexibility and scalability moving switch ports from network to network as needed. Security is improved by creating more granular networks. Keeping vital networks like automation separated from office email or Internet connected networks reduces the chance that a virus can cross over into the production LAN.

A Layer 3 switch can route IP packets between the VLANs, but the primary function of the VLAN is to create domains at the data link layer. These domains can reduce the amount of broadcast traffic each smaller domain is exposed to, reducing the collision rate and improving bandwidth.

VLAN membership can be static as assigned by an administrator or dynamic, allowing the software to assign membership automatically. The static method favors security where the automatic method reduces administration efforts. Using dynamic VLAN membership, the computer is assigned to a VLAN based on its MAC address, the protocols that the computer uses, or even by application. A VLAN Management Policy Server (VMPS) manages the MAC address database.

VLAN software tags the packets from each port. The most common VLAN protocol is IEEE 802.1Q, which uses a 4-byte tag that includes a number used to identify which VLAN the packet belongs to. Tags are passed between switches participating in the VLAN along ports designated as trunk lines. Computer nodes are connected VLAN access lines. The VLAN software removed the tag prior to the packet being released out of the port to the intentioned node. Switches located in physically different locations can participate in the VLAN. Cables no longer need to be run to the separate physical switch as the LAN is virtual and assigned through software. Trunk lines tie the switches together passing VLAN traffic between switches.

Virtual Private Networks (VPN)

In a private network, packets are sent between computers over cables owned or leased by one business. As an example, a private network might connect the cities sports stadium to a radio station over leased lines. No outside traffic shares those lines, nor can anyone read that traffic. Leased lines can be expensive when compared to the cost of using the Internet to pass packets. A VPN uses public infrastructure to create a virtual private network. There are two types of VPNs in use. One is used by Internet Service Providers or large organizations and is called a trusted VPN. It is used to send packet traffic across known physical routers. Trusted VPNs do not provide encryption. The second type of VPN is a secure VPN, which uses methods of authentication to encrypt packet traffic for security purposes.

When sending packets across the Internet, they can be intercepted, read, and tampered with prior to them reaching the far end. As an example, when logging into the station's remote email server a third party can intercept that non-encrypted communications and read the user name, password, and the text of any emails sent or received.

A secure VPN creates an encrypted "tunnel" though the public Internet connecting two points together with special software. The encrypted packets protect the contents of the VPN from interception or tampering. Each end of the encryption tunnel authenticates their identity to each other to prove to their opposite end they are who they claim to be. Typically this is done with passwords, biometrics, or with a digital certificate. The cryptographic details of the authentication can be very complex and each end of the tunnel has to have the appropriate software and authentication method. This normally takes place in the background with the browser or VPN software handling all the complexities and only requesting the authentication key like a fingerprint swipe, a PIN read from a token, or the entering of a password.

Packets in a VPN can still be intercepted, but now the third party is required to defeat the encryption method, which can be very difficult to nearly impossible. Practically speaking, a properly implemented VPN prevents a third party from intercepting data and reading it in timely matter.

VPNs allow users to conduct private business across the public network, saving the expense of true private or leased lines. As an example, a reporter in the field can file their report via the Internet using FTP from a report site. The VPN software does add an additional chore to each computer's CPU which can be a problem with longer encryption keys or slower computer processors. The encryption keys must be kept safe and each computer participating in the VPN needs to be secure itself as a virus or other malware can use the VPN tunnel to cross the Internet into the target network.

A final concern with VPN traffic relates to the station's firewall. If the VPN tunnel connects two computers together, then the firewall also can not read the encrypted traffic flowing through it. For this reason, many VPNs will terminate at the firewall to allow the firewall's rule set to filter the packets prior to delivering them to the internal private network.

Security Principles

Radio and television stations find many valuable reasons to connect their private networks to the public Internet. Some examples include presenting a public web site, using email, and FTP transfer of files from remote locations. With those beneficial gains comes very large security concerns. The Internet can introduce several forms of malicious software, "malware," such as trojan key loggers and remote control software, root kits, and viruses and worms. This malware software code can steal, alter, or destroy data, can use your file space, or can be used to send spam email. Any of these can lead to a loss of a station's most valuable asset, its good name with the public.

Network security is the sum of many constantly moving parts. A diligent network administrator is always watching over their assets for security problems. In computer security, a vulnerability is a potential weakness like a unprotected connection to the Internet or an un-patched or updated application or operating system. An exploit in computer security is a piece of software designed to take advantage of a vulnerability to cause something abnormal to happen, such as crashing the computer or allowing someone to raise their access privileges.

There are many methods to remove or mitigate vulnerabilities and exploits.

Credentials

A credential is something that identifies you. With computers there are three general ways you can identify yourself: something you know like a password or PIN, with something you have like a token or smartcard, or with what you are like a biometric scan of your eye's iris or fingerprint. The best security uses two or more of these combined. When you withdrawal money from an automated teller machine, you present your card (something you have) and enter your PIN (something you know).

Passwords

Among the most simple and effective methods of reducing access to assets are proper passwords. Like a good lock on the front door of your house, they are not the only protection to use but they are a good start. Too often, radio and television stations use common passwords or default ones provided by the equipment vendors.

Passwords should not be words from any dictionary or anything containing the stations call letters, radio frequency or TV channel. They should be complex, using at least three of the four character sets available: capital letters, small letters, numbers, and special characters (symbols). Depending on the security required, they should be longer; 9 digits is the minimum length that should be considered for most applications. A phrase is an easy way to produce a longer complex password. As an example, the opening of Abraham Lincoln's Gettysburg Address is, "Four score and seven years ago our forefathers ...." which can be turned into a complex password like "4#&7Yao4f." Passwords need to be changed out at a regular basis and immediately following the dismissal of any of the station's staff with access to the system with an administration account.

Manufacturers default user names and passwords need to be changed to something unique for your station.

Physical Security

Valuable network servers and infrastructure need to be protected physically from manmade and natural disasters. Keeping the equipment in a secure room with limited access reduces physical exposure. The room should be locked with a secure door lock and the key access restricted to those with the requirement to work inside.

The room's power and air conditioning also represent potential physical threats, and these systems should have redundant backup systems and be kept secure. A potential attacker might not be able to access the server room in the middle of your station, but if they can trip or damage the circuit breakers that provide power to your air conditioning system they can take you off-the-air nearly as fast.

Vital network equipment, like video file servers, routers, and enterprise switches, likely need a UPS protected by generator power to avoid having these systems reboot during momentary power loss while the backup generator comes up to speed.

The room should be free from flooding dangers either caused by natural causes or broken pipes. Non-water fire fighting agents should be used in server rooms where local fire code permits their use. In earthquake prone areas, the equipment and racks need to meet seismic requirements. Wiring must be plenum rated where required.

Social Engineering

Attackers will probe your employees just as they examine your firewall looking for weaknesses. In social engineering, an attacker will use a con, a trick, to try to get information about your network or employees. Employees should be sensitive about what information is shared concerning network configuration. Seemingly casual things like the make and model of your station's firewall can be very valuable intelligence in the wrong hands. Passwords and user names are prime targets for attackers, and these should never be given out to unknown persons. Station personnel should receive annual training at a minimum, updating them on the current network policies and procedures. Anti-virus/Anti-malware

A computer virus is a computer program that copies itself to infect a computer. The term is often misused to refer to other types of malicious software like adware, trojans, spyware, rootkits, or worms. The differences are not important when it comes to their impact. Malware uses your station's resources to send spam, to store illegal files, or just plain wastes your stations' resources. An ounce of prevention is worth a pound of cure, and malware needs to be kept out of production systems.

There are many fine anti-virus products available which can help prevent the spread of malware, but your network users are really the first line of defense. Anti-malware products work in several different ways, but one of their primary methods is code pattern recognition. They scan the computer code before execution looking for the virus signature of a known bad section of code. A zero-day infection is one that is brand new and unknown to the anti-virus company and therefore, undetectable using signature matching.

Uses should avoid going to unknown web sites on production systems, not download or open email attachments from unknown sources, and always keep their computer's anti-virus software and operating system up-to-date.

No one product can do a 100% job on all forms of malware, so a diversity of products will help discover more infections sooner.

Firewalls

Network security requires defense in depth. There are layers of security between the public Internet and the internal valuable assets. The firewall is a hardware and/or software application designed to enforce a set of rules on packets. Firewalls can be installed on the actual asset being protected, like a laptop, or they can be run on the network, like between the ISP's router on the network edge and your internal network. The normal default for a network edge firewall ought to be to drop packets. Rules are then created to allow those packets permitted into the network to pass. As an example, there might be a rule set that allows the public access to the station's web site and to allow remote weather stations to send weather data to a server.

Broadcast facilities often have networks and servers that are very attractive to attackers. High-speed Internet connections and large storage arrays are particularly useful to an attacker to use for their own use.

Firewalls reduce the risk by protecting production systems from attempts to exploit vulnerabilities. A firewall can act as a control point to allow the inspection of packets coming into and leaving a network.

Often, a firewall will had different rule sets that can be applied to different physical interfaces to set up different levels of security. Alternatively, more than one firewall can be used to set up these zones of varying security. As an example, the rule set in firewall 1 below might allow the outside public to have limited access to the station's FTP site and email server, but firewall 2 would block public access to the internal private network. These two firewalls set up three different zones of trust: an outside untrusted network, an internal trusted network, and a middle ground of a semi-trusted area often called a DMZ.

Firewalls come in several types, and often a firewall vendor or manufacturer will combine several or all of these types together for a more complete defense.

Packet Filter Firewall

In a packet filter firewall, the administrator allows or disallows packets to pass through the filter based on IP address and/or the port being used. A port is a logical connection into a software application. As an example, hyper text transfer protocol (HTTP) has a default port of port 80. Traffic inbounds to a computer on TCP port 80 would be given to an Internet browser by default. If the packet filter firewall is set to block port 80, HTTP traffic would be blocked. Since it is possible to change the default TCP port, it is best practice to deny all ports and then only open ports required for the services needed. Packet filter firewalls can also block malformed packets. Packet filter firewalls are very fast. The packet filter firewall is normally placed on a server or a router and protects the entire network.

Application-Layer Firewall

An application-layer firewall runs on the application layer of the OSI model, inspecting the data before it reaches the users applications like an email client or web browser. It inspects data looking for viruses, worms, trojans, certain web sites, specific inappropriate content, and known exploits attempting to take advantage of a known vulnerability in software.

Applications layer protocols can detect content trying to by-pass their normal port numbers to avoid detection. An application-layer firewall is normally found on the computer host it is protecting rather than on a network server that is protecting many computers.

Proxy Filter Firewall

A proxy filter firewall sits between the protected host and the threat tearing down each packet and reassembling it before passing it on. From the perspective of the outside source, the potential attacker, the proxy is sending the traffic that it is receiving. The inside computer hosts are hidden by the proxy computer. If a proxy is using network address translation (NAT), there is no trace of the inside computer's host IP address outside the network. No packets are allowed to be addressed directly to the internal network; packets are only allowed to be addressed to the proxy. The proxy filter firewall will often be running a stripped down version of an operating system like Linux in order to reduce the number of vulnerabilities that might be used against it.

Proxy firewalls are very secure, but slow traffic coming through them as they tear down, inspect, and reassemble packets.

Stateful Inspection Firewall

In a stateful inspection firewall, the connection state of computer host conversation is recorded and tracked. These details include the IP address, the port number used, and the sequence numbers of the packets being sent back and forth along the connection. A normal connection starts inside the trusted internal network seeking traffic back from an external website. Later mouse clicks or keystrokes are sent to the web site and it responds back. Eventually, the user logs off or clicks off that web site and goes to another. A stateful inspection firewall watches the request from the trusted user go outbound and awaits a returning inbound packet. Once the circuit is established, it watches the packets and the come and go monitoring their sequence numbers to ensure that the packets are part of the on going conversation.

Firewalls often blur their differences by incorporating several of these mentioned strategies. Routers can also run some software to perform firewall behavior, and often, they'll run a packet filter firewall and proxy software.

Intrusion Prevention and Detection Systems

Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) are designed to sit inside a network's firewall and look for anomalies that match a signature rule. They attempt to discover attacks that have slipped through the firewall. Some IPS/IDS systems will look for abnormal patterns of activity. As an example, if FTP transfers normally only go to a designated FTP server, an alert would be sent if FPT transfers suddenly start coming and going to the network's file server. The IPS/IDS needs to be kept updated with the latest signatures just as a virus scanner does.

Data Backup

A network administrator's job can vary from the simple to the complex and from the single task to the multitask, depending on the size of the network and the number of network administrators. In some larger stations with many staff members, there may be designated roles, such as a back up administrator, a local area network administrator, or WAN administrator. However, in a smaller station with few staff members, one administrator may be expected to wear many or all hats.

One of the most important jobs of an administrator is keeping the data safe with backups. It is highly recommended that the station's backup policy be well thought out and written down clearly, spelling out who does what when and who takes over the backup process when the primary administrator is absent. The impact of a disaster, such as a fire or flood, can be greatly reduced if a good set of backups exist.

Clustering The data demands of broadcasting are very large and require data be ready for on-the-air play out with no delay. Because all systems fail eventually and very complex systems fail more often, computer servers benefit from clustering them for redundancy. There are three primary forms of clustering: fault tolerant, active-active and active standy.

In a fault tolerant cluster, both computers are doing the exact same thing at the exact same time producing the same outputs. This coordination between the two computers needs special software to synchronize them. An example of an active-active cluster is two media servers playing back the same audio file at the same time. If one server fails the other takes over, normally through the action of some downstream silence detecting switch.

In an active-active cluster, there is a surplus of computer capability provided. As an example, it might take four computers to act as file transcoders but five are installed. If one of the five machines fail, the four remaining machines take the load of the failed machine. Often, there will be a dedicated primary server whose role is to assign jobs out to the computers within the cluster and to monitor their health.

In an active-standby cluster, there are dedicated machines set aside as spares. Often called an n+x solution, there are n number of servers required for the role, and extra x number of servers are provided to act as spares, either installed as hot spares, or on the shelf as cold spares. Data Backup

Data back up is a real challenge in television production and broadcasting where files can run 25 Mbps and up to 100 Mbps or beyond. At these data rates, files quickly reach into several gigabytes in size. This makes the files difficult to move rapidly and causes them to use a great deal of storage. In radio, the bit rates are much smaller and media is far easier to move and store with fast networks and large storage arrays.

Due to the massive sizes of video files, different layers of storage are often used. As an example, in a three tiered storage system a high speed SAN may directly connect, or be built into, a media server. In turn, a larger, slightly slower and cheaper NAS may connect to the SAN. Finally, a tape-based archive can be connected to the NAS for longer term storage on much slower digital tapes. A tape-based archive has a feature that a disk-based one lacks: the ability to eject and add additional media. This allows for shelf archiving of material that will see little use, like a seasonal movie. Once the media is removed, it can be stored off-site in another location, like an affiliate, or with a company specializing in tape storage.

A two tiered system might include SAN and NAS disk-based storages or SAN to tape-based. Careful consideration needs to be given to account for bandwidth and asset utilization, like robotic arms in a tape-based archive. An automation system needs to have the ability to move files up toward the media servers before they are ready for air, as well as having the intelligence to archive or delete files as needed to manage the storage.

Due to the large sizes of files, it may take many minutes to move, so a failed transfer needs to be detected in advance of air time. Often, a secondary backup media device server will be fed a duplicate file so that transfer will happen instantaneously if the primary fails. This is known as a fault tolerant cluster, with both media servers actively being controlled by one (or a duplicate second) automation system.

Archive systems can be programmed to make duplicate copies of each file on separate physical tapes, protecting against media failure. Similar to the active-active media server, there can also be duplicate archive systems physically separated from each other to protect against catastrophic failure or to act as a Continuity Of Operations Plan (COOP). For example, a production house in New York City may stream products around the clock to a backup site in Los Angeles. In addition to the media, there is data about the media - so called "metadata".This data also needs to be protected and backed up. It's smaller size lends itself to active-active clusters of servers or backups to DVD disk or tape for remote storage.

RAID Levels

Much data is so important that it needs to be protected in real time from disk failures. A Redundant Array of Independent/Inexpensive Disks (RAID) uses special methods of storing data on two or more hard drives. There are several methods of RAID.

RAID 0

RAID 0 does not provide for redundancy or data safety and is not a true RAID. In fact, it is a step backwards in safety as if any one drive in a RAID 0 array fails all the data is lost. The primary advantage of a RAID 0 is speed as the multiple hard drives can send data out to the CPU faster than just one disk. RAID 0 is commonly found in non-linear editors for a project cache where the increased throughput improves the non-linear editor's performance. RAID 0 is one hundred percent storage efficient, four one terabyte drives stripped as a RAID 0 provides for four terabytes of storage space. Each byte of data will be striped across all drives.

RAID 1

RAID 1 is a mirror where two hard drives are combined and everything written to one hard drive is written to the second drive. When one of the two drives fail an alarm is indicated and the second drive continues to provide data. The failed drive is replaces and then the mirror is rebuilt over time. RAID 1 is simple but had a high overhead. If done in software the load can slow down the server's CPU. A RAID 1 is fifty percent efficient, two one terabyte drives provides for just one terabyte of storage. Each byte of data will be written across both drives.

RAID 5 A RAID 5 array requires three or more disks. Hardware or software calculates parity bits which are stored separate from the data. If one drive fails in a RAID 5 array, the other disks contain enough data to restore the failed drive's data. The failed drive is removed and replaced with a new drive. The other drives rebuild the new drive with the old data. A RAID 5 will have reduced performance until the missing drive is replaced and rebuilt. A RAID 5 has the highest read data rate of any true RAID, has a high storage efficiency, but requires a complex hardware based controller. A RAID 5 is n-1/n efficient, a five disk RAID 5 with one terabyte drives will have four terabytes of usable storage. The last terabyte of storage is used for the parity bits. Each byte will store a parity bit on one drive which can be used to calculate and rebuild the missing data.

RAID 6

A RAID 6 uses four or more disks and protects against the loss of two drives simultaneously. Hardware or software calculates and stores parity bits on two separate drives. Like RAID 5 arrays, a RAID 6 performance suffers until the broken drives are re-built but no data is lost. Essentially, a RAID 6 is a RAID 5 with an additional disk as an additional safety, which slightly lowers the storage cost efficiency. A RAID 6 is n-2/n efficient; eight one terabyte disks will provide six terabytes worth of data storage. Each byte will store a parity bit on two different drives, either of which can be used to calculate and rebuild the missing data.

RAID 01

RAID 01 Is a combination of two mirrored RAID 0 arrays, sometimes referred to a RAID 0+1. Each of the RAID 0 arrays store the same data. If one of the two fails, the other provides the data. The benefit of a RAID 01 is that the data throughput is equal to a RAID 0 but protected by the RAID 1 mirroring. The array is only fifty percent efficient and has very high expense. RAID 01 achieves high performance over high reliability. A RAID 01 with ten one terabyte disk will store five terabytes worth of data. Each byte of data will be striped across two clusters at the same time.

RAID 10

RAID 10 Is a RAID 1 mirror which is stripped with matching disks, sometimes referred to a RAID 1+0. This requires at least four disks. The first two are mirrored pairs which are then stripped to the second mirrored pair. They provide high reliability with high performance, but are very expensive due to a high overhead. A RAID 10 with four one terabyte disks will store two terabytes of data. The more mirrored pairs, the faster the array becomes. A RAID 10 is also fifty percent efficient.

Non-Standard Proprietary RAIDS

Many companies provide non-standard RAID organizations. A broadcaster needs to ensure that the non-standard array delivers the safety and performance required to meet their requirements.

Tape Backup

Tape backup allows the administrator to keep the backup tape media either in a local fireproof media safe or remotely, with a service provided for pick-up, storage and delivery of backup tapes. Tape backups must be managed with a system that rotates the tapes in accordance with a plan. Common practice is to do full backups weekly of the entire system, and to do incremental or differential backups nightly. The full backup tapes are archived as needed in a safe designated for the storage of computer media. Paper document safes do not offer sufficient insulation to protect the plastics of DVD or digital data tapes. If the backup tapes contain any confidential or private data, the tape should be encrypted. Ensure the encryption keys are safeguarded against theft or damage. Tapes have a lifespan and must be retired in accordance with the manufacturer's recommendation.

Documentation

While there is no right or wrong way to document, it is very important to keep accurate documentation. Radio and television stations can be amazingly complex technical systems with many dependencies. Accurate documentation is a key element in successful troubleshooting and day-to-day upgrading and maintenance of the plant.

Cable Labeling

All cables need to be labeled in accordance with a coordinated plan. At a minimum, cables need to have a unique identifier that no other cable within the plant uses. Additionally, other information, such as the port number, equipment name, room number/name or other information can be added as desired. A database to map cable numbers to the additional data identifying both ends of the cable is required.

The cable labels themselves can range from heat shrink tube printed in a machine to self-laminating wrap around style. Physical Documentation

Required physical documentation should be diagrams of what is located where and how it connects to the system. This includes rack elevations and room diagrams with racks. Detailed drawing on system interconnections are based off the cable label data base and document the point-to-point connection. These are designed by the system engineers and implemented by the technicians installing the equipment. Later they are kept updated as changes occur and are used in troubleshooting the system. Below is a portion of a floor diagram showing cable tray placement.

Below is a sample portion of a rack elevation diagram. Logical Documentation

Computer networks have a logical layer of documentation that is also very valuable. This includes things like the IP addresses, MAC addresses, machine names, server functions, application versions, switch port numbers, VLAN assigned, user accounts and passwords, version numbers, and software based work flows block level diagrams. This data can be stored in a database, spreadsheet, or in diagram form. Like the physical plant diagrams, these logical diagrams document the flow of data around the physical plant and can be a valuable aid to troubleshooting. Below is a portion of a block level signal flow documented.

Regulations, Policy, and Procedures

Your station should have written network security regulations, policy and procedures. A regulation is instruction provided by an outside organization, like the government or the station's parent network. Policies are often developed from regulations. They should focus on one particular aspect of the network, and govern operations and behaviors so that they follow regulations. Procedures are detailed step-by-step implementations to carry out regulations and policies. As an example, your station should have a remote access policy stating the conditions where remote access is allowed and any of the requirements such as VPN encryption needed. This policy is likely not to change year-to-year as the goals of secure remote access change slowly. There should also be a procedure to implement this remote policy, giving detailed steps on how to install, configure, and update the VPN and anti-malware software on each end of the remote tunnel. These detailed procedures would likely change more often than the policies governing them.

Having written guidance on network policy and procedures sets clear goals on what is expected. It also focuses the attention on potential problems before they impact on-the-air products. Like the disaster plan, these documents should be reviewed annually for updates at a minimum, published and made available to all network users, and used to train new hires.

Disaster Recovery Plan

A disaster is any manmade or natural event or circumstance that keeps your station from functioning for an undetermined length of time. Natural causes include fires, flooding, earthquakes, tornadoes and hurricanes. Manmade causes include broken pipes, loss of electrical power, downed communications lines, labor strikes, virus or malware attack, and even common mistakes. Threats can come from internal sources or external ones.

The disaster recovery plan is a written document that outlines what gets backed up, when backups take place, where backups are stored, and who is responsible for what. The disaster plan needs to be checked for single point of failures as in just one person with a talent, skill, or ability required to put the station back on-the-air. If that person becomes unavailable, there should be people cross-trained to perform that missing person's role. The time to plan is prior to the disaster.

There should be more than one disaster plan that coordinates with your station's mission plan. There could be separate plans for extreme weather, like a hurricane, that overlaps with much of the plan for a winter blizzard, but differs greatly from one covering downed communication lines. These plans need the support of senior management and need to be reviewed annually for updates.

These plans should be taught and discussed annually and run at least once before considering them valid. That run might be a "big table" walk through where the various players are brought in to discuss their roles. As an example, budget/finance, facilities, engineering, and the IT staff would come together to discuss a flooding caused by broken plumbing. The time to discover a missing element in a plan is prior to the disaster.

During a disaster, the IT department needs to know what assets need to be protected and what needs to brought back on-line if multiple systems have failed. There is often interdependency between equipment and software, and in urgency there needs to be a defined start-up sequence. As an example of restoration order, station automation needs to be up first, communication lines from the field second, and programming and traffic systems can follow. An example of a software and hardware interdependency is that a core network switch needs to be functioning first, then the systems media gateways, and finally the media servers.

As conditions change, the plan needs to be adapted to fit the situation. Do not follow the plan into a deeper disaster.

Following a disaster or near disaster, lessons learned should be collected from all participants and used to better or validate the existing plan.

Warranty and Service Agreements

A recommended practice is to have copies of all your warranty and service agreements centralized and sorted so that you can locate them quickly. Calling up the local telephone company on the overnights to solicit repair service of a communications line is difficult if the caller can't put their hands on an account number or service contract. A tickler file can be created to remind of expiring contracts so that they can be reviewed and renewed if desired.

Computer Networking for Broadcast Engineers Glossary

802 standards

IEEE standard committee formed in February of 1980 to standardized local area networks. Still active working groups include: 802.3 Ethernet, 802.11 Wireless Networking (Wi-Fi), and 802.16 Broadband Wireless Access (WiMAX)

ANSI

American National Standards Institute. A non-profit organization that oversees voluntary consensus standards in the United States. Application Layer

OSI model layer 7. Provides network services directly to user's applications including file, print, terminal emulation, and message services advertisements. The application layer identifies and establishes the availability of intended communication partners (and the resources required to connect with them), synchronizes cooperating applications, and establishes agreement on procedures for error recovery and control of data integrity. Operating system call interception allows for file service requests across the network. Examples are Telnet, SMTP, FTP, SNMP, and NCP.

Bit

A binary digit, either 0 or 1. The smallest possible unit of information storage. Eight bits equals one byte. Communication circuits bandwidths are normally expressed in bits. Abbreviated with a small B A kilobit is 1,000 bits or 1 Kb. A megabit is 1,000,000 bits. A gigabit is 1,000,000,000 bits.

BNC

A bayonet Neill-Concelman connector. Used for both analog and Serial Digital Interface (SDI) video signals and for thin-net and thick-net data networks.

Broadcast

A communication from one computer node to all computer nodes on a local area network.

Byte

A unit of measurement equal to eight bits. Abbreviated with a large B. Storage sizes are normally expressed in bytes. A kilobyte is 1,000 bytes. A megabyte is 1,000,000 bytes or 1 MB. A gigabyte is 1,000,000,000 bytes. Since communications paths are measured in bits and files normally in bytes there is a 1:8 ratio. As an example a 10 Mb Ethernet cable can transfer 1.25 MB per second, and a 100 Mb Ethernet cable can transfer 12.5 MB per second. Overhead will lower this theoretic limit.

Central-casting

A central control station originates television programming for several remote cities. Local content is inserted either at the central site or remotely to give the viewer local information.

Client-Server

The network pyridine where a user works at a client desktop and sends queries or requests to a server computer. The server computer can be a file server like a video storage NAS, a messaging computer like Lotus Notes or Microsoft Outlook e-mail, an application server like an SQL database. The primary advantage is that the power of the one powerful/expensive server is able to be accessed by many.

Computer Node

An endpoint device connected to a network such as a personal computer, a server, or a printer.

Concentrator

See hubs.

Connection based

In computer networking when packets are acknowledged by the receiver back to the sender. TCP is an example of a connection based protocol.

Connectionless based

In computer networking when packets are not acknowledged by the receiver. The sending computer simply makes a best effort to get the packets to the receiver. UDP is an example of a connectionless based protocol. Crossover Cable

In Ethernet networking a special cable with the transmit and receive pairs twisted to allow the direct connection of two computer devices back-to-back without the use of a hub or switch.

CSMA/CA

Carrier Sense, Multiple Access, with Collision Avoidance. A station wishing to transmit has to first listen to the channel for a predetermined length of time to check for activity. If the channel is idle then the station can transmit. In CSMA/CA the transmitting station first sends out a RTS (Request To Sent) request and then the packet. If a second station doubles " transmits at the exact same moment " the time slot lost is only the length of the CTS signal. CSMA/CA can be supplemented by the exchange of RTS packets with a required CTS (Clear To Send) reply, this process is normally used in wireless networking.

CSMA/CD

Carrier Sense, Multiple Access, with Collision Detection. A station wishing to transmit has to first listen to the channel for a predetermined length of time to check for activity. If the channel is idle then the station can transmit. In CSMA/CD the transmitting station sends out the entire packet. If a second station doubles " transmits at the exact same moment " the time slot lost is the length of the entire packet.

CTS

Clear To Send. In IEEE 802.11 wireless networking protocol a mechanism used to reduce frame collisions caused by the hidden terminal problem. The hidden terminal problem occurs when a computer node is visible from the wireless access point but not from other nodes communicating with the same access point.

Data Link Layer

OSI model layer 2. Takes raw data bits from the physical layer and gives it logical structure called frames. Using a header it adds information like where the data is to go, which computer sent the data, and the overall validity of the bytes sent (CRC). Takes action on the acknowledgement signal sending another frame. Provides reliable transit of data across a physical link. The data-link layer is concerned with physical addressing which is uniquely identifying each computer in a network with a hardware (MAC) address. It is also concerned with network topology (star, ring, mesh, etc.), line discipline, error notification (but not correction), the ordered delivery of frames, and optional flow control. The IEEE divided this layer into two sub-layers: the MAC sub-layer1 and the LLC2 sub-layer (see below). Sometimes simply called link layer. Examples of Data Link protocols are Ethernet, Token Ring, FDDI, Frame Relay, and PPP. Switches and Network Interface Cards (NICs) operate at this layer working with tables of MAC addresses transmitting frames.

DHCP

Dynamic Host Configuration Protocol. In DHCP stations send out discovery packets requesting a DHCP server to provide them with address information such as their IP address, subnet mask, and default gateway. The client will then automatically enter these numbers into the TCP/IP settings "leasing" the address from the server.

ECP

Extended Capability Port. A type of bi-directional half duplex parallel port rated at about 2.5 Mb/sec.

EMI

Electromagnetic Interference. Also known as radio frequency interference (RFI). An undesirable disturbance that effects an electrical circuit. Common sources of interference include cell phones, electrical motors, pagers, bug zappers, and power transmission lines.

Ethernet Cable Category 3

Unshielded twisted pair (UTP) cable designed to reliably carry data at up to 10 Mb/sec. Primary use in telephone lines.

Ethernet Cable Category 5

Unshielded twisted pair (UTP) cable designed to reliably carry data at up to 100 Mb/sec or 155 Mb/sec over short distances. Used for 10BaseT (100 Mb/sec). Cables are limited to 100 meters (328 feet). Ethernet Cable Category 5e

Unshielded twisted pair (UTP) cable designed to reliably carry data at up to 1000 Mb/sec. Cables are limited to 100 meters (328 feet).

Ethernet Cable Category 6

Unshielded twisted pair (UTP) cable designed to reliably carry data at up to 1000 Mb/sec. and expected to suit 10,000 Mb/sec standards for short distances.

Ethernet

A frame based computer networking protocol used for local area networks standardized by IEEE 802.3. It has 10 Mb, 100Mb, 1 Gb, 10 Gb per second standards. A 40 Gb/sec standard is in development. It uses CSMA/CD for logical bus control and normally star physical topology.

FCC Part 15 Equipment Certifications

The Federal Code Of Regulation (CFR) FCC Part 15 is a common testing standard for most electronic equipment. FCC Part 15 covers the regulations under which an intentional, unintentional, or incidental radiator that can be operated without an individual license. Class A digital devices are marketed for use in a commercial, industrial or business environment. Class B digital devices are for use in a residential environment.

FDDI

Fiber Distributed Data Interface. Used in a local area network FDDI provides for 100 Mb/sec using token bus timed token technology. Uses a dual-attached, counter-rotating ring topology.

Fibre Channel

A gigabit speed network technology that is used for storage networking.

Firewire

IEEE 1394 interface serial bus interface rated at 400 Mb/sec, 800 Mb/sec, 1.6 Gb/sec, and 3.2 Gb/sec.

Gateway

A network node equipped for interfacing two networks with different protocols. A router often functions as a gateway.

Hubs

A simple device that works at the OSI model physical layer that acts as a multi-port repeater transmitting an incoming signal from one node out all the other hub ports. Not in common use, replaced by Ethernet switches. In the early 1990's hubs were referred to as concentrators.

IANA

Internet Assigned Numbers Authority. A body of the ICANN which handles technical aspects of the Internet administration including DNS root zone management, media types, and protocol assignments.

ICANN

Internet Corporation for Assigned Names and Numbers. Oversees the internet administration including the assignment of domain names and IP addresses. Created in September of 1998.

IDC Connector

Insulation Displacement Connector also know as a insulation piercing connector. A connector that pierces the insulation on a wire to make a connection removing the need to strip the wire before connecting. Used in low current applications like ribbon cables for hard drives, floppy disks, and serial ports. IEEE

The Institution of Electrical and Electronics Engineers. An international, non-profit, professional organization for the advancement of technology related to electricity. Their networking standards were first published in February of 1980 and are known as the 802.x standards.

IMAP4

Internet Message Access Protocol version 4. An application layer protocol used to retrieve e-mail from a remote server over a TCP/IP connection. E-mail messages are normally left on the server until a users deletes them from the server and are read using a browser client. POP3 is the other common e-mail protocol.

InterNIC

The governing body primarily responsible for the domain name and IP address allocations until September of 1998. Replaced by ICANN.

IP Private Addressing

An IP address reserved by the Internet Assigned Numbers Authority (IANA) for devices not connected to the outside world. The reserved ranges are: 10.0.0.0 to 10.255.255.255 (class A), 172.16.0.0 to 172.31.255.255 (class B), and 192.168.0.0 to 192.168.255.255 (class C).

IP

Internet Protocol. An OSI level network layer protocol which provides for globally unique routable logical addresses. IP is a connectionless protocol and is an unreliable best effort protocol.

IRQ

Interrupt Request. The act of interrupting a computer CPU to interact with a piece of hardware needing the CPU. Plug-and-play technology has virtually eliminated manual configuration.

ISDN-BRI

Integrated Services Digital Network or Isolated Subscriber Digital Network (ISDN) Basic Rate Interface. A circuit switched telephone service to allow the digital transmission of voice and data over telephone wires. The Basic Rate Interface is 1.54 Mb/sec.

ISDN-PRI

Integrated Services Digital Network or Isolated Subscriber Digital Network (ISDN) Primary Rate Interface. A circuit switched telephone service to allow the digital transmission of voice and data over telephone wires. The Primary Rate Interface is 144 kb/sec.

Kerberos

A computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner.

Kermit

A computer file transfer/management protocol and a set of communications software tools primarily used in the early years of personal computing in the 1980s; it provides a consistent approach to file transfer, terminal emulation, script programming, and character set conversion across many different computer hardware and OS platforms.

MAC

Media Access Control is a sub-layer of the OSI model's data link layer. The MAC layer provides for physical addressing.

MP3

MPEG-1 Audio Layer 3 is a digital encoding format using a lossy data compression. Using a 128 Kbit/sec bit rate a 10:1 compression ratio can be accomplished over an original CD format.

MPEG

Motion Picture Experts Group. Formed by the ISO to set standards for audio and video compression and transmission. Formed in 1988.

MPEG-1

The first compression standard for audio and video It was basically designed to allow moving pictures and sound to be encoded into the bitrate of a Compact Disk To meet the low bit requirement, MPEG-1 down samples the images, as well as using picture rates of only 24-30 Hz, resulting in a moderate quality. It includes the popular Layer 3 MP3 audio compression format.

MPEG-2

Transport, video and audio standards for broadcast-quality television. MPEG-2 standard was considerably broader in scope and of wider appeal--supporting interlacing and high definition. MPEG-2 is considered important because it has been chosen as the compression scheme for over-the-air digital television ATSC, DVB and ISDB, digital satellite TV services, digital cable television signals, SVCD, and DVD.

MPEG-4

Uses further coding tools with additional complexity to achieve higher compression factors than MPEG-2. In addition to more efficient coding of video, MPEG-4 moves closer to computer graphics applications. In more complex profiles, the MPEG-4 decoder effectively becomes a rendering processor and the compressed bitstream describes three-dimensional shapes and surface texture.

Multicast

A communication between one computer node and a group of computers nodes on a local area network but not all (see broadcast).

NAS

Network-Attached Storage. NAT is a self-contained file level computer data storage unit connected directly to a computer network.

NAT

Network Address Translation. A technique used by routers that involves re-writing the source IP address and usually the TCP/UDP port numbers (Port Address Translation) of IP packets. This hides internal clients from external IP sources.

Network Layer

OSI model layer 3. Routing occurs trying to decide the fastest route between computers that are not locally attached. Takes logical addresses (like 124.135.72.5) and matches them with the physical addresses called Media Access Control (MAC) addresses, which are permanently encoded into each piece of network hardware. Handles Quality of Service - prioritizing data if needed. Controls congestion using window sizes, routes data from source to destination, builds and tears down packets. This layer provides connectivity and path selection between two different networks. Examples of Network layers are IP, IPX, AppleTalk, RIP and NLSP. Routers work at this layer working with tables of logical network addresses sending packets.

Nibble

A unit of measurement equal to four digital bits.

NIC

Network Interface Card. A device that interfaces the internal data bus of a computer with an external network connection. There are many types to match both desktop and laptop computers to the several different network connectors. Operates on the Physical Layer of the OSI model.

Node

A device that connect to a computer network infrastructure such as a personal computer, server, router, printer, or firewall. Connections can be made with Ethernet or fiber-optic cables or wirelessly using radio frequencies.

OSI Model

The Open Systems Interconnection basic reference model has seven layers: the Application, Presentation, Session, Transport, Network, Data Link, and Physical layers. A layer is a collection of related functions that provides services to the layer above it and receives service from the layer below it.

OSPF

Open Shortest Path First. Hierarchical interior gateway protocol used by routers in the TCP/IP protocol. Send link-state changes rather than the entire route table as RIP does.

Parallel Port

Also known as a printer port. It was uni-directional from the PC to the printer and had a 25-pin male DB25 connector at one end and a 36-conductor male Centronics connector at the other end. The "standard-issue" cable was six feet. The maximum cable length was commonly stated as 15 feet. It has been rendered obsolete by the USB port.

Physical Layer

OSI model layer 1. Controls the functional interface - transmission technique, pin layout, connector type, timing, and maximum transmission distances. The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Examples of Physical layer protocols include Ethernet, Token Ring, FDDI, RS-232, and HSSI. Repeaters and hubs operate at this layer taking frames and converting them to electrical 1's and 0's (bits).

POP3

Post Office Protocol version 3. An application layer protocol used to retrieve e-mail from a remote server over a TCP/IP connection. E-mail messages are generally moved to the users PC using POP3 e-mail and then deleted automatically from the server. IMAP4 is the other common e-mail protocol.

Presentation Layer

OSI model layer 6. Formats data exchange into an agreed upon format and presents it to the user. User information is converted to data. Character sets are converted; data is encrypted or decrypted, and compressed or decompressed. Handles redirection of data streams. This layer ensures that information sent by the application layer of one system will be readable by the application layer of another. The presentation layer is also concerned with the data structures used by programs and therefore negotiates data transfer syntax for the application layer. Some standards are involved with multi-media operations like MPEG, JPG, MIDI, GIF, ASCII, and QuickTime.

RAID Level 0

Striped disks. Data is distributed across two or more disks in a way that improves write and read speeds and gives greater capacity but at the cost of a higher risk of data loss. The loss of any drive in a RAID 0 array results in the loss of all data. Used in digital non-linear editors.

RAID Level 1

Mirrored disks. Uses two (or more) disks which each store the same data so that if one disk fails the data is not lost. Some performance improvements can result from alternatively reading from each of the hard drives in the array.

RAID Level 5

Striped disks with parity. Combines three or more disks in a way which protects the data against the loss of any one disk. If a disk fails it is pulled from the array and a new disk in put in place. The original disks rebuild the new replacement disk with the missing data. During the time that the disk is in rebuild the data is at risk.

RAID Level 6

Striped disks with parity. Combines four or more disks in a way which protects the data against the loss of any two disks. If a disk fails it is pulled from the array and a new disk in put in place. The original disks rebuild the new replacement disk with the missing data. Dual distributed parity protects the data while the first disk is in rebuild. If a second disk fails no data is lost but if a third disk fails the data will be lost.

RAID

Redundant Array of Inexpensive (or Independent) Disk. A technology that uses the simultaneous use of two or more hard drive disks to achieve greater levels of performance, reliability, or both. RAID can be preformed in software or hardware.

Repeater

An electronic device that receives a signal and then retransmits it at a higher level. Network repeaters normally reshape or re-clock the input signals to remove noise. A repeater can be used to lengthen a LAN path beyond the normal path limitations.

RFI

Radio Frequency Interference. Also known as Electromagnetic Interference (EMI). An undesirable disturbance that effects an electrical circuit. Common sources of interference include cell phones, electrical motors, pagers, bug zappers, and power transmission lines.

RIP

Routing Information Protocol. Early interior gateway protocol which helped routers dynamically adapt to changes in network connections. Each router would use RIP to transfer its routing table to its neighbors every minute. Considered obsolete having been replaced with OSPF.

RJ45 Connector

Registered Jack 45. An eight pin connector used in Ethernet.

Router

An OSI model network layer device that directs packets based on both the logical address of the packet and the protocol within the packet. Found between networks and used to logically move packets between them. First finds the distant network then moves packets. Routers use OSPF to discover other routers and find the shortest path to each of them.

RTS

Request To Send. Used in IEEE 802.11 to initiate a communication session. A station hearing a RTS or CTS should refrain from sending date for a given time. This solves the hidden node problem where two stations can't hear each other's transmissions but can communicate with the same access point.

SAN

Storage Area Network. A computer storage architecture to attach remote storage to servers in such a way that to the operating system the storage appear as locally attached.

SDI

Serial Digial Interface. Standardized in SMPTE 259M it is a digital interface used for broadcast quality video and audio (embedded) at various bit rates from 143 Mb/sec up to 360 Mb/sec. HD-SDI is capable of sending both 720p and 1080i at 1.485 Gb/sec but not 1080p. 1080p requires a dual-link HD-SDI and 2.970 Gb/sec.

Serial Port

A physical interface through which information transfers in or out one bit at a time. Speed, data bits, parity, and stop bits need to be set for a serial port communication. Normal conventional settings for this are 9600 baud and 8/1/none (eight data bits, 1 parity, and no stop bits). Faster data speeds are supported. It has been rendered nearly obsolete by the USB port.

Session Layer

OSI model layer 5. Defines how the two computers are going to handle, synchronize, maintain and end a virtual conversation " keeps different applications data separate along a common data path. Retransmission requests occur and error reporting for the Application and Presentation layer. Security authentication takes place. Sets communication mode: simplex, half-duplex, or full duplex. Session layer protocols include SQL, NFS, and RPC. Gateways operate at this layer transmitting data.

SQL

Structured Query Language. A database language designed for the retrieval and management of data in a relational database management system. Standardized by the ANSI and ISO.

Subnet Address

In computer networks that use IP a subnet address is that portion of the total IP address which is assigned the organization. The remain bits of the IP address are assigned to the individual node.

Switches

A multi-port device that operates on the data link layer of the OSI model. A switch makes tables of physical layer addresses and makes connection decisions based on those addresses.

T1

A T-carrier signal scheme devised by Bell Labs capable of 1.544 Mb/sec.

T3

A T-carrier signal scheme devised by Bell Labs capable of 44.736 Mb/sec.

TCP

Transmission Control Protocol. A transport layer protocol of the Internet protocol that provides for reliable packet delivery.

TIA/EIA 568B

A telecommunication standard from the Telecommunications Industry Association which defines among other things the pin and pair assignments for eight-conductor twisted pair cabling. P1= white with orange stripe, P2=orange, P3=white with green stripe, P4= blue, P5=white with blue stripe, P6=green, P7=white with brown stripe, P8=brown.

Transport Layer

OSI model layer 4. Provides reliable or unreliable delivery to ensure data is delivered error-free and in the correct sequence. Segments message or combines several smaller messages to fit within frame size length and numbers them in order. Handles acknowledgements and is primarily responsible for error and flow control. The transport layer provides mechanisms for the establishment, maintenance, and termination of virtual circuits, transport fault detection and recovery, and information flow control. Puts segments received out of order back into proper order. Transport protocols include TCP, UDP, and SPX. Gateways operate at this layer too and transmit segments.

UDP

User Datagram Protocol. A transport layer protocol of the Internet protocol that provides for unreliable packet delivery.

Unicast

A one-to-one communication between one computer node and another on a local area network.

UPS

Uninterruptible Power Supply also known as a battery back-up, provides emergency power and, depending on the topology, line regulation as well to connected equipment by supplying power from a separate source when utility power is not available.

USB 1.1 Universal Serial Bus standard released in January 1996 and rated at 1.5 Mb/sec and 12 Mb/sec

USB 2.0

Universal Serial Bus standard released in April 2000 and rated at 480 Mb/sec.

USB 3.0

Universal Serial Bus standard developed in September of 2007 and is rated at 3.2 Gb/sec. USB 3.0 products first came available in 2010.

UTP (wiring code)

See TIA/EIA 568B

UTP

Unshielded Twisted Pair is the type of copper cable used in Ethernet networks and is useful from 10 Mb/sec to 1,000 Mb/sec.

VLAN

Virtual Local Area Network. A group of computers that can communicate with each other as if they were on the same physical network regardless of their location. VLAN software allows computers to be grouped together even if they were not on the same LAN segments.

VPN

Virtual Private Network. A method of allowing a more secure method of transmitting data across an open network. VPN software sets up an encrypted tunnel though an open network connecting two computers securely.

Summary of Computer Networking for Broadcast Engineers

This course served as an introduction to the fundamental concepts of computer networking. The course covered computer topologies both physical and logical, media types, the OSI model, and local area networking. It also covered some legacy material but was primarily about Ethernet, TCP/IP and other current computer networking protocols. Hardware such as switches and routers were covered and software such as VLAN, VPN, and NAT as well. Lastly, some basic troubleshooting, security, and administrative procedures were introduced.