Tips and Concepts

Concept

 
 Layer 4, 3 and 2 Encapsulation         Tips and Concepts

One of a major OSI model concept in Cisco ICND or CCNA certification is data encapsulation.  Many students get confused what is the source which is the destination address. There are many tips and tricks to remember out there such as layer-3 encapsulation is end-to-end and layer-2 encapsulation is hop-to-hop.

Let do a quick review of data encapsulation of layer 4, 3 and 2.
When data is break up into smaller pieces whether it's TCP or UDP, all data have to go through the encapsulation process:

At Layer 4 - A layer 4 header (port numbers) is added to the front of the data. This is called a segment.
At Layer 3 - A layer 3 header (ip addresses) is added to the front of the segment. This is called a packet.
At Layer 2 – A layer 2 header (MAC address) is added to the front and a computation for a Field Check Sum (FCS) is add to the end of the packet.  This is called a frame.

Note: FCS is used for error detection and handling. When the receiving station receive the frame, it will perform a Cyclic Redundancy Check (CRC) on the frame and compare the result to the original FCS. This ensure the frame has been received without any errors.  We will bypass CRC and FCS in this document.

The following topology consist of 3 routers connecting 4 broadcasting domain as follows:

 
   
Optimize OSPF /30 network  
Layer-2 Resolving  
Data Encapsulation  
"Fish-Mo" of AD  
Layer-2 Redundancy  
Using /31 Subnet  
FSMO: Inf Master and GC  
   
   
   
   

In this example, we have PC1 using a browser and connecting to the WEB server. Let’s examine step by step as the packet travels from PC1 to the WEB server.

1. At the PC1. PC1 first opens a browser and types http://WEB/.
  a. By using http, PC1 knows that the layer-4 destination port number will be 80.  PC1 will randomly pick a port number from 1024 to 65535 as its source port.  In our example here, PC1 will choose 1025 as its source port.
  b.
  1. Now, PC1 will send a request to the DNS server for the IP address of the WEB server.  DNS will send back 192.168.4.10.  PC1 has now completed its layer-3 encapsulation.
  c.
  1. PC1 examines the Destination IP address, and realizes that it’s not on the same subnet; PC1 now must forward to its Default Gateway. 
  d.
  1. PC1 will send an ARP to 192.168.1.1 (Default Gateway IP address) requesting its MAC address.
  e.
  1. R0 returns its MAC address of interface Fa0/0 to PC1
  f.
  1. PC1 uses the MAC address of R0 as its Destination MAC to complete the Frame.  Convert it to Layer-1 (bits) and forward it to R0.
 
2.
  1. R0 receives the data, converts the data back to examine the packet, and determines where to forward it.
  a.
  1. R0 will strip out the layer 2 header so it can look up the Destination IP address from its routing table.
  b.
  1. R0 will see that to get to 192.168.4.0 network, it must forward to 192.168.2.2 which is directly connected to its Fa0/1 interface.  It will send an ARP to its neighbor requesting its MAC address. 
  c.
  1. R1 return its MAC address of its Fa0/0 interface.
  d.
  1. R0 now can complete layer 2 and forward it out of its Fa0/1 interface.
 
3.
  1. R1 receives the data, converts the data back to examine the packet, and determines where to forward it. (same as R0 did).
  a.
  1. R1 will strip out the layer 2 header so it can look up the Destination IP address from its routing table.
  b.
  1. R1 will see that to get to 192.168.4.0 network, it must forward to 192.168.3.2 which is directly connected to its Fa0/1 interface.  It will send an ARP to its neighbor requesting its MAC address. 
  c.
  1. R2 returns its MAC address of its Fa0/0 interface.
  d.
  1. R1 now can complete layer 2 and forward it out of its Fa0/1 interface.
 
4.
  1. R2 receives the data, convert the data back to examine the packet, and determines where to forward it (same as R0 and R1 did).
  a.
    1. R2 will strip out the layer 2 header so it can look up the Destination IP address from its routing table.
 
  1. Now it is a little different than the previous 2 routers.  When R2 exams the Destination IP address, it will see that is directly connected to its Fa0/1.  R2 can send an ARP to the Destination IP (192.168.4.10) out of its Fa0/1 interface for the final destination MAC address.
  b.
      1. The WEB server return its MAC address.
  c.
    1. R2 completes its layer-2 and forward it out to the WEB server.
Once the WEB server receives the request from PC1 and returns its web page, the packet now is reversed, where the Source Port, IP and MAC become the Destination.
 
Things to note:
1.
  1. You can see that the source and destination IP do not change during transient due to all the routers in between needing the final destination IP so it can forward the packet to the next hop.  Also the destination (WEB server) device needs to know the source IP so it can return what it wants.  We call IP’s our end-to-end.
2.
    Layer-2 MAC addresses change from hop-to-hop where the exiting interface MAC address is the source MAC and the neighbor receiving interface is the destination MAC address.
3.
    The Switch does not come to play as it just forwarding the frame to the router or from the router to the PC or Server.
4.
    Routers make their decision based on its Routing Table.  If the destination IP address is not on its table:
  a.
  1. Examine the source IP address of the packet,
  b.
  1. Drop the packet, add the word “and” or “or” here
  c.
  1. Send an ICMP with the message “Destination Unreachable” back to the source IP address.