Network Devices at Layers 1, 2, and 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now I want to pause here in our move up
00:00
the OSI model because we've
00:00
talked about layers 1 and layer 2.
00:00
I want to talk about connectivity devices at
00:00
these layers and then we'll
00:00
bridge the gap and look at layer 3 also.
00:00
Here, we're going to talk about
00:00
collisions and how they impact our network.
00:00
We'll also talk about broadcasts and
00:00
the impact that broadcasts
00:00
have as far as performance goes.
00:00
As a solution to some of these problems,
00:00
we'll talk about hubs,
00:00
switches, routers, and V-lands.
00:00
I have just a little illustration here.
00:00
Yes, I'm fully aware we don't use hubs
00:00
today but just back in the day,
00:00
a hub was the cheapest,
00:00
easiest way to connect some computers together.
00:00
Hey, I want to transfer data from A to B,
00:00
short of a crossover cable,
00:00
a hub was the easiest way to do it.
00:00
Hubs have always been cheap.
00:00
Now, the downside of a hub is a hub
00:00
sends all data out ports all the time.
00:00
When computer A has data to send to computer B,
00:00
that data goes out the central hub,
00:00
which goes to the end hubs.
00:00
Ultimately, all systems in
00:00
this scenario are going to be getting
00:00
data that's to be sent from A to B.
00:00
That's not a good situation.
00:00
If I have a sniffer and I plug into a hub,
00:00
I have access to everything
00:00
on the network in this illustration.
00:00
Now, what keeps
00:00
other systems from picking up traffic that's not
00:00
addressed to them is the fact
00:00
that network cards are designed to only pick
00:00
up traffic on the network with
00:00
the destination MAC address that matches their own.
00:00
So each of these hosts examined the traffic,
00:00
and say, that's not for me
00:00
and they leave it on the network.
00:00
However, sniffers just basically can be
00:00
a laptop or a system of any type that
00:00
has a network card in a mode called promiscuous mode.
00:00
Sadly, promiscuous mode is nowhere
00:00
near as fun as it sounds like it should be.
00:00
All promiscuous mode means is,
00:00
that network interface card is going to capture
00:00
all traffic regardless of who it's addressed to.
00:00
If you've got a sniffer
00:00
plugged into an environment connected
00:00
by hubs then you got it made as an attacker.
00:00
That's one of the many reasons
00:00
>> we don't use hubs anymore.
00:00
>> Another reason we don't use hubs is we have
00:00
a lot of computers
00:00
competing with each other for time on the cable.
00:00
A hub doesn't help that in any way.
00:00
We'd talk about Ethernet using CSMA/CD.
00:00
Each node listens to
00:00
the network if no one's communicating,
00:00
they throw their message out on the wire and
00:00
if another host has done so at
00:00
the same time we have a collision.
00:00
If we've got three or four hosts,
00:00
you're not going to have such a
00:00
big problem with collisions.
00:00
But as your network gets larger and larger,
00:00
now everybody's transmitting at
00:00
the same time we're having lots of
00:00
collisions and data isn't able to
00:00
move across the network
00:00
as quickly as we would like it to.
00:00
Hubs get out of here.
00:00
Actually before we even got rid of hubs,
00:00
we move forward a little bit.
00:00
Rather than connecting the hubs to each other,
00:00
we brought in a switch.
00:00
Now again, this was a time
00:00
when switches were very expensive,
00:00
hundreds of dollars and hubs were cheap, $20.
00:00
We wanted to use hubs because of the cost,
00:00
but we would bring in the switch for
00:00
>> a couple of reasons.
00:00
>> Two things a switch does that a hub does not.
00:00
First of all,
00:00
a switch addresses traffic based on MAC address.
00:00
The switch doesn't do addressing,
00:00
but a switch learns the network and learns
00:00
what hosts are what port based on their MAC address.
00:00
For instance, if traffic is
00:00
coming through the switch for computer D,
00:00
that switch knows, hey,
00:00
send it out the central port.
00:00
If traffic is addressed to computer J,
00:00
then the switch knows to
00:00
send the traffic out the left port.
00:00
Switch learns the network over time,
00:00
keeps track of everybody's MAC address
00:00
and when the destination is a specific MAC address,
00:00
the switch forwards it out that port.
00:00
That's a big improvement, it directs traffic.
00:00
The other thing that a switch does is it
00:00
isolates traffic into what we call collision domains.
00:00
Every port on a switch is its own collision domain.
00:00
Only computers J and K are
00:00
competing with each other for time on the cable.
00:00
Only computers Y and Z are competing with each other.
00:00
Only A, B, C,
00:00
D are competing with each other.
00:00
Instead of this one large collision domain
00:00
where everybody is fighting with everybody else,
00:00
this switch has come in with just three ports,
00:00
has created three smaller collision domains
00:00
where we have fewer collisions.
00:00
Now, like I said,
00:00
we did this when switches were still very expensive.
00:00
But with the advent of Linksys and net gear switches,
00:00
the cost of switches came way down.
00:00
All of a sudden we can get
00:00
a switch for the cost of a hub.
00:00
Hubs became obsolete very,
00:00
very quickly and we were able
00:00
to replace them with switches that provide,
00:00
again better addressing and they deal with collisions.
00:00
Now, when I'm plugging systems directly into
00:00
>> the switch,
00:00
>> I have all but eliminated collisions.
00:00
Because each host is only competing
00:00
with itself for time on the cable.
00:00
Now, they're also going to be
00:00
broadcasts that flow through a switch.
00:00
There's a little bit more,
00:00
but we've all been eliminated collisions
00:00
>> on the network.
00:00
>> That's a good thing.
00:00
Now the second thing that we've done is we've made
00:00
addressing much more efficient
00:00
because traffic going to A,
00:00
goes out just the port for A and
00:00
traffic going to C it goes out just the port for
00:00
C. That's really going to
00:00
make things difficult on a sniffer.
00:00
An attacker with the sniffer,
00:00
because when that attacker
00:00
plugs the sniffer into the port on the switch,
00:00
there probably isn't any traffic
00:00
coming out of that port on the switch.
00:00
Because the switch follows
00:00
traffic to the appropriate port,
00:00
there's not going to be any traffic
00:00
addressed to that sniffer,
00:00
so nothing is likely to be coming
00:00
out of the port that's attached.
00:00
Now, one thing that I'll just take a moment and mention
00:00
is sometimes sniffers have
00:00
legitimate reasons on the network.
00:00
As a network administrator,
00:00
I may want to sniff out the network and see
00:00
if somebody is sending passwords
00:00
across the network in plain text or seeing how much
00:00
broadcasting is going on
00:00
on the network or how much ICMP traffic is there.
00:00
An admin may want to sniff the network themselves.
00:00
If so, what they can do is they can turn
00:00
the mode on the port called port span.
00:00
That will allow all the network traffic
00:00
>> to being mirrored
00:00
>> through that port on the switch
00:00
and an admin can plug their sniffer in there.
00:00
I'll also mention, again,
00:00
we talked about the sniffer needing to
00:00
be in promiscuous mode.
00:00
Promiscuous mode is for the network card
00:00
>> on the sniffer.
00:00
>> Port span is for the interface on the switch
00:00
>> We're looking pretty good back
00:00
there with our switch network.
00:00
But what happens if
00:00
computer J and K are in the sales network?
00:00
They have an application for
00:00
the sales team that generates a lot of broadcasts.
00:00
Some applications are very broadcast intensive.
00:00
Computer J and K are the only systems in sales,
00:00
but they're broadcasts go to everybody on the network.
00:00
If I just go back to this previous illustration,
00:00
everybody's getting a broadcasts from
00:00
computer J and K. A switch doesn't help me with that.
00:00
The primary device whose job it is to divide traffic
00:00
up into different broadcast domains
00:00
has traditionally been a router.
00:00
Each port on a router is its own broadcast domain.
00:00
The sales team are in their own domain,
00:00
their broadcasts stay on that port and the router.
00:00
Now, also what I may have,
00:00
is I may have the HR domain,
00:00
human resources, and there may be
00:00
sensitive information that's traversing
00:00
that segment of the network.
00:00
I can attach them to their own port on the router,
00:00
and I can configure security that's relevant
00:00
>> just to HR.
00:00
>> I may have a VOIP network that
00:00
needs more access to
00:00
bandwidth so we get quality of service.
00:00
I'll put those systems on their own port on the router.
00:00
A router has this capability of
00:00
slicing up my network in segments or sub-nets.
00:00
Each sub-net has its own amount of broadcasts,
00:00
limits broadcasts to that segment.
00:00
You can control bandwidth to certain segments,
00:00
and you can also have
00:00
different security segments and
00:00
really limit what traffic goes in,
00:00
for instance, to the HR network.
00:00
A router has a lot of capability.
00:00
The other thing that when we sub-net a network,
00:00
we bring in IP addressing.
00:00
IP addressing is logical addressing.
00:00
I determine what computers are on which network.
00:00
A router is smart enough to understand, hey,
00:00
if traffic is addressed to the 10 network,
00:00
it needs to go out the first port.
00:00
If traffic is addressed to the 192.168.1 network,
00:00
it goes out the last port.
00:00
A router is actually a layer 3 device,
00:00
and IP addressing is layer 3,
00:00
so routers understand IP addressing.
00:00
Switch is a layer 2,
00:00
they understand the layer 2 MAC addressing.
00:00
Again, it's that OSI model
00:00
that helps us understand these pieces.
00:00
But here's the problem.
00:00
Routers are expensive,
00:00
and I'm not talking about Netgear Linksys routers,
00:00
I'm talking about grown-up routers,
00:00
real routers you'd use in production.
00:00
Even though the previous illustration,
00:00
backs and gives me everything I need,
00:00
I'm spending a lot of money.
00:00
It doesn't even mean that
00:00
the individual cost of the router is so high.
00:00
But if you're going to go out and buy a switch,
00:00
you'll get 16 ports,
00:00
24 ports, 32 ports.
00:00
You're going to get a lot of ports for your money.
00:00
If you go out and buy a router,
00:00
you're going to get one LAN port,
00:00
maybe two, if you're lucky.
00:00
On port by port basis,
00:00
routers are just much more expensive.
00:00
What I'd like to get is this idea of
00:00
broadcast isolation on a switch
00:00
because the switch is so much cheaper.
00:00
Switch manufacturers over time have
00:00
established the creation of something called
00:00
the VLAN, a virtual LAN.
00:00
This is a function that can run on the layer 2 switch.
00:00
I can assign specific ports to specific VLANs.
00:00
If I wanted to assign ports 1, 7,
00:00
8, 9 to the sales VLAN, I can do that.
00:00
I can assign whatever ports I want to the HR VLAN,
00:00
whatever ports I want to the VOIP VLAN.
00:00
It's totally logical.
00:00
It's very easy to configure.
00:00
I get a lot of
00:00
the functionality I would have with a router.
00:00
A VLAN isolates traffic into broadcast domains,
00:00
but it does so on a switch which
00:00
is much more cost effective.
00:00
But switches are layer 2 devices by default.
00:00
Switches only read MAC addresses.
00:00
That's all they understand.
00:00
Even though I can create these separate networks,
00:00
a switch doesn't understand how to send traffic from
00:00
the sales VLAN to the HR VLAN to the VOIP VLAN.
00:00
A switch doesn't understand these IP addresses.
00:00
If computer J wants to send traffic to 192.168.1.1,
00:00
that switch doesn't know which port to send it out.
00:00
Again, that's because switches are layer 2,
00:00
they understand MAC addresses,
00:00
but they don't understand IP.
00:00
One of the ways we solve that problem was we brought in
00:00
a router and we plugged that router into a switch,
00:00
and anything that wasn't
00:00
local for each VLAN would be sent to the router.
00:00
Then the router would use a means called tagging to add
00:00
information so the switch would know
00:00
which ports to direct the traffic out of.
00:00
You may hear the term VLAN tagging,
00:00
you might also hear referred to as
00:00
a standard called 802.1.q.
00:00
But the tagging just means the router
00:00
is necessary to tell the switch,
00:00
hey, IP address 172.16.1.1
00:00
needs to go out your central port.
00:00
But again, a router is expensive.
00:00
What's a better way?
00:00
If you see the illustrations change
00:00
instead of having a standard layer 2 switch,
00:00
I have a layer 3 switch.
00:00
What do you think a layer 3 switch can
00:00
do that a layer 2 switch can't?
00:00
A layer 3 switch can route.
00:00
It can examine IP addresses,
00:00
and for itself it can say
00:00
192.168.1.2 goes out the right port,
00:00
traffic 10.1.1.2 goes out the left port.
00:00
This is really the way that we're implementing
00:00
our network solutions today for the most part.
00:00
We don't use routers internally the way we used to do.
00:00
Routers have now been relegated to a role of connecting
00:00
off our network and connecting
00:00
>> as out to other networks,
00:00
>> connecting us out to a service provider,
00:00
connecting us out to the Internet
00:00
or branch offices or whatever.
00:00
Routers are now boundary devices
00:00
>> that are used to go from
00:00
>> the LAN out to the WAN because
00:00
a layer 3 switch does
00:00
everything that we needed from our router,
00:00
but does so much cheaper.
00:00
In this section we took a little break from moving up
00:00
the OSI model and we just
00:00
focused on the network connectivity devices.
00:00
We talked about hubs,
00:00
switches, routers, VLANs,
00:00
and we also talked for
00:00
just a second about layer 3 switches
00:00
and saw that the layer 3 switches
00:00
are really replacing routers.
00:00
Now we're going to continue with
00:00
the OSI model and we're going to move up to layer 3.
00:00
We've already said routers work at layer 3.
00:00
We're going to find out what else.
Up Next