WEBVTT 0:00:06.820000 --> 0:00:10.700000 This video is from the Cisco Certified Technician Routing and Switching 0:00:10.700000 --> 0:00:15.920000 series. It specifically covers a bullet point within Section 3 of the 0:00:15.920000 --> 0:00:18.560000 CCTRNS curriculum. 0:00:18.560000 --> 0:00:23.660000 My name is Keith Bogart and I will be your instructor for this video. 0:00:23.660000 --> 0:00:27.780000 So in the previous video, I went through some detail of explaining what 0:00:27.780000 --> 0:00:31.540000 the various levels of the OSI model were, what the layers were, their 0:00:31.540000 --> 0:00:35.820000 names, their number, and their relative meaning what they're designed 0:00:35.820000 --> 0:00:39.500000 to do. So now we're actually going to go into this bullet point here that 0:00:39.500000 --> 0:00:43.240000 says, now that we know that, we'd like to use that as well as another 0:00:43.240000 --> 0:00:47.940000 model called the TCPIP model to actually see how data flows through a 0:00:47.940000 --> 0:00:53.840000 network. How can we use that model to explain verbally and visually how 0:00:53.840000 --> 0:01:01.440000 data is flowing through a So let's go into that. 0:01:01.440000 --> 0:01:05.160000 So I mentioned in the previous video this concept of a PDU, a protocol 0:01:05.160000 --> 0:01:10.440000 data unit. If I have a block of bits, a whole string of bits, I give it 0:01:10.440000 --> 0:01:13.740000 some protocol and that protocol says, okay, I'm going to take that string 0:01:13.740000 --> 0:01:16.600000 of bits and I'm going to add some bits to the beginning of it. 0:01:16.600000 --> 0:01:20.560000 I'm going to add a header to the beginning that's relevant to me, to my 0:01:20.560000 --> 0:01:22.300000 protocol that I understand. 0:01:22.300000 --> 0:01:27.160000 So when my very own protocol, which is residing on the remote machine, 0:01:27.160000 --> 0:01:32.080000 gets this thing, it will understand it and interpret this header correctly. 0:01:32.080000 --> 0:01:36.620000 So that header, as well as all the bits behind it, is considered the PDU 0:01:36.620000 --> 0:01:40.720000 that that protocol has created. 0:01:40.720000 --> 0:01:46.680000 So at the application layer, there really isn't much of a PDU created 0:01:46.680000 --> 0:01:49.520000 that we don't have a name for what's happening there. 0:01:49.520000 --> 0:01:52.780000 You know, for example, if you're talking about, let's just do an example 0:01:52.780000 --> 0:01:55.040000 of web browsing, okay? 0:01:55.040000 --> 0:01:58.020000 So with web browsing, all those ones and zeros are there at the front 0:01:58.020000 --> 0:01:59.440000 that says user data. 0:01:59.440000 --> 0:02:01.980000 That might be when you open up your browser. 0:02:01.980000 --> 0:02:06.360000 And the very first thing it does is try to try to do a get request for 0:02:06.360000 --> 0:02:09.820000 your home page. So let's say your home page is Google.com. 0:02:09.820000 --> 0:02:12.620000 So it's going to create a bunch of ones and zeros that basically say in 0:02:12.620000 --> 0:02:17.900000 HTML language, your HTTP, get this page called Google.com. 0:02:17.900000 --> 0:02:22.680000 Show me what it looks like or INE.com if you want to look at that way. 0:02:22.680000 --> 0:02:26.340000 So that series of bits there, that's a PDU that's created by the application 0:02:26.340000 --> 0:02:29.000000 layer. We don't really have a name for that. 0:02:29.000000 --> 0:02:36.100000 Then the application layer looks down at the presentation layer gives 0:02:36.100000 --> 0:02:38.960000 all these bits to the presentation layer and says, okay, presentation 0:02:38.960000 --> 0:02:43.220000 layer, if there's any software or protocols running at your layer that 0:02:43.220000 --> 0:02:46.120000 need to do something to this, here it is. 0:02:46.120000 --> 0:02:49.460000 So the presentation layer gets that series of bits. 0:02:49.460000 --> 0:02:52.620000 Now let's say that we're doing secure HTTP, right? 0:02:52.620000 --> 0:02:54.400000 We're doing HTTPS. 0:02:54.400000 --> 0:02:56.740000 Well, this is where the presentation layer might get involved where it 0:02:56.740000 --> 0:02:58.780000 says, I need to encrypt this. 0:02:58.780000 --> 0:03:01.960000 So the presentation layer will now take that series of bits that the application 0:03:01.960000 --> 0:03:07.180000 layer gave it and append to the front of it a presentation layer header, 0:03:07.180000 --> 0:03:13.040000 which is useful for the decrypting receiving end. 0:03:13.040000 --> 0:03:17.960000 So now this entire thing is a PDU that the presentation layer has created. 0:03:17.960000 --> 0:03:22.000000 Once again, there's really no name for that, no distinct name. 0:03:22.000000 --> 0:03:25.900000 The presentation layer then hands that down to the session layer and the 0:03:25.900000 --> 0:03:30.720000 session layer says, okay, there is a possibility here that this laptop 0:03:30.720000 --> 0:03:34.180000 is running more than one session of HTTP. 0:03:34.180000 --> 0:03:37.840000 For example, if you have multiple tabs open in your browser and your Google 0:03:37.840000 --> 0:03:47.700000 Chrome or HTTP, so the session layer says a particular tab just handed 0:03:47.700000 --> 0:03:48.980000 this down to me. 0:03:48.980000 --> 0:03:51.260000 All right, there's HTTP residing way up there. 0:03:51.260000 --> 0:03:54.960000 The presentation layer that's doing IP, sec or encryption, just hand this 0:03:54.960000 --> 0:03:56.080000 thing down to me. 0:03:56.080000 --> 0:04:00.340000 So now I need to append some bits at the front of this that make this 0:04:00.340000 --> 0:04:01.720000 a unique session. 0:04:01.720000 --> 0:04:06.360000 In other words, when this goes out to the destination, I need to put some 0:04:06.360000 --> 0:04:10.840000 bits here indicating what application this belongs to. 0:04:10.840000 --> 0:04:14.760000 In other words, that remote server this is going to ultimately going to 0:04:14.760000 --> 0:04:17.640000 go to. Let's say it's the INE web server. 0:04:17.640000 --> 0:04:22.280000 Well, that physical server that hosts the INE website might also be hosting 0:04:22.280000 --> 0:04:23.940000 other processes. 0:04:23.940000 --> 0:04:25.820000 For example, it might be hosting email. 0:04:25.820000 --> 0:04:28.400000 It might be INE's internal email server. 0:04:28.400000 --> 0:04:31.780000 It might also be like a database server or an internal file server that 0:04:31.780000 --> 0:04:34.360000 we use for our internal database stuff. 0:04:34.360000 --> 0:04:39.060000 So when a packet gets to that server, the CPU in that server has to know 0:04:39.060000 --> 0:04:43.300000 what process should I send the data of this packet to? 0:04:43.300000 --> 0:04:45.060000 Should I send it to the HTTP process? 0:04:45.060000 --> 0:04:45.880000 The email process? 0:04:45.880000 --> 0:04:47.160000 Where do I send it? 0:04:47.160000 --> 0:04:51.420000 So when I send a packet to that destination server, the session layer 0:04:51.420000 --> 0:04:55.260000 is responsible for putting a number in there called a port number that 0:04:55.260000 --> 0:05:00.040000 indicates what protocol on that server needs to look at this data. 0:05:00.040000 --> 0:05:05.380000 Now when you are initiating a session from your laptop, you're initiating 0:05:05.380000 --> 0:05:09.160000 a session that's going to a well-known protocol. 0:05:09.160000 --> 0:05:14.980000 It's going to HTTP or telnet or email or something else. 0:05:14.980000 --> 0:05:19.480000 So all these well-known protocols have well-known reserved port numbers. 0:05:19.480000 --> 0:05:23.860000 It's up to the session layer to keep track of those port numbers. 0:05:23.860000 --> 0:05:28.060000 Now if we're doing HTTPS, do you know what the port number is for that? 0:05:28.060000 --> 0:05:30.520000 Well hopefully you said 443. 0:05:30.520000 --> 0:05:32.140000 And if you did, that would be correct. 0:05:32.140000 --> 0:05:34.140000 Well it's a session layer that keeps track of that. 0:05:34.140000 --> 0:05:39.340000 So now in reality, the session layer here is not actually going to append 0:05:39.340000 --> 0:05:41.120000 any bits to the front of this. 0:05:41.120000 --> 0:05:44.120000 Actually he's going to have a little conversation with the transport layer 0:05:44.120000 --> 0:05:47.880000 that's down beneath him because these port numbers that the session layer 0:05:47.880000 --> 0:05:52.040000 is keeping track of, it's remembering, it's actually going to stick into 0:05:52.040000 --> 0:05:55.100000 the layer 4 header. 0:05:55.100000 --> 0:05:58.100000 Okay now because we're doing, we're talking about web browsing, the layer 0:05:58.100000 --> 0:06:01.540000 4 header, the transport layer is going to be TCP. 0:06:01.540000 --> 0:06:03.520000 Hopefully you said TCP. 0:06:03.520000 --> 0:06:07.420000 And the TCP header has a couple little placeholders where the session 0:06:07.420000 --> 0:06:10.960000 layer can put in a destination port number, which in this case would be 0:06:10.960000 --> 0:06:16.000000 443. And the session layer is going to put in a source port number. 0:06:16.000000 --> 0:06:18.700000 Now that source port number is going to be some random ephemeral port 0:06:18.700000 --> 0:06:21.480000 number, I believe we talked about that in the last session. 0:06:21.480000 --> 0:06:25.140000 So that the idea behind that is if I come up with a random source port 0:06:25.140000 --> 0:06:30.200000 number of let's say 75,001 and then I send it to you, let's say you are 0:06:30.200000 --> 0:06:33.760000 the INE web server, you're going to respond to me and when you respond 0:06:33.760000 --> 0:06:39.060000 to me as it comes from you to me, as it's coming in this direction, it's 0:06:39.060000 --> 0:06:45.000000 coming from port number 443, that's you, port number 443, it's going to 0:06:45.000000 --> 0:06:48.400000 my port number 75,001. 0:06:48.400000 --> 0:06:53.340000 So when I get that, I know, oh, 75,001, that's associated to this particular 0:06:53.340000 --> 0:06:55.900000 tab right here in my web browser. 0:06:55.900000 --> 0:06:59.300000 This tab over here in the web browser has a completely different random 0:06:59.300000 --> 0:07:01.280000 ephemeral source port number. 0:07:01.280000 --> 0:07:04.320000 So the session layer keeps track of those port numbers, but doesn't actually 0:07:04.320000 --> 0:07:05.680000 have its own header. 0:07:05.680000 --> 0:07:08.380000 It puts those port numbers into the layer four headers. 0:07:08.380000 --> 0:07:10.980000 So there's some sort of like hand shaking or something in the CPU that's 0:07:10.980000 --> 0:07:12.640000 going back and forth with that. 0:07:12.640000 --> 0:07:16.800000 So we don't really have a distinct PDU just for the session layer. 0:07:16.800000 --> 0:07:20.360000 Now the transport layer gets involved and like I said, this is most likely 0:07:20.360000 --> 0:07:25.800000 TCP. You know, 80, 85% of all traffic that goes across internets or networks 0:07:25.800000 --> 0:07:30.120000 is TCP based. So this is most likely a TCP header. 0:07:30.120000 --> 0:07:33.400000 So TCP is now going to take this long string of bits. 0:07:33.400000 --> 0:07:36.480000 Right? So remember, here's TCP now getting this long string of bits. 0:07:36.480000 --> 0:07:41.360000 It doesn't know that at the front of those bits are encryption stuff that 0:07:41.360000 --> 0:07:44.600000 the presentation layer put in there and then the rest of the bits is HTTP 0:07:44.600000 --> 0:07:47.580000 transport layer can't read that stuff. 0:07:47.580000 --> 0:07:49.940000 It just sees a whole string of bits coming down to it. 0:07:49.940000 --> 0:07:51.580000 So was the transport layer due? 0:07:51.580000 --> 0:07:54.860000 It says, OK, I'm going to take the string of bits and add my own header 0:07:54.860000 --> 0:07:57.460000 to that. Some more bits to the front end. 0:07:57.460000 --> 0:08:00.700000 In this case, that header is going to be a TCP header. 0:08:00.700000 --> 0:08:03.340000 Oh, and I'm going to put in there the source and destination port numbers 0:08:03.340000 --> 0:08:06.840000 that the session layer told me to put in there. 0:08:06.840000 --> 0:08:10.720000 Now that particular PDU actually does have a name. 0:08:10.720000 --> 0:08:15.580000 So when a PDU is created at the transport layer, the PDU name depends 0:08:15.580000 --> 0:08:19.780000 on whether it was UDP or TCP that created it. 0:08:19.780000 --> 0:08:23.140000 If we're talking about TCP creating this PDU, which is the TCP header 0:08:23.140000 --> 0:08:29.260000 and all the bits after it, that whole thing is called a TCP segment. 0:08:29.260000 --> 0:08:32.480000 So when you're talking about TCP, you're talking about TCP segments. 0:08:32.480000 --> 0:08:37.720000 If I have been doing UDP, for example, some sort of DNS or TFTP or something, 0:08:37.720000 --> 0:08:42.360000 that whole thing, the UDP header and all the bits behind it would be called 0:08:42.360000 --> 0:08:48.860000 a datagram. So UDP creates datagrams, TCP creates segments. 0:08:48.860000 --> 0:08:53.560000 Now TCP is done, it knocks on the door of the networking layer and it 0:08:53.560000 --> 0:08:57.580000 says, hey, IP, I got something for you, sends a whole string of bits down 0:08:57.580000 --> 0:09:01.900000 to IP. IP is going to do the exact same thing at layer three. 0:09:01.900000 --> 0:09:05.980000 It's going to put an IP header at the front, which is another string of 0:09:05.980000 --> 0:09:09.580000 bits. Now this might be an IP version four header, it might be an IP version 0:09:09.580000 --> 0:09:12.960000 six header. Hey, it might be something that's not IP at all. 0:09:12.960000 --> 0:09:17.160000 There are other protocols that reside at layer three besides IP. 0:09:17.160000 --> 0:09:21.020000 You don't see them very much these days, but they do exist. 0:09:21.020000 --> 0:09:24.340000 So let's just assume it's IPV4, because that's what most people are familiar 0:09:24.340000 --> 0:09:29.140000 with. So that is a PDU, that IPV4 header and all the data behind it, we 0:09:29.140000 --> 0:09:31.100000 call that a packet. 0:09:31.100000 --> 0:09:35.420000 So IPV4 and IPV6 create packets. 0:09:35.420000 --> 0:09:40.200000 Then IP takes that long string of bits, knocks on the datalink layer and 0:09:40.200000 --> 0:09:44.200000 says, hey, datalink layer, which is probably ethernet, I got something 0:09:44.200000 --> 0:09:48.700000 for you. So it hands it down to ethernet layer two. 0:09:48.700000 --> 0:09:51.460000 Layer two is going to put a whole string of bits on at the front end. 0:09:51.460000 --> 0:09:54.640000 Now if we're talking ethernet, that's an ethernet header. 0:09:54.640000 --> 0:09:57.460000 Now there's other types of stuff though, right at layer two. 0:09:57.460000 --> 0:10:00.660000 For example, we might be talking about the point to point protocol, PPP. 0:10:00.660000 --> 0:10:04.400000 PPP will put a bunch of stuff at the front end as a PPP header. 0:10:04.400000 --> 0:10:07.740000 There might be a frame relay header or an ATM header. 0:10:07.740000 --> 0:10:10.040000 All those things reside at the datalink layer. 0:10:10.040000 --> 0:10:14.360000 So once the datalink layer protocol, let's just say it's ethernet, puts 0:10:14.360000 --> 0:10:18.140000 the ethernet header on there, that whole thing is going to be called a 0:10:18.140000 --> 0:10:23.800000 frame. Layer two creates a frame except for ATM. 0:10:23.800000 --> 0:10:28.040000 If we're talking about asynchronous transfer mode at layer two, ATM is 0:10:28.040000 --> 0:10:32.840000 kind of unique. The PDU that it creates is called a cell. 0:10:32.840000 --> 0:10:36.100000 So ATM creates cells, all those other things. 0:10:36.100000 --> 0:10:39.180000 PPP, HDLC, frame relay, ethernet. 0:10:39.180000 --> 0:10:41.280000 They all create frames. 0:10:41.280000 --> 0:10:43.040000 And that's as big as it's going to get. 0:10:43.040000 --> 0:10:46.200000 Now we got a whole string of ones and zeros here at this point. 0:10:46.200000 --> 0:10:49.380000 We sent it down to the physical layer of the net card, which translates 0:10:49.380000 --> 0:10:54.520000 all that electrical energy that was going on inside your laptop into electrical 0:10:54.520000 --> 0:10:57.680000 energy that the physical layer can understand. 0:10:57.680000 --> 0:11:01.020000 Now in this case, if we're talking about ethernet, because ethernet resides 0:11:01.020000 --> 0:11:05.860000 at both layer two and layer one of the OSI model, it has specifications 0:11:05.860000 --> 0:11:09.800000 for layer one like, you know, how much electrical voltage or energy represents 0:11:09.800000 --> 0:11:13.160000 a one. How long do I have to hold it before I let it go? 0:11:13.160000 --> 0:11:14.680000 What represents a zero? 0:11:14.680000 --> 0:11:16.980000 How long do I hold that before I let it go? 0:11:16.980000 --> 0:11:18.880000 So the physical layer now has to do that. 0:11:18.880000 --> 0:11:22.060000 So this sort of squiggly line that you see here represents the electrical 0:11:22.060000 --> 0:11:26.560000 current that's now going out onto the cable. 0:11:26.560000 --> 0:11:30.360000 So how does this actually look from end to end as it goes through a network? 0:11:30.360000 --> 0:11:34.500000 Well, so here we have a laptop connected to a switch port. 0:11:34.500000 --> 0:11:36.160000 He's sending an electrical current. 0:11:36.160000 --> 0:11:37.500000 So this is our physical layer. 0:11:37.500000 --> 0:11:41.860000 So that port one there on the switch, physical layer is now seeing electrical 0:11:41.860000 --> 0:11:44.540000 energy because he's running the ethernet protocol. 0:11:44.540000 --> 0:11:48.080000 He says, hmm, does this electrical energy actually represent ones and 0:11:48.080000 --> 0:11:51.880000 zeros or is it just random meaningless electrical garbage? 0:11:51.880000 --> 0:11:54.020000 He says, oh, it does represent ones and zeros. 0:11:54.020000 --> 0:11:58.200000 Okay. Let me convert that back to ones and zeros and see how ethernet 0:11:58.200000 --> 0:12:00.900000 can read it. So he does that. 0:12:00.900000 --> 0:12:02.560000 So we have our layer two taste. 0:12:02.560000 --> 0:12:05.520000 So we have our layer two header there in purple. 0:12:05.520000 --> 0:12:06.200000 They're on the right. 0:12:06.200000 --> 0:12:09.840000 So this is, if you're going to read this, read it from right to left. 0:12:09.840000 --> 0:12:12.940000 Okay. So we've got the layer two header on the right, followed by the 0:12:12.940000 --> 0:12:13.900000 layer three header. 0:12:13.900000 --> 0:12:17.120000 But as far as the switch is concerned, the switch doesn't have to look 0:12:17.120000 --> 0:12:19.300000 at this big long string of ones and zeros. 0:12:19.300000 --> 0:12:21.900000 The switch says, all I care about is ethernet. 0:12:21.900000 --> 0:12:23.300000 I'm a layer two switch. 0:12:23.300000 --> 0:12:28.440000 I don't even have the knowledge of how to think about layer three or above. 0:12:28.440000 --> 0:12:32.260000 So as ethernet, I know that just this set of bits at the very front end 0:12:32.260000 --> 0:12:34.240000 is all I have to pay attention to. 0:12:34.240000 --> 0:12:37.960000 The rules of ethernet says this right here is how much I need to read 0:12:37.960000 --> 0:12:39.220000 into this frame. 0:12:39.220000 --> 0:12:40.660000 So look at those bits. 0:12:40.660000 --> 0:12:45.480000 And ethernet says right there, those bits are the destination. 0:12:45.480000 --> 0:12:48.200000 That's the destination MAC address of that frame. 0:12:48.200000 --> 0:12:50.380000 Now it goes into its switching table. 0:12:50.380000 --> 0:12:53.640000 And it says those bits right there, which in this case, let's just say 0:12:53.640000 --> 0:12:57.000000 it's 0111. Let's say that's the destination address. 0:12:57.000000 --> 0:12:58.800000 Now it's going to be a lot bigger than that. 0:12:58.800000 --> 0:13:01.880000 You know, we're talking about, you know, possibly hundreds of bits in 0:13:01.880000 --> 0:13:07.760000 the layer two header alone, but those bits, a portion of it is going to 0:13:07.760000 --> 0:13:09.040000 be the destination address. 0:13:09.040000 --> 0:13:11.800000 And now he's going to go into the layer two table, the MAC address table 0:13:11.800000 --> 0:13:17.440000 and say, do I have an exact match of that pattern in my table? 0:13:17.440000 --> 0:13:21.560000 In this case, he says, Oh, yes, I do 0111. 0:13:21.560000 --> 0:13:23.960000 That was learned on port number three. 0:13:23.960000 --> 0:13:26.540000 That's where I need to forward this frame. 0:13:26.540000 --> 0:13:30.480000 So now he takes the frame and forwards it out on port number three, converting 0:13:30.480000 --> 0:13:34.400000 it back into the physical layer back into electrical energy. 0:13:34.400000 --> 0:13:35.940000 And where does that frame go? 0:13:35.940000 --> 0:13:38.320000 Oh, that goes to our friendly router. 0:13:38.320000 --> 0:13:41.140000 So there's our router getting all that electrical energy. 0:13:41.140000 --> 0:13:44.080000 He's also running some sort of layer two protocol. 0:13:44.080000 --> 0:13:46.940000 It's going to be ethernet if he's connected to an ethernet switch because 0:13:46.940000 --> 0:13:49.340000 they both have to talk the same language. 0:13:49.340000 --> 0:13:52.120000 He's going to convert that back into binary. 0:13:52.120000 --> 0:13:55.560000 First up, he's going to look at the layer two header, the ethernet header. 0:13:55.560000 --> 0:13:57.780000 He's going to say, is this for me? 0:13:57.780000 --> 0:14:01.380000 Is this ethernet MAC address my MAC address is someone trying to talk 0:14:01.380000 --> 0:14:04.980000 to me? Well, that laptop, he is trying to talk to the router. 0:14:04.980000 --> 0:14:08.660000 In this particular case, the laptop saying, hey, I need to get data to 0:14:08.660000 --> 0:14:10.860000 a different subnet, a different network. 0:14:10.860000 --> 0:14:12.820000 I have no idea where it is. 0:14:12.820000 --> 0:14:16.260000 So I'm going to put on this cable and send it to my router, my default 0:14:16.260000 --> 0:14:18.500000 gateway. He should know where it is. 0:14:18.500000 --> 0:14:23.380000 So the layer two destination is it popped out of that laptop is the router's 0:14:23.380000 --> 0:14:26.960000 MAC address. That's who it's going to on this cable. 0:14:26.960000 --> 0:14:29.420000 So a router says, yes, this is for me. 0:14:29.420000 --> 0:14:32.360000 It says, OK, as a router, it's my responsibility now to look a little 0:14:32.360000 --> 0:14:36.640000 bit deeper into the next header, which is the layer three header. 0:14:36.640000 --> 0:14:40.120000 It says, oh, here's the layer three header. 0:14:40.120000 --> 0:14:44.520000 And according to the rules of IP version four, this grouping of bits right 0:14:44.520000 --> 0:14:49.100000 here in this place should be the destination IP address. 0:14:49.100000 --> 0:14:53.700000 I'm going to go into my layer three table, which is the routing table, 0:14:53.700000 --> 0:14:57.940000 and see if I have a match for that, a route for that. 0:14:57.940000 --> 0:15:00.940000 And sure enough, in this particular diagram, he says, yes, I know how 0:15:00.940000 --> 0:15:02.200000 to get that to where it needs to go. 0:15:02.200000 --> 0:15:04.400000 It needs to go out interface number two. 0:15:04.400000 --> 0:15:08.720000 And then he converts it back into the physical layer, and out it goes. 0:15:08.720000 --> 0:15:12.240000 And that's going to keep on taking that process until it gets to the ultimate 0:15:12.240000 --> 0:15:15.920000 destination, which is the web server in this particular case. 0:15:15.920000 --> 0:15:21.400000 So we can see as the, as the, as this long string of bits pops out of 0:15:21.400000 --> 0:15:25.980000 the laptop and goes through the network, most of the time the networking 0:15:25.980000 --> 0:15:29.500000 devices that are transporting it, the switches and routers, they don't 0:15:29.500000 --> 0:15:31.800000 have to look at this big long set of bits. 0:15:31.800000 --> 0:15:35.640000 They just have to look at the header that interests them, that tells them 0:15:35.640000 --> 0:15:38.160000 what to do with this thing, how to forward this thing. 0:15:38.160000 --> 0:15:41.160000 If we're a switch, we're most likely just looking at the layer two header 0:15:41.160000 --> 0:15:42.320000 at the front end. 0:15:42.320000 --> 0:15:45.940000 If we're a router, we're looking at the layer two header, asking ourselves, 0:15:45.940000 --> 0:15:49.300000 is this for me? If the answer is yes, then we're looking at the layer 0:15:49.300000 --> 0:15:52.780000 three header and saying, okay, where do I send this thing? 0:15:52.780000 --> 0:15:56.420000 Now certainly in modern networks of today, there's a lot of networks that 0:15:56.420000 --> 0:16:00.120000 have security policies and quality of service policies and other things, 0:16:00.120000 --> 0:16:04.260000 which actually require networking devices to look even deeper into that 0:16:04.260000 --> 0:16:08.080000 string of bits. Sometimes with certain security policies, they have to 0:16:08.080000 --> 0:16:11.860000 look all the way into the layer seven data, if they're looking for like 0:16:11.860000 --> 0:16:16.120000 a specific URL or something, because that's only contained way at the 0:16:16.120000 --> 0:16:19.420000 back in the data portion that layer seven put in. 0:16:19.420000 --> 0:16:22.280000 But for just traditional networking of just routing and switching, where 0:16:22.280000 --> 0:16:25.180000 you're not doing anything fancied like that, most devices look at the 0:16:25.180000 --> 0:16:28.660000 layer two header, if it's a switch, and that's it, forwards it on. 0:16:28.660000 --> 0:16:32.200000 If it's a router, looks at the layer two header, ah, that's for me, looks 0:16:32.200000 --> 0:16:35.340000 at the layer three header, ah, that's not for me. 0:16:35.340000 --> 0:16:36.400000 Do I know where it goes? 0:16:36.400000 --> 0:16:38.620000 Oh yes, I do. And then out it goes. 0:16:38.620000 --> 0:16:43.320000 So this big long string of bits usually just goes date link layer, network, 0:16:43.320000 --> 0:16:45.200000 date link layer out. 0:16:45.200000 --> 0:16:47.180000 And doesn't go any higher than that. 0:16:47.180000 --> 0:16:49.700000 Until it gets to the final destination. 0:16:49.700000 --> 0:16:52.400000 When it gets to that server there, the final destination that servers 0:16:52.400000 --> 0:16:55.880000 knit card, just like the router and switch, is it going to see a bunch 0:16:55.880000 --> 0:17:00.100000 of electrical energy coming in, his knit card, which is most likely running 0:17:00.100000 --> 0:17:03.760000 Ethernet, is going to interpret that as, okay, are these valid ones and 0:17:03.760000 --> 0:17:05.600000 zeros? Yes they are. 0:17:05.600000 --> 0:17:07.420000 And he's going to do the same thing. 0:17:07.420000 --> 0:17:08.880000 He's going to look at the date link layer. 0:17:08.880000 --> 0:17:10.360000 Is this MAC address for me? 0:17:10.360000 --> 0:17:13.240000 Yes, it is. He's going to look at the networking layer. 0:17:13.240000 --> 0:17:14.720000 He's going to look at the packet header. 0:17:14.720000 --> 0:17:16.980000 You're going to say, is this for me? 0:17:16.980000 --> 0:17:19.880000 Yes, it is. Now he knows it's for him. 0:17:19.880000 --> 0:17:22.680000 Now in the packet header is going to say, oh, there's some bits in the 0:17:22.680000 --> 0:17:27.400000 packet header that say, oh, this needs to go to the transport layer, TCP. 0:17:27.400000 --> 0:17:30.780000 Okay, so he'll send, he'll strip off all the layer two, he'll strip off 0:17:30.780000 --> 0:17:36.000000 all the layer three stuff, revealing the TCP segment, hand that up to 0:17:36.000000 --> 0:17:37.440000 the TCP process. 0:17:37.440000 --> 0:17:39.900000 Now the TCP process will look at his header. 0:17:39.900000 --> 0:17:43.900000 He'll say, oh, according to the TCP header here, the port numbers in here 0:17:43.900000 --> 0:17:47.960000 indicate HTTPS, port number 443. 0:17:47.960000 --> 0:17:49.540000 I'm running that. 0:17:49.540000 --> 0:17:54.260000 So TCP will strip off the TCP header and he'll hand up to the session 0:17:54.260000 --> 0:17:56.180000 layer. He'll say, hey, session layer. 0:17:56.180000 --> 0:17:58.820000 This is going to our port number 443. 0:17:58.820000 --> 0:18:00.280000 Let the processor know that. 0:18:00.280000 --> 0:18:03.540000 And then it goes all the way on up until gets to the application layer 0:18:03.540000 --> 0:18:11.380000 where the actual HTTP process registers this incoming HTTP get request. 0:18:11.380000 --> 0:18:13.320000 And we see that right there. 0:18:13.320000 --> 0:18:17.920000 So how is this all correlate with a different model known as the TCP IP 0:18:17.920000 --> 0:18:21.380000 model? And all of this explanation I've been talking about the OSI reference 0:18:21.380000 --> 0:18:24.300000 model. But you would also need to know that there's another model out 0:18:24.300000 --> 0:18:27.800000 there which is called the TCP IP reference model. 0:18:27.800000 --> 0:18:31.860000 And you can see the relationship of that on the left. 0:18:31.860000 --> 0:18:34.500000 Now, a couple of things here. 0:18:34.500000 --> 0:18:40.140000 You can see that the TCP IP model, first of all, it's less layers in the 0:18:40.140000 --> 0:18:45.320000 OSI model. The original TCP IP model had only four layers. 0:18:45.320000 --> 0:18:50.460000 So layers 7, 6, and 5 were all rolled into what was called the application 0:18:50.460000 --> 0:18:55.140000 layer. And the reason for that is because most of the time when people 0:18:55.140000 --> 0:18:59.660000 are writing or developing software applications, they will write into 0:18:59.660000 --> 0:19:04.160000 their code everything that's needed for layer 7, 6, and 5. 0:19:04.160000 --> 0:19:07.980000 Usually you don't find a separate piece of software that just does layer 0:19:07.980000 --> 0:19:09.960000 5 or just does layer 6. 0:19:09.960000 --> 0:19:13.360000 Usually it's all rolled into one software code. 0:19:13.360000 --> 0:19:16.580000 So that's why the TCP IP model said let's just put that into one layer 0:19:16.580000 --> 0:19:18.220000 called the application layer. 0:19:18.220000 --> 0:19:20.360000 So that remains pretty much consistent. 0:19:20.360000 --> 0:19:23.580000 The next layer down, transport layer. 0:19:23.580000 --> 0:19:27.020000 Now here's something a little bit tricky. 0:19:27.020000 --> 0:19:33.400000 So, this graphic here on the left that says original and updated, this 0:19:33.400000 --> 0:19:40.580000 was actually taken from Cisco's CCNA ICND1 certification guide, which 0:19:40.580000 --> 0:19:45.540000 means Cisco wants you to know that with TCP IP there was an original model 0:19:45.540000 --> 0:19:48.160000 and there was an updated model. 0:19:48.160000 --> 0:19:50.800000 They want you to know that the first two layers are the same, application 0:19:50.800000 --> 0:19:54.660000 and transport. What's this other thing over here on the right that has 0:19:54.660000 --> 0:19:56.140000 more colors on it? 0:19:56.140000 --> 0:20:00.000000 This was taken from an online reference guide which I highly recommend 0:20:00.000000 --> 0:20:01.340000 you Google it and look it up. 0:20:01.340000 --> 0:20:04.480000 It's called the TCP IP guide. 0:20:04.480000 --> 0:20:09.620000 It's free to read, has great information about everything you'd ever want 0:20:09.620000 --> 0:20:12.560000 to know about networking, the TCP IP guide. 0:20:12.560000 --> 0:20:15.320000 But when you get to the section about TCP IP, you see there's a little 0:20:15.320000 --> 0:20:16.240000 bit difference there. 0:20:16.240000 --> 0:20:19.800000 They also recognize that that second layer is called the transport layer, 0:20:19.800000 --> 0:20:24.520000 but it's also sometimes called the host to host layer. 0:20:24.520000 --> 0:20:27.840000 As a matter of fact, back when I was learning about the TCP IP model like 0:20:27.840000 --> 0:20:32.700000 15 years ago, that's how I learned it was the host to host layer. 0:20:32.700000 --> 0:20:34.700000 So, what's the takeaway from this? 0:20:34.700000 --> 0:20:38.780000 Well, you're watching this video presumably because you want to pass a 0:20:38.780000 --> 0:20:43.780000 Cisco test. And like with many things in life, sometimes Cisco books won't 0:20:43.780000 --> 0:20:47.760000 exactly correlate to other books or other standards or other things you've 0:20:47.760000 --> 0:20:49.120000 seen in real life. 0:20:49.120000 --> 0:20:53.360000 When there's a discrepancy, I'd recommend you memorize the Cisco stuff 0:20:53.360000 --> 0:20:56.080000 because actually you're taking a Cisco test. 0:20:56.080000 --> 0:20:58.500000 And so they're probably going to be tested on the way they want you to 0:20:58.500000 --> 0:21:03.360000 know it. Going down here again, the third layer is the internet layer 0:21:03.360000 --> 0:21:05.880000 which then update was called the network layer. 0:21:05.880000 --> 0:21:07.620000 So that's pretty much easy to remember. 0:21:07.620000 --> 0:21:09.920000 So that sort of maps out to what we already know. 0:21:09.920000 --> 0:21:15.520000 And then lastly, that last layer used to be called the link layer in the 0:21:15.520000 --> 0:21:16.860000 TCP IP update model. 0:21:16.860000 --> 0:21:20.220000 They actually changed that to the data link and physical layer. 0:21:20.220000 --> 0:21:24.720000 So you can see with the TCP IP updated model, it's almost the same as 0:21:24.720000 --> 0:21:28.780000 the OSI model. It's just that the layer 7, 6, and 5 have all been rolled 0:21:28.780000 --> 0:21:33.360000 into one. Everything else from layers 4 on down has the exact same name. 0:21:33.360000 --> 0:21:37.160000 So you definitely want to memorize those two models there for the CCT 0:21:37.160000 --> 0:21:39.960000 routing and switching certification exam. 0:21:39.960000 --> 0:21:41.880000 And that concludes this video.