Keywords: router, SOHO router, switch, level 2 switch, ethernet hub, ethernet port, NIC, IP address, MAC address, DHCP server, Local Area Network, LAN, subnet mask, subnetting, ARP tables, TCP/IP packet, datagram, frame, RJ45, networking, network hardware, network device
This page is currently under extreme revision, bear with us
Network hardware: routers and switches
We have defined the Internet as a “network of networks” of connected devices. Let’s explore this concept further.
Most switches manage TCP/IP packets at the frame (MAC address, OSI layer 2) level. For this reason, they can also be referred to as “level 2 switches” (level 3 switches also exist, however they are beyond the scope of this discussion, which will only refer to the classical level 2 switches). In other words, switches know nothing about IP addresses and only manage packets traffic by using MAC addresses. This may be obscure for now, but will become clear in the packet journey across networks part of this section below. Hang tight.
We could build a simple standalone network, such as a Local Area Network (LAN) of computers and other connected devices (printers, network drives, network cameras, connected toasters, connected light bulbs etc…) with just a switch and a few ethernet cables (and/or a WiFi access point if the devices have wireless cards).
We would connect all the devices to the switch through the cables.
For an automatic assignment of network configuration parameters (IP address, subnet mask) on connection of the devices to the network, we could then install a DHCP server in one of the computers. We could still manage without a DHCP server by configuring the network settings of each device manually.
The topic of IP addresses, IP classes and subnet masks is complex and addressing it comprehensively is beyond the scope of this book. For the sake of this discussion let’s just say that the network mask defines, within an IP address, which part is reserved to the network identification (this part of the IP address is called the network prefix) and which part is available for identifying the devices on the local network (the hypothetical LAN for this example). This second part of the IP address is called the host part. Thanks to subnet mask, the host number part of the IP address can further subdivided in a subnet number plus the host number. This operation is referred to as subnetting and can be very useful when a unique network that must comprise more than 255 devices is needed, which is frequent in large organizations.
The subnet mask 255.255.255.0 is associated to small local networks of up to 255 devices each. It indicates that the first 24 bits of the IP address are reserved to the network prefix, while the last 8 bits (IPv4 IP addresses are 32 bits numbers) are reserved for the hosts. For this reason, a network associated with this IP range:
can be referred to as
where 24 indicates that the first 24 bits of the IP are reserved to the network prefix. This is called the CIDR notation.
In summary, with a subnet mask of 255.255.255.0, the 192.168.0 part of the IP addresses would identify the network, while the host part, that can contain numbers from 0 to 255, would refer to each individual device of the LAN. Valid IP addresses for this range could be for example 192.168.0.22 or 192.168.0.45.
Addresses in the range 192.168.1.0/24 would then be on different network (the one with a 192.168.1 network prefix, as opposed to 192.168.0).
We could connect up to 255 devices to a switch (if it had enough connection slots), assign each one an IP address in the same range, for instance 192.168.0.0-255 and a subnet mask of 255.255.255.0 and there we have a working local network in which each device can communicate with the others.
Routers manage TCP/IP packets at the datagram (IP, OSI layer 3) level.
You may have noticed that in our “standalone network” building above, the word “router” was not mentioned. Indeed, a router is a device needed to connect networks, to establish a “route” between two or more networks. For each of the networks to be connected, the router needs a dedicated NIC with an IP address in the range of the network it is associated with. In order to build a standalone network, a router is therefore not needed. If instead we wish to connect a local network to another network, be it another local network or the Internet, we do need a router.
While a router could be as simple as a small inexpensive PC with two NICs, for example two ethernet ports, such as the one shown in the figure below,
other router models are big, heavy, expensive and somewhat intimidating devices that lie at the core of the Internet, regulating and shaping the word’s exchange of data within big organizations, whole countries or across nations.
The concept that a router is not needed to build a local network may be confusing as home users with an inclination toward technology are now well aware that they can use one of those commercial “routers”, that can be bought for 20-200$/€ (or more!) in every consumer electronics store, to build an local network with computers, printers, cameras etc…
One reason for the confusion is that the routers home users are familiar with, technically known as “SOHO” (Small Office Home Office) routers, are not routers in the pure networking sense of the term that was outlined above. A SOHO router merges several traditionally distinct network devices with different functions, namely a switch, a wireless access point, a DHCP server and, indeed, a router, into a single hardware device. You know know, thanks to what was discussed above, that while building your home/local network, you are actually using the switch, access point and DHCP server parts of the SOHO device. The router part only comes into play when you want to connect your home/local network to the Internet.
We know that network traffic based on the TCP/IP standard is made by packets, as discussed in the previous section of this chapter. We can therefore define a router as a “device that forwards packets through computer networks” (ref: Wikipedia).
Following the journey of a TCP/IP packet across networks
In order to follow the journey of a TCP/IP packet from one computer to another located on a different network, across network hardware, let us consider two networks connected by a router, such as the example in the next figure.
Let us now simplify the picture and retain just one computer from network 1, the source computer for our packet, and one computer from network 2, the destination computer.
The journey of the packet is schematized in the next figure. Please click on it for a larger version.
Let’s analyse what happens in the figure above.
1) A data packet was created on OSI layer 4 (not shown in the packet representation in the figure), then encapsulated into a datagram, with source and destination IPs (shown) and finally in a frame, with source and destination MAC addresses (shown). We have already discussed this TCP/IP encapsulation procedure in the previous section.
2) The packet reaches the network switch by traveling in the physical layer (OSI layer 1, the network ethernet cable). The switch reads the destination MAC address from the frame. If the packet destination is inside the network, the packet is delivered to destination, there was no need to read datagram (IP addresses) information, and transmission is over. No router needed. If instead the destination device is outside of the local network, the destination MAC address is the one of the gateway (the router).
Nota bene: The switch knows which one of his ports is associated with which MAC address and only forward the packet to the correct port. Incidentally, this is what differentiates switches from ethernet hubs (which at first sight look very similar to switches with their array of ethernet ports), as hubs just forward every packet to every port (this is called broadcasting), leaving to each connected device the task of figuring out if the packet was destined to them or not. Switches therefore optimize the traffic, while hubs are highly inefficient and have limited speed, for this very reason.
3) The packet reaches the router’s NIC interface associated to the current network.
4) Here comes the routing part. The router strips the frame from the packet, as it is not needed anymore, exposing layer 3 (IP addresses) information. This is what the router works with.
5) The packet is transferred to the NIC associated with the destination network. In the figure we only have two networks. However the router may have more than two NICs and be associated with more than two networks.
6) By looking into his ARP tables, that allow the resolution of logical addresses (IP addresses) to physical addresses (MAC addresses), the router encapsulates the datagram into a new frame. So now the router’s job is over and it’s the switch turn again to manage the packet.
7) The packet with the brand new frame gets to the switch belonging to the second network, that transfers it to the port corresponding to the MAC address of the destination computer.
8) The packet has reached the intended destination
The description of the flow of events associated with the journey of a TCP/IP packet across networks, in this format, was inspired by the following “Networking crash course” video by Canadian engineer Mark Fourneaux. You may want to watch it carefully as it is extremely well done, easy to follow and informative. It is part of a comprehensive video series on setting up a router with the pfSense software, a useful and empowering exercise to do by the way. Thank you Mark for sharing this on the Internet!
A 101 practical guide on setting up a small home or office LAN
A typical task you may want to perform is to set up a small LAN at home or in the lab. Let’s see how to go about that by using a commercial SOHO router.
The starting point to consider is where does the Internet connectivity will come from. At home, it may be the telephone line plug, while in an academic (University) or corporate (company) environment it could be an ethernet female plug (called a keystone) on the wall.
Connecting your SOHO router to the Wide Area Network (WAN)
In the case of the phone plug, an ADSL router will be needed. In addition to the switch, router, access point and DHCP server shown in the figure above in this page, ADSL SOHO routers will also contain a modem, that allows connection to your ISP through the phone line. Configuration of an ADSL router for connection to the ISP is beyond the scope of this page. ISPs usually provide a username and password for the ADSL router connection together with detailed configuration instruction. They also often provide their own router to be installed locally in your home, maybe already setup for connection.
If an ethernet plug is already available in the wall of your office or lab, a plain non ADSL router will do the job. Let’s discuss this second scenario from the start. The keystone you have available on the wall will be connected, through a cable, to a switch somewhere in the building. Maybe on your floor, maybe in a central location that serves connectivity to the entire building. Building network configurations and wirings are highly variable and we cannot cover here all the possibilities. Suffice it to say that the ethernet keystone on your wall will be connected to a switch, and this switch will itself be connected to a router. Therefore the LAN we are about to build will be part of a larger network that spans your whole floor or building.
This larger network may, or may not, include a DHCP server. If it does, on plugging a device with a NIC (such as a computer or a SOHO router) to the keystone by using an ethernet cable, network parameters such as an IP address, a subnet mask and DNS servers addresses will be provided automatically to the NIC of your device by the DHCP server. If it does not, your device will have to be configured manually. Configuration details (for one, a valid IP address) will be typically provided by the entity in charge of the network. To setup your own LAN starting from this single keystone plug on the wall you will need, in a way or another, a valid “external” IP, the one your SOHO router will use to join the larger floor or building network. Again, this IP may be obtained by either DHCP or by the system administrator of your organization’s network. All the internal IP addresses of your LAN, you can instead manage yourself.
In practice, how can you configure your router to act as a DHCP client for the WAN connection, or maybe assign to the WAN interface network parameters manually? Your SOHO router will have a built-in web interface for this task and all the other tasks involved in using it to create a LAN. In order to access this web interface you will have to connect a PC or laptop to it, by using an ethernet cable and one of the router’s switch ethernet plugs.
Let’s now connect for example a laptop to one of the router’s switch ports with a cable. For this connection to be successful, the laptop will typically have to be configured as DHCP client and get an IP address and the other network configuration parameters directly from the SOHO router’s DHCP server. Configuration of the laptop as DHCP client is usually the default, and so is configuration of the router as DHCP server, so, on average, all you will need to do is to plug an ethernet cable from your laptop to the router’s switch for a successful connection to occur.
Then you have to use your laptop browser to access the router’s web interface, whose address in most cases will be 192.168.1.1 (Linksys) or 192.168.0.1 (D-Link and Netgear). This may however be different depending on the router model.
If your laptop or PC runs Linux, typing
netstat -r -n
in a shell will provide the gateway (router) IP address within the LAN.
Tip: don’t be confused. SOHO routers have 2 different IP addresses that they respectively use to join the WAN and LAN networks. In the context of connecting a laptop or PC to the router to access the router’s web interface and set router’s connection parameter, we need to use the internal or LAN address of the router as address to visit through browser.
In the following figure the web interface for a Netgear SOHO router is show, in particular the initial setup page where you can decide if, in order to connect to the WAN, the router should behave as a DHCP client or get connection parameters (IP, subnet mask, gateway) assigned manually.
Configuring the Local Area Network (LAN)
Once the WAN connection of the router is set up correctly, we can proceed to the configuration of our LAN. In this respect, it should be noted that a WAN connection is only needed if we want to connect our LAN to the Internet, which is usually the case. We could however skip the WAN part if all we need is an unconnected, stand alone local network.
The LAN configuration part can be fairly simple, the relevant page for this on a Netgear router web interface is shown below.
Let’s examine the sample LAN setup page shown above. In the first part, we can change the default internal IP of the router itself within the LAN. In this case it is 188.8.131.52, which is standard for Netgear routers. Based on the router IP, the web interface will assume a /24 configuration for the LAN (in this case this will be 192.168.1.0/24) and propose a range of IP addresses available for the DHCP server (second section of the LAN setup page) to be assigned to the devices connected to the router. This will apply to both the devices connected to the switch through a cable and the devices connected to the wireless access point. Indeed, the switch ethernet ports and the access point are bridged together, so that all connected devices to either the switch or the access point will belong to the same network (when properly configured, of course).
The last part of the LAN setup page is the “address reservation” part, in which we can decide to reserve certain IP addresses within the DHCP range established before to devices with a specific MAC address within the network. This is useful to ensure that certain devices, for example a shared printer or a network camera, can always be found at the same IP address within our local network, and that, if temporarily disconnected (for example when the printer power is shut off, maybe at night), the device IP is not assigned to another device by the router’s DHCP server.
If we decide to enable the router DHCP server, then all we have to do to connect devices to the LAN is to ensure, in each device, that the network settings are set to DHCP client (get network parameters/IP address/DNS server addresses automatically).
In alternative, we can configure each device individually by assigning:
– An IP address in the LAN range
– A subnet mask, typically 255.255.255.0 for a /24 network
– A gateway address: the internal/LAN IP address of the router
– DNS servers addresses, we could for example use those provided for free by OpenDNS, 184.108.40.206 and 220.127.116.11 at the time of this writing
Setting up the wireless network
SOHO routers usually have an embedded wireless access point that is bridged with the ethernet ports of the router’s switch, so that devices connected through cable or by wireless are effectively on the same network and can communicate seamlessly. Sometimes SOHO routers have an additional option for a guest wireless network with an option of “network isolation”, so that devices connected to the wireless guest network cannot communicate of have access to the main network. This can be useful for privacy or security reasons as it allows guests access the Internet without letting them access the home or lab network.
To configure a wireless network, the network is assigned a SSID (Service Set IDentifier). This is the name of the network that can be seen in the client (PC/phone/tablet) network settings, when available wireless networks to connect with are visualised. The SSID can be either broadcasted or not. If broadcasted, it can be seen by any device with wireless capabilities and easily used to connect to the network. If not broadcasted, it has to be entered manually in the wireless settings of the client in order to connect to the corresponding network.
WORK IN PROGRESS!
From the previous sections, it should now be clear that routers play a key role in regulating and making possible the data flow on the Internet based on the TCP/IP standards. Indeed some routers are big, costly, complex pieces of hardware located in key nodes of the world network (Figure 1-3-1).
However, inexpensive, light weight routers are now available, from many different manufacturers, that allow the easy creation of an home or office Local Area Network, and the connection of this LAN to the Internet (Figure 1-3-2). This second step is optional, it is perfectly possible, with such routers, to create a private LAN not connected to the internet. Some models will allow the creation of more than one LAN (for example a private LAN reserved to lab members and a guest LAN, with a printer and internet access), but we will not discuss this here.
Home routers have several ethernet ports on the back. Typically 5 for smaller models (Figure 1-3-2). One of these ports have the purpose of connecting the router to the Internet. The other 4 allow the connection of network devices such as computers, printers, scanners, network drives (for storage and backups) and more. All these devices of course support TCP/IP. In addition to connecting the devices via ethernet cables, more devices (or all the devices) can be connected through a wireless connection. From the network point of view there is no particular difference between a device connected by wireless and a device connected by cable. They are both connected to the router and belong to the same LAN.
In a typical scenario, the router is configured as DHCP server, which means it will provide a LAN IP address to any device that is connected to it, either by a wire or wirelessly (Figures 1-3-3 and 1-3-4). This address is a local address, only visible INSIDE the LAN. This address, that might be something like 192.168.1.24, is not a public internet address, this is a crucial concept to understand in this discussion.
The router configuration can be fine-tuned in the router administration interface. This is accessible from any computer connected to the router, for example through a ethernet cable connecting the computer to one of the LAN ethernet ports on the router. No internet connection is required at this time, just a cable between the computer and the router. The router admin interface is accessed through a browser, by typing the IP address of the router (Figure 1-3-4).
Please note that the router, at the end of the day, will have 2 different IP addresses (see Figure 1-3-3), one “for the inside” of the LAN – the router will be the gateway of the LAN so this is known as the gateway address – , another one for the Internet. To connect to the admin interface of the router we need to type the internal/gateway address. This will typically be something like 192.168.1.1, that is, on the LAN, the router will reserve the number 1 (the last number in the IP address) for himself. It can then assign one of the other 244 addresses available (from 192.168.1.2 to 192.168.1.225) to any device that is connected to the router’s LAN.
Devices inside the LAN can see each other through their internal LAN addresses, the ones assigned to each by the router when they were connected. You can think of a LAN as a “small Internet”, where the same rules and protocols (TCP/IP of course) apply, as in the “real” Internet. Inside a big LAN (say a department or Faculty LAN) you could have web servers, mail servers, FTP servers and all the goodies you might expect on the Internet, even if the LAN is totally disconnected from the Internet. All the services (for example websites) would be available only to those connected to the LAN. Such model is sometimes referred to as an “Intranet“, and it is commonly found within organizations of every kind, including academic and research centers.
With an home router, you can easily create your own home or lab LAN, which allow connected users to share a number of internal resources such as for example printing, and to connect to the internet. If you do not really need the LAN for shared internal resources, you can still use an home router as a connectivity multiplier. If you can connect it to one ethernet port (maybe the only port you have available), you can then use it to connect up to 244 devices (for most basic models) to the internet, through this single and only ethernet port.
With this basic knowledge and maybe some digging into the router available options and the router’s manual, you should be able to setup a lab lan for your computing needs and those of your co-workers.
You might wonder, if the internal LAN address of a PC is not available/accessible from the Internet, how can you possibly send requests to Internet servers and get a reply at your (invisible) Ip address? How can you browse a web page? The answer lies in a mechanism known as Network Address Translation (NAT). The router uses NAT to send out your requests with his own public address. When the return data arrives, the router applies NAT to route back the data to your IP. This is a technical aspect beyond the scope of this tutorial.