HCIA-Cloud Computing V5.

0 Learning Guide Page 72

4 Network Technology Basics

Network technologies are the basis for the interconnection of all platforms and services.
What exactly is a network? What are the basic principles of network communication?
And what are the common network technologies? This course will answer these
questions and more.

4.1 IP Address Basics

4.1.1 What Is an IP Address?

Figure 4-1 IP address

An IP address is a unique logical address used to identify a device that sends or receives
data packets on a network.
On an IP network, to connect a PC to the Internet, you need to apply an IP address for
the PC. An IP address is like a real-world address. It identifies a node on a network, and is
used to find the destination. Global network communication is based on IP addresses.
An IP address is an attribute of an interface on a network device, not an attribute of the
network device itself. To assign an IP address to a device is to assign an IP address to an
interface of the device actually. If a device has multiple interfaces, each interface requires
at least one IP address. (An interface that requires an IP address is usually the interface
on a router or a computer.)

4.1.2 IP Address Format

⚫ IP address format:
HCIA-Cloud Computing V5.0 Learning Guide Page 73

An IP address has 32 bits and consists of four bytes. For the convenience of reading and
writing, an IP address is usually in the format of dotted decimal notation.
⚫ Dotted decimal notation:
This type of IP address format is commonly used because it is easy to understand.
However, a communication device uses binary digits to calculate the IP address.
Therefore, it is necessary to master the conversion between decimal and binary digits.
⚫ IPv4 address range:
0.0.0.0–255.255.255.255

4.1.3 IP Address Structure

Figure 4-2 IP address structure

As shown in Figure 4-2, an IPv4 address consists of two parts:
1. Network portion: identifies a network segment.
⚫ IP addresses do not show any geographical information. The network bits indicate
the segment to which an IP address belongs.
⚫ Network devices with same network bits are located on the same network,
regardless of their physical locations.
2. Host portion: uniquely identifies a host on a network segment.
An IP address should be used together with a subnet mask. A subnet mask is also called
a netmask.
⚫ Same as an IP address, a subnet mask consists of 32 bits, and is also displayed in
dotted decimal notation generally.
⚫ A subnet mask is not an IP address. A subnet mask written in the binary format
consists of consecutive 1s and 0s.
⚫ Generally, the number of 1s in a subnet mask is the length of the subnet mask. For
example, the length of the subnet mask 0.0.0.0 is 0, and that of 252.0.0.0 is 6.
⚫ How to identify the network and host bits in an IP address: In a subnet mask, bits
with the value of 1 correspond to the network bits in an IP address, while bits with
the value of 0 correspond to the host bits. In other words, the number of 1s in a
subnet mask equals to the number of network bits in an IP address, while the
number of 0s equals to the number of host bits.
HCIA-Cloud Computing V5.0 Learning Guide Page 74

4.1.4 IP Address Classes (Classified Addressing)

Figure 4-3 IP address classes

IP addresses are classified into five classes to facilitate IP address management and
networking:
⚫ The easiest way to determine the class of an IP address is to check the first bits in its
network bits. The class fields of class A, class B, class C, class D, and class E are
binary numbers 0, 10, 110, 1110, and 1111, respectively.
⚫ Class A, B, and C addresses are unicast IP addresses (except some special addresses).
Only these three types of addresses can be assigned to hosts.
⚫ Class D addresses are multicast IP addresses.
⚫ Class E addresses are used for special experimental purposes.
Note: This section focuses only on class A, B, and C addresses.
Comparison between class A, B, and C addresses:
⚫ Networks using class A addresses are called class A networks. Networks using class B
addresses are called class B networks. Networks using class C addresses are called
class C networks.
⚫ The number of network bits of a class A network is 8. The number of network bits is
small, so the number of addresses that can be assigned to the hosts is large. The first
bit in the network bits of a class A network is always 0. The address range is 0.0.0.0–
127.255.255.255.
⚫ The number of network bits of a class B network is 16, and the first two bits are
always 10. The address range is 128.0.0.0–191.255.255.255.
⚫ The number of network bits of a class C network is 24. The number of network bits
is large, so the number of addresses that can be assigned to the hosts is small. The
first three bits in the network bits of a class C network are always 110. The address
range is 192.0.0.0-223.255.255.255.
Note:
⚫ A host refers to a router or a computer, and the IP address of an interface on a host
refers to the host IP address.
⚫ Multicast address: Multicast refers to one-to-many message transmission.

4.1.5 Public/Private IP Address

⚫ Public IP address
HCIA-Cloud Computing V5.0 Learning Guide Page 75

Public IP addresses are assigned by the Internet Corporation for Assigned Names and
Numbers (ICANN) to ensure that each IP address is unique on the Internet. Public IP
addresses can be used for accessing the Internet.
⚫ Private IP address
Some networks do not need to connect to the Internet, for example, a network in a
closed lab of a university. However, the IP addresses of network devices on the lab
network still need to be unique to avoid conflicts. Some IP addresses of classes A, B, and
C are reserved for this kind of situation. These IP addresses are called private IP
addresses.
Class A: 10.0.0.0–10.255.255.255
Class B: 172.16.0.0–172.31.255.255
Class C: 192.168.0.0–192.168.255.255

Figure 4-4 Connecting a private network to the Internet

Private IP addresses are used to resolve IP address shortage. At first, a private network is
not allowed to directly connect to the Internet because it uses a private IP address. Due
to actual requirements, many private networks also want to be connected to the Internet
to communicate with the Internet or other private networks through the Internet. The
interconnection between a private network and the Internet is implemented through the
network address translation (NAT) technology.
Note:
⚫ NAT is used to translate private IP addresses into public IP addresses.
⚫ ICANN is a standards organization that oversees global IP address allocation.

4.1.6 Special IP Addresses

There are some special IP addresses that have special meanings and functions.
HCIA-Cloud Computing V5.0 Learning Guide Page 76

Figure 4-5 Special IP addresses

⚫ 255.255.255.255
This address is called a limited broadcast address and can be used as the destination IP
address of an IP packet.
After receiving an IP packet whose destination IP address is a limited broadcast address, a
router stops forwarding the IP packet.
⚫ 0.0.0.0
If this address is used as a network address, it refers to the network address of any
network. If this address is used as a host address, it refers to an interface IP address of a
host on the network.
For example, when a host does not obtain an IP address during startup, it can send a
DHCP Request packet with the source IP address being 0.0.0.0 and the destination IP
address being a limited broadcast address to the network. The DHCP server will assign an
available IP address to the host after receiving the DHCP Request packet.
⚫ 127.0.0.0/8
This address is a loopback address that can be used as the destination IP address of an IP
packet. It is used to test the software system of the device.
An IP packets whose destination IP address is a loopback address cannot leave the device
which sends the packet.
⚫ 169.254.0.0/16
If a network device is configured to automatically obtain an IP address but does not find
an available DHCP server on the network, the device uses an IP address on the
169.254.0.0/16 network segment for temporary communication.
Note: DHCP is used to dynamically allocate network configuration parameters, such as IP
addresses.

4.1.7 Subnet Mask and Available Host Address

Generally, the network range defined by a network ID is called a network segment. The
subnet mask is used to calculate the network ID and host ID in an IP address.
Generally, in a network segment, the first address is the network address of the network
segment, and the last address is the broadcast address of the network segment. Network
addresses and broadcast addresses cannot be used as the addresses of nodes or network
devices. Therefore, the number of available IP addresses on a network segment is the
number of IP addresses on the entire network segment minus 2. If the number of host
HCIA-Cloud Computing V5.0 Learning Guide Page 77

bits of a network segment is n, the number of IP addresses on the network segment is 2ⁿ,
and the number of available host addresses is 2ⁿ - 2 (subtracting the network address
and broadcast address).

4.1.8 IP Address Calculation

Figure 4-6 IP address calculation

As shown in Figure 4-6, the address calculation formula is as follows:
⚫ Network address: Change all host bits of an IP address to 0, and the result is the
network address of the network to which the IP address belongs.
⚫ Broadcast address: Change all host bits of an IP address to 1, and the result is the
broadcast address of the network to which the IP address belongs.
⚫ Number of IP addresses: 2ⁿ, where n indicates the number of host bits.
⚫ Number of available IP addresses: 2ⁿ - 2, where n indicates the number of host bits.
Based on these rules, you can easily calculate the required IP addresses.
The answer to the extra practice in Figure 4-6 is as follows:
⚫ Network address: 10.0.0.0
⚫ Broadcast address: 10.255.255.255
⚫ Number of IP addresses: 224
⚫ Number of available IP addresses: 222 (224 - 2)
⚫ Range of available IP addresses: 10.0.0.1-10.255.255.254

4.1.9 Subnet Division

In practice, if a class A network is assigned to an organization but the number of hosts in
the organization is less than 16777214, a large number of IP addresses will be idle and
wasted. Therefore, a more flexible method is required to divide the network based on the
network scale. The idea is to divide a network into multiple subnets for different
organizations to use through the variable length subnet mask (VLSM) technology. VLSM
can be used on both public networks and enterprise networks. VLSM allows an
organization to divide a network into multiple subnets based on the network scale for
different departments to use.
HCIA-Cloud Computing V5.0 Learning Guide Page 78

For example, a company is assigned a class C IP address 201.222.5.0. Assume that 20

subnets are required and each subnet contains five hosts. How should we divide the
subnets?
In the preceding example, 201.222.5.0 is a class C address, whose default subnet mask is
24. Assume that 20 subnets are required and each subnet contains five hosts. The last
byte (8 bits) of 201.222.5.0 should be divided into subnet bits and host bits.
The number of subnet bits determines the number of subnets. As this address is a class C
address, the total number for subnet bits and host bits is 8. Because the value 20 is in the
range of 24 (16) to 25 (32), 5 bits should be reserved for subnet bits. The 5-bit subnet
part allows a maximum of 32 subnets. The 3 bits left are host bits, which means that
there are a maximum of 23 (8) IP addresses. Except for one network address and one
broadcast address, six addresses can be used by hosts.
The network segments are:
201.222.5.0–201.222.5.7
201.222.5.8–201.222.5.15
201.222.5.16–201.222.5.23
...
201.222.5.232–201.222.5.239
201.222.5.240–201.222.5.247
201.222.5.248–201.222.5.255

4.2 Introduction to Network Technologies

4.2.1 Network Basics
4.2.1.1 Concept of Network Communication
Communication refers to the information transfer and exchange between people,
between people and things, and between things through a certain medium and action.
Network communication refers to communication between terminal devices through a
computer network.
HCIA-Cloud Computing V5.0 Learning Guide Page 79

Figure 4-7 Network communication

Examples of network communication:
⚫ A: Two computers are connected through a network cable to form a simple network.
⚫ B: A router (or switch) and multiple computers form a small-scale network. In such a
network, files can be freely transferred between every two computers through a
router.
⚫ C. If a computer wants to download files from a website, it must access the Internet
first.
The Internet is the largest computer network in the world. Its predecessor, Advanced
Research Projects Agency Network (ARPANET), was born in 1969. The wide
popularization and application of Internet is one of the signs of entering the information
age.

4.2.1.2 Information Transfer Process

Figure 4-8 Information transfer process

There are many similarities between virtual information transfer and real item transfer.
We can compare the express delivery process with the network communication process.
1. Items to be delivered:
⚫ The information (or data) generated by the application.
2. The item is packed into a package and pasted with a package label containing the
receiver's name and address:
⚫ The application packs the data into an original data payload and adds a header and
a tail to form a packet. The important information in the packet is the address of the
receiver, that is, the destination address.
⚫ Encapsulation is a process in which new information segments are added to an
information unit, forming a new information unit.
3. The package is delivered to a distribution center in which packages are sorted based
on the destination addresses. The packages destined for the same city are placed in the
same plane for airlift:
⚫ The packet reaches the gateway through a network cable. After receiving the packet,
the gateway decapsulates the packet, obtains the destination address, re-
HCIA-Cloud Computing V5.0 Learning Guide Page 80

encapsulates the packet, and sends the packet to different routers based on the
destination address. The packet is transmitted through the gateway and router,
leaves the local network, and is transmitted through the Internet.
⚫ The network cable is the medium for information transmission, and plays the same
role as the highway for item transmission.
4. After the plane arrives at the destination airport, the packages are taken out for
sorting, and the packages destined for the same area are sent to the same distribution
center:
⚫ The packet is transmitted through the Internet and reaches the local network where
the destination address resides. The gateway or router of the local network
decapsulates and encapsulates the packet, and then determines the next-hop router
according to the destination address. Finally, the packet reaches the gateway of the
network where the destination computer resides.
5. The distribution center sorts the packages according to the destination addresses on
the packages. The courier delivers the packages to the receiver. The receiver unpacks the
package, confirms that the items are intact, and signs for the package. The entire express
delivery process is complete:
⚫ After the packet reaches the gateway of the network where the destination
computer resides, the gateway decapsulates and encapsulates the packet, and then
sends the packet to the corresponding computer according to the destination
address. After receiving the packet, the computer verifies the packet. If the packet
passes verification, the computer accepts the packet and sends the data payload to
the corresponding application program for processing. A complete network
communication process is complete.

4.2.1.3 What Is a Gateway

Figure 4-9 What is a gateway

A gateway is also called an inter-network connector or a protocol converter. A default
gateway implements network interconnection above the network layer.
Just like you must walk through a door when entering a room, information sent from one
network or network segment to another must pass through a gateway. We can say the
gateway is the door to another network.
A gateway plays significant roles in not only its role but also its configuration:
HCIA-Cloud Computing V5.0 Learning Guide Page 81

⚫ When a host (such as a PC, server, router, or firewall) wants to access another
network segment, the gateway is responsible for sending ARP packets, and receiving
and forwarding subsequent data packets.
⚫ After the gateway is configured, the default route is generated on the host, with the
next hop being the gateway.

4.2.1.4 Basic Architecture of a Communication Network

Figure 4-10 Basic architecture of a communication network

Figure 4-10 shows an enterprise data center network (DCN). The major requirements of
an enterprise for the DCN include service operation and computing, data storage, and
service access.
The DCN thereby needs to enable device-device and device-user interconnection and
provide external access capabilities for services. Devices on such a network collaborate
with each other to implement communication:
⚫ Access switches connect to user hosts in office areas. Aggregation switches aggregate
traffic from access switches.
⚫ Routers forward traffic between different office areas and between internal and
external networks.
⚫ Firewalls implement access control for areas of different security levels and between
internal and external networks to ensure secure access.
In conclusion, a communication network consists of routers, switches, firewalls, PCs,
network printers, servers, and more, and its basic function is to implement data
communication.

4.2.1.5 Network Device - Switch

Generally, on a campus network, switches are closest to end users, and Layer 2 switches
(also known as Ethernet switches) are deployed at the access layer. Layer 2 refers to the
HCIA-Cloud Computing V5.0 Learning Guide Page 82

data link layer of the TCP/IP model. A switch connects end users to a network and
forwards data frames.
A switch can:
⚫ Connect terminals (such as PCs and servers) to the network.
⚫ Isolate collision domains.
⚫ Broadcast unknown packets.
⚫ Learn MAC addresses and maintain the MAC address table.
⚫ Forward packets based on the MAC address table.
Note:
Broadcast domain: a group of nodes, among which a broadcast packet from one node
can reach all the other nodes.
Collision domain: an area where a collision occurs when two devices on the same
network send packets at the same time.
Media Access Control (MAC) address: uniquely identifies a network interface card (NIC)
on a network. Each NIC requires and has a unique MAC address.
MAC address table: exists on each switch and stores the mapping between MAC
addresses and switch interfaces.

4.2.1.6 Network Device - Router

Working at the network layer, a router forwards data packets on the Internet. Based on
the destination address in a received packet, a router selects a path to send the packet to
the next router or destination. The last router on the path is responsible for sending the
packet to the destination host.
A router can:
⚫ Implement communication between networks of the same type or different types.
⚫ Isolate broadcast domains.
⚫ Maintain the routing table and run routing protocols.
⚫ Select routes and forward IP packets.
⚫ Implement WAN access and network address translation (NAT).
⚫ Connect Layer 2 networks built through switches.

4.2.1.7 Network Device - Firewall

As a network security device, a firewall is used to ensure secure communication between
two networks. Located between two networks of different trust levels (for example, an
enterprise intranet and the Internet), a firewall controls the communication between the
two networks and forcibly implements unified security policies to prevent unauthorized
access to key information resources, ensuring system security.
A firewall can:
⚫ Isolate networks of different security levels.
⚫ Implement access control (using security policies) between networks of different
security levels.
⚫ Perform user identity authentication.
HCIA-Cloud Computing V5.0 Learning Guide Page 83

⚫ Implement remote access.

⚫ Encrypt data and provide virtual private network (VPN) services.
⚫ Implement NAT.
⚫ Provide other security functions.

4.2.2 Network Reference Model and Data Encapsulation

4.2.2.1 OSI Reference Model
To achieve compatibility between networks and help vendors produce compatible
network devices, the International Organization for Standardization (ISO) launched the
Open Systems Interconnection (OSI) reference model in 1984. It was quickly adopted as
the basic model for computer network communication.

Figure 4-11 OSI reference model

The OSI reference model is also called the seven-layer model. The seven layers from
bottom to top are as follows:
⚫ Physical layer: transmits bit streams between devices and defines physical
specifications such as electrical levels, speeds, and cable pins.
⚫ Data link layer: encapsulates bits into octets and octets into frames, uses link layer
addresses (MAC addresses in Ethernet) to access media, and implements error
checking.
⚫ Network layer: defines logical addresses for routers to determine paths and transmits
data from source networks to destination networks.
⚫ Transport layer: implements connection-oriented and non-connection-oriented data
transmission, as well as error checking before retransmission.
⚫ Session layer: establishes, manages, and terminates sessions between entities at the
presentation layer. Communication at this layer is implemented through service
requests and responses transmitted between applications on different devices.
⚫ Presentation layer: provides data encoding and conversion functions so that data
sent by the application layer of one system can be identified by the application layer
of another system.
⚫ Application layer: provides network services for applications and is closest to users.

4.2.2.2 TCP/IP Reference Model

The TCP/IP reference model has become the mainstream reference model of the Internet
because the TCP and IP protocols are widely used and the OSI model is too complex.
HCIA-Cloud Computing V5.0 Learning Guide Page 84

Figure 4-12 TCP/IP model

Similar to the OSI model, the Transmission Control Protocol/Internet Protocol (TCP/IP)
model adopts a hierarchical architecture, and adjacent layers are closely related.
The standard TCP/IP model combines the data link layer and physical layer in the OSI
model into the network access layer. This division mode is contrary to the actual protocol
formulation. Therefore, the equivalent TCP/IP model that integrates the standard TCP/IP
model and the OSI model is proposed. Contents in the following sections are based on
the equivalent TCP/IP model.
TCP/IP was originated from a packet switched network research project funded by the US
government in the late 1960s. Since the 1990s, the TCP/IP model has become the most
commonly used networking model for computer networks. It is a truly open system,
because the definition of the protocol suite and its multiple implementations can be
easily obtained at little or even no cost. It thereby became the basis of the Internet.
Like the OSI reference model, the TCP/IP model is developed in different layers, each of
which is responsible for different communication functions. The difference is, the TCP/IP
model has a simplified hierarchical structure that consists of only five layers: application
layer, transport layer, network layer, data link layer, and physical layer. As shown in
Figure 4-12, the TCP/IP protocol stack corresponds to the OSI reference model and covers
all layers in the OSI reference model. The application layer contains all upper-layer
protocols in the OSI reference model.
The TCP/IP protocol stack supports all standard physical-layer and data-link-layer
protocols. The protocols and standards at the two layers will be further discussed in
following sections.
Comparison between the OSI reference model and TCP/IP protocol stack:
⚫ Similarities
1. They are both hierarchical and both require close collaboration between layers.
2. They both have the application layer, transport layer, network layer, data link layer,
and physical layer. (Note: The TCP/IP protocol stack is divided into five layers here to
facilitate comparison. In many documents, the data link layer and physical layer of
TCP/IP are combined into the data link layer, which is also called network access
layer.)
3. They both use the packet switching technology.
4. Network engineers must understand both models.
HCIA-Cloud Computing V5.0 Learning Guide Page 85

⚫ Differences
1. TCP/IP includes the presentation layer and session layer into the application layer.
2. TCP/IP has a simpler structure with fewer layers.
3. TCP/IP standards are established based on practices during the Internet development
and are thereby highly trusted. In comparison, the OSI reference model is based on
theory and serves as a guide.

4.2.2.3 Data Encapsulation on the Sender

Figure 4-13 Data encapsulation on the sender

Assume that you are using a web browser to access Huawei's official website. After you
enter the website address and press Enter, the following events occur on your computer:
⚫ Internet Explorer (application) invokes HTTP (application-layer protocol) to
encapsulate the application-layer data. (Data in the figure should also include the
HTTP header, which is not shown here.)
⚫ HTTP uses TCP to ensure reliable data transmission and thereby transmits the
encapsulated data to the TCP module.
⚫ The TCP module adds the corresponding TCP header information (such as the source
and destination port numbers) to the data transmitted from the application layer.
The protocol data unit (PDU) is called a segment.
⚫ On an IPv4 network, the TCP module sends the encapsulated segment to the IPv4
module at the network layer. (On an IPv6 network, the segment is sent to the IPv6
module for processing.)
⚫ After receiving the segment from the TCP module, the IPv4 module encapsulates the
IPv4 header. Here, the PDU is called a packet.
⚫ Ethernet is used as the data link layer protocol. Therefore, after the IPv4 module
completes encapsulation, it sends the packet to the Ethernet module (such as the
Ethernet adapter) at the data link layer for processing.
⚫ After receiving the packet from the IPv4 module, the Ethernet module adds the
corresponding Ethernet header and FCS frame trailer to the packet. Now, the PDU is
called a frame.
HCIA-Cloud Computing V5.0 Learning Guide Page 86

⚫ After the Ethernet module completes encapsulation, it sends the data to the physical
layer.
⚫ Based on the physical media, the physical layer converts digital signals into electrical
signals, optical signals, or electromagnetic (wireless) signals.
⚫ The converted signals are then transmitted on the network.

4.2.2.4 Data Transmission on the Intermediate Network

Figure 4-14 Data transmission on the intermediate network

Encapsulated data is transmitted on the network.
In most cases:
⚫ A Layer 2 device (such as an Ethernet switch) only decapsulates the Layer 2 header
of the data and performs the corresponding switching operation based on the Layer
2 header information.
⚫ A Layer 3 device (such as a router) only decapsulates the Layer 3 header and
performs the corresponding routing operation based on the Layer 3 header
information.
HCIA-Cloud Computing V5.0 Learning Guide Page 87

4.2.2.5 Data Decapsulation on the Receiver

Figure 4-15 Data decapsulation on the receiver

As shown in Figure 4-15, after being transmitted over the intermediate network, the data
finally reaches the destination server. Based on the information in different protocol
headers, the data is decapsulated layer by layer, processed, transmitted, and finally sent
to the application on the web server for processing.

4.2.3 Introduction to Common Protocols

4.2.3.1 Common TCP/IP Protocols

Figure 4-16 Common TCP/IP protocols

Figure 4-16 shows some common TCP/IP protocols.
⚫ Hypertext Transfer Protocol (HTTP): used to access various pages on web servers.
⚫ File Transfer Protocol (FTP): used to transfer data from one host to another.
⚫ Domain Name Service (DNS): translates domain names of hosts into IP addresses.
⚫ Transmission Control Protocol (TCP): provides reliable and connection-oriented
communication services for applications. Currently, TCP is used by many popular
applications.
⚫ User Datagram Protocol (UDP): provides connectionless communication services,
without guaranteeing the reliability of packet transmission.
HCIA-Cloud Computing V5.0 Learning Guide Page 88

⚫ Internet Protocol (IP): encapsulates transport-layer data into data packets and
forwards packets from source sites to destination sites. IP provides a connectionless
and unreliable service.
⚫ Internet Group Management Protocol (IGMP): manages multicast group
memberships. Specifically, IGMP sets up and maintains memberships between IP
hosts and their directly connected multicast routers.
⚫ Internet Control Message Protocol (ICMP): sends control messages based on the IP
protocol and provides information about various problems that may exist in the
communication environment. Such information helps administrators diagnose
problems and take proper measures to resolve the problems.
⚫ Address Resolution Protocol (ARP): a TCP/IP protocol that discovers the data link
layer address associated with a given IP address. It maps IP addresses to MAC
addresses, maintains the ARP table that caches the mapping between IP addresses
and MAC addresses, and detects IP address conflicts on a network segment.
The following sections describe several of these protocols in detail.

4.2.3.2 TCP

Figure 4-17 TCP packet format

Working at the transport layer, TCP provides reliable and connection-oriented services for
applications.
TCP provides reliability in the following aspects:
⚫ Connection-oriented transmission: A connection must be established before either
side sends data.
⚫ Maximum segment size (MSS): limits the maximum length of a TCP packet sent to
the receiver. When a connection is established, both parties of the connection
advertise their MSSs to make full use of bandwidth resources.
⚫ Transmission acknowledgment mechanism: After the sender sends a data segment, it
starts a timer and waits for an acknowledgment from the receiver. If no
acknowledgment is received when the timer expires, the sender resends the data
segment.
⚫ Checksum of the header and data: TCP maintains the checksum of the header and
data, implementing end-to-end check to verify whether the data changes during
transmission. If the checksum of a received segment is incorrect, TCP discards the
HCIA-Cloud Computing V5.0 Learning Guide Page 89

segment and does not acknowledge the receipt of the segment. In this case, TCP
starts the retransmission mechanism.
⚫ Flow control: Each party of a TCP connection has a buffer with a fixed size. The
receiver allows the sender to send only the data that can be stored in the receive
buffer, which prevents buffer overflow caused by the high transmission rate of the
sender.

4.2.3.3 UDP

Figure 4-18 UDP packet format

Also working at the transport layer, UDP provides connectionless services for applications.
That is, no connection needs to be established between the source and destination ends
before data transmission. UDP does not maintain connection states or sending and
receiving states. Therefore, a server can transmit the same message to multiple clients at
the same time.
UDP applies to applications that require high transmission efficiency or have the
reliability guaranteed at the application layer. For example, the Remote Authentication
Dial-In User Service (RADIUS) protocol used for authentication and accounting and
Routing Information Protocol (RIP) are based on UDP.

4.2.3.4 TCP vs. UDP

TCP and UDP are often compared because they both work at the transport layer and
provide transmission services for the application layer. Figure 4-19 compares TCP and
UDP.

Figure 4-19 TCP vs. UDP

TCP is reliable, but its reliability mechanism leads to low packet transmission efficiency
and high encapsulation overhead.
UDP is connectionless and unreliable, but its transmission efficiency is higher.
HCIA-Cloud Computing V5.0 Learning Guide Page 90

They both have advantages and disadvantages and apply to different scenarios.

4.2.3.5 Telnet

Figure 4-20 Telnet connection

Telnet provides remote login services on data networks. It allows users to remotely log in
to a device from a local PC. Telnet data is transmitted in plaintext. Telnet enables
network administrators to remotely log in to network devices for configuration and
management.
As shown in Figure 4-20, a user connects to a Telnet server through a Telnet client
program. The commands entered on the Telnet client are executed on the server, as if
the commands were entered on the console of the server.
However, Telnet has the following disadvantages:
⚫ Data is transmitted in plaintext, which does not ensure confidentiality.
⚫ The authentication mechanism is weak. Users' authentication information is
transmitted in plaintext and may be eavesdropped. Telnet supports only the
traditional password authentication mode and is vulnerable to attacks.
⚫ A client cannot truly identify the server. As a result, attackers can use a bogus server
to launch attacks.
SSH was designed to resolve the preceding issues.
HCIA-Cloud Computing V5.0 Learning Guide Page 91

4.2.3.6 SSH

Figure 4-21 SSH connection

SSH provides similar functions as Telnet. SSH is a network security protocol that employs
encryption and authentication mechanisms to implement services such as secure remote
access and file transfer.
SSH was developed to resolve security issues that Telnet may bring, ensuring secure
remote access to network devices.
SSH uses the client/server architecture and involves three layers: transport layer,
authentication layer, and connection layer.
SSH protocol layers:
⚫ Transport layer: establishes a secure encryption channel between a client and a
server to provide sufficient confidentiality protection for phases that require high
data transmission security, such as user authentication and data exchange.
⚫ Authentication layer: runs over transport-layer protocols and helps a server
authenticate login users.
⚫ Connection layer: divides an encryption channel into several logical channels to run
different applications. It runs over authentication-layer protocols and provides
services such as session interaction and remote command execution.
HCIA-Cloud Computing V5.0 Learning Guide Page 92

4.2.3.7 Telnet vs. SSH

Figure 4-22 Telnet vs. SSH

Figure 4-22 compares Telnet and SSH.
In general, SSH encrypts data before sending it, ensuring data transmission security. It
applies to scenarios where encrypted authentication is required. Telnet is still used in
tests or scenarios where encryption is not required (such as on a LAN).

4.3 Switching Basics

4.3.1 Ethernet Switching Basics
4.3.1.1 Ethernet Protocol
Ethernet is the most common communication protocol standard used by existing local
area networks (LANs). It defines the cable types and signal processing methods that are
used on a LAN.

Figure 4-23 Evolution of Ethernet networking

As shown in Figure 4-23, the Ethernet has evolved from the hub networking to the switch
networking.
⚫ Early Ethernet: Ethernet networks are broadcast networks established based on the
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) mechanism.
HCIA-Cloud Computing V5.0 Learning Guide Page 93

Collisions restrict Ethernet performance. Early Ethernet devices such as hubs work at
the physical layer, and cannot confine collisions to a particular scope. This restricts
network performance improvement.
⚫ Switch networking: Working at the data link layer, switches are able to confine
collisions to a particular scope, thereby helping improve Ethernet performance.
Switches have replaced hubs as mainstream Ethernet devices. However, switches do
not restrict broadcast traffic on the Ethernet. This affects Ethernet performance.

4.3.1.2 Layer 2 Ethernet Switch

Figure 4-24 Architecture of a communication network

As shown in Figure 4-24, Layer 2 Ethernet switches are located at the edge of a
communication network and function as access devices for user and terminal access.
Layer 2 Ethernet switches forward data through Ethernet interfaces. Specifically, a switch
performs addressing and forwards data only based on the MAC address in the Layer 2
header of an Ethernet data frame.
On a campus network, a switch is the device closest to end users and is used to connect
terminals to the campus network. Switches at the access layer are typically Layer 2
switches. A Layer 2 switch works at the second layer (data link layer) of the TCP/IP model
and forwards data packets based on MAC addresses. In Figure 4-24, Layer 3 switches are
above the Layer 2 switches. Generally, routers are required to implement network
communication between different LANs. As data communication networks expand and
more services emerge on the networks, increasing traffic needs to be transmitted
between networks. Routers cannot adapt to this development trend because of their high
costs, low forwarding performance, and small interface quantities. New devices capable
of high-speed Layer 3 forwarding are required. Layer 3 switches are such devices.
Note: The switches involved in this course refer to Layer 2 Ethernet switches.
HCIA-Cloud Computing V5.0 Learning Guide Page 94

4.3.1.3 MAC Address Table

Each switch has a MAC address table that stores the mapping between MAC addresses
and switch interfaces.

Figure 4-25 MAC address table

A MAC address table records the mapping between MAC addresses learned by a switch
and switch interfaces. When forwarding a data frame, the switch looks up the MAC
address table based on the destination MAC address of the frame. If the MAC address
table contains an entry mapping the destination MAC address of the frame, the frame is
directly forwarded through the outbound interface in the entry. If there is no match of
the destination MAC address of the frame in the MAC address table, the switch floods
the frame to all interfaces except the interface that receives the frame.

4.3.1.4 Three Frame Processing Behaviors of a Switch

Figure 4-26 Frame processing behaviors of a switch

A switch forwards each frame that enters an interface over a transmission medium,
which is also the basic function of a switch.
HCIA-Cloud Computing V5.0 Learning Guide Page 95

Figure 4-26 shows that a switch processes frames in three ways: flooding, forwarding,
and discarding.
⚫ Flooding: The switch forwards the frames received from an interface to all other
interfaces.
⚫ Forwarding: The switch forwards the frames received from an interface to another
interface.
⚫ Discarding: The switch discards the frames received from an interface.
A switch process a received frame based on the destination MAC address of the frame
and the MAC address table.
⚫ Flooding: If the destination MAC address of the frame received by the switch is a
broadcast MAC address or does not match any entry in the MAC address table, the
switch floods the frame.
⚫ Forwarding: If the destination MAC address of the frame received by the switch is a
unicast MAC address and matches an entry in the MAC address table, and the
interface that receives the frame is different from that of the matched entry, the
switch forwards the frame.
⚫ Discarding: If the destination MAC address of the frame received by the switch is a
unicast MAC address and matches an entry in the MAC address table, and the
interface that receives the frame is the same as that of the matched entry, the switch
discards the frame.

4.3.1.5 Working Principles of Switches

Figure 4-27 Working principles of switches

Layer 2 switches work at the data link layer and forward frames based on MAC
addresses. Different interfaces on a switch send and receive data independently, and each
interface belongs to a different collision domain. This effectively isolates collision
domains on the network.
Layer 2 switches maintain the mappings between MAC addresses and interfaces by
learning the source MAC addresses of Ethernet frames in a table called a MAC address
table. Layer 2 switches look up the MAC address table to determine the interface to
which a frame is forwarded based on the destination MAC address of the frame.
HCIA-Cloud Computing V5.0 Learning Guide Page 96

Figure 4-27 shows the working principles of a switch.

⚫ Host 1 sends a unicast frame with the destination MAC address being the MAC
address of Host 2.
⚫ When GE0/0/1 of the switch receives the frame, the switch learns the mapping
between GE0/0/1 and MAC1 and stores the mapping in the MAC address table.
⚫ The switch then searches its MAC address table based on the destination MAC
address of the frame to determine whether to forward, flood, or discard the frame.

4.3.2 VLAN Basics

4.3.2.1 Why Do We Need VLANs

Figure 4-28 Why do we need VLANs

As shown in Figure 4-28, traditional Ethernet switches learn source MAC addresses (MAC
addresses of hosts connected to the switch interfaces) of received frames to generate a
forwarding table, based on which the switch then forwards frames. All the interfaces can
communicate with each other, meaning that maintenance personnel cannot control
forwarding between interfaces. Such a network has the following disadvantages:
⚫ Low network security: The network is prone to attacks because all interfaces can
communicate with each other.
⚫ Low forwarding efficiency: Users may receive a large number of unnecessary packets
such as broadcast packets, which consume a lot of bandwidth and host CPU
resources.
⚫ Low service scalability: Network devices process packets on an equal basis and
cannot provide differentiated services. For example, Ethernet frames used for
network management cannot be preferentially forwarded.
HCIA-Cloud Computing V5.0 Learning Guide Page 97

In a word, broadcast packets have a wide-ranging impact on a network, and Ethernet has
no method for forwarding control. The Virtual Local Area Network (VLAN) technology
solves this problem.

4.3.2.2 Objectives of the VLAN Technology

Figure 4-29 Objectives of the VLAN technology

As shown in Figure 4-29, the VLAN technology divides users into multiple logical groups
(networks). Intra-group communication is allowed, whereas inter-group communication
is prohibited. Layer 2 unicast, multicast, and broadcast packets can be forwarded only
within a group. In addition, group members can be easily added or deleted.
In short, the VLAN technology provides a management method for controlling the
communication between terminals. As shown in the figure above, PCs in Group 1 and PCs
in Group 2 cannot communicate with each other.

4.3.2.3 What Is VLAN

The VLAN technology logically divides a physical LAN into multiple VLANs (broadcast
domains).
HCIA-Cloud Computing V5.0 Learning Guide Page 98

Figure 4-30 VLAN

Hosts within a VLAN can communicate with each other but cannot communicate directly
with hosts in other VLANs. This confines broadcast packets within a single VLAN. Inter-
VLAN communication is not allowed, which improves network security. For example, if
enterprises in the same building establish their own LANs, the cost is high. If enterprises
share the same LAN in the building, there may be security risks. In this case, the VLAN
technology can be adopted to enable enterprises to share the same LAN while ensuring
information security.
Figure 4-30 shows a typical VLAN networking. Three switches are deployed at different
locations, for example, on different floors of a building. Each switch is connected to three
PCs that belong to different VLANs (for example, VLANs for different enterprises).

4.3.2.4 VLAN Frame Format

Figure 4-31 VLAN frame format

As shown in Figure 4-31, IEEE 802.1Q adds a 4-byte VLAN tag to an Ethernet frame
header.
Tag Protocol Identifier (TPID): identifies a frame as an 802.1Q-tagged frame. This field is
of 2 bytes and has a fixed value of 0x8100.
Tag Control Information (TCI): indicates the control information of an Ethernet frame.
This field is of 2 bytes.
⚫ Priority: identifies the priority of an Ethernet frame. This field is of 3 bits. The value
of this field ranges from 0 to 7, providing differentiated forwarding services.
⚫ Canonical Format Indicator (CFI): indicates the bit order of address information in an
Ethernet frame. This field is used in token ring or FDDI source-routed MAC methods
and is of 1 bit.
HCIA-Cloud Computing V5.0 Learning Guide Page 99

⚫ VLAN Identifier (VLAN ID): controls the forwarding of Ethernet frames based on the
VLAN configuration on a switch interface. This field is of 12 bits, with its value
ranging from 0 to 4095.
Since VLAN tags are adopted, Ethernet frames are classified as untagged frames (without
4-byte VLAN tags) or tagged frames (with 4-byte VLAN tags).
Note: In this course, only the VLAN ID field is discussed.

4.3.2.5 VLAN Assignment Methods

PCs send only untagged frames on a network. After receiving such an untagged frame, a
switch that supports the VLAN technology needs to assign the frame to a specific VLAN
based on certain rules.
Available VLAN assignment methods are as follows:
1: Interface-based assignment: assigns VLANs based on switch interfaces.
⚫ A network administrator preconfigures a port VLAN ID (PVID) for each switch
interface. When an untagged frame arrives at an interface of a switch, the switch
tags the frame with the PVID of the interface. The frame is then transmitted in the
specified VLAN.
2. MAC address–based assignment: assigns VLANs based on the source MAC addresses of
frames.
⚫ A network administrator preconfigures the mapping between MAC addresses and
VLAN IDs. After receiving an untagged frame, a switch tags the frame with the VLAN
ID mapping the source MAC address of the frame. The frame is then transmitted in
the specified VLAN.
3. IP subnet–based assignment: assigns VLANs based on the source IP addresses and
subnet masks of frames.
⚫ A network administrator preconfigures the mapping between IP addresses and VLAN
IDs. After receiving an untagged frame, a switch tags the frame with the VLAN ID
mapping the source IP address of the frame. The frame is then transmitted in the
specified VLAN.
4. Protocol-based assignment: assigns VLANs based on the protocol (suite) types and
encapsulation formats of frames.
⚫ A network administrator preconfigures the mapping between protocol (suite) types
and VLAN IDs. After receiving an untagged frame, a switch tags the frame with the
VLAN ID mapping the protocol (suite) type of the frame. The frame is then
transmitted in the specified VLAN.
5. Policy-based assignment: assigns VLANs based on a specified policy, which means
VLANs are assigned based on a combination of interfaces, MAC addresses, and IP
addresses.
⚫ A network administrator preconfigures a policy. After receiving an untagged frame
that matches the policy, a switch adds a specified VLAN tag to the frame. The frame
is then transmitted in the specified VLAN.
HCIA-Cloud Computing V5.0 Learning Guide Page 100

4.3.2.6 Interface-based VLAN Assignment

Figure 4-32 Interface-based VLAN assignment

The rule and characteristics of interface-based VLAN assignment are as follows:
⚫ Assignment rule: VLAN IDs are configured on physical interfaces of a switch. All PC-
sent untagged frames arriving at a physical interface are assigned to the VLAN
corresponding to the PVID configured on the interface.
⚫ Characteristics: This VLAN assignment method is simple, intuitive, and easy to
implement. Currently, it is the most widely used VLAN assignment method. When a
PC is connected to another switch interface, the frames sent by the PC may be
assigned to a different VLAN.
⚫ Port VLAN ID (PVID): default VLAN ID of an interface. The value ranges from 1 to
4094. Each switch interface must be configured with a PVID. All untagged frames
arriving at a switch interface are assigned to the VLAN corresponding to the PVID
configured on the interface.
The default PVID of Huawei switch interfaces is 1.
HCIA-Cloud Computing V5.0 Learning Guide Page 101

4.3.2.7 VLAN Interface Types

Figure 4-33 VLAN interface types

As shown in Figure 4-33, the interface-based VLAN assignment method varies according
to the switch interface type.
⚫ Access interface: An access interface often connects to a terminal (such as a PC or
server) that cannot identify VLAN tags, or is used when VLANs do not need to be
differentiated. In general, the NICs on such terminals receive and send only untagged
frames. An access interface can be added to only one VLAN.
⚫ Trunk interface: A trunk interface allows frames that belong to multiple VLANs to
pass through and differentiates the frames using the 802.1Q tag. This type of
interface often connects to a switch, router, AP, or voice terminal that can accept and
send both tagged and untagged frames.
⚫ Hybrid interface: Similar to a trunk interface, a hybrid interface also allows frames
that belong to multiple VLANs to pass through and differentiates the frames using
the 802.1Q tag. You can determine whether to allow a hybrid interface to send
frames that belong to one or multiple VLANs VLAN-tagged. Therefore, a hybrid
interface can connect to a terminal (such as a PC or server) that cannot identify
VLAN tags or to a switch, router, AP, or voice terminal that can accept and send both
tagged and untagged frames.
By default, hybrid interfaces are used on Huawei devices.
HCIA-Cloud Computing V5.0 Learning Guide Page 102

4.3.3 VLAN Basic Configuration

4.3.3.1 Basic VLAN Configuration Commands
4.3.3.1.1 Creating VLANs
[Huawei] vlan vlan-id
⚫ Create a VLAN and enter the VLAN view, or enter the view of an existing VLAN.
⚫ The value of vlan-id is an integer that ranges from 1 to 4094.
[Huawei] vlan batch { vlan-id1 [ to vlan-id2 ] }
Create VLANs in a batch.
⚫ batch: creates VLANs in a batch.
⚫ vlan-id1: specifies the start VLAN ID.
⚫ vlan-id2: specifies the end VLAN ID.
4.3.3.2 Basic Access Interface Configuration Commands
⚫ Set the interface type.
[Huawei-GigabitEthernet0/0/1] port link-type access
In the interface view, set the link type of the interface to access.
⚫ Configure the default VLAN of the access interface.
[Huawei-GigabitEthernet0/0/1] port default vlan vlan-id
In the interface view, configure the default VLAN of the interface and add the interface
to the VLAN.
vlan-id: specifies the default VLAN ID. The value is an integer that ranges from 1 to 4094.
4.3.3.3 Basic Trunk Interface Configuration Commands
⚫ Set the interface type.
[Huawei-GigabitEthernet0/0/1] port link-type trunk
In the interface view, set the link type of the interface to trunk.
⚫ Add the trunk interface to specified VLANs.
[Huawei-GigabitEthernet0/0/1] port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } |
all }
In the interface view, add the trunk interface to specified VLANs.
⚫ (Optional) Configure the default VLAN of the trunk interface.
[Huawei-GigabitEthernet0/0/1] port trunk pvid vlan vlan-id
In the interface view, configure the default VLAN of the trunk interface.

4.3.3.4 Basic Hybrid Interface Configuration Commands

⚫ Set the interface type.
[Huawei-GigabitEthernet0/0/1] port link-type hybrid
In the interface view, set the link type of the interface to hybrid.
HCIA-Cloud Computing V5.0 Learning Guide Page 103

⚫ Add the hybrid interface to specified VLANs.

[Huawei-GigabitEthernet0/0/1] port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } |
all }
In the interface view, add the hybrid interface to specified VLANs. Frames that belong to
these VLANs then pass through the hybrid interface in untagged mode.
[Huawei-GigabitEthernet0/0/1] port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } | all }
In the interface view, add the hybrid interface to specified VLANs. Frames that belong to
these VLANs then pass through the hybrid interface in tagged mode.
⚫ (Optional) Configure the default VLAN of the hybrid interface.
[Huawei-GigabitEthernet0/0/1] port hybrid pvid vlan vlan-id
In the interface view, configure the default VLAN of the hybrid interface.

4.4 Routing Basics

4.4.1 Basic Routing Principles
4.4.1.1 Routing

Figure 4-34 Routing

First, we need to understand some routing concepts.
⚫ Routes are the path information that is used to guide packet forwarding.
⚫ A routing device is one that forwards packets to a destination network segment
based on routes. The most common routing device is a router.
⚫ A routing device maintains an IP routing table that stores routing information.
As shown in Figure 4-34, a gateway and an intermediate node (a router) select a proper
path according to the destination address of a received IP packet, and forward the packet
to the next router. The last-hop router on the path performs Layer 2 addressing and
forwards the packet to the destination host. This process is called route-based
forwarding.
HCIA-Cloud Computing V5.0 Learning Guide Page 104

The intermediate node selects the best path from its IP routing table to forward packets.
A routing entry contains a specific outbound interface and next hop, which are used to
forward IP packets to the corresponding next-hop device.

4.4.1.2 Routing Information

A route contains the following information:
⚫ Destination network: identifies a destination network segment.
⚫ Mask: identifies a network segment together with a destination IP address.
⚫ Outbound interface: indicates the interface through which a data packet is sent out
of the local router.
⚫ Next hop: indicates the next-hop address used by the router to forward the data
packet to the destination network segment.
Based on the information contained in a route, a router can forward IP packets to the
destination network segment along the corresponding path.
The destination address and mask identify the destination address of an IP packet. After
an IP packet matches a specific route, the router determines the forwarding path
according to the outbound interface and next hop of the route.

4.4.1.3 Routing Table

Figure 4-35 Routing table

A router forwards packets based on its IP routing table that contains many routing
entries.
An IP routing table contains only optimal routes. A router manages routing information
by managing the routing entries in its IP routing table.
HCIA-Cloud Computing V5.0 Learning Guide Page 105

4.4.1.4 Checking the IP Routing Table

Figure 4-36 IP routing table

Figure 4-36 shows the IP routing table on a router.
⚫ Destination/Mask: indicates the destination network address and mask of a specific
route. The network segment address of a destination host or router is obtained
through the AND operation on the destination address and mask. For example, if the
destination address is 1.1.1.1 and the mask is 255.255.255.0, the IP address of the
network segment to which the host or router belongs is 1.1.1.0.
⚫ Proto (Protocol): indicates the protocol type of the route, that is, the protocol
through which a router learns the route.
⚫ Pre (Preference): indicates the routing protocol preference of the route. There may be
multiple routes to the same destination, which have different next hops and
outbound interfaces. These routes may be discovered by different routing protocols
or manually configured. A router selects the route with the highest preference (with
the lowest preference value) as the optimal route.
⚫ Cost: indicates the cost of the route. When multiple routes to the same destination
have the same preference, the route with the lowest cost is selected as the optimal
route.
⚫ NextHop: indicates the local router's next-hop address of the route to the destination
network. This field specifies the next-hop device to which packets are forwarded.
⚫ Interface: indicates the outbound interface of the route. This field specifies the local
interface through which the local router forwards packets.
HCIA-Cloud Computing V5.0 Learning Guide Page 106

4.4.1.5 Route-based Forwarding Process

Figure 4-37 Route-based forwarding process

As shown in Figure 4-37, the IP packets from 10.0.1.0/24 need to reach 40.0.1.0/24. These
packets arrive at the gateway R1, which then searches its IP routing table for the next
hop and outbound interface and forwards the packets to R2. After the packets reach R2,
R2 forwards the packets to R3 by searching its IP routing table. After receiving the
packets, R3 searches its IP routing table, finding that the destination IP address of the
packets belongs to the network segment where a local interface resides. Therefore, R3
directly forwards the packets to the destination network segment 40.0.1.0/24.
HCIA-Cloud Computing V5.0 Learning Guide Page 107

4.4.2 Static and Default Routes

4.4.2.1 Introduction to Static Routes

Figure 4-38 Static route

Static routes are manually configured by network administrators, have low system
requirements, and apply to simple, stable, and small networks.
However, static routes cannot automatically adapt to network topology changes and so
require manual intervention.
Packets destined for 20.1.1.0/24 do not match the direct route in RTA's IP routing table.
In this case, a static route needs to be manually configured so that the packets sent from
RTA to 20.1.1.0/24 can be forwarded to the next hop 10.0.0.2.

4.4.2.2 Static Route Configuration Example

Figure 4-39 Static route configuration example

Figure 4-39 shows how to configure static routes on RTA and RTC for communication
between 10.0.0.0/24 and 20.1.1.0/24.
HCIA-Cloud Computing V5.0 Learning Guide Page 108

Packets are forwarded hop by hop. Therefore, all the routers along the path from the
source to the destination must have routes destined for the destination.
Data communication is bidirectional. Therefore, both forward and return routes must be
available.

4.4.2.3 Default Route

Figure 4-40 Default route

Default routes are used only when packets to be forwarded do not match any routing
entry in an IP routing table.
In an IP routing table, a default route is the route to network 0.0.0.0 (with the mask
0.0.0.0), namely, 0.0.0.0/0.

4.4.2.4 Application Scenarios of Default Routes

Default routes are typically used at the egress of an enterprise network. For example, you
can configure a default route on an egress device so that the device forwards IP packets
destined for any address on the Internet.
HCIA-Cloud Computing V5.0 Learning Guide Page 109

Figure 4-41 Application scenarios of default routes

4.5 Quiz
After you run the display ip interface brief on an existing VLANIF interface on a switch,
the command output shows that the physical status and protocol status of the VLANIF
interface are both Down. Why does this occur?