1
00:00:00,240 --> 00:00:02,724
Encapsulation and decapsulation.

2
00:00:02,724 --> 00:00:04,260
In this lesson, we're going to talk

3
00:00:04,260 --> 00:00:07,020
about encapsulation and decapsulation.

4
00:00:07,020 --> 00:00:09,420
Encapsulation is the process of putting headers

5
00:00:09,420 --> 00:00:12,570
and sometimes trailers around some of our data.

6
00:00:12,570 --> 00:00:13,950
Think about it like this.

7
00:00:13,950 --> 00:00:15,990
You just finished writing a letter to your grandma

8
00:00:15,990 --> 00:00:17,820
and now you want to send it to her.

9
00:00:17,820 --> 00:00:20,550
Well, to do that, you need to put it in an envelope.

10
00:00:20,550 --> 00:00:22,260
Now, when you put the letter in the envelope,

11
00:00:22,260 --> 00:00:24,390
you're actually encapsulating it.

12
00:00:24,390 --> 00:00:26,250
Now, once your grandma gets that envelope,

13
00:00:26,250 --> 00:00:27,420
she wants to be able to read it,

14
00:00:27,420 --> 00:00:29,310
and so she has to take the letter out of the envelope

15
00:00:29,310 --> 00:00:30,750
in order for her to read it.

16
00:00:30,750 --> 00:00:33,150
This process is known as decapsulation

17
00:00:33,150 --> 00:00:34,920
because we're removing the encapsulation

18
00:00:34,920 --> 00:00:36,540
that was applied earlier.

19
00:00:36,540 --> 00:00:38,370
Now, I know this is a silly example,

20
00:00:38,370 --> 00:00:39,780
but that's exactly what happens

21
00:00:39,780 --> 00:00:41,550
as we send data on our networks.

22
00:00:41,550 --> 00:00:43,170
It's continually being encapsulated

23
00:00:43,170 --> 00:00:45,240
and decapsulated as it moves up

24
00:00:45,240 --> 00:00:47,670
or down the layers of the OSI model.

25
00:00:47,670 --> 00:00:50,760
If we move down the OSI layers from seven to one,

26
00:00:50,760 --> 00:00:52,530
we encapsulate our data.

27
00:00:52,530 --> 00:00:55,230
If we move upward from layer one up to seven,

28
00:00:55,230 --> 00:00:57,270
we decapsulate our data.

29
00:00:57,270 --> 00:00:58,770
So let's take a closer look

30
00:00:58,770 --> 00:01:00,900
at how this works in the real world.

31
00:01:00,900 --> 00:01:03,960
In the OSI model, we use protocol data units

32
00:01:03,960 --> 00:01:06,660
or PDUs to transmit our data.

33
00:01:06,660 --> 00:01:09,960
A protocol data unit is just a single unit of information

34
00:01:09,960 --> 00:01:12,150
transmit within a computer network.

35
00:01:12,150 --> 00:01:16,260
In the OSI model, they're simply called L, the layer number

36
00:01:16,260 --> 00:01:21,260
and PDU, for example, L7 PDU is a layer 7 PDU.

37
00:01:21,780 --> 00:01:23,430
This type of terminology can be used

38
00:01:23,430 --> 00:01:25,410
for every single layer we have,

39
00:01:25,410 --> 00:01:27,240
but we also have special names

40
00:01:27,240 --> 00:01:31,320
for the PDUs when we each layers 1, 2, 3, and 4.

41
00:01:31,320 --> 00:01:33,570
For layer one, we call them bits.

42
00:01:33,570 --> 00:01:35,850
For layer two, we call them frames.

43
00:01:35,850 --> 00:01:38,010
For layer three, we call it packets.

44
00:01:38,010 --> 00:01:39,900
And layer four, we call it segments

45
00:01:39,900 --> 00:01:43,890
if we're using TCP, or datagrams if we're using UDP.

46
00:01:43,890 --> 00:01:45,900
Now as a user creates data

47
00:01:45,900 --> 00:01:47,640
and they want to send it over a network,

48
00:01:47,640 --> 00:01:49,440
they're going to enter it into an application

49
00:01:49,440 --> 00:01:52,080
at the application layer, layer seven.

50
00:01:52,080 --> 00:01:55,290
This data then has a layer seven header added

51
00:01:55,290 --> 00:01:57,360
that contains metadata with the parameters

52
00:01:57,360 --> 00:02:00,210
that are agreed upon by the specific application.

53
00:02:00,210 --> 00:02:02,460
So if you're using HTTP

54
00:02:02,460 --> 00:02:04,020
or you're using FTP,

55
00:02:04,020 --> 00:02:07,560
that's going to have specific metadata for that type of data.

56
00:02:07,560 --> 00:02:10,710
Then that information is going to be passed down to layer six,

57
00:02:10,710 --> 00:02:12,780
where it's going to encapsulate the layer seven header

58
00:02:12,780 --> 00:02:14,190
and data together,

59
00:02:14,190 --> 00:02:16,170
and then add its own layer six header,

60
00:02:16,170 --> 00:02:17,880
which contains its own metadata

61
00:02:17,880 --> 00:02:19,680
with information about the presentation

62
00:02:19,680 --> 00:02:21,930
or encryption formats being used.

63
00:02:21,930 --> 00:02:24,810
Next, it's going to pass this down to layer five,

64
00:02:24,810 --> 00:02:26,550
where it encapsulates the layer six header

65
00:02:26,550 --> 00:02:27,960
and the layer six data,

66
00:02:27,960 --> 00:02:30,420
and then it's going to add its own layer five header

67
00:02:30,420 --> 00:02:33,030
based on the metadata about the session.

68
00:02:33,030 --> 00:02:34,950
As you can see, it's like taking a letter,

69
00:02:34,950 --> 00:02:37,440
or in this case data, wrapping it in envelope,

70
00:02:37,440 --> 00:02:39,990
and then writing some information on that envelope.

71
00:02:39,990 --> 00:02:41,190
That's our header.

72
00:02:41,190 --> 00:02:42,750
When we hand it to the next person,

73
00:02:42,750 --> 00:02:44,160
they're going to put it in an envelope

74
00:02:44,160 --> 00:02:46,530
and write their own metadata on the outside of the envelope

75
00:02:46,530 --> 00:02:48,360
and then pass it to the next person.

76
00:02:48,360 --> 00:02:51,030
And we keep doing this as we go down the layers

77
00:02:51,030 --> 00:02:53,100
all the way down to layer one.

78
00:02:53,100 --> 00:02:57,060
Now, the headers added at layers 4, 3, 2, and 1

79
00:02:57,060 --> 00:02:58,860
are very specific, and they actually

80
00:02:58,860 --> 00:03:00,480
help ensure the message is going to reach

81
00:03:00,480 --> 00:03:01,920
its final destination.

82
00:03:01,920 --> 00:03:05,310
So let's take a look at the header that's added layer four,

83
00:03:05,310 --> 00:03:06,810
the transport layer.

84
00:03:06,810 --> 00:03:08,940
Now, if you remember, the transport layer

85
00:03:08,940 --> 00:03:12,330
uses different protocols like TCP or UDP.

86
00:03:12,330 --> 00:03:15,120
The TCP header has 10 mandatory fields,

87
00:03:15,120 --> 00:03:17,280
totaling 20 bytes of information.

88
00:03:17,280 --> 00:03:19,980
This includes our source port, the destination port,

89
00:03:19,980 --> 00:03:22,410
the sequence number, the acknowledgement number,

90
00:03:22,410 --> 00:03:25,020
the TCP data offset, the reserve data,

91
00:03:25,020 --> 00:03:26,730
which is currently always going to be set to zero

92
00:03:26,730 --> 00:03:28,350
because it's not really used.

93
00:03:28,350 --> 00:03:32,100
The control flags, the window size, the TCP checksum,

94
00:03:32,100 --> 00:03:35,790
the urgent pointer, and the mTCP optional data.

95
00:03:35,790 --> 00:03:38,190
Now, you don't need to know all these fields in depth,

96
00:03:38,190 --> 00:03:40,410
but there are a couple that are pretty important.

97
00:03:40,410 --> 00:03:42,600
For example, the source and destination ports

98
00:03:42,600 --> 00:03:44,310
are pretty important to understand

99
00:03:44,310 --> 00:03:46,380
because this helps determine where the information

100
00:03:46,380 --> 00:03:48,930
is being sent from and where it's being sent to

101
00:03:48,930 --> 00:03:50,880
and allows it to go through a firewall

102
00:03:50,880 --> 00:03:52,740
by going to the right ports.

103
00:03:52,740 --> 00:03:54,210
Also, the sequence number

104
00:03:54,210 --> 00:03:56,070
and acknowledgement numbers are going to be used

105
00:03:56,070 --> 00:03:58,170
to ensure all the data is properly received

106
00:03:58,170 --> 00:03:59,820
by the destination when it's sent

107
00:03:59,820 --> 00:04:01,200
by the original transmitter.

108
00:04:01,200 --> 00:04:04,650
So this is also important when you're using TCP.

109
00:04:04,650 --> 00:04:06,870
Another important concept in the TCP header

110
00:04:06,870 --> 00:04:08,220
is the control flags.

111
00:04:08,220 --> 00:04:10,050
There are six control flags that are used

112
00:04:10,050 --> 00:04:12,270
to manage data flow before, during,

113
00:04:12,270 --> 00:04:15,270
and to stop the data communication when you're finished.

114
00:04:15,270 --> 00:04:16,290
You should already be familiar

115
00:04:16,290 --> 00:04:17,820
with the three-way handshake.

116
00:04:17,820 --> 00:04:20,339
That uses the syn packet sent by the client,

117
00:04:20,339 --> 00:04:22,590
the syn ack packet that's sent by the server

118
00:04:22,590 --> 00:04:24,270
and the ack packet that the client sends

119
00:04:24,270 --> 00:04:25,980
back to the server at the end.

120
00:04:25,980 --> 00:04:29,280
These packets are sent using the TCP flags of syn

121
00:04:29,280 --> 00:04:32,130
or ack inside your TCP header.

122
00:04:32,130 --> 00:04:34,170
Now, in addition to these syn and ack flags,

123
00:04:34,170 --> 00:04:35,790
there's also four others:

124
00:04:35,790 --> 00:04:38,850
Fin, reset, push, and urgent.

125
00:04:38,850 --> 00:04:42,150
First, we have the syn flag or synchronization flag.

126
00:04:42,150 --> 00:04:44,340
This is by far the most well-known flag

127
00:04:44,340 --> 00:04:46,740
in TCP communications because it's used

128
00:04:46,740 --> 00:04:47,970
to synchronize the connection

129
00:04:47,970 --> 00:04:50,010
during the three-way handshake.

130
00:04:50,010 --> 00:04:52,770
Next, we have the ack or acknowledgement flag.

131
00:04:52,770 --> 00:04:55,080
This is also used during the three-way handshake,

132
00:04:55,080 --> 00:04:57,120
but in addition to that, we use it

133
00:04:57,120 --> 00:04:58,830
to acknowledge the successful receipt

134
00:04:58,830 --> 00:05:01,440
of all the packets during the communication.

135
00:05:01,440 --> 00:05:03,330
The fin or finished packet is used

136
00:05:03,330 --> 00:05:05,130
to tear down the virtual connection

137
00:05:05,130 --> 00:05:08,100
created by the three-way handshake and the syn flag.

138
00:05:08,100 --> 00:05:10,740
The fin flag always appears when the last packets

139
00:05:10,740 --> 00:05:13,050
are exchanged between a client and a server,

140
00:05:13,050 --> 00:05:15,810
and the host is now ready to shut down that connection.

141
00:05:15,810 --> 00:05:19,200
Next, we have the RST flag or reset flag.

142
00:05:19,200 --> 00:05:20,640
This is going to be used when a client

143
00:05:20,640 --> 00:05:23,310
or server receives a packet that it was not expecting

144
00:05:23,310 --> 00:05:24,900
during the current connection.

145
00:05:24,900 --> 00:05:27,150
For example, if you tried to establish a connection

146
00:05:27,150 --> 00:05:30,000
with a server that didn't want to accept any new connections,

147
00:05:30,000 --> 00:05:31,620
it could send back an RST

148
00:05:31,620 --> 00:05:34,020
or reset flag to inform your client

149
00:05:34,020 --> 00:05:35,520
that is not accepting connections

150
00:05:35,520 --> 00:05:38,280
and automatically reject your request.

151
00:05:38,280 --> 00:05:41,760
The next one we have is a PSH flag or push.

152
00:05:41,760 --> 00:05:43,050
Now, a push flag is used

153
00:05:43,050 --> 00:05:44,850
to ensure the data is given priority

154
00:05:44,850 --> 00:05:47,700
and is processed at the sending or receiving ends.

155
00:05:47,700 --> 00:05:50,760
Most often, this flag is added to a packet at the beginning

156
00:05:50,760 --> 00:05:52,860
or end of a data transfer.

157
00:05:52,860 --> 00:05:56,850
The final flag we have is URG or the urgent flag.

158
00:05:56,850 --> 00:05:58,920
The urgent flag is like the push flag,

159
00:05:58,920 --> 00:06:01,920
and it identifies incoming data as urgent.

160
00:06:01,920 --> 00:06:03,870
Now, the main difference here between push

161
00:06:03,870 --> 00:06:06,180
and urgent is that push is used by the sender

162
00:06:06,180 --> 00:06:08,610
to indicate data with a higher priority level.

163
00:06:08,610 --> 00:06:09,930
Now, urgent, on the other hand,

164
00:06:09,930 --> 00:06:13,020
is sent to tell the recipient to process it immediately

165
00:06:13,020 --> 00:06:15,300
and ignore anything else that's in the queue.

166
00:06:15,300 --> 00:06:16,890
With urgent, this could lead

167
00:06:16,890 --> 00:06:20,250
to packets violating the first in first out priority order.

168
00:06:20,250 --> 00:06:21,390
So it needs to be used

169
00:06:21,390 --> 00:06:24,690
only by particular applications when necessary.

170
00:06:24,690 --> 00:06:27,510
Now, if you're using UDP instead of TCP,

171
00:06:27,510 --> 00:06:30,120
you're going to be using the user datagram protocol.

172
00:06:30,120 --> 00:06:32,550
Now we look at the user datagram protocol header.

173
00:06:32,550 --> 00:06:35,220
This is another transport layer or layer four header

174
00:06:35,220 --> 00:06:36,990
that's going to be used in our networks.

175
00:06:36,990 --> 00:06:39,390
Remember, UDP is unreliable,

176
00:06:39,390 --> 00:06:41,370
and it's a connectionless protocol,

177
00:06:41,370 --> 00:06:44,970
so its header is significantly smaller than TCP.

178
00:06:44,970 --> 00:06:47,430
With UDP, we only have an eight byte header.

179
00:06:47,430 --> 00:06:50,730
Instead of the 20 byte header used in TCP.

180
00:06:50,730 --> 00:06:53,310
UDP only has four fields that are used.

181
00:06:53,310 --> 00:06:56,100
The source port, the destination port, the length,

182
00:06:56,100 --> 00:06:57,330
and the checksum.

183
00:06:57,330 --> 00:06:58,800
The source and destination ports

184
00:06:58,800 --> 00:07:01,320
are just like the ones used in TCP.

185
00:07:01,320 --> 00:07:03,360
They dictate where the data is coming from

186
00:07:03,360 --> 00:07:05,010
and where it's going to.

187
00:07:05,010 --> 00:07:06,480
The length is used to indicate

188
00:07:06,480 --> 00:07:09,420
how many bytes the total UDP packet is,

189
00:07:09,420 --> 00:07:11,670
including the header and its data.

190
00:07:11,670 --> 00:07:14,070
The checksum is not a mandatory field,

191
00:07:14,070 --> 00:07:16,860
but instead it can be used to provide some validation

192
00:07:16,860 --> 00:07:19,590
that the UDP data being sent was actually received

193
00:07:19,590 --> 00:07:21,630
with some level of integrity.

194
00:07:21,630 --> 00:07:25,200
Next, let's move down to layer three, the network layer.

195
00:07:25,200 --> 00:07:26,700
As we move down another layer,

196
00:07:26,700 --> 00:07:29,760
we're going to again encapsulate the data and add a header.

197
00:07:29,760 --> 00:07:31,770
This time we're going to add the IP

198
00:07:31,770 --> 00:07:33,660
or internet protocol header.

199
00:07:33,660 --> 00:07:36,120
The IP header is going to contain several fields,

200
00:07:36,120 --> 00:07:39,120
including the IP version, the length of the IP header,

201
00:07:39,120 --> 00:07:40,830
the type of service, which was defined

202
00:07:40,830 --> 00:07:42,810
by the standard, but never really used.

203
00:07:42,810 --> 00:07:44,730
The total length of the packet and header,

204
00:07:44,730 --> 00:07:46,590
the identifier, the flags,

205
00:07:46,590 --> 00:07:49,890
the fragmented offset, the time to live, the protocol,

206
00:07:49,890 --> 00:07:53,490
the header checksum, the source IP, the destination IP,

207
00:07:53,490 --> 00:07:55,470
and the options and padding.

208
00:07:55,470 --> 00:07:57,540
Now, as we continue down the layers,

209
00:07:57,540 --> 00:08:00,240
we're going to reach layer two, the data link layer,

210
00:08:00,240 --> 00:08:01,830
and this is going to encapsulate the data

211
00:08:01,830 --> 00:08:03,900
by adding an ethernet header.

212
00:08:03,900 --> 00:08:06,420
Now, this header features just a few things,

213
00:08:06,420 --> 00:08:08,400
including a destination MAC address,

214
00:08:08,400 --> 00:08:10,920
the source MAC address, the EtherType field,

215
00:08:10,920 --> 00:08:15,420
and an optional VLAN tag using either IEEE 802.1Q

216
00:08:15,420 --> 00:08:19,110
or IEEE 802.1AD.

217
00:08:19,110 --> 00:08:20,460
We're going to talk more about VLANs

218
00:08:20,460 --> 00:08:21,810
in a separate video though,

219
00:08:21,810 --> 00:08:23,700
because it's an important concept.

220
00:08:23,700 --> 00:08:25,830
So let's talk about a MAC address.

221
00:08:25,830 --> 00:08:28,170
A MAC address is a physical address that's used

222
00:08:28,170 --> 00:08:31,290
to identify a network card on your local area network.

223
00:08:31,290 --> 00:08:33,929
This allows our source to find our destination

224
00:08:33,929 --> 00:08:36,419
by using this type of layer two addressing.

225
00:08:36,419 --> 00:08:39,390
This is what's processed by switches in your network.

226
00:08:39,390 --> 00:08:40,710
Now, the EtherType field

227
00:08:40,710 --> 00:08:43,289
is used to indicate which protocol is encapsulated

228
00:08:43,289 --> 00:08:45,090
in the payload of that frame.

229
00:08:45,090 --> 00:08:48,300
So if you're using IPV4 or IPV6,

230
00:08:48,300 --> 00:08:51,720
this can be indicated here using the EtherType field.

231
00:08:51,720 --> 00:08:53,850
Now, in addition to the ethernet header,

232
00:08:53,850 --> 00:08:57,630
a frame being sent at layer two will also contain a payload.

233
00:08:57,630 --> 00:09:00,690
In ethernet, the minimum payload is 42 bytes

234
00:09:00,690 --> 00:09:03,270
if VLANs are being used and 46 bytes

235
00:09:03,270 --> 00:09:05,250
if no VLANs are being used.

236
00:09:05,250 --> 00:09:06,990
Now when you're trying to send a payload,

237
00:09:06,990 --> 00:09:10,320
there is a maximum size to this known as an MTU

238
00:09:10,320 --> 00:09:12,390
or maximum transmission unit.

239
00:09:12,390 --> 00:09:14,760
When we talk about payloads, this is the data we're trying

240
00:09:14,760 --> 00:09:16,350
to send across the network.

241
00:09:16,350 --> 00:09:20,190
By default, ethernet uses an MTU of 1500 bytes

242
00:09:20,190 --> 00:09:21,870
as its maximum size.

243
00:09:21,870 --> 00:09:24,900
Now, if you have a payload that's larger than 1500 bytes,

244
00:09:24,900 --> 00:09:27,900
then you need to allow for what's known as a jumbo frame.

245
00:09:27,900 --> 00:09:29,550
This just means the frame is going to be

246
00:09:29,550 --> 00:09:31,530
larger than 1500 bytes.

247
00:09:31,530 --> 00:09:33,840
Configure this on your switch, you're going to reconfigure

248
00:09:33,840 --> 00:09:37,110
your MTU size or your maximum transmission unit size

249
00:09:37,110 --> 00:09:39,420
to larger than 1500 bytes.

250
00:09:39,420 --> 00:09:42,270
Alright, that was a ton of information we just covered,

251
00:09:42,270 --> 00:09:45,060
but let's review a couple of main concepts here.

252
00:09:45,060 --> 00:09:47,910
First, remember, as data moves from layer seven

253
00:09:47,910 --> 00:09:51,390
to layer one, we are going to encapsulate that data.

254
00:09:51,390 --> 00:09:54,990
So as we move down the OSI layers, we're going to encapsulate

255
00:09:54,990 --> 00:09:57,900
that data and add a header at each of those layers.

256
00:09:57,900 --> 00:09:59,880
At layer four, we're going to add our source

257
00:09:59,880 --> 00:10:01,260
and destination ports.

258
00:10:01,260 --> 00:10:03,060
At layer three, we add our source

259
00:10:03,060 --> 00:10:04,920
and destination IP addresses.

260
00:10:04,920 --> 00:10:06,600
At layer two, we add our source

261
00:10:06,600 --> 00:10:08,490
and destination MAC addresses.

262
00:10:08,490 --> 00:10:10,230
Now, once we get to layer one,

263
00:10:10,230 --> 00:10:13,050
we're simply transmitting our layer two frames as a series

264
00:10:13,050 --> 00:10:15,480
of ones and zeros over the medium

265
00:10:15,480 --> 00:10:17,190
when it's received by the next device.

266
00:10:17,190 --> 00:10:18,660
For example, a switch,

267
00:10:18,660 --> 00:10:21,180
it's going to put the frames back together from the electrical,

268
00:10:21,180 --> 00:10:23,280
optical, or radio frequency signals

269
00:10:23,280 --> 00:10:25,320
that it received over layer one.

270
00:10:25,320 --> 00:10:28,410
Now it's going to decapsulate the layer two information

271
00:10:28,410 --> 00:10:30,330
by reading the ethernet header.

272
00:10:30,330 --> 00:10:32,970
If the destination MAC is on one of the switch ports,

273
00:10:32,970 --> 00:10:34,710
it's going to send the message to it.

274
00:10:34,710 --> 00:10:37,410
If not, it's going to forward it to its default gateway,

275
00:10:37,410 --> 00:10:38,790
which is a router.

276
00:10:38,790 --> 00:10:42,030
This router then decapsulates the data to layer three,

277
00:10:42,030 --> 00:10:44,340
and it reads the destination IP address.

278
00:10:44,340 --> 00:10:45,630
If it's on its network,

279
00:10:45,630 --> 00:10:47,670
it's going to forward the data to that device.

280
00:10:47,670 --> 00:10:49,980
If not, it's going to re-encapsulate the data

281
00:10:49,980 --> 00:10:52,020
and send it out its default gateway,

282
00:10:52,020 --> 00:10:54,000
and then this process will continue

283
00:10:54,000 --> 00:10:56,790
until the final destination or host is found.

284
00:10:56,790 --> 00:11:00,000
Now, once that host is found, it's going to keep decapsulating

285
00:11:00,000 --> 00:11:02,790
that information all the way back up to layer seven

286
00:11:02,790 --> 00:11:04,290
where it's application can read

287
00:11:04,290 --> 00:11:06,480
and understand the underlying data.

288
00:11:06,480 --> 00:11:08,040
Now, we're going to cover a lot more

289
00:11:08,040 --> 00:11:10,050
about how this data transfer happens

290
00:11:10,050 --> 00:11:11,130
when we talk about switches

291
00:11:11,130 --> 00:11:12,960
and routers later in this course.

292
00:11:12,960 --> 00:11:16,173
But for now, this is the basics you need to understand.