N342 Networking Basics

Modified:

Internet - The Internet consists of a set of protocols (rules) for communication between computers. The software implementation of these protocols have been divided into layers, with each layer isolating a specific function required for network operation. The three layers of interest are:

network (IP) which allows message routing over the Internet
transport (TCP) for reliable end-to-end communications
application (HTTP) defining communication between a client and server.

Protocol Hierarchies

Layers - Most networks are organized as series of layers (hardware and software) designed to isolate common network functions into a layer that is isolated from others. Layers pass information to an adjacent layer (above or below) through an interface (e.g. function calls, electrical connection). Implementation changes can then occur within a layer without affecting other layers as long as the interface between layers remains unchanged. This is an extremely important concept in networking, allowing a communications protocol, such as TCP/IP to operate unchanged on top of many physical network hardware layers (Ethernet, wireless, modem, etc.).
- What are the interfaces and layers for a sound system with a CD player?
- For sending and receiving a real letter?
Protocol - Rules and conventions. Defines how communication between common layers on different machines is performed. For a simple example, suppose that two machines are passing email. Each machine must follow the email rules which might be implemented at layer 5 on both machines. The email process at layer 5 on the sending host is able to communicate only following email protocols used by the receiving host layer 5. To implement email, the two hosts communicate following layer 5 email protocol only, but passing and receiving messages through layer 4. Communication between layer 5 occurs virtually through layers 4 and below. The physical medium (wire, fiber, wireless, etc.) is the lowest layer where real communication occurs.
- At what layer is the sender and receiver of a real letter?
- What is the layer below?
- What is the interface between the two layers?
Network architecture - The set of layers and protocols.
- What is the protocol for sending a letter?
Protocol stack - List of protocols used by a system. A system may use SMTP for the email at the application layer, TCP for connection layer, IP for network layer, and Ethernet at the physical layer for communicating over Category 5 wire.
Virtual communication - Horizontal at a layer between hosts using protocols (e.g. packet format, character codes, wire type, etc.). The email hosts maintain a virtual communication through the layer 5 protocol while the real communication occurs through lower layers 1-4.
Real communication - Vertical between adjacent layers using service interface.
- What is the difference between the real and virtual communication of sending and receiving a letter?

The figure at right illustrates a typical, five layer network. Virtual communication occurs between common layers on the hosts, the common layers are peers. From the perspective of each peer, all communication is with the peer on the other host. In fact, the real communication occurs between layers on a single host. The only direct communication can occur at the lowest or physical layer (e.g. over the wire).

In the figure below, protocols virtually communicate horizontally through the real vertical communication layers. A Web client implements the protocol to communicate with a Web server, however the real communication must pass from the client down through interfaces to the underlying layers, across a physical connection that actually carries the bits, then up through the layer interface to the Web server protocol implementation.

A more detailed illustration of the vertical communication is below. As a message at Layer 5 is sent from a host, it moves down the layers. Each layer communicates virtually horizontally with its peer by adding information to the message received from the higher layer, this information is usually termed a header or trailer. For example, the information added by the sending host at layer 3 is used at layer 3 on the receiving host, the headers and trailers implement the virtual communication. On reaching the destination host, the message moves from lower to higher layers. Each peer layer examines and removes the header (or trailer) before passing the message to the next higher layer.

Network layer - concerned with delivering packets from source to destination, often through many intermediate routers, called Internet Message Processor on the Internet.

Connectionless - Internet view.

No flow control or error handling by subnet.
Primitives SEND/RECEIVE PACKET. Each packet contains full address and routed independently.
Reliable connections responsibility of higher level transport protocol (TCP).
Usually implemented on packet switching network by sending datagrams.
Complexity on each host rather than subnet.

Connection-oriented - Phone company view.

Connection setup, send/receive data, connection held till disconnect by either end.
Subnet responsible for establishing connection.
Data delivered in sequence.
Flow control.
No need for complete address on each packet.
Usually implemented on virtual circuit switched network.
Complexity on network subnet.

Internet Network Layer

IP Protocol

Header - 20 or more bytes

Version - Protocol version
IHL - Header length in 32-bit bytes, not constant. Between 5 (20 bytes) and 15 (60 bytes)
Type of service - Combination of reliability and speed.
Precedence - Delay, Throughput, Reliability. In practice is ignored.
Total length - Length of entire datagram.
Identification - All fragments have same identity.
DF - Don't Fragment, destination cannot reassemble. 576 minimum all machines must accept.
More Fragments - When clear means this is the last fragment.
Fragment offset - Fragment number within a datagram, minimum of 8 byte fragments, 13 bits allow maximum of 8192 fragments per datagram, giving 65,526 bytes per datagram maximum.
Time to live - Maximum of 255, counter decremented each hop until 0 then datagram discarded.
Protocol - Used by destination after reassembling datagram to determine which transport process should receive, TCP, UDP, etc.
Header checksum - Verifies header only. Recomputed at each hop since TTL field changes.
Source and Destination Address - 32-bit from the IP form xxx.xxx.xxx.xxx where each xxx is 0-255 value (8-bits).
Options - Escape to allow later versions to include new information.

Strict source routing - List of routers to follow
Record route - Routers append address.

IP Addresses - 32 bit in form of Network | Host

Address Formats

A - Few networks (126) with many hosts (16,000,000) 1.0.0.0 to 127.255.255.255
B - More networks (16,382) with fewer hosts (64,000) 128.0.0.0 to 191.255.255.255
C - Many networks (2,000,000) with few hosts (254) 192.0.0.0 to 223.255.255.255
D - Multicast 224.0.0.0 to 239.255.255.255
E - Future 240.0.0.0 to 247.255.255.255

Booting - 0.0.0.0 used for booting.
Broadcast - Address of all 1's broadcasts on local network.
Loopback - 127.xxx.yyy.zzz used for loopback testing, transmitted packets processed locally as incoming.

Subnet - Appear as one network to outside but consists of multiple networks inside.

Problem - All hosts must have same network address, starting with a Class C after 254 hosts need new network and new router.
Solution - For Class B all 64,000 hosts have same network address, can group hosts into subnets using any organization of the host bits.
How - Normal routers maintain two level heirarchy table of a mix of distant network (IP, 0) and local host (this network, IP) addresses associated with a network interface. Class C addressed packets sent to a gateway router connected to subnet. Using subnets adds association of (this network, subnet , 0) or (this network, this subnet , host) number to network interface. Creates three level heirarchy on subnet which gateway router uses to route packet to subnet router or host if on this subnet. Reduces size of router table since does not contain all hosts on this network.
Mask - Router AND's the IP with subnet mask to recover the network and subnet number, so does not need to know about hosts on a subnet. For example, Class C network routers often have a subnet mask of 255.255.255.000 so that the router can direct packet to interface on which host 1-254 is connected. For example, 149.160.25.3 when ANDed with 255.255.255.0 by the router produces 149.160.25.0, the network and subnet having 254 hosts (0 and 255 are reserved). If 149.160.25.0 includes this subnet the router would deliver the pasket to the host.

Internet Control Protocols - IP used for data transfer

ICMP - Used to test the Internet. One message type is used by pingwhich can also record route.
ARP - Learn datatlink address of receiver but datalink does not understand IP addressing (it may be 802.3 or 802.5 on LANs).

If sender does not know datalink address of receiver, broadcast to all LAN stations ARP containing receiver IP.
If receiver on LAN responds with ARP containing datalink address.
If receiver NOT on LAN, router responds to ARP sending its datalink address (proxy ARP) and the router would itself ARP the receiver to learn its datalink address. Sending host uses the router's datalink address, the router unpacks frame, determines destination LAN for receiving host IP, and forwards packet.

RARP - Reverse ARP, knows datalink address needs IP. Useful when booting diskless host that knows its datalink address but needs IP to download memory image boot records. Requires a RARP server that contains address table, server must be on LAN since datalink broadcasts are not forwarded by routers but by bridges.
Bootp - Uses UDP, host has IP of boot server and default router address.

Interior Gateway Routing Protocols: OSPF (Open Shortest Path First) - Used within an organization where all routers run same routing algorithm

Open (non-proprietary)
Supports variety of distance metrics using shortest path algorithm
dynamic algorithm changing routing as topology changes
Supports routing based on type of service by running shortest path multiple times based on different metrics, delay, throughput, and costs
Load balancing, uses multiple routes rather than shortest
Heirarchial network support since networks have grown too large for one router to maintain table
Security to prevent spoofing by bogus routing information
Tunneling to Internet support

Exterior Gateway Routing Protocol: BGP (Border Gateway Protocol) - Used to connect organization networks running own version of an interior gateway routing protocol, must deal with politics. May not allow certain transit traffic, etc.
Mobile IP - When IP's move to different network but keep same IP

Mobile IP

When host arrives in new area listens for advertizement of services from foreign routing agents or broadcasts its arrival and waits for foreign agent response.
Registers with foreign routing agent giving IP home routing agent address. Foreign agent contacts home routing agent.

Foreign routing agent - Sends in-care-of address to home routing agent. Receives packets for mobile IP from home routing agent, forwards to mobile IP.
Home routing agent - Routes packets for IP to a willing foreign routing agent where mobile IP has moved, packet essentially tunneled through Internet (an IP packet inside an IP packet) from home router to foreign routing agent.

CIDR IPv4 - Classless InterDomain Routing - Delaying the IP network explosion problem

Problem - Routers use two level table of all other routers on other networks and hosts on own. Class C networks require 2,000,000 table entries. Routers must exchange table information periodically.
Possible Solutions

Deeper Heirarchy - Have IP address contain country, state, etc. Requires larger IP number and wasteful for small countries.
CIDR - Allocate contigous, variable sized blocks of Class C addresses totaling 2,000,000*256, among regions. An additional 32-bit mask is assigned with the block that is ANDed by routers to extract the base Class C block address. All routers for that region would receive the starting block and mask. Can be used for A, B, and C networks.

IPv6

Support billions of hosts - uses 16 byte addresses, (e.g. 8000:0000:0000:0000:0123:5678:CDEF), IPv4 addresses could be written as ::192.31.20.46
Reduce size of routing tables - 16 byte addresses allow deeper heirarchy.
Simplify protocol so routers can process packets faster - header reduced from 7 fields from 13 in IPv4. Removed checksum field since transport and data link protocols normally have own and network communication highly reliable.
Provide better security - supports state-of-the-art checksum authentication and user optional encoding algorithm for privacy. Encryption is essentially an end-to-end issue.
Attention to type of service, particularly real-time data - Priority field defining slow and fast data.
Aid multicasting by allowing scopes to be defined - Multicast addresses with 4-bit scope field and 112-bit group field.
Support roaming hosts - not supported
Allow protocol to evolve -
Permit old and new protocols to coexist - not compatible with IPv4 but is with TCP, UDP, ICMP, DNS, etc. Initially islands of IPv6 tunnel through IPv4 networks until eventually merge complete.

Transport layer - Provides end-to-end data transport for user. depends upon services of network layer. Required because network layer is not generally reliable and often controlled by someone other than network user. The TPDU (Transport Protocol Data Unit) discussed in the text corresponds to the TCP (Transmission Control Protocol) header and data load. The TPDU is contained within a network packet which is itself contained within a data link frame as illustrated below for Ethernet, IP, and TCP protocols:

Berkley Sockets - A standard set of transport primitives used in Berkley UNIX for TCP and widely ported to other systems, including Windows, though they made significant improvements such as changing some function name spellings.

**Echo Server and Client using Berkley Socket Primitives**
// Server #include <winsock2.h> void main(void) { char buffer[128]; int retval, sinlen; struct sockaddr_in sin; SOCKET s, h; sin.sin_family = AF_INET; sin.sin_addr.s_addr = INADDR_ANY; sin.sin_port = htons(888); // Port 888 // SOCK_STREAM is TCP s = socket(AF_INET, SOCK_STREAM,0); // Bind socket to local port bind(s,(struct sockaddr)&sin,sizeof(sin)); // Listen for 1 connection listen(s,1); sinlen = sizeof(sin); // Block for connection h=accept(s,(struct sockaddr)&sin,&sinlen ); // Block for receive recv(h,buffer,sizeof(buffer),0); // Echo what is received send(h,buffer,strlen(buffer),0); closesocket(h); }	// Client #include <winsock2.h> #include <iostream.h> void main(int argc, char* argv[]) { char buffer[128]= "Hello"; int retval; unsigned int addr=0; struct sockaddr_in sin; struct hostent host; SOCKET s; // Assume valid DNS given host = gethostbyname(argv[1]); memcpy(&(sin.sin_addr), host->h_addr,host->h_length); sin.sin_family = host->h_addrtype; sin.sin_port = htons(888); // Create socket s = socket(AF_INET, SOCK_STREAM,0); // Block for server connect(s, (struct sockaddr)&sin,sizeof(sin)); // Send send(s,buffer,strlen(buffer)+1,0); // Block for Receive recv(s,buffer,sizeof(buffer),0); // Print what is received cout << "Received " << buffer << "\n"; closesocket(s); }

Echo Server and Client using Berkley Socket Primitives

// Server

#include <winsock2.h> 

void main(void)
{
  char               buffer[128]; 
  int                retval, sinlen; 
  struct sockaddr_in sin; 
  SOCKET             s, h; 

  sin.sin_family = AF_INET; 
  sin.sin_addr.s_addr = INADDR_ANY;
  sin.sin_port = htons(888);   // Port 888
                  // SOCK_STREAM is TCP
  s = socket(AF_INET, SOCK_STREAM,0);
                  // Bind socket to local port
  bind(s,(struct sockaddr*)&sin,sizeof(sin));
                  // Listen for 1 connection
  listen(s,1);
  sinlen = sizeof(sin);      
                  // Block for connection
  h=accept(s,(struct sockaddr*)&sin,&sinlen );
        
                  // Block for receive
  recv(h,buffer,sizeof(buffer),0); 
                  // Echo what is received
  send(h,buffer,strlen(buffer),0);
 
  closesocket(h);
}

// Client

#include <winsock2.h> 
#include <iostream.h>
void main(int argc, char* argv[])
{
  char               buffer[128]= "Hello"; 
  int                retval; 
  unsigned int       addr=0; 
  struct sockaddr_in sin; 
  struct hostent     *host; 
  SOCKET             s; 
                    // Assume valid DNS given
  host = gethostbyname(argv[1]);

  memcpy(&(sin.sin_addr),
         host->h_addr,host->h_length); 
  sin.sin_family = host->h_addrtype; 
  sin.sin_port = htons(888);
                    // Create socket
  s = socket(AF_INET, SOCK_STREAM,0);
                    // Block for server
  connect(s,
          (struct sockaddr*)&sin,sizeof(sin));
                    // Send                  
  send(s,buffer,strlen(buffer)+1,0);
                    // Block for Receive 
  recv(s,buffer,sizeof(buffer),0);
                    // Print what is received
  cout << "Received " << buffer << "\n"; 
        
  closesocket(s);
}

The Internet Transport Protocols (TCP and UDP)

TCP - Designed to provide reliable end-to-end service over unreliable network layer. Runs on hosts communicating via segments. IP runs on routers and hosts communicating via packets. TCP connection is full-duplex, point-to-point (only two ends), appearing as a byte stream just like reading a file (no message boundaries though a carriage return can be data).

TCP Protocol

Each byte has own sequence number (for fragmentation and reassembly).
Segment has 20 byte header (and optional part) with data of 0 to what will fit into a 65535 byte IP packet. In practice considerably smaller (1024 bytes common).
Sliding window protocol used with acknowledgments exposing more data for transmission.
Receiving host must reassemble any fragments, reorder out of sequence segments.
Sending host must time each segment sent, resending any unacknowledged segments.

TCP Header (see Fig. 6-24 of text, page 526)

Source and destination port - IP number and TCP port uniquely address a source or destination for segment delivery. The IP determines the host, the port determines the application that has opened the port. A socket may be used for multiple simultaneous connections (e.g. Web server with connections on port 80, each connection serviced by a separate thread). Some well known ports are 25 for SMTP, 80 for HTTPD.
Sequence/Acknowledgement number - Numbers each byte (for fragmentation and reassembly).
TCP header length - Number of 32-bit words in TCP header.
URG - Signals urgent data at offset of Urgent Pointer.
ACK - Signals Acknowledgment number is valid.
PSH - PUSHed data should be delivered immediately without buffering additional segments for efficiency reasons.
RST - Reset the connection.
SYN - Used for CONNECTION REQUEST when SYN=1 and ACK=0, or CONNECTION ACCEPTED when SYN=1 and ACK=1.
FIN - Releases communication link.
Window size - For end-to-end flow control discussed below.
Checksum - Checksums header, data, and pseudo header for reliability using 16-bit 1's complement addition. Receiver adds all received 16-bit values including checksum, result should be 0 if checksum field agrees.
Options - One option is the maximum size TCP payload the host will accept, default is 556 bytes.
Pseudo header - Includes IP source and destination addresses to check for misdelivered packets.

Connection Management

Opening Handshake

Client	Server
Send SYN=1 ACK=0 Seq#=101
	Receive SYN=1 ACK=0 Seq#=101 Send SYN=1 ACK=1 Seq#=35 Ack#=102
Receive SYN=1 ACK=1 Seq#=35 Ack#=102 Send SYN=0 ACK=1 Ack#=36 Seq#=102
	Receive SYN=0 ACK=1 Ack#=36 Seq#=102

Closing Connection

Client	Server
Send FIN=1
	Receive FIN=1but may continue sending DATA or ACK FIN
Receive DATA or ACK FIN

Example - Sniffer Network Analyzer data of connection

Request Connection by Client

Connection Accepted by Server

TCP: ----- TCP header -----
TCP:
TCP: Source port = 1041
TCP: Destination port = 23 (Telnet)
TCP: Initial sequence number = 754816001
TCP: Data offset = 24 bytes
TCP: Flags = 02
TCP: ..0. .... = (No urgent pointer)
TCP: ...0 .... = (No acknowledgment)
TCP: .... 0... = (No push)
TCP: .... .0.. = (No reset)
TCP: .... ..1. = SYN
TCP: .... ...0 = (No FIN)
TCP: Window = 4096
TCP: Checksum = 7865 (correct)
TCP:
TCP: Options follow
TCP: Maximum segment size = 1024

TCP: ----- TCP header -----
TCP:
TCP: Source port = 23 (Telnet)
TCP: Destination port = 1041
TCP: Initial sequence number = 658240001
TCP: Acknowledgment number = 754816002
TCP: Data offset = 24 bytes
TCP: Flags = 12
TCP: ..0. .... = (No urgent pointer)
TCP: ...1 .... = Acknowledgment
TCP: .... 0... = (No push)
TCP: .... .0.. = (No reset)
TCP: .... ..1. = SYN
TCP: .... ...0 = (No FIN)
TCP: Window = 4096
TCP: Checksum = 5F17 (correct)
TCP:
TCP: Options follow
TCP: Maximum segment size = 1024

Maximum Segment Size - TCP must fit inside data load of IP packet so limit of 65515 bytes. IP fragments to send across networks with smaller frame sizes adding 20 byte IP header to each fragment.
Flow Control - Receiver controls sender's window to regulate number of segments sent by advertising number of segments it can accept. If overwhelmed, receiver sets advertisement size to 0 to suspend sender.
Checksum - End-to-end check using ones-complement sum of header, pseudo header, and data.
Retransmissions - If too short timeout, duplicates, too long, increased delay waiting for acknowledgment that will never arrive. TCP averages RTT (Round Trip Time) since delay may vary between segments using for an acknowledgment time (latest RTT) of M:

Congestion control and avoidance, use of sliding window protocol for congestion and flow control

Flow control window - Deals with receiver capacity. Sender informed by receiver of receiver size through window advertisement header field.
Congestion window - Deals with network capacity. Both ends maintain a flow control and a congestion control window (since both are normally sender and receiver). Sender transmits segments of the smaller window size.

Sender controls congestion window based on lost segments, assumes all lost due to congestion (i.e. segment discarded by router)
Slow start - Slow start increases congestion window by 1 segment for each acknowledgment effectively doubling each time a full window is acknowledged (exponential growth is not slow).
Threshold - Initially 64K, determines the maximum size of congestion window.
Congestion avoidance - After timeout reduce threshold by 1/2 and set congestion window to one maximum segment. Increase congestion window exponentially until threshold reached then slowly, increasing window and threshold by 1 segment each time a full window is acknowledged, growing up to the receiver window size.
Timeout - On timeout set congestion avoidance threshold to 1/2 congestion window and reduce congestion window size to maximum segment size. Use slow start till avoidance threshold reached then use avoidance. Rationale is that congestion probably occurred due to new sender coming on so available bandwidth is conservatively halved.

TCP Transmission Policy

Windowing - Windows are sized as number of bytes. Receiver advertises window size, suppose has 4000 bytes. Segment of 3000 arrives and is acknowledged, window now advertised as 1000 until application accepts the data. Next a 1000 byte segment received and acknowledged, window advertised as 0 until receiver application removes some data. When window 0 only two exceptions allowed for sender to transmit:

Urgent data such as the user killing the process on the receiver.
A one byte segment to which the receiver announces the next byte expected and window size, needed to prevent deadlock should the window announcement get lost.

Buffering - Senders not required to send data immediately but can buffer into larger segment nor are receivers required to send acknowledgments immediately making for more efficient use of bandwidth. For an interactive TELNET session, user types one character which is transmitted in a 20 byte TCP segment that is inside a 20 byte IP packet. It then receives a 40 byte (TCP and IP header) acknowledgment. If receiver echoes back character, process is repeated creating 162 bytes of traffic per character typed.

Nagle's Algorithm - When sender application produces data, send the first byte and buffer the rest until an acknowledgment arrives. Then send buffered characters in one TCP segment. Continue buffering until next acknowledgment arrives. Sometimes necessary to disable such as when for X-Windows where mouse movements should not be sent in bursts.
Silly Window Syndrome - Suppose the receiver's buffer is full, then the receiver application removes one byte. A window size of one is advertised and the sender sends one more byte at a possible cost of 162 bytes. Solution is to prevent receiver from advertising a window smaller than maximum segment size. Receiver would already have other data buffered so would not run out of things to do.

UDP - Datagram service, no flow or congestion control provided, application using UDP must implement. Remember that congested routers merely discard arriving packets.

UDP header

Source Port and Destination Port
Length
Checksum

HTTP

The HTTP protocol defines how a client and server communicate. In its most basic form, the client sends a request for a file to the server, the server sends the file contents back the client. In the following diagram, the client requests the file Hello.htm in the rwisman directory from the www.ius.edu server. The server responds by sending a header of information back to the client, the header of Content-type: text/html tells the client browser what type of file its returning. There are many other possibilities such as Content-type: image/gif etc. Note that HTML is not part of the HTTP protocol but one of the content types used by the browser. The HTML sent to and displayed by the browser is <H1>Hello World</H1> which is rendered by the browser as: Hello World

Further Information - The text Computer Networks by Andrew S. Tanenbaum, Prentice-Hall provides an in depth examination of networking in general. The serious student would enjoy examination of the original HTTP specification: http://www.ics.uci.edu/pub/ietf/http/rfc1945.html