Professional Documents
Culture Documents
Handout
Released
Short Title The World of Internet All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.
2 / 245
Contents
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 1.2 Host to host communication . . . . . . . . . . . . . . . . . . . . History of the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2.1 Evolution of the internet backbone . . . . . 1.2.2 The Internet topology . . . . . . . . . . . . . . . . . 1.2.3 The Internet today . . . . . . . . . . . . . . . . . . . Why using the Internet ? . . . . . . . . . . . . . . . . . . . . . . . Internet Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4.1 Strategy of the ISPs . . . . . . . . . . . . . . . . . . . 2.4.2 PoP and NAS . . . . . . . . . . . . . . . . . . . . . . . . 2.4.3 ISP services . . . . . . . . . . . . . . . . . . . . . . . . . Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSI and TCP/IP Reference models . . . . . . . . . . . . . . . TCP/IP and the Internet . . . . . . . . . . . . . . . . . . . . . . . . 3.3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.2 The TCP/IP protocol stack . . . . . . . . . . . . . 3.3.3 Surfing on the WWW . . . . . . . . . . . . . . . . . Point-to-Point Protocol . . . . . . . . . . . . . . . . . . . . . . . . Authentication protocols . . . . . . . . . . . . . . . . . . . . . . . 3.5.1 Password Authentication Protocol . . . . . . 3.5.2 Challence Handshake Authentication Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . Domain Name System (DNS) . . . . . . . . . . . . . . . . . . . Authentication-Authorization-Accounting (AAA) . . 3.7.1 What is Service Management? . . . . . . . . . 3.7.2 What is Radius? . . . . . . . . . . . . . . . . . . . . . Network Management . . . . . . . . . . . . . . . . . . . . . . . . . 3.8.1 What is Network Management? . . . . . . . 3.8.2 What is SNMP? . . . . . . . . . . . . . . . . . . . . . . Analogue and ADSL Internet access . . . . . . . . . . . . . LAN topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 13 14 18 18 19 20 23 24 25 29 32 32 33 35 39 40 43 48 48 52 59 64 71 71 72 74 79 79 81 86 86 87 90 93 94
3.4 3.5
Interconnecting LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 / 245
Contents
4.6 4.7
Connecting LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.1 Why ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Repeaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4.1 Why Bridges ? . . . . . . . . . . . . . . . . . . . . . . . Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.1 Introduction on Routing . . . . . . . . . . . . . . . 4.5.2 The routing process . . . . . . . . . . . . . . . . . . 4.5.3 Routing Protocols . . . . . . . . . . . . . . . . . . . . 4.5.4 Routing hierarchy and the Internet . . . . . Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.2 An example . . . . . . . . . . . . . . . . . . . . . . . . . Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.1 Proxy services . . . . . . . . . . . . . . . . . . . . . . . 4.7.2 Network Address Translation (NAT) . . . . . 4.7.3 Access gateways, tunneling . . . . . . . . . . . 4.7.4 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . Standard services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.1 Postal and news services . . . . . . . . . . . . . . 5.1.2 Data and file transfer . . . . . . . . . . . . . . . . 5.1.3 Remote work applications . . . . . . . . . . . . . Real time services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Supporting applications . . . . . . . . . . . . . . . . . . . . . . . . Distributed Processing . . . . . . . . . . . . . . . . . . . . . . . . . Electronic commerce . . . . . . . . . . . . . . . . . . . . . . . . . . Final Note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Internet addressing scheme . . . . . . . . . . . . . . . . . 6.1.1 IP addresses . . . . . . . . . . . . . . . . . . . . . . . . 6.1.2 IP subnetting . . . . . . . . . . . . . . . . . . . . . . . . The Internet Protocol (IP) . . . . . . . . . . . . . . . . . . . . . . . 6.2.1 Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.2 Internet Header Length (IHL) . . . . . . . . . 6.2.3 Type Of Service (TOS) . . . . . . . . . . . . . . 6.2.4 Total Length (TL) . . . . . . . . . . . . . . . . . . . . 6.2.5 Fragmentation Control . . . . . . . . . . . . . . . 6.2.6 Time To Live (TTL) . . . . . . . . . . . . . . . . . 6.2.7 Protocol (PROT) . . . . . . . . . . . . . . . . . . . . . 6.2.8 Header Checksum . . . . . . . . . . . . . . . . . . . 6.2.9 Internet Addressing . . . . . . . . . . . . . . . . . .
96 96 99 101 101 119 119 124 131 148 156 156 160 166 166 174 184 186 187 187 187 190 193 193 193 194 197 198 199 199 199 202 204 204 205 205 206 206 208 209 210 211
4 / 245
Contents
6.3 6.4
6.5
6.2.10 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet Control Message Protocol (ICMP) . . . . . . . . . 6.3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6.3.2 ICMP message format . . . . . . . . . . . . . . . . User Datagram Protocol (UDP) . . . . . . . . . . . . . . . . . . 6.4.1 Using IP for the transfer of data . . . . . . . . 6.4.2 UDP message format . . . . . . . . . . . . . . . . 6.4.3 UDP encapsulation and demultiplexing . Transfer Control Protocol (TCP) . . . . . . . . . . . . . . . . . . 6.5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.2 Source and destination port . . . . . . . . . . . 6.5.3 Sequence Number . . . . . . . . . . . . . . . . . . . 6.5.4 Acknowledgement Number . . . . . . . . . . . 6.5.5 Data Offset . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.6 Reserved . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.7 Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.8 Control Flags . . . . . . . . . . . . . . . . . . . . . . . 6.5.9 Checksum . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.10 Urgent Pointer . . . . . . . . . . . . . . . . . . . . . . . 6.5.11 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5.12 Padding . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . Relevant RFCs . . . . . . . . . . . . . . . . . . . . . .
212 213 213 214 216 216 216 218 220 220 221 223 223 226 226 226 233 236 237 238 238 239 243 244
5 / 245
Contents
Figures
Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Hosts connected to a network. . . . . . . . . . . . . . . . . . . . . . . . . . Client-server model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inter-connected networks = internet . . . . . . . . . . . . . . . . . . . Host-to-host communication . . . . . . . . . . . . . . . . . . . . . . . . . Evolution of the internet backbone network. . . . . . . . . . . . . . The NSFNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The internet topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The internet today, number of connected hosts . . . . . . . . . . . Host-to-host communication through the Internet . . . . . . . Internet Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . POPs in every telephone area . . . . . . . . . . . . . . . . . . . . . . . . . . IAP grooming function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Private Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Corporate Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Strategy of the ISP's . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Point of presence (POP) and Network Access Server (NAS) . ISP services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Layers, interfaces and protocols . . . . . . . . . . . . . . . . . . . . . . . . Data encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSI reference model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Native IP network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Comparison between the OSI and the TCP/IP models. . . . . The TCP/IP protocol stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The demultiplexing of a received Ethernet frame. . . . . . . . . . Address resolution protocol (ARP) - Same subnet . . . . . . . . Address resolution protocol (ARP) - Different subnet . . . . . . Surfing the web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Analogue Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TCP/IP example (Client side) 1/2 . . . . . . . . . . . . . . . . . . . . . . . TCP/IP example (Server side) 2/2 . . . . . . . . . . . . . . . . . . . . . . . The PPP protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Location of the PPP in the protocol stack . . . . . . . . . . . . . . . . . Components of the PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example of PPP Configuration (Windows95) . . . . . . . . . . . . . Dial-up Server, PPP Selection & Parameters . . . . . . . . . . . . . Configuration of the PPP link (IP Protocol) . . . . . . . . . . . . . . . The PAP protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example of PAP configuration : Windows 95 . . . . . . . . . . . . . The CHAP protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Query the DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hierarchical organization of the DNS. . . . . . . . . . . . . . . . . . . Addition of a new domain 1/2. . . . . . . . . . . . . . . . . . . . . . . . . 14 15 16 17 18 19 20 21 24 25 27 28 30 31 33 35 37 40 42 43 45 46 52 53 54 55 57 58 59 60 62 63 64 65 67 68 69 70 71 72 73 74 75 76
6 / 245
Contents
Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90
Addition of a new domain 2/2. . . . . . . . . . . . . . . . . . . . . . . . . Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NMC network view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SNMP basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Analogue Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ADSL Internet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LAN topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Max. cable length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Max. number of hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Repeaters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Repeater . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet host-host connection . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet LAN connection with hub . . . . . . . . . . . . . . . . . . . . . . Basic bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Increased Network Capacity thanks to Bridging . . . . . . . . . . Self learning Bridge 1/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 2/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 3/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 4/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 5/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 6/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self learning Bridge 7/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example of a loop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example of the STA algorithm 1/4 . . . . . . . . . . . . . . . . . . . . . . Example of the STA algorithm 2/4 . . . . . . . . . . . . . . . . . . . . . . Example of the STA algorithm 3/4 . . . . . . . . . . . . . . . . . . . . . . Example of the STA algorithm 4/4 . . . . . . . . . . . . . . . . . . . . . . Remote bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction on routing 1/2 . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction on routing 2/2 . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Task of a router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network structure belonging to table 2. . . . . . . . . . . . . . . . . . Default gateway configuration in Windows 95 . . . . . . . . . . . Distance Vector Protocol 1/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Distance Vector Protocol 2/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Distance Vector Protocol 3/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Distance Vector Protocol 4/7 . . . . . . . . . . . . . . . . . . . . . . . . . . .
77 81 84 85 86 87 89 90 91 94 96 97 98 98 98 99 99 100 100 102 103 104 105 106 107 108 109 110 112 114 115 116 117 118 118 121 122 123 124 125 128 129 133 134 135 136
7 / 245
Contents
Figure 91 Figure 92 Figure 93 Figure 94 Figure 95 Figure 96 Figure 97 Figure 98 Figure 99 Figure 100 Figure 101 Figure 102 Figure 103 Figure 104 Figure 105 Figure 106 Figure 107 Figure 108 Figure 109 Figure 110 Figure 111 Figure 112 Figure 113 Figure 114 Figure 115 Figure 116 Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 Figure 133 Figure 134 Figure 135 Figure 136
Distance Vector Protocol 5/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Distance Vector Protocol 6/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Distance Vector Protocol 7/7 . . . . . . . . . . . . . . . . . . . . . . . . . . . Summary (Distance Vector Protocol) . . . . . . . . . . . . . . . . . . . . Link State Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shortest Path Tree (example) . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 1/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 2/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 3/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 4/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 5/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF routing process 6/6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Alternative routes to the destination . . . . . . . . . . . . . . . . . . . . . AS with arbitrary connections between them. . . . . . . . . . . . . . Encapsulation versus tunneling. . . . . . . . . . . . . . . . . . . . . . . . . Use of tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tunneling the PPP-session . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tunneling the protocol packets . . . . . . . . . . . . . . . . . . . . . . . . . ADSL-DANA tunnelling example . . . . . . . . . . . . . . . . . . . . . . Physical interconnection media . . . . . . . . . . . . . . . . . . . . . . . . PPP-access to corporate data network. . . . . . . . . . . . . . . . . . PPTP access client (VPN-dial-up) . . . . . . . . . . . . . . . . . . . . . . Tunneling to support the PPP-session over the network . . . . Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web proxy server function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Netscape configuration of local cache usage . . . . . . . . . . . . Netscape configuration of proxy settings . . . . . . . . . . . . . . . . Radius proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NAT principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internetwork routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NAT operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tunnel gateway operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Direct host to host mail transaction . . . . . . . . . . . . . . . . . . . . . Mail transaction via POP servers . . . . . . . . . . . . . . . . . . . . . . . Netscape mail client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributed Processing example over the Internet. . . . . . . . . . IP Address formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reserved address formats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . The use of subnet identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . The format of an IP datagram . . . . . . . . . . . . . . . . . . . . . . . . . The Version field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Default IHL value of 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . The flag field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The default TTL value of 64 . . . . . . . . . . . . . . . . . . . . . . . . . . . .
137 138 139 140 141 142 143 143 144 144 145 145 150 151 153 156 157 158 159 160 161 161 162 164 165 168 170 171 173 178 179 181 184 188 188 189 196 201 202 203 204 205 205 207 208 209
8 / 245
Contents
Figure 137 Figure 138 Figure 139 Figure 140 Figure 141 Figure 142 Figure 143 Figure 144 Figure 145 Figure 146 Figure 147 Figure 148 Figure 149 Figure 150 Figure 151 Figure 152 Figure 153 Figure 154 Figure 155 Figure 156 Figure 157 Figure 158 Figure 159 Figure 160
The function of the Protocol field . . . . . . . . . . . . . . . . . . . . . . . The checksum algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ICMP and IP reside both in the Internet layer . . . . . . . . . . . . . A datagram carrying an ICMP message . . . . . . . . . . . . . . . . . The ICMP message structure . . . . . . . . . . . . . . . . . . . . . . . . . . . The ICMP message structure . . . . . . . . . . . . . . . . . . . . . . . . . . . A UDP message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UDP header . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A UDP segment with a pseudo header . . . . . . . . . . . . . . . . . . Internet layering principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A UDP message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UDP demultiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A TCP message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The format of a TCP segment . . . . . . . . . . . . . . . . . . . . . . . . . . The positive acknowledgment protocol. . . . . . . . . . . . . . . . . . Positive acknowledgment with retransmission. . . . . . . . . . . . . The default data offset value of 5 . . . . . . . . . . . . . . . . . . . . . . Sliding window mechanism. . . . . . . . . . . . . . . . . . . . . . . . . . . . Transmission Credit Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . TCP flow control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The three way handshake. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Simultaneous connection initialization. . . . . . . . . . . . . . . . . . . Graceful connection close. . . . . . . . . . . . . . . . . . . . . . . . . . . . . A TCP segment with a pseudo header . . . . . . . . . . . . . . . . . . .
210 211 213 214 214 215 217 217 218 218 219 219 221 221 224 225 226 228 230 232 234 235 236 237
9 / 245
Contents
Tables
Table 1 Table 2 Table 3 Table 4 TCP versus UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Routing Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Protocols Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 126 155 194
10 / 245
Preface
Preface
Today, the Internet is one of the biggest expanding networks. Although, it was originally designed as a reliable network, its principles and mechanisms have turned out to be firm enough to be used as the basis of the largest communication network today. This is the more surprising, if you realize that the original development started during the cold war in the late sixties. Especially in the last years, this technology has known a boom thanks to the development of user friendly and consumer ready applications. Even today evolution continues to provide more services, which are not even pure data anymore. In fact, being around for some time, the Internet and its technology is as vivid as never before ...
11 / 245
Preface
12 / 245
1 Introduction
1 Introduction
This chapter explains the concept and history of todays Internet.
13 / 245
1 Introduction
1.1
Host
Host
Network
Host
As a result computer communication has become equally important. Two hosts should be able to communicate with each other, whether they are within the same room or anywhere in the world. Some important characteristics:
"
Resource sharing: it must be possible to make programs, data, information, ... available to anyone connected to a network, even when the user is on the other side of the world. Reliability: data must be replicated in case of loss. Other hosts must take over in case of failure. The connection must be reliable and in case of detected errors a correction method must exists (Forward error correction, correction by retransmit, ...)
"
14 / 245
1 Introduction
"
Not expensive: in case of companies the reliability and security is very important and they are willing to pay for this Quality of Service (QoS). Some residentials prefer a cheap best-effort service. Security: to guarantee privacy it is important to include the necessary security within your network. Especially when companies are using networks, security is an important factor. Client-server model: when users connect to a network it is to read their E-mail, consult data (content), send a file to a remote system, ..... In this case the user is called a client and the remote host is called a server. This leads to the client-server model (see also figure 2). The client sends a request towards the server which will answer with a reply.
"
"
Network
Request Reply Client Host Figure 2 Client-server model Server Host
At the end of this document it will be clear for the reader how hosts communicate to each other through the network. In this discussion the client-server concept is not relevant. For further explanations it is not specified if a host is server/client.
Not all hosts are connected to one large network. In the real world there exists many smaller networks which can be connected to each other. To allow communication from one host to another, several networks can be in between both hosts. The inter-connected networks are called an internet (see also figure 3). The network that is used these days for surfing is called the Internet (capital 'I') and it is also an internet. However, not all internets are part of the Internet. An internet and the Internet consist out of:
" " " "
15 / 245
1 Introduction
"
To send the packets from one host to another, routing is used. The routing is based upon an address that is available in every packet.
internet
Network
Network
Network
Network Network
Network
Figure 3
Point-to-point networks
In case of point-to-point networks a connection exists between each pair of hosts that want to communicate to each other. This connection can be permanent or can be dynamic. In the latter case the connection is established at the initialization of the communication (see also figure 4). A well known example of such a network is the Public Switched Telephone Network (PSTN). Broadcast networks are shared by all connected hosts. To send information a host connected to the network will send a packet. This packet is received by all other hosts connected to this network (see also figure 4). Based upon address information in the packet
Broadcast networks
16 / 245
1 Introduction
the destination host can find out whether it must accept the packet. If the packet is destined to another host, it is ignored. A well known example of such a network is the Ethernet Local Area Network (LAN). This kind of network allows broadcasting and multicasting. In the former case a special broadcast address is used so that all hosts will accept the packet. In the latter case another special address is used so that a group of hosts will accept the packet.
Point-to-point network
Host
Host
Broadcast network
Broadcasted packets Host Figure 4 Host-to-host communication Host
As mentioned above a host will decide to accept a packet based upon the address information in the packet. Using different kinds of addresses it is possible to send a packet to only one, multiple or all destinations. This is called:
"
Unicast: the address indicates only one host. This gives the same result as sending a packet to another host through a point-to-point connection. Multicast: a multicast address allows multiple hosts to accept the packet. In other words, the packet is sent from one host to a (selected) group hosts. Broadcast: this is a special type of address (typically all 1's). In this case all hosts connected to the network will accept the packet.
"
"
17 / 245
1 Introduction
"
Anycast: this is a special type of address which indicates one of the possible candidates for the request. (The destination is not known in advance), but it is a single host to single host communication
1.2
1.2.1
NSFNET A wide-area network developed under the auspices of the National Science Foundation (NSF). NSFNET is replacing ARPANET as the main government network, linking universities and research facilities (see also figure 6). Besides the NFSNET there are also some other private/public backbone networks such as Alternet, PSInet, SprintLink etc.
network of advanced switching and fiber optic transmission technologies, known as Asynchronous Transfer Mode (ATM) and Synchronous Optical Network (SONET). The combination of ATM and SONET enables very high-speed, high capacity voice, data, and video signals to be combined and transmitted "on demand." The vBNS initially operated at speeds of 155 Mbps and today operates at speeds greater than 600 Mbps.
high speed Backbone Network Service (vBNS) uses the capabilities of MCI's nationwide
Figure 5
18 / 245
1 Introduction
Figure 6
The NSFNET
1.2.2
19 / 245
1 Introduction
(PEERING)
REGIONAL NETWORK
STUB NETWORK
STUB NETWORK
STUB NETWORK
STUB NETWORK
STUB NETWORK
STUB NETWORK
Figure 7
The internet topology. When REGIONAL NETWORKS are directly connected to each other (in stead of being indirectly connected via the backbone), we say that they are peered. For example EuropaNET, Ebone and EUNET are peered. Peering has two advantages :
"
users of both networks can communicate with each other without technical obstacles precious intercontinental links are not used anymore for exchanging information between users of different networks
"
1.2.3
20 / 245
1 Introduction
Figure 8
The internet today, number of connected hosts The art of estimating how many are online throughout the world is an inexact one at best. Surveys abound, using all sorts of measurement parameters. However, from observing many of the published surveys over the last two years, here is an 'educated guess' as to how many are online worldwide as of June 1999. And the number is 179 million." World Total Africa Asia/Pacific Europe Middle East Canada & USA Latin America 179 million 1.14 million 26.97 million 42.69 million 0.88 million 102.03 million 5.29 million
21 / 245
1 Introduction
22 / 245
23 / 245
2.1
Without Internet
Modem PSTN Modem
Address PSTN
DN POP
Using Internet
Internet
ROUTING
DN POP PSTN
Address
Figure 9
DN IP Addresses
To establish the point-to-point connection the user will use the Directory Number (DN) of the PoP . Once this dial-up connection is established, hosts will use an Internet Protocol (IP) address to communicate with each other. This IP address will be defined later in this document. Every packet sent from one host to another contains this IP address. The packet is sent towards the PoP (Point of Presence) using the point-to-point connection. In between the PoPs the address is checked to route the packets.
24 / 245
2.2
Internet Structure
Figure 10 shows different customer segments that need access to the Internet:
" " "
Content Provider
Figure 10
Internet Structure All customers need an access network to connect to the Internet. This access can be through copper, optical fiber, mobile, ...
Residential Access
Today there exist different access possibilities for residentials and/or SOHOs:
"
Analogue: using a modem the user can login through the PSTN.
25 / 245
"
ISDN: using an Integrated Services Digital Network (ISDN) interface card the user can login through the Narrowband-ISDN network. ADSL: Asymmetric Digital Subscriber Line (ADSL): this is today the most exiting access. ADSL transforms a slow copper pair into a multi-megabit link. Cable: If there is a cable operator connected to the customer premises, a cable modem can be used for high speed Internet access.
"
"
Enterprise Access
Enterprises will use high-speed access networks like 2 Mbit/sec lines (PCM), Frame Relay (FR) networks, Synchronous Digital Hierarchy (SDH), ... Other access solutions are: cable, leased lines, wireless, satellite,... A detailed discussion on all these networks is beyond the scope of this course. Therefore, this document will focuss on the residential access towards the Internet.
PoP
A user needs to connect to a PoP (Point of Presence). In most western countries the concept of "telephone areas" or zones is applicable, i.e. the cost of a call depends on the amount of areas which are passed. As an example, figure 11 pictures the different telephone areas in Belgium. To give individual access at the lowest rate possible, dial-in facilities are installed by the Internet Service Provider (ISP) in every telephone area. Such a dial-in facility is called a PoP (Point Of Presence).
26 / 245
Figure 11
The core is referring to the Internet backbone that was mentioned before. It supports routing and switching over optical fiber. Most of the users world wide are using a plain phone connection. Therefore the telecom operators are involved in the Internet story. The Internet Access Provider (IAP) is responsible for the access between the user and the ISP (see below). Towards the user the IAP can use for example the PSTN or ADSL. Towards the ISP the typical network can be the PSTN or Frame Relay. When a user connects to an IAP it is up to the IAP to find out to which ISP the user belongs. This grooming function (see figure 12) is based upon the authentication process (explained later).
27 / 245
ISP IAP
WWW ISP
Figure 12
ISP
The Internet Service Provider delivers the services to the customer. Typical services are:
" " " "
Access to the World Wide Web (Internet) for surfing. E-mail Webspace for homepages Newsgroups
ATTENTION
Today there are a lot of different network topologies used by the different ISPs and IAPs. In many cases the ISP and the IAP are one and the same operator. Therefore in the rest of the document the IAP is omitted from many drawings and mentioned only in specific examples.
Content Provider
Most of the users go to the Internet to find information. This information is provided by the content providers world wide. These content providers are:
" " " " " " "
28 / 245
2.3
Access Technologies
Private Access
Via an ISP individuals and companies are given access to the , Internet. The majority of todays ISP is using the PSTN (Public Switched Telephone Network) as a vehicle to connect individual and corporate users to the Internet. Alternatives are the cable networks via which high speed access to the internet becomes possible. There are today 5 possibilities for private users to get Internet access (see also figure 13) :
"
Analogue Modem : The majority of todays users is connected via a dial-up access to the internet. This results in a maximum bandwidth of 33 or 56 kbps. ISDN (Integrated Service Digital Network) : By combining 2 B channels, a throughput of up to 128 Kbit/sec is possible. ADSL (Asymmetric Digital Subscriber Line) : By using the latest technology in Digital Signal Processing (DSP), bitrates of over 8 Mbps (downstream) and 800 kbps (upstream) are possible over the existing telephone network. In case of ADSL, the telephone traffic and the Internet traffic are separated . Because the Internet traffic is sent over a dedicated data network, the PSTN is not overloaded any more. The customer can use the telephone and the Internet service simultaneously.
"
"
"
Satellite : Some ISPs are also considering this medium as a means to get connected to the Internet. Note however that for the upstream flow an analogue modem connection is still required. Cable Modem : Via the cable network, bitrates up to 10 Mbit/sec (downstream) and 28 .. 768 Kbit/sec (upstream) are possible.
"
29 / 245
PoP ISP
Analogue
Modem
POP
PoP PSTN ISDN
ISDN NT
WWW
POP
ADSL PoP
ADSL NT
To PSTN
Satellite
Modem
PoP
POP
Cable
Cable
Cable modem
Figure 13
Private Access Due to the popularity of the Internet more and more companies are building internal networks based on the same concepts as the Internet. Such networks are called intranets (see also figure 14). Often those intranets are also connected to the world wide Internet via a high-speed access (today via ISDN or via leased lines). For security reasons a firewall is placed between the intranet and the Internet. This firewall grants people from the company access to the Internet but prevents that people from the Internet get access to the companies resources.
Corporate Access
30 / 245
POP Data
WWW
Figure 14
Corporate Access
Firewall Intranet 31 / 245
2.4
2.4.1
Access Scenario
Strategy of the ISPs
In section 2.2 the role of the IAP and the ISP was explained. In many cases the IAP and the ISP are one and the same operator. When you consider the network between the Internet user and the content provider, it is not always straightforward to place a clear line between the telecom, the IAP and the ISP network. As mentioned before, throughout the rest of the document the IAP is many times omitted from the figures, because from the point of view of the user the ISP service is clearly visible. Figure 15 shows the ISPs strategy. The users will dial-up towards the PoP that is located within their telephone local area. A point-to-point connection is established. All the different PoPs that belong to the same ISP are connected to a centralized server/gateway. These connections are usually permanent connections and/or leased lines. Examples are, 2 Mbit/sec leased lines, Frame Relay PVCs, .... If the PoPs are owned by the IAP the PoP needs to find out to which , ISP the user belongs. In some cases the users can dial into different ISPs based upon there user-id / password combination. Once the user is virtually connected to the ISPs server, he/she can access the ISP services (see also section 2.4.3). When the user stops using the ISP services, the connection between the users PC and the PoP is released. The PoP to ISP connections are permanent.
32 / 245
AREA 1
AREA 2
AREA 3
PSTN
DIAL-UP ACCESS
PoPs
LEASED LINES
ISP
WWW
Figure 15
2.4.2
Analogue users connect using an analogue modem ISDN users connect to a Basic Rate Interface (BRI) using a Network Termination (NT).
33 / 245
A PoP consists out of one or more Network Access Servers (NAS). These are devices that can be connected to different kind of networks and interfaces. Examples are :
"
Primary Rate Access (PRA) : this interface uses 30 B channels of 64 Kbit/sec and one D signalling channel. The speed is 2 Mbit/sec. Serial interfaces for leased lines (typical 8 Mbit/sec) Basic Rate Interfaces (BRI): this interface uses 2 B channels of 64 Kbit/sec and one D signalling channel. The total speed is 144 Kbit/sec. ATM interface Frame relay interface Ethernet interface: a shared network running at 10 or 100 Mbit/sec. Fiber Distributed Data Interface (FDDI) : this is a double ring optical network running at 100 Mbit/sec.
" "
"
When a user wants to dial into a PoP he needs to know the public directory number (DN) of the PRA interfaces that connect the NAS to the PSTN. A group of PRAs, which are called a huntgroup, are given one single DN. It is up to the PSTN to find one (or possible two in case of ISDN) available B channel towards the NAS. Through the signalling channel of the PRA the NAS is informed about the origin of the user, analogue or ISDN. This is important, because in case of en analogue user a peer modem needs to be connected. A single NAS can contain hundreds of integrated modems. In case of an ISDN user the information doesn't need to be demodulated. It is through this point-to-point connection between the users PC and the NAS that the Internet packets (or other information) are sent. A router function inside the NAS will send the packets to the correct interface which might be a LAN, for example, ethernet. The gateway/router connected to this LAN will send the packets into the Internet backbone.
34 / 245
Analogue
PSTN
HUNT GROUP 1 public DN
...
Modem
ISDN
ISDN NT
PRAs
PoP
Analogue
1 ... 2 X
NAS
ISDN
Server Router
LAN
Figure 16
2.4.3
ISP services
Figure 17 shows the ISP in more detail. Also the most important services are shown.
Through the gateway of the ISP the user can access the world wide Internet. A user will only connect to the ISP when he/she wants to use a service. This is because this connection costs money, duration based. Therefore the user's PC is switched off most of the time and is not reachable for E-mails. To solve this problem every user is given an E-mail address and the E-mail server is located
35 / 245
at the ISPs premises. All your mails are received by this server. It is up to the user to login regularly to read the mail. At this point the mails can be downloaded (not necessary) towards the user's PC. At this moment the user can also send new mails or send a reply.
Homepages
Every user can create his/her own homepage. Here the same problem exists as for the E-mail. Most of the time the PC is switched off so the homepage is not available if it is stored on the user's PC. To solve this problem the user creates a homepage off-line and then transfers all homepage-files to a location at the ISP The homepage is given a URL (explained later) which . usually contains the name of the user. From now on the user's homepage is available worldwide, even when the user's PC is switched off. Newsgroups or discussion groups are stored at the ISP premises. A user can subscribe to a newsgroup and can participate in the discussions. When the user is connected to the ISP he/she can , find out for each group to which he/she has subscribed if there are new messages. DNS is an abbreviation for Domain Name System. All the hosts that connect to the Internet need to have an IP address (Internet Protocol address). This can be compared with the directory number (DN) of a telephone line. You must know the address to be able to communicate to the other host. However, numbers are difficult to remember. It is easier to remember www.alcatel.be in stead of 138.203.48.111. When you start an Internet browser and you start surfing, you type a name if you want to go somewhere. It is up to the DNS to translate the name into the IP address. The user's PC will contact the DNS server which is located at the ISP premises. This server sends the retrieved IP address back to the user's PC. To execute this translation the ISP's DNS might contact other DNS servers in the world wide Internet. Using this IP address the user's PC can contact the far-end host and send/receive packets. All packets contain the source and destination IP address. Remark: IP addresses and DNS are explained in more detail later in this document.
Newsgroups
DNS
PC configuration
As explained above the user's PC needs to have an IP address to go onto the Internet. This IP address can be static like a telephone DN. However there are not enough IP addresses available so most of the ISPs have a pool of IP addresses available. When a user connects to the ISP the user's PC is given
36 / 245
a temporary address for the duration of the connection. At that moment the address is not known by the other hosts. This is not a problem since the user will type the locations (after DNS this becomes IP address) where he/she wants to go, usually content providers. In every packet the temporary source IP address is included so the destination host knows to which IP address the answer needs to be sent. Besides the user's IP address the PC is also configured to find the mail-server, newsgroup server, gateway and DNS-server.
ISP
Newsgroups WWW Gateway Static or dynamic IP address
POP
Analogue
POP
ISDN
POP
ADSL Homepages DNS
Figure 17
ISP services
37 / 245
38 / 245
3 Internet Protocols
3 Internet Protocols
This chapter describes the IP Protocol stack, used for Internet communication. However, it begins with basic definitions and models concerning protocol stacks in general.
39 / 245
3 Internet Protocols
3.1
Definitions
To simplify communication between hosts a layered structure is used (see figure 18). The layers differ from network to network. Also the number of layers can be different. The purpose of a layer is to provide a service to another layer. A service is a set of primitives (operations) that a layer provides to the layer above it. The entities on both sides that belong to the same layer are called peers. HOST 1 Layer 3 Layer 2 Layer n/n+1 interface Layer 1 Physical medium Figure 18 Layers, interfaces and protocols Layer 1 Layer n protocol HOST 2 Layer 3 Layer 2
Interface Protocol
The interface can be found in between two consecutive layers. It is the interface that defines which set of services a layer provides to the layer above. In general a protocol is an agreement between two communicating parties on how communication is to proceed. In other words, a protocol is a set of rules which define the format and the meaning of the frames, packets or messages that are exchanged by the peer layers. In other words, the peers communicate using the protocol.
40 / 245
3 Internet Protocols
NOTICE
A set of layers and protocols is called a: NETWORK ARCHITECTURE. A list of protocols used by a certain system, one per layer, is called a: PROTOCOL STACK
Data encapsulation
When an application prepares a messages it will add an application header and deliver the message to layer n-1 for transmission. Layer n-1 will add a header to identify the message and to add the functionality of layer n-1. Then this new message is delivered to layer n-2 and so on (see figure 19). Depending upon the layer the message can have a different name, like,
" " " " " " "
Finally the physical frame is sent on the physical medium to the remote host. Upon reception the frame will pass the different peer-layers, but this time from bottom to top. When the message passes the different layers, they will execute the layer's functionality (checks, fragmentation / recombining, segmentation / reassembly, flow control, multiplexing / demultiplexing, ...) and remove their header before passing the message to the upper layer.
41 / 245
3 Internet Protocols
user data HEADER Applic. HEADER Layer n-1 HEADER Layer n-2 HEADER PHYS Figure 19 Layer n-2 Layer n-1 Layer n-1 user data LAYER n-1 Applic. user data LAYER n-2 Applic. user data TRAILER Applic. user data PHYS Physical Layer Application
Data encapsulation
42 / 245
3 Internet Protocols
3.2
Physical layer The physical layer transmits the bits over the physical communication channel. The bits are usually converted into voltages.
"
Datalink layer This layer is responsible for the errorfree transmission of the datalink frame. The layer can use error detection and error correction. The latter is usually implemented using retransmission of errored frames. The check is done by including a Frame Check Sequence (FCS).
"
Network layer The network layer is mainly responsible for the correct routing of the packet. A connection can be :
D D D
Permanent by using static tables build by an operator. Created at the start of a session and released at the end of the session. This is also called connection oriented. Connectionless: in this case every packet includes the final destination address.
43 / 245
3 Internet Protocols
"
Transport layer This layer is a typical end-to-end layer which can guarantee the correct arrival of information end-to-end. This is usually based upon a flow control mechanism. It also isolates the upper layers from the different kind of networks below the transport layer. For example, if the higher layers require a higher throughput, the transport layer might establish multiple network connections.
"
Session layer The session layer allows the users on the different hosts to establish a session. This can be done by using a login procedure based upon a user-id and a password. Another function of this layer is dialogue control (simplex, duplex, synchronization points in case of failure, ...)
"
Presentation layer Where the layers below were mainly involved with communication between two hosts, this layer is responsible for the syntax and the semantic checks.
"
Application layer The application layer contains a variety of protocols necessary for the user applications above. This allows that user programs are independent from the layers below and thus of the machine on which they are running.
The Transmission Control Protocol (TCP)/Internet Protocol (IP)-stack was originally designed with the following characteristics:
"
Private - non-commercial : so there was originally no provisions for commercial exploitation (billing, security, ...) Permanent connections : therefore no support for other networks than a permanent connection mesh. For example, switched networks like ATM, FR were not supported. The original Internet was a native IP network (see figure 21), today the Internet backbone is still a native network but no hosts are connected directly to it. A native network consists out of store-and-forward nodes and end nodes interconnected with permanent links in a mesh topology (fixed lines, leased lines or simulated fixed connections over other network architectures
"
44 / 245
3 Internet Protocols
"
Packet oriented : designed for large, variable size packets typically used for data and less suitable for voice and other real time services. Data network: originally only one type of QoS (data).
"
IP introduced several new innovations optimized for the context of a private, non-commercial, data network, like:
" "
Distributed routing Connectionless operation Several successful, platform independent, user friendly applications, like E-mail and web-browsing. Flat fee structure, due to the absence of the billing.
"
The success of these applications is not the success of the underlying protocol stack. Nevertheless, today the TCP/IP protocol stack is the glue that holds the Internet together. Figure 22 shows a comparison between the OSI and the TCP/IP models. The latter is called after its two most important protocols. Compared to the OSI model, TCP/IP did not originally clearly distinguish between service, interface and protocol. For example, the only real services offered by the Internet layer are 'send IP packet' and 'receive IP packet'. In case of OSI the model was
45 / 245
3 Internet Protocols
defined first before the protocols were invented. As a result the OSI model is quite general. The down side is that many thinks were not clear at the time of definition. The designers didn't have a good idea about what to put in which layer. With TCP/IP the reverse was true: the protocols came first, and the model was just a description of the existing protocols. As a result the protocols fit perfectly in the model. A drawback here is that the model doesn't fit any other protocol stacks. There are many other differences related to connection oriented and connectionless, etc...... However a detailed comparison is beyond the scope of this course and not really necessary to get a functional idea about TCP/IP . One last important difference is the number of layers. Notice (figure 22) that the presentation and the session layer are not present in the TCP/IP model. Also the datalink and the physical layer are not defined. Today many encapsulation mechanisms exist to run IP on any physical network. A detailed discussion on this is beyond the scope of this course. The other three layers are explained briefly in the following paragraphs: OSI RM Application Presentation Session Transport Network Data Link Physical Figure 22
"
TCP/IP RM Application
Internet layer In the original design of the Internet (ARPANET) it was important to be flexible in case of link failure. This requirement let to a packet-switching network based on a connectionless internetwork layer, the Internet Layer. The Internet layer defines an official packet format and protocol called IP (Internet Protocol). The main job of this layer is to deliver IP packets (datagrams). Because the network layer is connectionless, the sequence is not guaranteed. Each packet is routed separately which means that the destination address must be available in every packet.
46 / 245
Transport Internet Host-tonetwork
770 00905 0530 VHBE Ed. 03
3 Internet Protocols
"
Transport layer The next layer is very similar to the OSI transport layer. It is an end-to-end layer which takes care of the flow control. In other words it handles the conversation between the peer entities on the source and the destination host. Two protocols have been defined:
D
TCP - Transmission control protocol This is a reliable connection oriented protocol that allows the errorfree delivery of a bytestream. Large packets are segmented into smaller ones and are resequenced at the final destination if necessary. Flow control makes sure that the receiving side is not overloaded.
UDP - User Datagram protocol The User Datagram Protocol (UDP) is an unreliable connectionless protocol which is widely used for client-server request-reply applications where the prompt delivery is more important than the accurate delivery.
Table 1 makes a comparison between TCP and UDP . Table 1 TCP Connection Oriented Sequenced Delivery End-to-end acknowledge ments Error Check If time-out : retransmit
"
Application layer Also this layer has a similar functionality like the OSI application layer. Section 3.2.1 will give an overview of the most important protocols. At the end of this document the applications are explained in more detail.
47 / 245
3 Internet Protocols
3.3
3.3.1
Native IP networks using leased lines. PSTN circuit switched network. X.25 packet switching network. Narrowband ISDN network. ATM broadband network. LANs and MANs (IEEE 802.x standards) Frame relay ....
In some cases the encapsulation is more complicated. For example, IP encapsulated in an ethernet framed can be further encapsulated and sent over an ATM network, or ATM running on an ADSL physical interface (see also later in section 3.9). A detailed description of all encapsulation methods and protocols is beyond the scope of this course. Some protocols like Point to Point Protocol (PPP), tunneling,... are explained further in this document. In section 3.3.2 the functionality of TCP/UDP and IP is explained. At the end of this document the headers are explained in more detail. Below a short description is given of the different application layer protocols:
48 / 245
3 Internet Protocols
"
WWW : the World Wide Web (WWW) made it possible for a site to set up a number of pages containing text, graphics, audio, video,..., with embedded links to other pages. By clicking on a link you jump to another page which might be stored on the other side of the world. To interpret these pages you need a WWW browsing tool like Netscape or Internet Explorer. Web pages are written in a language called Hypertext Markup Language (HTML). It is a markup language that describes how documents are to be formatted. It contains explicit commands for formatting and including objects like pictures, audio files, ... Also links to other pages are included. A browser will interpret these commands to reproduce the pages.
"
HTTP : The Hypertext Transfer Protocol (HTTP) is the standard Web transfer protocol. It consists of a request followed by a response. Usually the request is an HTML GET to retrieve a webpage from a remote machine. As a result the requested page is presented in your web-browser. To retrieve an HTML page from a remote host a user will enter a link in his browser. This link is called a Uniform Resource Locator (URL) Actually every web-page is assigned a URL. An example of a URL is: HTTP://www.alcatel.com/marketing/overview.html
D D
HTTP: indicates the protocol used. Other examples are gopher, FTP ... , www.alcatel.com: indicates the DNS name of the host. The DNS server will translate this name into the IP address of the destination host. marketing: indicates the directory on the destination host. overview.html: indicates the html-page to be retrieved. If no name is specified the default.html or index.html page is downloaded. If not existing, an error is returned in stead.
D D
"
The Gopher protocol was designed at the university of Minnesota and is called after the team The Golden Gopher's". It also means 'go-for' because it is an information retrieval system. It is very similar to HTTP but , transports only text and no images. When you login a user is presented some menu's to browse through files and documents. The protocol was designed for text-based monitors. Another advantage is that it is fast.
49 / 245
3 Internet Protocols
"
The Telnet protocol is used to establish an on-line connection to a remote machine. You just type 'telnet' followed by the host-address (or IP address) of the machine you want to go to. Usually they present you a pop-up in which you can fill in the user-id and a password. FTP : The File Transfer Protocol (FTP) copies files from one host to another using the Internet. NNTP :Using the Network News Transfer Protocol (NNTP) it is possible to participate in newsgroups or discussion groups. These are forums in which users with a common interest can exchange messages. To subscribe and participate in a newsgroup a dedicated application is used, for example, Netscape. SMTP : The Simple Mail Transfer Protocol (SMTP) is used by an E-mail server to transmit an E-mail to the destination E-mail server. In most cases the user will use a PC to retrieve his/her mail from the server. One way is using the Post Office Protocol (POP) This protocol includes commands to login, logout, fetch messages and delete messages. The point of the POP is to transmit the E-mails from the mail-server towards the users PC to be read later. Another protocol is Interactive Mail Access Protocol (IMAP). This protocol does not copy the users mail to his PC but it keeps a central repository that can be accessed from any machine because the user may have several. Nevertheless, applications using the IMAP sometimes include a synchronize function to download new mails onto a PC and to upload new mails towards a mail-server.
"
"
"
"
WAIS : The Wide Area Information System (WAIS) can be used to look for information in a large number of documents. When you login to a WAIS server you can post a question like: Tell me more about personal computers". The WAIS server will consider the keywords 'personal' and 'computer' and starts looking in a list of documents. The result, a list of documents, is presented to the requestor, the best match on top.
50 / 245
3 Internet Protocols
"
The MBone (Multicast Backbone) is used to broadcast audio and video over the Internet. Because not all routers today can handle multicast, an overlay network was designed. It consists out of a number of islands that are interconnected. Live broadcast can be send to these 'islands'. Examples are, scientific conferences, live concerts (Rolling Stones), events (space shuttle launch), ..To broadcast a program the source must first retrieve a multicast IP address (see later). Receivers can 'tune' to this program using the IP address. To actually broadcast the program the MBone packets are encapsulated in IP and send from one island to another. Within an island a multicast router sends periodically a request asking who is interested in which program. Hosts interested in a program can send a reply. DNS :The Domain Name System (DNS) is used to translate DNS hostnames into an IP address that is used to establish a TCP connection. For more details on DNS see also section 3.6. SNMP : Simple Network Management Protocol (SNMP) is a protocol used for network management. The Network Management Center contains an SNMP-manager. The objects to be managed contain an SNMP-agent and a Management Information Base (MIB). The manager can read from and write into this database. The agent can also send 'traps' towards the manager to report alarms. Summarized this protocol can be used to handle Fault, Performance, Security and Configuration Management (see also section 3.8).
"
"
51 / 245
3 Internet Protocols
WWW browser FTP Telnet HTTP Gopher WAIS TCP IP (ICMP ARP RARP ...) , , , NATIVE IP
(PERMANENT CONNECTION)
SMTP
NNTP
MBone DNS
SNMP
SLIP
ATM
PSTN
802.3 802.4 802.5 802.11 802.6 ISDN B-ISDN CSMA/CD TB TR wireless DQDB LAN
SLIP PPP HDLC LAPB LAPD ATM PSTN ISDN B-ISDN TB TR DQDB WAN LAN MAN
MAN
Abbr. WWW FTP HTTP WAIS SMTP NNTP MBone. DNS SNMP TCP UDP IP ICMP IGMP ARP RARP
World Wide We b File Transfer Protocol Hypertext Transfer Protocol Wide Area Information System Simple Mail Transfer Protocol Network News Transfer Protocol Multicast Backbone Domain Name System Simple Network Management Protocol Transmission Control Protocol User Datagram Protocol Internet Protocol Internet Control Message Protocol Internet Group Management Protocol Address Resolution Protocol Reverse Address Resolution Protocol
Serial Line Internet Protocol Point-to-point Protocol High-level Datalink Control Link Access Procedure B Link Access Procedure D Asynchronous Transfer Mode Public Switched Telephony Network Integrated Services Digital Network Broadband ISDN Token Bus Token Ring Distributed Queue, Dual Bus Wide Area Network Local Area Network Metropolitan Area Network
Figure 23
3.3.2
52 / 245
3 Internet Protocols
user data Application Appl header TCP header TCP segment IP header Ethernet header 14 IP header 20 TCP header IP datagram TCP header Ethernet trailer 4 IP Ethernet driver user data TCP
Figure 24
Data encapsulation To route the IP datagram from the source host to the destination host every packet (connectionless !) must contain the source and destination IP address (see figure 25).
53 / 245
3 Internet Protocols
G G G
Every interface (host, router, etc.) on the internet must have a unique Internet Address (IP address). Every internet address is a 32 bit number (4.294.967.296 possible addresses). Internet addresses have a structure : called classes : 0 netid (7b) hostid (24b) 128 netid (14b) 16384 16.777.216 hostid (16b) 65536 hostid (8b) 256
Class A
Class B
Class C
1 0
Class D
1 1
multicast group ID (28b) 268.435.464 reserved for future use (27b) 134.217.728
Class E G G
1 1
1 0
A dotted-decimal notation is used to represent an internet ad dress : E.g. : 138.203.48.77 There are three IP address types : G unicast G G broadcast multicast (broadcast to a selected group of recipients)
A hostid of all 0's indicates the netid. A hostid of all 1's indicates a broadcast to netid. Figure 25 IP addresses Figure 26 shows the TCP/IP protocol stack in more detail. Again an example of a host connected to an ethernet network is used. When a host receives an ethernet frame it will check the ethernet's physical address (MAC - Medium Access Control - address of 48 bits) to find out if the frame is destined for this host. The
54 / 245
3 Internet Protocols
header also indicates that the information inside the frame is an IP datagram. In the IP datagram the IP address is checked and the protocol value will specify the content of the IP datagram: UDP , TCP ICMP ... In the TCP/UDP header a port number will indicate , , the application to which the information must be delivered. The client will select a short-lived source port and will fill in a well-known destination port, for example, HTTP is port 80. Application Application Application Application
UDP
RARP demultiplexing based on frame type in Ethernet header Ethernet driver Incoming frame
Figure 26
ICMP
To report errors the Internet Control Message Protocol (ICMP)is used. For example, when a host sends an IP packet to another host and the packet cannot be delivered due to an unreachable network, unreachable host, .... the remote router sends back an ICMP error message that is shown in the user's application. The Internet Group Management Protocol (IGMP) is used in case of multicast streams. It was already mentioned and briefly explained in section 3.3.1.
IGMP
55 / 245
3 Internet Protocols
ARP - RARP
The Address Resolution Protocol (ARP) translates an IP address to an ethernet physical address. The Reverse Address Resolution Protocol (RARP) executes the reverse translation. The ARP principle is explained in more detail in the figures 27 and 28. When a host wants to send an IP packet to another host it must first retrieve the destination IP address. A user can type this IP address or can type a URL which includes the host DNS name. In the latter case the host will contact the DNS server to translate the DNS name into the IP address. The IP address of the DNS server is available in the configuration of every host. Now the host can fill in the destination and source IP address and encapsulate the packet into an ethernet frame. Ethernet requires a physical address to deliver the frame. The source MAC address (mentioned above) can be filled in however the destination MAC address is unknown. Therefore the host will check if the destination is connected in the same (sub)net (see also net-id in figure 25). If this is the case the host sends an ARP request (ethernet broadcast) which includes its own IP/MAC address and the destination IP address. All hosts receive this frame and the destination host will recognize its IP address and will send back an ARP reply message. From this reply message the host copies the MAC address into its local ARP table for later use. Ageing will clear this table on a regular base. Now the host can fill in the missing destination MAC address and then the frame is sent on the ethernet towards the destination host.
56 / 245
3 Internet Protocols
IP3 www
Gateway
IP2
IP4
DNS
MAC3
MAC2
MAC4
A R P MAC1
Ethernet
data
IP1
Gatew DNS
Config
IP3 IP4
G G
IP1 and IP2 belong to the same subnet Send ARP request to retrieve destin. MAC
D BC S D S MAC1 IP2 IP1 ARP req.
ARP Table
IP2
MAC2
Ageing
Ethernet Frame
data
data
IP Datagram
Figure 27
Address resolution protocol (ARP) - Same subnet Figure 28 shows a similar example, but this time the sending and receiving host belong to a different (sub)net. The story is exactly the same as the previous example until the point where the host finds out that the remote host belongs to a different (sub)net. In this case the IP datagram must be delivered to a gateway, which will send the packet onto the next network for routing towards the destination host. The IP address of the gateway is also configured in every host. If necessary the host will use an ARP reply to learn the physical MAC address of the gateway. When the reply comes back the host can assemble the frame. The IP datagram contains the source IP address of the host and the destination IP address of the final destination host. However
57 / 245
3 Internet Protocols
to deliver the ethernet frame to the gateway the destination MAC address of the gateway is filled in. When the IP datagram is received, it is up to the gateway to find the next-hop-router. Based upon the destination IP address the IP packet will find its way through the different networks until it reaches the final destination. This is explained in more detail in the routing chapter. IP3 www
Gateway
IP2
IP4
DNS
MAC3
MAC2
MAC4
A R P MAC1
Ethernet
data
IP1
Gatew DNS
Config
IP3 IP4
G G
IP1 and IPx belong to a different subnet Send ARP request to retrieve gateway MAC
D BC S D S MAC1 IP3 IP1 ARP req.
ARP Table
IP2 IP3
Ethernet Frame
data
data
IP Datagram
Figure 28
58 / 245
3 Internet Protocols
3.3.3
Server www.alcatel.com
Hyperlink
Client
DISK
HTTP SERVER
HTTP SERVER
WWW Figure 29 Surfing the web Every web site has a server process listening to TCP port 80 for incoming connections from clients (webbrowsers). The client PC in figure 29 is already running a webbrowser and an HTML page is shown on the display. What happens when the user clicks on a link ? This situation will be explained in more detail in the next figures but this simple example gives the reader some idea how webbrowsers work. The user clicked on the following link: HTTP://www.alcatel.com/marketing/overview.html. The browser executes the following steps: 1. The browser determines the URL (selected by the user) 2. The browser asks DNS to translate www.alcatel.com into an IP address. 3. DNS replies with the IP address (198.64.191.11)
59 / 245
3 Internet Protocols
4. The browser establishes a TCP connection to port 80 (HTTP) using this IP address. 5. The server is listening to this port and acknowledges this connection request. 6. It then sends an HTTP GET request to retrieve the file: 'marketing/overview.html'. 7. The server sends the file (text, images, ...) to the client. 8. The TCP connection is released. 9. The browser interprets the HTML and displays the page in the window. If this page contains a link to another server, for example, 'example.com', the same is repeated to this server as soon as the user clicks on the link. Figure 30 gives an overview of the protocol stack used during the surf session. Only the higher layers are shown at this moment. Server www Client
HTTP TCP IP ?
HTTP TCP IP
TCP connection
Figure 30
60 / 245
3 Internet Protocols
On the following pages a similar example is explained in more detail. In this example the physical interface is an ethernet. Assume that the client has IP address 138.203.48.77.
Client Side
1. We assume that the client requests his browser to receive the WEB home page of the ALCATEL WEB server : http://www.alcatel.com. 2. Via the resolver (access to DNS) the address of the WEB server (www.alcatel.com) is translated into an IP address (in our example 198.64.191.11). 3. Because the http service uses TCP a TCP connection must be , established between our client and the WEB server. 4. In the TCP header following fields are filled in :
D D D
The source port allocated (by the application) for this connection, assume port 2000 was allocated. The destination port, because we like to access a WWW server, the destination port is the "Well Known port" 80. The seq. number, ack number etc. needed to set-up the connection, transfer the data and terminate the connection. In the body of the TCP message, the WWW application protocol (http) will store the request to download a WEB page from the SERVER to the CLIENT. (GET request).
5. The TCP packet is encapsulated in an IP datagram and the originating and destination IP address are filled in. 6. Before we can encapsulate the IP datagram into an Ethernet frame. We have to translate the destination IP address into an Ethernet address. This is done by sending an ARP (Address Resolution Protocol) broadcast message on the Ethernet. The host with the matching IP address will reply with his Ethernet address. 7. The IP datagram is encapsulated into an Ethernet frame. If the destination WEB server is located somewhere on the Internet. Then our packet will be bridged/routed towards the correct destination.
61 / 245
3 Internet Protocols
(1) http://www.alcatel.com/marketing/overview.html (2) www.alcatel.com DNS Resolver (2) 198.64.191.11 G G G HTTP TCP header source port : 2000 dest. port : 80 seq. number, ack number, window size etc. length check sum source / dest IP addr source / dest port (which application ?) data HTTP GET req. TCP segment HTTP GET req. WWW browser
(3) TCP
IP datagram IP Protocol ID = TCP (Dest. IP) (Orig. IP) (5) (5) (5) (5)
198.64.191.11 138.203.48.77
Ethernet driver
Ethernet header
IP header G
TCP header
Ethernet trailer
Figure 31
Server Side
1. The server receives an Ethernet frame. 2. The IP packet is retrieved. 3. The protocol identification (TCP) is used to deliver the packet to the correct upper layer (TCP).
62 / 245
3 Internet Protocols
4. The port number (80) is used to deliver the TCP segment (data) to the correct application layer (in our example http daemon). 5. The application layer will evaluate the data of the TCP segment (GET request) and return the requested WEB page to the client. Because in this example no page was specified, the home page of the WEB server (according to the WEB server SW this file is called : index.html, default.htm, ...) is returned to the client. HTTP Server
HTTP TCP header source port : 2000 TCP dest. port : 80 seq. number, ack number, window size etc. length check sum (4)
IP datagram IP (2)
198.64.191.11 138.203.48.77 (Dest. IP) (Orig. IP)
Ethernet driver
(1)
Ethernet header
IP header
TCP header
Ethernet trailer
Figure 32
63 / 245
3 Internet Protocols
3.4
Point-to-Point Protocol
This section explains the well known Point-to-Point protocol at a functional level. The PPP defines how hosts are connected to the internet with simple point-to-point (i.e. serial) links (see figure 33). It replaces the older SLIP (Serial Line Interface Protocol). Analogue
PSTN
HUNT GROUP 1 public DN
Modem
PPP session
...
PRIs
POP
Analogue
1 ... 2 X
NAS
ISDN
Server Router
LAN
Figure 33
64 / 245
3 Internet Protocols
The PPP-protocol is the datalink protocol for point-to-point links. The PPP protocol handles the following things:
" " " "
Error detection Support of multiple protocols Dynamic IP addresses Authentication of the user
Figure 34 locates the PPP protocol within the IP protocol stack. Do remark however that on top of the PPP protocol other protocol besides IP are possible (e.g. Novell IPX, Appletalk, etc. ). It's even possible to use multiple protocols simultaneously.
Applications (WWW, FTP ...) , PoP TCP IP PPP (2) UDP TCP IP PPP UDP User (3) Applications (WWW, FTP ...) ,
V.34/V.32/V.32bis/V.29
(1)
V.34/V.32/V.32bis/V.29
PSTN
To establish a connection with his ISP the users SW will : , (1) (2) Order the modem to dial the GDN (Global Directory Number) of the ISP's POP . The latest modem protocols allow negotiation of the bitrate.
After establishment of the MODEM connection, a PPP connection between the USER's PC and the POP is created, at the end of the PPP phase one ore more NCP (Network Control Protocols) are negotiated (for internet related services this is the IP protocol) . (3) Once the IP connection has been established, the users can consult the different resources on the internet. Figure 34 Location of the PPP in the protocol stack
65 / 245
3 Internet Protocols
At the functional level the PPP protocol consists out of the following functional blocks (see also figure 35) :
"
The definition of a frame to transport the PPP information. This frame also allows to execute error detection. The Link Control Protocol (LCP) initializes the point-to-point session (connection). During the link establishment the authentication method, the maximum receive unit, ... are negotiated. The PPP protocol supports different network protocols used. This is possible by using a different Network Control Protocol (NCP) for each supported network layer. For IP the IP Control Protocol (IPCP) will negotiate the IP compression, the IP address, ... Other network protocol examples are IPX and Appletalk.
"
"
The PPP encapsulation uses 8 bytes of overhead when the default HDLC-like framing is used (HDLC = High Level Data Link Controller) . If bandwidth is important, the encapsulation and the framing can be shortened to 2 or 4 bytes overhead. The HDLC-like framing begins and ends with a flag. The frame is character stuffed if it contains this flag. The next field, which is the address field, contains all 1's to indicate that all stations are to accept the frame. The address field is followed by the control field, of which the default value is 00000011. This indicates an unnumbered frame, in other words, PPP does not provide reliable transmission using sequence numbers and acknowledgements as the default. RFC1663 defines the reliable numbered mode that can be used in noisy environments. Because the address and control field contain always the same value, the LCP provides the necessary mechanism to negotiate an option to omit them during transmission. This is especially interesting in case of slow modems. The protocol field explains to the other side what kind of information is in the payload of the PPP frame. Examples are: LCP PAP CHAP IP IPCP ... It can be negotiated to reduce the , , , , , protocol field to 1 byte in stead of the default 2 bytes. The payload field is variable length, up to a negotiated maximum. The default length is 1500 bytes and padding may follow the payload if need be. It is up to each protocol to distinguish the padding information from real information. The checksum is normally 2 bytes, but a 4 byte checksum can be negotiated.
66 / 245
3 Internet Protocols
In short a PPP session is started as follows. After the physical establishment of the connection, the LCP negotiation begins. At the end of the LCP negotiation an optional PAP or CHAP authentication can be executed (see also section 3.5). Finally the NCP is used to negotiate the network protocol options. Now the data transport can start. When the user ends the communication the session is terminated.
PPP
NCP (4) NCP : Network Control Protocol Each NCP is separately configured , for IP the IPCP is used.
PPP
NCP
LCP : Link Control Protocol Link establishment and configuration negotiation. : Link quality determination (optional) Link authentication PAP/CHAP (op tional)
LCP
Encapsulation
FLAG 7E
ADDRESS FF hex
CONTROL 03 hex
PROTOCOL 8/16
FCS 16
FLAG 7E
PROTOCOL : c021 c023 c025 c223 0021 0029 002b ... 8021 8029 802b Link Control Protocol Password Authentication Protocol (PAP) Link Quality Report Challence Handshake Authentication Protocol (CHAP) Internet Protocol (IP) Appletalk Novell IPX Internet Protocol Control Protocol Appletalk Control Protocol Novell IPX Control Protocol...
Figure 35
67 / 245
3 Internet Protocols
Figure 36
68 / 245
3 Internet Protocols
Figure 37
69 / 245
3 Internet Protocols
Figure 38
70 / 245
3 Internet Protocols
3.5
Authentication protocols
In the previous section on PPP the PAP and CHAP authentication protocols were mentioned. In the following paragraphs these protocols are explained in more detail.
3.5.1
Figure 39
71 / 245
3 Internet Protocols
Figure 40
3.5.2
72 / 245
3 Internet Protocols
Authenticator
Client
Password
Password
=?
Figure 41
73 / 245
3 Internet Protocols
3.6
This name is called the DNS name of the server or content provider and is entered by the user as part of the URL. The URL layout was also explained in section 3.3.1. So the user will usually use the name 'www.alcatel.com' instead of the number '198.64.191.11' to access Alcatel's WEB server. Because it's impossible to store (and manage) on every host on the internet all the names with their corresponding IP addresses, a distributed DB approach is used : the DNS. External name servers
(2)
Queries
(1)
User queries
Responses
User responses
User Program
(3)
References Time-out Additions
(5)
Cache
(4)
Figure 42
Query the DNS. When a user queries the DNS following sequences occurs (see figure 42): 1. The user sends a DNS message (which contains the name requiring translation, for example, www.alcatel.com) to his local DNS server. The IP address of this local DNS server was configured before on the user's PC. The DNS server is located at the ISP's premises (see also chapter 2). 2. If the name is unknown by the 'DNS database resolver' and not cached, then the 'DNS database resolver' will forward the request to an external name server. This server may on its turn forward the request to another server etc. until the translation is done.
74 / 245
3 Internet Protocols
3. The answer (IP address 198.64.191.11) is returned to the 'Local DNS server'. 4. The local DNS server will cache this answer (to speed up following request) for a limited time period. 5. The answer (IP address 198.64.191.11 ) is returned to the user program. Unnamed root Top level domains
arpa
edu
com
gov
int
mil
net
org
ae
United Arab Emirates
...
us
...
zw
inaddr 140
va re ston
Zimbabwe
www.alcatel.com
252
cnri.reston.va.us
cnri
13
Generic domains
Country domains
33
Figure 43
75 / 245
3 Internet Protocols
Figure 44 shows an example of the addition of a new domain. 1. Assume a new domain mybiz.com is created. This request must be granted by NIC (Network Information Center) which checks if the name isn't already in use. 2. NIC will populate the 'top level domain' server. 3. The system administrator of mybiz.com will populate his DNS server (in this example : details.mybiz.com root servers [9]
com
edu
gov
(1)
mybiz
(3) details.mybiz.com-->IP1 sales.mybiz.com-->IP2 tech-support.mybiz.com-->IP3
tech-support
Figure 44
Addition of a new domain 1/2. Figure 45 shows the actions executed when a user tries to contact the 'sales.mybiz.com' server. 1. Query of the user to resolve 'sales.mybiz.com'. 2. The users DNS server knows nothing about 'sales.mybiz.com' however each DNS server knows how to contact one of the 9 root servers, so one of those 9 root servers is contacted. 3. The root server answers with the IP address of the com 'top level domain server' 4. The com 'top level domain' server is contacted. 5. This server knows about 'mybiz.com' and returns the IP address of the DNS server which is responsible for this domain.
76 / 245
3 Internet Protocols
6. The mybiz.com DNS server is contacted, this server translates the name 'sales.mybiz.com' into IP addr. 2, and returns the result, to the DNS resolver, which will store the result and return it to the user. (2) root servers [9]
(4)
com
edu
gov
mybiz.com-->details.mybiz.com (IP1)
mybiz
details.mybiz.com-->IP1 sales.mybiz.com-->IP2 tech-support.mybiz.com-->IP3
tech-support
(1)
User queries
User responses
User Program
(6)
Additions
Figure 45
77 / 245
3 Internet Protocols
As from September 1997, following root-servers were defined : Hostname A.ROOT-SERVERS.NET B.ROOT-SERVERS.NET C.ROOT-SERVERS.NET D.ROOT-SERVERS.NET E.ROOT-SERVERS.NET F.ROOT-SERVERS.NET G.ROOT-SERVERS.NET H.ROOT-SERVERS.NET I.ROOT-SERVERS.NET J.ROOT-SERVERS.NET K.ROOT-SERVERS.NET L.ROOT-SERVERS.NET M.ROOT-SERVERS.NET Net addresses 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 Server pro gram BIND BIND BIND BIND BIND BIND BIND BIND BIND BIND BIND BIND
192.203.230.10 BIND
These can change eventually if required. Notice also that these servers can only be identified by there IP-addresses and not by hostnames although they have one. The server program indicates the (type of) software package which is run to have these services available. The BIND (Berkeley Internet Name Domain) is the standard and everywhere used.
78 / 245
3 Internet Protocols
3.7
3.7.1
Authentication-Authorization-Accounting (AAA)
What is Service Management?
AAA principle
In the steps below the AAA principle is explained (see figure 46): 1. As explained in previous sections, a Directory Number is used to dial into the local PoP The user enters a user-id and a . password to identify himself. This information is sent towards the POP using the PAP or the CHAP protocol (see also section 3.5). 2. Figure 46 gives an example of a network topology used by an IAP and several ISPs. One of the first functions of the PoP is to retrieve the identity of the authentication server. This server is called the Service Management Centre (SMC). The SMCs main functions are
D D D
The POP sends an authentication and authorization request towards the SMC using the RADIUS protocol. This request includes the user-id, password, ... 3. The SMC takes care of the following functions:
D D D D
Select the Virtual Private Network (VPN) to which the user belongs. In general a VPN maps onto an ISP . Check if there is a port available (number of ports, time dependent,...) Select an IP address for the user. The IP pools can be stored at NAS level or centralized at SMC level. Authenticate Authentication is telling who you are. You identify yourself to the system. This is eg. done with a username and password, which is only known by you. a user with PAP or CHAP password
Authorization
79 / 245
3 Internet Protocols
Authorization means, after you have identified yourself, finding out what you are allowed to do. Indeed, depending on who you are, you will be allowed to have access to other services and possibilities. It is for example very well possible that some users are only allowed to read email, while others can surf, download files and yet others can configure and administer the system. For each user : Authorization can limit access to applications - http (websurfing) - email - ftp (dowloading) - gaming Authorization can limit access to services - VPN or group or network based - server-based Authorization can select on of the outgoing links - Routing (IP IPX) , - Bridging - Tunneling - IP direct - FR direct
4. All this information is sent towards the POP When this . request is treated successfully the POP knows to which ISP for , example ISP2, the user packets needs to be sent. 5. From now on datagrams coming from the user are sent towards the ISP2 and vice versa.
AAA proxy
In many cases the ISPs want to manage their customers using their own database. Then the functionality of the IAP's SMC is more limited. When the IAP-SMC receives the authentication request from the POP it will proxy the request towards the ISP-SMC. , When the successful authentication reply is received, the IAP-SMC will inform the POP as explained above.
80 / 245
3 Internet Protocols
SMC (AAA)
SMC (AAA)
(3)
W W W
USER
ISP2
3.7.2
What is Radius?
RADIUS stands for Remote Authentication Dial-In User Service. It is defined in RFC 2138 and 2139. RADIUS provides a central location for storing these types of information:
" "
Authentication attributes Configuration data for establishing a WAN connection for an incoming call Dialout information Static routes and filters Accounting information
RADIUS maintains authentication, incoming call configuration, dialout, routing, and filter information in individual user profiles. Each user profile consists of a series of attributes. These attributes indicate a username and password, and enable you to configure routing, bridging, call management, and restrictions on the types of NAS resources a caller can access.
RADIUS Authentication
A single RADIUS server can administer multiple security systems, maintaining profiles for thousands of users. When used for authenticating sessions, RADIUS vastly increase the number of authentication entries that a NAS can support. Without RADIUS,
81 / 245
3 Internet Protocols
you are limited by the number of local Connection Profiles on the NAS. When you use RADIUS authentication, these events take place: 1. A user attempts to open a connection to a NAS, and the NAS determines that it must use a RADIUS user profile to authenticate the user. 2. The NAS sends the user connection request to the RADIUS server. 3. The RADIUS server carries out one of these tasks:
D D
Forwards the connection request to an external authentication server. Performs PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) authentication.
4. The RADIUS server sends an authentication response to the NAS. 5. If authentication is unsuccessful, the connection is refused. If authentication is successful, the NAS receives a list of attributes from the user profile in the RADIUS server's data-base and establishes network access for the caller.
RADIUS accounting
Start session: denotes the beginning of a session with the NAS. Information about this event appears in an accounting Start record. Stop session: denotes the end of a session with the NAS. Information about this event appears in an accounting Stop record. Failure-to-start session: denotes that a login attempt has failed. Information about this event appears in an accounting Failure-to-start record.
"
"
When the NAS recognizes one of these events, it sends an accounting request to RADIUS. When the accounting server receives the request, it combines the information into a record and timestamps it. Each type of accounting record contains attributes associated with an event type, and can show the number of packets transmitted and received, the protocol in use, the username and IP address of the client, and so on. You can use RADIUS accounting for either of these purposes:
82 / 245
3 Internet Protocols
"
To gather billing information: you can use the information in an accounting record to determine who called, how long the session lasted, and how much traffic occurred during the session. To perform troubleshooting of RADIUS and NAS operations: accounting records can contain information about how many login failures occurred, and can describe the characteristics of the failed attempts.
"
RADIUS packet
Figure 47 shows the layout of a typical RADIUS packet that is sent between a client and a server. It contains the following fields:
" " " "
The packet code identifies the type (see also further) The identifier correlates the response and the request Length The authenticator authenticates packets between the NAS and the authentication server. The NAS and the authentication server share a secret. This shared secret is used with the authenticator field to provided password encryption and packet authentication. The shared secret resides in the client file on the authentication host. All authentication and accounting packets are checked to ensure that they come from known sources. This information is encrypted. Attributes: for each type of RADIUS packet a standardized list of attributes exist. Besides the standardized attributes a vendor can specify proprietary vendor specific attributes. For a server to understand these vendor specific attributes, it must include the vendor's dictionary. This flexible way of implementing allows a server to communicate to devices of different vendors.
"
83 / 245
3 Internet Protocols
SMC (AAA)
Radius Radius server Radius packet code Identifier Length Authenticator Attrib 1 Attrib 2 . . Attrib N
POP
Radius client
Figure 47
RADIUS attributes
Authentication attributes
Attributes associated with authentication and connection setup can appear in the following types of packets (see also figure 48) :
" " " "
Access Request attributes Access Accept attributes Access Reject attributes Access Terminate Session packets
When it receives an incoming call, the NAS first checks its local Connection Profiles. If it doesn't find a Connection Profile for the call and it is configured to communicate with RADIUS, it sends an Access-Request packet to the RADIUS server. The Access-Request packet includes the caller's name and password, and may also include other attributes. These attributes, if present, must be specified on the first line of the user profile.
If the attribute values submitted to RADIUS match the attribute values in the user profile, the RADIUS server authenticates the call and returns an Access-Accept packet containing a list of attributes characterizing that user.
84 / 245
3 Internet Protocols
SMC (AAA)
Radius
POP
. . .
Figure 48 RADIUS packets
Session
Stop Accounting
If the attribute values submitted to RADIUS do not match the attribute values in the user profile, the RADIUS server does not authenticates the call and returns an Access-Reject packet. If the RADIUS server determines that the NAS should terminate the session, it sends an Access-Terminate-Session packet containing the Reply-Message attribute. This attribute carries message text from the RADIUS server to RADIUS clients such as the NAS. When the session was started successfully, the NAS sends a 'Start Accounting' packet towards the SMC (see also figure 48). From now on billing is stored in a record, for example, time based. At the end of the session when the user clears the connection towards the NAS, the NAS sends a 'Stop Accounting' packet towards the SMC.
85 / 245
3 Internet Protocols
3.8
3.8.1
Network Management
What is Network Management?
Figure 49 shows a Network Management Centre (NMC). Its main functions are :
" " " "
The NMC allows the operator to monitor the network and to take preventive and corrective actions in case of failure. The NMC uses the well-known SNMP protocol (Simple Network Management Protocol). Notice that there is SNMP communication between the NMC and the WWW, ISP IAP network, NAS, ... This is because the , NMC can manage every Network Element (NE) that understands the SNMP protocol. Today many devices contain this protocol, for example:
" " " "
Towards the SMC the NMC can use the Radius protocol to check and monitor the correct operation of the SMC.
NMC
Radius SNMP SNMP SNMP
SMC (AAA)
SNMP POP
WWW
ISP1 Figure 49 Network Management
86 / 245
3 Internet Protocols
Figure 50 shows the NMC's network view. The NMC communicates towards the Network Elements (NE) using the SNMP protocol. The NMC contains an SNMP Manager and the NEs contain an SNMP agent and a MIB. At startup the NMC will discover (SNMP request) all the configured Network Elements (NEs). From that moment on these NEs are visible in a graphic window and 'alive polling' and monitoring of the NEs can start. Through the alive polling it is possible to check if the NE is still 'alive'. All events (alarms) will result in a trap send to the NMC to inform the operator. The operator uses a GUI (Graphical User Interface) to monitor the network. This operator interface consists out of a number of windows, for example, a graphical network view, a command window, a problem (alarm) window, ...
SNMP
NMC
N E
N E
N E
SNMP Manager
N E
MIB
3.8.2
What is SNMP?
SNMP stands for Simple Network Management Protocol. This is a protocol suite consisting of three specifications:
" "
RFC 1155: the Structure of Management Information (SMI) RFC 1213: the management information base (MIB)
87 / 245
3 Internet Protocols
"
From the SNMP point of view the world consists out of three different entities:
"
Network Management Stations (NMS). They include the SNMP manager (NMC in figure 51) The Network Elements (NE), which are the devices to be managed. They include the SNMP agent. An SNMP agent will respond to the requests coming from the SNMP manager and will also send traps towards the SNMP manager. The SNMP protocol itself which is polling based.
"
"
Figure 51 shows the protocol stack used in case of SNMP It uses . the UDP on top of IP Because the UDP is unreliable polling is . important. UDP will not detect the loss of SNMP messages and alarms. Some NEs includes a mechanism to allow the detection of lost alarms (traps). Between the NMC and the NE IP connectivity must exist. As a result, the NMC can be placed anywhere in the operator's network. Each NE includes a database which is called MIB (Management Information Base). This MIB is standardized. However a mechanism is provided for the different vendors to implement their own proprietary database next to the standard MIB. For the NMC to be able to talk to the NEs of different vendors, it is sufficient to implement the different vendor's proprietary MIBs next to the standard MIB. In this way it is possible for the NMC to interpret the proprietary parameters and the alarms. Using the SNMP protocol the SNMP manager can read and write in this database. The operations include:
" " " " "
88 / 245
3 Internet Protocols
NMC
NE
SET
TRAP
GET
SET
Some examples: if the operator issues a command to read the linkstatus of a NE, the NMC will sent an SNMP GET towards the NE. The status is retrieved from the MIB database and the result is sent towards the NMC using an SNMP GET RESPONSE. The operator can read the result in a graphical window. Similar the operator can change the configuration (name, location, ...) in which case the NMC will send an SNMP SET. A last example is when there is an alarm in the NE. In this case the NE will send this unsolicited event towards the NMC using a trap. For this to work, the NMC's IP address must be configured in advance in each NE.
GET
Polling Traps
89 / 245
3 Internet Protocols
3.9
Figure 52 shows an analogue user. The user dials into the PoP using the DN of the PoP The PC will establish a PPP session . (point-to-point) to retrieve an IP address and to authenticate the user. The authentication can be done by the IAP (PoP) or can be proxied towards the ISP . From now on the PoP will forward all IP packets coming from the user, to the ISP and vice versa. The picture shows the IP layers in every node. When the user starts surfing, a URL is entered. After the DNS request, the hostname of the URL is translated into a physical IP address. Now the PC can establish a TCP connection towards the content provider. Notice that this TCP is end-to-end. In the WWW the destination IP address is used to route the IP-datagram. On this TCP connection the web-browser and the HTTP-server can communicate using the HTTP protocol.
ISP ?
POP
modem
User
IP IP on ?
IP IP IP on PPP ? Phys
Figure 52
Analogue Internet access Figure 53 shows a similar example for ADSL access. The ADSL example shown here uses Ethernet Bridging (see later in this document).
90 / 245
3 Internet Protocols
In this scenario there is an always-on connection between the user and the ISP When the PC is switched on an IP address is . retrieved from the ISP (if dynamic IP addresses are used). The IP datagrams are send on the PC's ethernet interface towards the ADSL modem. The modem will add an LLC/SNAP header to indicate that it contains an ethernet frame. LLC/SNAP is an abbreviation for Logical Link Control / Sub-Network Access Protocol. The ADSL transport system uses ATM, so the frame is encapsulated in an AAL5 frame and then segmented and inserted into ATM cells. A detailed discussion on ATM is beyond the scope of this course. Before the ATM cells are ADSL modulated (Discrete Multitone Modulation - DMT) the error correction check information is also added. The ADSL Subscriber Access Multiplexer (ASAM) and the ATM network will terminate the physical layers and execute the ATM cell switching. No higher protocols are involved. In the ISP the ATM cells are reassembled and the AAL5 checks are executed. From the LLC/SNAP header the ISP learns that the frame contains an ethernet packet. The ethernet header indicates an IP packet which is routed through the WWW using the destination IP address. Notice again that the TCP connection is established end-to-end and that the user's webbrowser and the HTTP-server of the content provider communicate through the HTTP protocol.
ISP
ASAM ANT
User
Eth
ATM
HTTP TCP IP IP on ?
IP routing
IP
ATM Phys
ATM SDH
Figure 53
91 / 245
3 Internet Protocols
92 / 245
4 Interconnecting LANs
4 Interconnecting LANs
This chapter describes why and how to interconnect one Local Area Network (LAN) to another. LAN interconnecting devices are: G G G G Repeaters Bridges Routers Gateways
93 / 245
4 Interconnecting LANs
4.1
LAN topologies
LANs are networks which interconnect a number of stations to each other in a small localized region. Typically inside one building or one room. LANs can use both connectionless or connection oriented technology. Interconnecting LANs implies answering following questions :
" " "
Why interconnecting two LANs ? Which devices are used to interconnect two LANs ? How establishing connectivity if two hosts are not connected on the same part of the LAN ?
HUB
Star Bus
Ring
Figure 54
LAN topologies
bus topology : All devices are connected to a central cable, called the bus or backbone. Bus networks are relatively inexpensive and easy to install. Ethernet systems use a bus topology.
94 / 245
4 Interconnecting LANs
"
ring topology : All devices are connected to one another in the shape of a closed loop, so that each device is connected directly to two other devices, one on either side of it. Ring topologies are relatively expensive and difficult to install, but they are robust (one failed device does not usually make the entire network fail).
"
star topology : All devices are connected to a central hub. Star networks are relatively easy to install and manage, but bottlenecks can occur because all data must pass through the hub.
Apart from the topology. other aspects are also important. An example is the bus arbitration mechanism. In short, this is the mechanism which decides which host is allowed to start transmitting data. As an example, on the bus topology, all host-transmitters are connected in parallel. This means that only one of them can place a signal on the wire. The following mechanisms can be used to solve this problem.
"
Token : This is a special packet that carries no user data. There is only one token in the network, and the host which has this is allowed to put data on the network. After transmitting its data, or a certain maximum time, the hosts passes this packet to the next host. This next host can be the next host in the ring or the next one logically numbered. This solves the contention problem, but creates others. Eg. if the token-packet is lost, some host station has to take the initiative to create a new one, but it has to be avoided that accidentally, two tokens are created. Due to limited network reliability, hosts turned off, tokens are always lost. Time slot reservation :Each station can indicate with a bit that it is going to use a specified timeslot. A station is only allowed to send during the assigned timeslots. Collision Detection :In this case every station is allowed to send at any moment, but has to verify that no other station is already sending, or just starts sending. As soon as this happens, both stations are required to stop and retry after some random time. This solves the problem of losing tokens but the result is that there always a number of distorted packets, which requires retransmissions. In case of high network load, this mechanism is not as efficient as the previous ones.
"
"
A further description of advantages and inconveniences is outside the scope of this introduction.
95 / 245
4 Interconnecting LANs
4.2
4.2.1
Connecting LANs
Why ?
There are two important reasons why there is a need to interconnect LANs with each other.
"
As shown in figure 55 there is a limitation in the maximum cable length via which hosts are connected into a network configuration. This is for instance due to the fact that there is always attenuation of the signals on the line. But also propagation delay and eventually reflections can be important. Physical limitation of the line length is mostly a result of signal degradation. A few examples are given below. Max. cable length
Ethernet
10Base2 (10MHz running over thin 50 Ohm coax ial cable) : 185 m 10Base5 (10MHz running over thick 50 Ohm co axial cable) : 500 m 10BaseT (10MHz running over unshielded twisted pair) : 100-150 m
10BaseF (10MHz running over fibre-optic cab ling) : up to 2 km Figure 55 Max. cable length
96 / 245
4 Interconnecting LANs
"
Due to the nature of a LAN network (e.g. on an Ethernet a technique Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used which implies that a node can only start transmitting information on the network when no other node is transmitting information) also the maximum number of nodes which can be connected to a LAN is limited. This is pictured in figure 56. CSMA/CD
Ethernet
Abbr. CSMA/CD. Carrier Sense, Multiple Access / Collision Detection
Figure 56
The use of repeaters The use of bridges The use of routers The use of gateways
These devices can be differentiated very generally by the Open System Interconnection (OSI) layer at which they establish the LAN-to-LAN connection. Repeaters connect LANs at OSI Layer 1; bridges connect LANs at Layer 2; routers connect LANs at Layer 3; and gateways connect LANs at Layer 4 through 7. Each device offers the functionality found at its layer(s) of connection and uses the functionality of all lower layers. This idea is portrayed graphically in figure 57 ..60.
97 / 245
4 Interconnecting LANs
End node L7 L6 L5 L4 L3 L2 L1 Figure 57 End node L7 L6 L5 L4 L3 L2 L1 Figure 58 End node L7 L6 L5 L4 L3 L2 L1 Figure 59 Router Bridge Repeaters
End node L7 L6 L5 L4 L3 L2 L1
Repeater
L1 L1
End node L7 L6 L5 L4 L3 L2 L1
Bridge
L2 L1 L2 L1
End node L7 L6 L5 L4 L3 L2 L1
Router
L3 L2 L1 L3 L2 L1
98 / 245
4 Interconnecting LANs
Gateway
L7 L6 L5 L4 L3 L2 L1 L7 L6 L5 L4 L3 L2 L1
End node L7 L6 L5 L4 L3 L2 L1
Functionality will be different depending on the layer on which the device is used. Remember from the previous chapter the functionality of each of the OSI-layers. This will be explained in more detail next.
4.3
Repeaters
A repeater acts on a purely electrical (physical) level to connect the segments. All it does is amplify and reshape (and depending on the type, possibly retime) the analog waveform to extend network segment distances. It does not know anything about addresses or forwarding, thus it cannot be used to reduce traffic as a bridge or router can do.
LAN
R
Segment 1 R : Repeater Figure 61 Repeater Segment 2
99 / 245
4 Interconnecting LANs
In case of a star network structure, a hub is used. Like a repeater, a hub is not aware of frames and packets and just places the incoming signal on the outgoing interfaces. of all other parts of the star network. This is required on a broadcast, shared medium network. But with only two stations, you can still create a host-host direct connection. It is clear that in all cases, transmitters of one party should be connected to the receivers of the others The two examples of ethernet 802.3 with CSMA/CD are shown below.
Host Host
Figure 62
Host
Host
Figure 63
100 / 245
4 Interconnecting LANs
4.4
4.4.1
Bridges
Why Bridges ?
Several reasons exist to prefer bridges above repeaters or hubs :
"
Each department started autonomously, but want to share information anyway. The different units are located on different floors, perhaps in different buildings. It is then more convenient to create just one physical link between them then create Eg. a full star. There is too much traffic on the total network. Bridges can partly solve this The distance becomes to big. Bridges can improve reliability. Some of the problems created on one part of the LAN can be blocked by a bridge, avoiding a total network going down. Security can be increased. Bridges can avoid snooping of traffic.
"
"
" "
"
Basic Bridge
Bridges are used to interconnect LANs using one (or more) of the IEEE 802 standards. The standard features of bridges are defined by IEEE 802.1. A basic bridge has ports connected to two (or more) otherwise separate LANs. Packets received on one port may be (or may not be) retransmitted on another port. Unlike a repeater, a bridge will not start retransmissions until it has received the complete packet. As a consequence of this, stations on either side of a bridge may be transmitting simultaneously without causing collisions. Bridges, like repeaters, do not modify the contents of a packet in any way. Unlike repeaters they may, under some circumstances, originate traffic.
101 / 245
4 Interconnecting LANs
(1)
(3)
LAN 1
(2)
LAN 2
Bridge Figure 64 Basic bridge 1. Every packet (required or not) of LAN 1 is buffered in the bridge. This is required because LAN 2 can be unavailable at that moment. 2. Unlike a repeater, a bridge will not retransmit until it has received the whole packet. As a consequence of this, stations on either side of a bridge may be transmitting simultaneously. 3. When the bus of LAN 2 becomes available, the packet is delivered on the second LAN One of the interesting characteristics is that hosts on different parts of the network, can be transmitting simultaneously. This was not possible in a pure LAN (be it either bus, star or ring). As a result this increases the total network traffic possible.
102 / 245
4 Interconnecting LANs
LAN 1
LAN 2
Bridge Figure 65 Increased Network Capacity thanks to Bridging As an example, if the capacity on this LAN technology is 10 Mbit/sec, then it seems that the capacity increased up to 20 Mbit/sec. This is however only the case when there is now communication in between LAN 1 and LAN 2.
103 / 245
4 Interconnecting LANs
(1)
D Y 1 X
2 3 4 Bridge 1 Bridge 2 1
2 3 4 Y
Station
Port
Station
Port
2 1 3 4 Bridge 3 Z
Station
Port
Suppose stations X starts up and attempts to communicate with Y. Figure 66 Self learning Bridge 1/7
(1)
104 / 245
4 Interconnecting LANs
(1)
D Y 1 X Bridge 1
2 3 4 Bridge 2 1
2 3 4 Y
BRIDGE 1
(2) Station X Port 1
BRIDGE 2
Station Port
2 1 3 4 Bridge 3 Z
BRIDGE 3
Station Port
A packet from X addressed to Y reaches port 1 of Bridge 1. Bridge 1 learns that station X is connected to port 1 of Bridge 1. Figure 67 Self learning Bridge 2/7
(2)
105 / 245
4 Interconnecting LANs
D Y 2 3 4 Bridge 2 (3) D Y 1 2 3 4 Y
BRIDGE 1
(2) Station X Port 1
BRIDGE 2
Station Port
(3)
D Y 1
2 3 4 Bridge 3 Z
BRIDGE 3
Station Port
(3) Figure 68
Bridge 1 knows nothing about station Y so it re-transmits the packet des tined for Y on all available ports except port 1. Self learning Bridge 3/7
106 / 245
4 Interconnecting LANs
D Y 2 3 4 Bridge 2 (3) D Y 1 2 3 4 Y
BRIDGE 1
(2) Station X Port 1 (4)
BRIDGE 2
Station X Port 1
(3)
D Y 1
2 3 4 Bridge 3 Z
BRIDGE 3
(4) Station X Port 1
When Bridge 2 and Bridge 3 receive the packet from X, they learn via which port they can reach X. Figure 69 Self learning Bridge 4/7
(4)
107 / 245
4 Interconnecting LANs
D Y 2 3 4 Bridge 2 (3) D Y 1 2 3 4
(5) D Y D Y Y D Y
BRIDGE 1
(2) Station X Port 1 (4)
BRIDGE 2
Station X Port 1
(3)
(5) D Y 1 3 Bridge 3 4 2
D Y D Y D Y Z
BRIDGE 3
(4) Station X Port 1
Because Bridge 2 doesn't know yet the address of station Y, Bridge 2 will re transmit the packet on all available ports except port 1. As a consequence the packet reaches Y which generates a reply. Figure 70 Self learning Bridge 5/7 (5)
108 / 245
4 Interconnecting LANs
2 1 X Bridge 1 3 4
(6) D X 1 Bridge 2
2 3 4
(6) D X
BRIDGE 1
Station X Port 1 (6)
BRIDGE 2
Station X Y Port 1 3 (5) 2 1 3 Bridge 3 4
BRIDGE 3
Station X Port 1
Station Y generates a response, this response reaches Bridge 2 on port 3 which will use the information in this packet to update his routing tables. Via his routing tables Bridge 2 also knows station X can be reached via port 1, so the packet will be re-transmitted on this port only. Figure 71 Self learning Bridge 6/7
(6)
109 / 245
4 Interconnecting LANs
X 1
D X
(7)
2 3 4
(6) D X 1 Bridge 2
2 3 4
(6) D X Y
Bridge 1
BRIDGE 1
Station X (7) Y Port 1 3 (6)
BRIDGE 2
Station X Y Port 1 3 (5) 2 1 3 Bridge 3 4 Z
BRIDGE 3
Station X Port 1
(7) Figure 72
The packet is received in Bridge 1 which will update his routing tables (station Y can be reached via port 3 of Bridge 1) and by consulting his routing tables Bridge 1 knows that station X can be reached via port 1. Self learning Bridge 7/7
110 / 245
4 Interconnecting LANs
Unfortunately this simple elegant arrangement breaks down disastrously if there are any loops in the network. This is shown in figure 73.
111 / 245
4 Interconnecting LANs
(3)
Bridge 1
D Y
NET 1
(1) D Y
(6)
BRIDGE 1
(2) Station X Port 1
NET 2
BRIDGE 2
Bridge 2
(2)
Station X
Port 2 (4) 1
Station X sends a packet to station Y. Both BRIDGES will update there routing tables. Suppose BRIDGE 1 transmits the packet first. BRIDGE 2 sees a packet from X on port 1 and updates his routing tables accordingly. BRIDGE 2 now will change it's mind (it thinks station X is on NET 2) and will re-transmit the package on port 2 (NET 1) BRIDGE 1 detects this packet on port1 and will forward it to port 2 ... A LOOP IS CREATED ! Example of a loop.
112 / 245
4 Interconnecting LANs
Because prohibiting loops is an unrealistic target, practical bridges use a method known as the 'spanning tree algorithm' (STA) to construct a non-looping topology by deciding not to use certain of the links in the network. It is also possible to reconfigure the network dynamically. The spanning tree algorithm works by bridges interchanging special messages known as configuration bridge protocol data units as described in IEEE 802.1. The configuration message contains enough information to enable the bridge to :
"
Select a single bridge, from amongst all the connected bridges to the 'root' bridge. Calculate the shortest path distance to the 'root' bridge from each bridge. For each LAN identify a 'designated bridge' on that LAN that will be used for forwarding packets towards the root. Choose a port on each bridge that gives the best path towards the root. Select ports to be included in the spanning tree.
"
"
"
"
The effective topology after construction of the spanning tree is loop free, this is achieved by effectively choosing not to use certain links between bridges. The links are still there and may come into use if the network is reconfigured.
113 / 245
4 Interconnecting LANs
X Z
Y V
This drawing pictures 5 LANs (X,Y,Z,W and V) which are interconnected with 5 bridges. Loop's are present. It's the task of the STA (Spanning Tree Algorithm) to remove all the loops. Figure 74 Example of the STA algorithm 1/4 (0)
114 / 245
4 Interconnecting LANs
X Z 20 20 10 W 20 2 10 10 1 20 3 10 4
B B
10 5 20 10
(1) (2)
Each Bridge is assigned a unique identifier. Typically, this identifier is one of the bridges MAC addresses plus a priority. Each Port in every Bridge is also assigned a unique (within that bridge) identifier. Typically,the ports own MAC addresses. This is not shown on the drawing. Each Bridge port is associated with a path cost. The path cost represents the cost of transmitting a frame onto a LAN through that port. Path cost are usually defaulted, but can be assigned manually by network administrators. Example of the STA algorithm 2/4
(3)
Figure 75
115 / 245
4 Interconnecting LANs
X Z (7) D 20 (6) D (7) D 10 20 2 (7) D 10 (5) R 10 (5) R Y 3 W B 1 (5) R 20 10 (5) R (6) D 4 (7) D 10 20
20 5 10
(4) (5)
A Root Bridge is computed. (The bridge with the lowest bridge identifi er). The Root Port is computed. (The port through which the root bridge can be reached with the least aggregate path cost). This value is called the root path cost. Designated Bridges are determined (The bridge on each LAN that pro vides the minimum root path cost). A LANs designated bridge is the only bridge allowed to forward frames to and from the LAN for which it is the designated bridge. E.g.: On LAN V : 3 Bridges (B5, B3 and B4) can be used to reach the ROOT bridge (B1). B4 and B5 both have the lowest root path cost of 10. In such a case the bridge identifier is used to select the designated bridge. A LANs Designated Port is the port that connects it to the designated bridge. Example of the STA algorithm 3/4
(6)
(7)
Figure 76
116 / 245
4 Interconnecting LANs
X Z (7) D 20 (6) D (7) D 10 20 2 (7) D 10 (5) R 10 (5) R Y 3 W B 1 (5) R 20 10 (5) R (6) D 4 (7) D 10 20
20 5 10
V (7) Figure 77 Using this process, all but one of the bridges directly connected to each LAN are eliminated, thereby removing all LAN loops. Example of the STA algorithm 4/4
Remarks
The STA calculation occurs when a bridge is powered up and whenever a topology change is detected. The calculation requires communication between the bridges, which is accomplished through configuration messages (sometimes called bridge protocol data units, or BPDUs). Bridges exchange configuration messages at regular intervals (typically one to four seconds). If a bridge fails (causing a topology change), neighboring bridges will soon detect the lack of configuration messages and initiate a spanning-tree recalculation. All transparent bridge topology decisions are made locally. Configuration messages are exchanged between neighboring bridges. There is no central authority on network topology or administration.
117 / 245
4 Interconnecting LANs
The importance of this is that there exists bridges which do not support the STA. They can be used, but it is up to the user to avoid loops.
Remote Bridging : This is used for connecting LANs over a WAN. A repeater can not be used anymore due to the propagation delay over a WAN. It is also not convenient because it can require to establish several connections between the two sides. If the LAN is connected to multiple LANs, remote self-learning is required.
Figure 78
"
Remote bridging
Ethernet switches : Before, we saw that adding bridges increases the total capacity on the network. Each sub-division of a LAN in two or more parts allows for more capacity. In an extreme case a LAN is divided into single host stations only, all of them connected to a bridge-port. Such a device is called an ethernet switch.
Figure 79
Ethernet switches
118 / 245
4 Interconnecting LANs
4.5
4.5.1
Routing
Introduction on Routing
We have seen so far that with bridges, we can interconnect LANs. We also saw that bridges have a number of interesting characteristics like increased network capacity... Some bridges have additional algorithms to create loop free connectivity for example. Or to indicate the followed path. With these characteristics, one can build quite large networks. In almost all cases, bridges need not to be configured and are really plug and play devices. So one of the questions is what routing is about and if we really need it ? The aim of routing is to find the best route between two nodes according to some criterion. This is pictured in figure 80 and 81. This is the question : Knowing the IP-address, how do I get there ? Remember that on the Internet, no one has full knowledge. This means that knowing the IP-address of the destination, does not give you the information of how to get there. So a route has to be selected by some means. Depending on the situation, the best route can be defined differently. As an example, for file transfer this can be maximum capacity, while for interactive applications, this is probably smallest delay end-to-end, which can be different. In an ideal case routers know which kind of application is running over a connection and should select the best path according to this information. Today, newer routers and routing protocols can take this into account. Some of the criteria are :
" " " " "
maximum throughput minimum delay, shortest path in distance minimum cost maximum security maximum reliability, which is realized by a minimum number of hops balanced load, if more then one possibility exists to go to the same destination, share network traffic between all possibilities.
"
It is also clear that some of the criteria conflict with each other. As a conclusion, bridges
"
119 / 245
4 Interconnecting LANs
" "
are able to provide reliability but can not find out the best path need configuration, but can update automatically can support much larger network structures. Using routing allows you to use different subnet and net-addresses. As a matter of fact, as soon as you do not connect every station on the same (logical) network you really need routing as is the case on the Internet. One can however ask himself if it would not be possible to create just one very big network with all stations in one subnet (a very big one)...
while routers
" "
can do load balancing are more flexible, but more complicated support additional new features like Quality of Service, VPN, security,...
But there is no doubt that some of the mechanisms implemented in more advanced bridges resemble those of routing processes. So the choice between bridging and routing is not always clear, especially on small to average size LANs. On small LANs, bridging, if possible is preferred, on large networks, routing is mandatory. But on these large networks, bridging regions are very well possible. After all, large networks can best be managed by separating it in smaller zones.
120 / 245
4 Interconnecting LANs
B A
Find the best route from A to B according some criterion : G Shortest - path (in number of hops) :
121 / 245
4 Interconnecting LANs
B A G G Figure 81 Largest throughput, shortest delay, minimum link load, ... Price
Routing basics
The routing algorithm : In most cases, a host determines that it must send a packet to another host. Having acquired a router's (physical) address by some means, (see previous chapter) the source host sends a packet addressed specifically to a router's physical (Media Access Control [MAC]-layer) address, but within the protocol (network layer) address of the destination host. On examining the packet's destination address, the router determines that it either knows or does not know how to forward the packet to the next hop. If the router does not know how to forward the packet, it typically drops the packet. If the router knows how to forward the packet, it changes the destination physical address to that of the next hop and transmits the packet. The next hop may or may not be the ultimate destination host. If not, the next hop is usually another router, which executes the same switching decision process. As a packet moves through the internetwork, its physical address changes but its protocol address remains constant. This process is illustrated in figure 82.
122 / 245
4 Interconnecting LANs
Figure 82
Routing process In following picture, the process inside each router or host is depicted. Packets have to be sent out, and depending on the destination, this can be a different interface. Notice that also hosts can have different interfaces. For instance, a PC can be equipped with an ethernet board and a modem at the same time. So even this PC has then to decide which of the interfaces will be used. In the picture is also indicated that the host uses a routing table to make this decisions.
123 / 245
4 Interconnecting LANs
IN
payload dest IP header with des tination IP address
Router ?
OUT
The routing table is initial ized via routing protocols next hop on for warding path
Figure 83
4.5.2
Definitions
124 / 245
4 Interconnecting LANs
Routed Protocol A protocol which can be routed. This means, routers can build network knowledge with this protocol. Examples are IP IPX. ,
The process
To perform routing, in general, following steps are performed : An overview is given in the figure below :
Routing process 1. Find information on packets destinations in routing table 2. Build Network knowledge and place it in the routing table Build Network knowledge 1. Manually by configuring files 2. Dynamically by routing protocols Routing protocols 1. Communicate with neighbors to retrieve information 2. Make decisions on retrieved information : algorithm
Figure 84
Routing overview
125 / 245
4 Interconnecting LANs
Routing Activities
1. Find information concerning the destination of a packet which has to be transmitted. The packet is compared with the entries of the routing table. The best match in this routing table is then used to determine about the interface on which the packet has to be sent. If this is a local ethernet interface, then the packet can be transferred directly to the destination station. If not, then the next hop will be retrieved from the routing table. An example is given below (the Netmask is explained in chapter: TCP/UDP and IP in more detail):
Table 2
The Routing Table Netmask 0.0.0.0 255.255.255.0 255.255.252.0 Gateway 138.203.48.1 138.203.48.246 138.203.48.120 Interface 138.203.48.120 138.203.48.120 138.203.48.120 138.203.48.120 138.203.48.120 Metric 1 1 1 1 1
Suppose the destination address IPdest is 138.203.21.210. This address is compared with each of the lines of the routing table to find a match. The algorithm is : (IPdest AND Netmask) =?= Network Addr In this case, with the second line we get : 138.203.21.210 AND 255.255.255.0 =!= 138.203.21.0, which is a match. with the third line we get : 138.203.21.210 AND 255.255.255.0 =/= 138.203.48.0, which is different. Note that the AND is a bit by bit operation. The second line is the best match. A best match is defined by the largest number of 1 bits in the (sub)netmask. 255.255.255.0 is a better match then 255.255.252.0. In principle, if more then one matching line can be found it will be either a
D D D
network : some bits are 1, some are 0 host : all bits are 1 default : all bits are 0
126 / 245
4 Interconnecting LANs
It should not be possible to find two matching lines both indicating a network, unless it gives exactly the same match. This means that the same network destination can be reached using different paths. In this case, the metric value is used. If the metric value is also the same, then some algorithm is used, like always the first one, alternate, ... So the router or host will send then the information to the indicated gateway, which is 138.203.48.253 by using the interface with IP-address 138.203.48.120. When the routing layer has decided on the interface and next hop to be used, the packet has to be sent on the network. In case of SLIP or PPP the next hop (physical) address is known , by configuration, in case of ethernet, the next hop physical address is known by means of an ARP-mechanism. Taking the example of ethernet, the device sends out an ARP request. In this case, it is again important to know if the destination is directly connected on the same LAN (subnet), or behind a router. Again this can be found by comparing the destination address with the own IP-address and subnetmask. If the destination matches this subnet, the ARP is sent directly for the destination IP-address. If no match (outside the own subnet), the ARP is sent for retrieving the router MAC-address. This can be done because the routing table also gives the next hop IP-address. Notice that in no case the (sub)-netmask of the destination is used. Indeed, there is no knowledge of subnet masks outside the network. The routing decision is made based on the information, netmasks in the routing table. This seems to be a subtile difference, but it is an important one because it indicates again that no one has all knowledge. As an example, lets examine again the destination 138.203.21.210 with its own subnet. The comparison which will be made is 138.203.48.120 / 255.255.252.0 =?= 138.203.21.210 / 255.255.252.0 This is NOT correct because we know that the destination has a subnet 255.255.255.0. But it does not matter, because, if the destination was part of the 138.203.48.0 network, then automatically, the correct netmask was chosen. It results however in the fact that all subnets need to be strictly disjunctive. Note finally that the first line will give a match to ANY destination address. This is the default gateway. Any packet from which nothing is known will be sent to this next hop. If a
127 / 245
4 Interconnecting LANs
default gateway is not present, then for certain packets, a decision can not be made where to send it. In this case, the packet will be simply dropped. Eventually, the router can then send an error message back to the originator of this packet to indicate the packet was dropped. The situation of the routing table in table 2 is presented below. The routing table is taken from host A.
A
138.203.48.120 138.203.48.0 /22 138.203.48.246 138.203.21.225 138.203.48.1 138.203.21.201
138.203.21.0 /24
World
Figure 85 Network structure belonging to table 2. In principle, for the routing process, there is no difference between a host station and a router. In both cases the routing table is looked up to determine what to do with the packet. The real difference is the process which gives the packets to the network driver. In case of a host station, this might be an application like a telnet client. In case of a router it is a router-application. The telnet client receives the packets from the client, the user actions. The router-application from the network interfaces. Indeed, it is very well possible to write a dedicated application for 'any' OS to create a routing process on this host. 2. Build knowledge about the network in the routing table This can be done manually (static) or dynamically. Manually in fact, means nothing else then putting some parameters in a specific file or configuration page, as is shown below for a Windows 95 PC.
128 / 245
4 Interconnecting LANs
Figure 86
Routing Protocols
129 / 245
4 Interconnecting LANs
1. Communicate with the neighboring routers (and hosts) to find out which stations are connected to which (part of) the network. 2. After collecting all this information, filter and perform an algorithm to decide which part of this information is used to change or update the routing table. Several different protocols have been defined in the past. Not all were successful. In last years a lot of research has been done in this field to optimize the speed of such a protocol. Some important characteristics are - speed of convergence - traffic overhead - robustness and security Other aspects, like stability have also become more and more important. The interest in efficient protocols is of course a consequence of the always growing size of the network which makes this much more critical. The increased traffic requires faster routers to handle the packets which come faster and faster, and the increased amount of connected networks and hosts requires ever growing routing tables which have to be searched. Searching larger routing tables requires more processing speed. Todays routers are pushed to their limits.
Dial-up links : In a routing process, routing information messages are regularly sent from one router to others. If the router is connected behind a dial-up link this means that each time (a few minutes) the router at one side of the dial-up link establishes a connection, by dialling, perhaps just to indicate the other side that everything is still as it was. This costs a lot of money and activity both on routers and PSTN which can be avoided by installing fixed entries in the routing table, at least for this interface.
130 / 245
4 Interconnecting LANs
"
Traffic considerations : Any routing process (like STA) adds network traffic. Although it is tried as much to keep this small, in large networks with a lot of routing information, this can be important. Especially on the lower capacity links. This is also a reason not to run routing protocols over the already low capacity dial-up links. Resources : A routing process is really a process which has to be started after booting. So if the device is used for other purposes as well, this process might consume valuable memory and processor resources. And the OS needs to be (preemptive) multitasking. Therefor it is certainly not interesting to run a complex routing protocol, just for fun. Security : Network structure and information might be retrieved by the messages sent by routers. Avoiding that this information leaves the network might increase security. Static routing does not send any routing information.
"
"
4.5.3
Routing Protocols
Todays research has revealed, that although there can be a lot of different implementations and algorithms in a routing protocol, they can all be categorized in just two classes.
"
Distance Vector protocol. As the name suggests, the distance to the destination is used Link State Algorithm In this case, the state of the connected interfaces is communicated and used to create the routing information.
"
Behavior is fundamentally different in those two classes but all belong to one of them. It can be shown that in any case the Link State Algorithm is ALWAYS better in terms of stability, update speed, traffic overhead, ... and so on. In fact, apart from a few specific cases, there is no reason anymore to use the Distance Vector (DV) protocol. For each off the two classes the most important representative will be explained below.
131 / 245
4 Interconnecting LANs
table based on the vector of these distances that it receives from its neighbors. Distances are specified in hop-count. In case of RIP , sending to its neighbors is done with a broadcast. The initial routing table is created with the connected interfaces. In short the protocol comes down to :
" "
communication : broadcast routing table to neighbors algorithm : select the smallest distance
A's table after init : (A only knows about his neighbors) NextHop B C X E F X Cost 1 1 inf 1 1 inf
C's table after init : (A only knows about his neighbors) NextHop A B D X X X Cost 1 1 1 inf inf inf
Dest. B C D E F G Figure 87
Dest. A B D E F G
132 / 245
4 Interconnecting LANs
Dest. B C D E F G
NextHop B C X E F X
Dest. A B D E F G C
NextHop A B D X X X
NextHop (A,X) A
(2)
for each destination X if NextHop (A,X) == C cost(A,X) = cost(A,C) + cost (C,X) else if cost(A,X) > cost (A,C) + cost (C,X) cost(A,X) = cost(A,C) + cost (C,X) ; NextHop(A,X) = C; Figure 88 Distance Vector Protocol 2/7
133 / 245
4 Interconnecting LANs
Dest. B C D E F G
NextHop B C X E F X
Dest. A B D E F G C
NextHop A B D X X X
NextHop (A,X) A
(3)
for each destination X X=B if NextHop (A,X) == C N cost(A,X) = cost(A,C) + cost (C,X) else if cost(A,X) 1 > cost (A,C) 1+ cost (C,X) 1 N cost(A,X) = cost(A,C) + cost (C,X) ; NextHop(A,X) = C; Figure 89 Distance Vector Protocol 3/7
134 / 245
4 Interconnecting LANs
Dest. B C D E F G
NextHop B C X -> C E F X
Dest. A B D E F G
NextHop A B D X X X C
NextHop (A,X) A
(4)
for each destination X X=D if NextHop (A,X) == C N cost(A,X) = cost(A,C) + cost (C,X) else if cost(A,X) inf > cost (A,C) 1+ cost (C,X) 1 Y cost(A,X) 2= cost(A,C) + cost (C,X) ; NextHop(A,X) = C; Figure 90 Distance Vector Protocol 4/7
135 / 245
4 Interconnecting LANs
Dest. B C D E F G
NextHop B C C E F X
Dest. A B D E F G
NextHop A B D A A X
NextHop (C,X)
(5)
for each destination X if NextHop (C,X) == A cost(C,X) = cost(C,A) + cost (A,X) else if cost(C,X) > cost (C,A)+ cost (A,X) cost(C,X)= cost(C,A) + cost (A,X) ; NextHop(C,X) = A; Figure 91 Distance Vector Protocol 5/7
136 / 245
4 Interconnecting LANs
A's table after init : (A only knows about his neighbors) NextHop B C C E F F (6) Cost 1 1 2 1 1 2
C's table after init : (A only knows about his neighbors) NextHop A B D A A D Cost 1 1 1 2 2 2
Dest. B C D E F G
Dest. A B D E F G
Figure 92
137 / 245
4 Interconnecting LANs
B (7.5) (7.3)
(7.4)
(7.2) (7.1) F G
(7.6)
Dest. B C D E F G
Dest. A B D E F G
NextHop A B D A A D
Cost 1 1 1 2 2 2
Link between F and G is down F sets cost to G to inf F propagates information to A A sets cost to G to inf C propagates information to A A sets cost to G to 3, and NextHop to be C A propagates information to F, F sets cost to G to 4, NextHop to be A In case of RIP two versions exist today. The most important , difference is that in RIP v2 routers can broadcast networks with
Figure 93
138 / 245
4 Interconnecting LANs
their subnet masks rather then host-addresses. The examples above were explained with the router addresses as such, but it makes no difference if (sub)net addresses are used.
Tell your neighbors about the world OSPF (Open Shortest Path First)
OSPF is based upon the Link State Algorithm which includes some advantages compared to RIP (DVP). The principle is explained below:
In a link-state protocol a router does not exchange distances with its neighbors. Instead each router actively test the status of its link to each of its neighbors, sends this information to its neighbors, which then propagate it throughout the autonomous system. Each router takes the link-state information and builds a compete routing table.
139 / 245
4 Interconnecting LANs
(2)
(3)
(1) (2) (3) (3) (2) (2) E.g. : Init of router A (1) (2) (3) (2)
Upon initialization or due to change in routing information, a router will generate a link-state advertisement. This advertisement will represent the collection of all link-states on that router. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers via flooding. After the database of each router is completed, the router will calculate a Shortest Path Tree to all destinations. The router uses the Dijkstra algo rithm to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations will form the IP routing table. Link State Protocol
(3)
Figure 95
140 / 245
4 Interconnecting LANs
138.203.48.0 8
10 5
5 138.203.49.0 10
10
138.203.50.0 (1)
To each interface a cost is assigned. (e.g. cost=bandwidth eg.100 000 000 bps)
0 138.203.48.0 5
10
10
10 5
138.203.49.0
138.203.50.0
Remark : To reach 138.203.50.0 2 paths exist with equal cost. It's implementation dependent what will happen in such a case. (E.g. : CISCO's implementa tion of OSPF will keep track of up to 6 next hops to the same destination.) Figure 96 Shortest Path Tree (example) The process is explained a little bit more in detail below. One of the disadvantages is that OSPF is much more complex then RIP ,
141 / 245
4 Interconnecting LANs
but with todays processing power and network capacity, this is not a problem anymore.
Figure 97
Figure 98
"
Each router starts up and adds a cost to all of its interfaces. This cost is a dimensionless value and can mean anything, Eg capacity of the link, propagation delay, 'error free-ness'. If for instance, for any interface a default cost of 1 is used, then the OSPF will create the same routing path as the RIP . Indeed, a cost of 1 can indicate 'next node'.
142 / 245
4 Interconnecting LANs
Figure 99
"
Dedicated messages are sent out to find out the other routers in the network. With this information, the network topology can created
Figure 100
143 / 245
4 Interconnecting LANs
Figure 101
"
After this first stage, routers start sending out Link State Advertisements. These messages tell all other routers in the network the cost of the usage of a specific link on the router who send this Link State Algoritm (LSA) message. Note that in principle all routers send these messages to all other routers. With the information of the topology and the information of the costs of all the interfaces of all the routers, a connection tree can be constructed.
"
Figure 102
144 / 245
4 Interconnecting LANs
"
communication : discover all routers, become member of a group. A router automatically knows all other routers in the group while a dedicated multicast address is used. This multicast address also allows to send information to the routers only. When a router starts up, he becomes member of such a multicast address (group)
"
algorithm : create the network topology from the known routers, calculate the shortest path whit the advertised costs of each router. OSPF uses both the network topology and all the costs of all the routers. Eventual, different costs can be used at the same moment depending on the application used. This refers in fact to the TOS byte in the IP-header, which is explained in chapter: TCP/UDP and IP in more detail. The TOS byte can indicate which type of service is running for this connection, as said before, a router should be able to differentiate the traffic depending on this information. As a result, an OSPF router has a large(r) database and needs to do much more calculations. OSPF can create a different connection path in the two directions of the connection. RIP can not.
"
145 / 245
4 Interconnecting LANs
A comparison between RIP and OSPF is shown in the table below. RIP type D.V. multicast in RIPv2 protocol message cost function UDP : 520 plain text messages hop count IP : 89 password authenti cated any, can be TOS-byte dependent, several at the same time whole network communication broadcast OSPF LSA multicast
knowledge
whole network
direction, routing table full topology, database information with network structure and interface costs features can be hierarchic with backbone structure
Advantages of RIP is that is simple and easily implemented. Also, all hosts/routers which can do (dynamic) routing know RIP . Advantages of OSPF is that it is a LSA (faster, ...) but it can also do load balancing, traffic differentiating, and a few other less important aspects So far, we have seen different mechanisms device knowledge loops usage unique path shortest path
bridge with you know where not allowed STA to send it RIP you know where allowed, only to send it and its used during net distance work change you know where allowed and ex to send it, its ploited distance and why
OSPF
It is clear, that the more information you have, the better you can optimize the use. It is therefor logic that routers can support larger networks then bridges. Large not only means the maximum
146 / 245
4 Interconnecting LANs
number of hops between the tho devices farthest apart, (the diameter of the network if you want) but also the total number networks and hosts connected to the network. In the next paragraph, we will see that for a worldwide scale network, additional features as hierarchic routing and backbones are required. Bridges also learn source addresses from the sender and flood if the destination is not known. Routers learn destination addresses and discard if the destination is not known. Imagine what happens if we would create the Internet only by using bridges and someone just disconnects one of the interfaces of a bridge... Or if a new station with a new MAC address is connected... Or in case of ARP and link-layer broadcasts...
4.5.4
147 / 245
4 Interconnecting LANs
Routing inside an AS is independent to any other AS or the backbone. In each AS the same routing protocol must be used, but each AS can choose its own. This does not prevent routing in between ASs. The results is an hierarchical structure. Different router types can be identified : backbone routers : They use a backbone routing protocol (Interdomain routing) and need only to know about routing between AS. Routing on the backbone has also to do with politics. Indeed, an AS is owned by an organization and it is very well clear that some organizations do not like it if their traffic is routed through the AS of another (competing, enemy) AS. For this reason, the backbone routing protocols can indicate the path to be followed. interior routers : Are used inside an AS. If they have a default gateway, it must point towards (one of) the border router(s) of the AS. border routers : Provide the interface between the backbone and the AS. They need to know about the internal structure of their AS and about the connected AS to the backbone. They therefore need to run two routing protocols, an interdomain routing protocol on the backbone and an intradomain routing protocol towards the AS. Additionally they have to convert information from the interdomain routing process to the intradomain routing process and viceversa. Some backbone routers are also border routers, but not all. Another difficulty with large routing tables is the time needed to find the requested information. Because there is no structure in the assignment of the address-ranges, all nets get an entry in the routing table. It also takes too much time for a network to stabilize when a change occurs (Eg. a node going down). Conclusion : The Internet has become too big to be handled or known by one network routing structure. There is a hierarchic division in AS and the backbone.
148 / 245
4 Interconnecting LANs
G G
Autonomous systems (AS) : areas under single administrative control (e.g. Alcanet, Eunet, Sprint) Two levels of routing in the Internet : - Intra-domain routing (interior gateway protocols) : routing within one AS. - Inter-domain routing (exterior gateway protocols) : glue together different AS.
Abbr.
Routing Information Protocol (RIP) Open Shortest Path First (OSPF) Intermediate System to Intermediate System Protocol (IS-IS) Exterior Gateway Protocol (EGP) Border Gateway Protocol (BGP) Interdomain Routing Protocol (IDRP)
Figure 103
Routing hierarchy
149 / 245
4 Interconnecting LANs
2. Stability Stability of a routing protocol has nothing to do with the stability of the router itself, but with the decision made concerning a destination. An unstable routing protocol is a protocol which is not able to decide on a unique path to the destination. It continually changes its mind about the interface to be used to get to the destination.
1 2
host B 4 5
host A
Figure 104
When host A talks to host B, router 6 in the network can send the packets to two different paths to get it to the destination. Both RIP and OSPF will (can) decide on a unique path, Eg following router 4, 1, 2 and 3. An unstable routing protocol will sometimes send it following this path and sometimes following the alternative possibility 7, 8, 5, 3. In the original design of the internet protocols, this was not a problem, just an inconvenience. Indeed, the IP did not guarantee delivery of the packets, let alone a unique path. Today, with the implementation of QOS, this is a problem. QOS requires a stable defined path. Unstable routing protocols can not be used. Note that both RIP and OSPF are stable protocols. A question remains if the routing protocols are unconditionally stable in all circumstances and all network topologies. In very large networks timings become important also. Router updates are typically done on the order of minutes. Realize also that adapting to a topology change requires several updates.
150 / 245
4 Interconnecting LANs
3. Security In the early days, the ARPANET was supervised by defense and government. Today no one owns the Internet. This means that virtually everyone can connect to the internet backbone. This poses the question how to guarantee acceptable operation even in case some of the connected routers are not behaving as should, due to malfunctioning, bugs in the system, malicious users. Router tables can also be vulnerable for hacker attacks. Indeed, RIP updates are sent by normal UDP messages and can today easily be created by anyone. Correct behavior in an environment with sabotaging elements is known as the Byzantine General Problem" There are two options to solve this : - password protection :This depends on the security of the algorithms and password knowledge. Real secure encryption requires however (too) much processing power for a router. OSPF uses a password, RIP does not. - Robust protocols : The idea is the following : Even if I know that some elements try purposely to disrupt traffic services, can I design a protocol which, even in this case can yet deliver packets correctly. The answer depends on the number of misbehaving elements. More interestingly, it is very simple and states that : If the number of misbehaving element is smaller then one third of the total number THEN an algorithm exist to make the correct decision (and it is well known). None of the routing protocols in use today are designed with this in mind, but proposals are made. It is interesting to notice the shift in interest in the internet mechanisms today. Security and robustness have become more important. While in the early days it was more a matter of 'making the thing work reliable even in case of problems', today it is shifted more to 'making the network function as requested even if some malicious minds are present INSIDE the network'.
BGP
As a final example of routing protocols BGP (Border Gateway Protocol) is discussed. This is a Distance Vector type protocol and has similarities with RIP As indicated before it is an . inter-Autonomous System routing protocol" The primary idea is that each BGP-router advertises to the other AS the networks which are reachable in its own AS. But the BGP also provides the
151 / 245
4 Interconnecting LANs
list of the AS which are traversed for an advertised network. The advantage is that a collection of BGP-routers can create a loop free connectivity graph and that they can decide on the path to be followed : policy decisions on AS-level. Contrary to RIP and OSPF, BGP uses the reliable TCP transport. Although BGP can construct a connectivity graph, thus topology is known, it is still a distance vector protocol. However, the BGP-routers indicate the path to be followed.
BGP
AS
Figure 105
AS
The mechanism can be summarized as follows : 1. Establish a TCP connection between two BGP-routers Establishing a connection means the setup of a state machine. As a normal TCP this can have a connect state, an active state in which messages can be sent... There is a connection between each pair of BGP-routers, but of course, not all routers are connected to all other routers. Establishing a connection also involves maintaining the state, detecting lost connections, avoiding connection collisions (when two routers at the same time want to connect to each other),... 2. Exchange the routing information over this connection. Routing information is contained in a specific database, the Routing Information Base (RIB). A route (or routing information) is a pair of a destination and a number of attributes concerning the path to the destination. These attributes are categorized and may be
D
152 / 245
4 Interconnecting LANs
D D D
These attributes have to do with the selection of the path A BGP router may change the attributes of an advertised path An advertisement may be the withdrawal of a previous advertised route 3. The BGPs sends regularly updates to each other 4. Decisions are made concerning
D D
the selection of routes to be advertised Route aggregation and information reduction : which part of the retrieved information will be kept, ...
The decisions are made in three phases 1. Calculation of the degree of preference. Here, the (local) policy will be taken into account 2. Route selection. Based on preference, and if multiple routes exist to the same destination, one will be selected. 3. Disseminations of routes Policy is implied by the configuration of the BGP router. And although it might seem as an overwhelming complexity, compared with RIP the basic principle is still valid. , 1. Communication with neighbors, here by establishing TCP-connections and exchanging information 2. Making decisions about retrieved information The complexity, and not so nice aspect, is due to the fact that politics is part of the routing (decision) process.
153 / 245
4 Interconnecting LANs
Algorithms
DUAL = DV with diffusing update algorithm (Garcia-Luna-Aceves et al) DV = Distance Vector (Bellman-Ford) PV = "Path Vector" SPF = Shortest-path-first (Dijkstra)
Metrics
A metric is how the protocol measures the network to determine the "best" path. "Speed" refers typically to link speed, not available bandwidth. "Arb." indicates that the metrics are arbitrary and configurable. HELLO tried to use available bandwidth by monitoring round-trip delay, but was not generally successful at this. Metrics are not directly exchangable when redistributing routing information from one protocol to another. IGRP and EIGRP use compatible and automatically convertable metrics.
Convergence
Qualitatively, convergence measures how fast routers using this protocol will adapt to changes in the topology of the network. "Unstb" indicates a protocol which in general never decided on a stable configuration but continually oscillated between alternatives.
Complexity Multipath
An observation of how complex the protocol is to implement. Multipath indicates whether the protocol support and transport
154 / 245
4 Interconnecting LANs
multiple equal- or different- cost pathways across between endpoints? [*] indicates that BGP4 supports multipath for IBGP (Internal BGP a , full mesh of all border routers within an AS), but not for EBGP (External BGP). Variable netmask (Var-netmask) : Indicates whether the protocol allows for and transports different masks for the subnets of a routed network.
4.6
4.6.1
Tunneling
Tunneling
In some cases the above methods, are not appropriate. If two LANs, or two parts of a LAN have to be connected, over an intermediate network, a different approach is required. This can be done by putting packets of one protocol type into packets of the protocol type of the intermediate network. An example is given below in which PPP-packets have to be transmitted across a network. The idea in this example is to have a user which can establish a PPP-session to his corporate. The user has however not a direct connectivity and uses the Internet as an intermediate network or carrier. Tunneling is nothing else then encapsulating one protocol into another in order to be able to transport these packets across a network. However, there is a fundamental difference between tunneling and encapsulation. This is explained in following picture.
Encapsulation
Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1
Tunneling
Layer 7 Layer 6 Layer 5 Layer 4 Layer 3
Figure 106
155 / 245
4 Interconnecting LANs
In case of encapsulation, an upper layer is always encapsulated (!) in the next lower layer. After all, Layer n delivers some (network related) services to Layer n+1. In case of tunneling however, a lower layer is now again encapsulated in layer situated above. We might see twice the same protocol layer appearing in the datapacket. This will be explained in more detail in the following paragraphs. Notice however that, although all examples are explained with PPP-sessions, tunneling is not limited to this.
Figure 107
Use of tunneling A user working at home may want to establish a connection with his corporate. It is probably not likely that the corporate has dedicated direct connections to all of the employes working at home. Eventually, some may be at a large distance, increasing connection costs. As seen in the previous chapters however, there is probably a POP in the neighborhood of the user, so he can easily connect to the Internet datanetwork. The user then establishes a PPP-session with the Internet Access Provider, which lets him make a connection with the Corporate Network. While the user is not interested in going to the internet, his data will be forwarded to the Corporate by the IAP Tunneling . makes it appear as if the user was directly connected to the Corporate network as if there was no intermediate (Inter)network in between. There are two possibilities of tunneling :
156 / 245
4 Interconnecting LANs
"
The PPP-session as such. This means that PPP-packets, without modification are tunneled to the destination. Eg. if different protocols have to be run at the same time.
Figure 108
The protocol used by the user. The IAP can in this case terminate the PPP-session and just tunnel the PPP-data packets (Eg. IPX-protocol packets) through the internet
157 / 245
4 Interconnecting LANs
Figure 109
Tunneling the protocol packets Following reasons can be a motivation to use tunneling :
"
Security and privacy : The network to which the user is connected stays separated from the network over which the data it transferred. Typically, tunneling protocols are used together with encryption. Use of different protocols : Eg. the user wants to connect to an IPX network. In this case, the intermediate Internet is not compatible, and some kind of encapsulation is required (IPX in IP-packets). It also allows, if the PPP-packets themselves are tunneled to use multiple protocols together as in a normal PPP-session Use of private address space. While the IP-addresses, from user and destination, are hidden to the internet by the tunnel, any address range can be used. However, it is required to have to matching, official addresses at the begin and end-point of the tunnel.
"
"
Several implementations of tunneling protocols were proposed recently. New ones are under development. A short list :
158 / 245
4 Interconnecting LANs
"
PPTP : Point to Point Tunneling Protocol (PPTP), proposed by Microsoft and available in Windows NT, 98 and 95 if msdun13 installed L2TP : Layer Two Tunneling Protocol (L2TP), proposal by microsoft and Cisco (dec. 1996) L2F : Layer Two Forwarding (L2F), proposed by Cisco
"
"
Concerning tunneling of PPP-sessions, which can be done by PPTP next protocol is also proposed : ,
"
4.6.2
An example
As an example an ADSL access is shown. The setup is indicated in the next figure. In this example, two tunnels will be used, but this is not required. The user wants to start a web application to his corporate. So he starts a Netscape client, running HTTP to the web server at the corporate. This is depicted in the next figure.
server
LNS
PoP
Inter net
Corporate LAN
User
Figure 110
ADSL-DANA tunnelling example The user is working at home and the connection is made over a number of different physical interfaces.
159 / 245
4 Interconnecting LANs
server
LNS
Inter net
Corporate LAN
User
Physical Networks
802.3 802.3 ATM SDH ATM SDH ATM SDH ATM SDH ATM ADSL ATM 802.3 ADSL 802.3
Ethernet
Internet ???
SDH, PDH
ADSL
Ethernet
Figure 111
Physical interconnection media The connection to the corporate is made by using a PPP (dial-up) session. The session is started from the user side, transferred to the ADSL-modem (ANT) over its local, private network, sent to DANA. The latter eventually concentrates several users working at home towards the corporate, where the user is connected to the corporate network over the internet.
LNS PoP DANA ADSL Mux. DSLAM ANT ATM net work ADSL Private LAN
WebClient Netscape HTTP TCP IP
server
Inter net
Corporate LAN
User
Ethernet
Internet ???
SDH, PDH
ADSL
Ethernet
Figure 112
PPP-access to corporate data network. Both the user private network and the Internet do not support the transfer of PPP-packets. Therefor tunneling will be used.
160 / 245
4 Interconnecting LANs
"
At the user side : The user starts a PPTP session from his user PC to the ANT. This PPTP session runs over IP In this case, the user PC is a . VPN-dial up client (Microsoft terminology) while the ANT is a PPTP server. The ANT as server will be responsible for terminating the PPTP-tunnel, retrieving the PPP-packets and transmitting them over an ATM connection to DANA. So, from ANT to DANA we have PPP over ATM.
PPTP
PPTP is running over IP The mechanism involved is the following. . The user-PC needs to have IP-connectivity to the PPTP-server. So both user and server have an IP-address. By default, the ANT IP-address (also this of the PPTP-server) is 10.0.0.138. In case of an ethernet connection between PC and ANT, the PC needs an IP-address in the same range. The user then starts the VPN-dial-up client.
IP-address of PPTP-server
Figure 113
161 / 245
4 Interconnecting LANs
Starting this client application will setup a TCP-like connection (the PPTP) between the PC and the ANT. Over this connection a PPP-session is established. (This requires of course a PPP-server at the other side) At the PC-side, this is considered as a normal interface like any dial-up interface over which packets (of any protocol type) can be sent. The ANT seeing this tunnel will take the data packets (which in this case are PPP-packets) and forward them to the network (ADSL) side. This is called PPP-relay. The ANT is in this case a forwarder which takes packets from one connection (the PPTP-tunnel) and puts them on another (the ATM-connection over the ADSL-line) and vice versa.
"
At network side : DANA has two functions. The first one is to receive the PPP-packets coming in from the user over his ATM-connection. DANA is for the user a PPP-server. The second function is to start a tunnel to the corporate server. DANA is then an L2TP-client and at the corporate, there is an L2TP server or L2TP Network Server (LNS). This is thus the same principles as with PPP-sessions. Additionally DANA can also concentrate multiple users working at home to the corporate. So DANA has the functionality of a L2TP Access Concentrator (LAC).
PPTP in a network
A few additional details are interesting to know also when PPTP is used in a network, especially in case of Win95 and Win98. Although it was said that a PPTP client behaves like a normal dial-up client there is a side effect due to the limited routing functionality of this OS-technology. Consider again the user PC. First he establishes a connection with the PPTP server. So both server and client have an IP-protocol stack. This stack is however used to transport IP packets across a network. So, starting the PPTP-client (and server) creates a second IP-address in the client PC. The one negotiated during setup of the PPP session. But what about the routing table? It is well possible that the client PC already had eg. a default gateway entry. It is also possible that, as soon as he connects to the corporate LAN he needs a new default gateway, the one which points inside this corporate to find the other parts. Which one is going to be used? This depends on the client implementation, but in Win95 and derivatives it is the last one added to the routing table. In this case this means that the original default gateway is ignored. The result is that the networks connected to the client LAN behind a router become invisible.
162 / 245
4 Interconnecting LANs
L2TP
The tunneling is depicted in the next figure.
LNS DANA PoP DSLAM ADSL Mux. ANT ATM net work ADSL Private LAN
WebClient Netscape HTTP TCP IP PPP PPTP IP 802.3
server
Inter net
Corporate LAN
User
802.3
Ethernet
Internet ???
SDH, PDH
ADSL
Ethernet
Figure 114
Tunneling to support the PPP-session over the network After the tunnels are established, one to the ANT, the other through the internet, a PPP-session can be started. This session runs up to the PPP-server on the corporate network. In general this server is also located on the LNS-station, but does not have to be. Then the PPP-session is established. Once this session is established, the LNS behaves like a gateway which routes corporate network packets with the packets from the PC behind the PPP connection. The result is shown in the next figure.
163 / 245
4 Interconnecting LANs
server
LNS
Inter net
Corporate LAN Corporate IP
IP PPP L2TP IP AAL5 802.3 ATM SDH IP
User
802.3
ATM SDH
ATM ADSL
Private IP 802.3
Ethernet
SDH, PDH
ADSL
Ethernet
Figure 115
Overview There are three IP-address ranges : 1. The user private one. This is only seen by the user PC and PPTP-server (ANT) 2. The global worldwide Internet IP-addresses. This is seen by the LAC, or the IAP and the LNS, the Corporate side and are officially assigned. 3. The Corporate IP-addresses which are seen by the corporate and the user. In principle they can be freely chosen as long as the corporate does not have (direct) access to the Internet. However notice that the corporate needs such an access to terminate the L2TP tunnel, in which case they are probably official addresses too. Finally, tunneling as such does not give security. Indeed, the information in a tunnel is still a readable data packet which can be snooped from the network. It is not even true that the data packets are sent over a known path because there is still an IP-layer underneath the TCP-layer. On the other hand, tunneling creates additional load on the systems using it. Before getting the packet physically on the network, it has to be send twice trough a protocol stack, or at least some of the layers.
164 / 245
4 Interconnecting LANs
4.7
Gateways
As seen in the beginning of this chapter, gateways have functionality up to layer 7. In essence this means that gateways can examine also the contents of the packets or the application data. Gateways are used for several functions :
" " " "
Sometimes a separation is made between transport gateways, which are only involved in the transport mechanisms, which means eg. connection establishment and address translation, and between application gateways which examine the packets contents. One could say that transport gateways do not need to go up to Layer 7 in the protocol stack. In the next discussion, this difference will be ignored.
4.7.1
Proxy services
The definition of a proxy server is :
The proxy server can answer faster. The user does not know the real server, so the proxy will find out for him. It is the most appropriate place to implement security.
"
The best known examples are the web-proxy and the SMC-proxy. But others exist as there are mail-proxies, DNS-proxies and something like an ARP proxy server. The first two will be treated next.
165 / 245
4 Interconnecting LANs
Web proxy-server
This server is used to have a faster response and better capacity during surfing. The idea is comparable with the caching of retrieved webpages :
"
Local caching : If a page is requested several times, rather then retrieving it each time from the internet, the page is kept locally, so if it is asked a second time, the page is loaded from the cache rather then from the original webserver itself. The advantage is that there is no need for establishing a new connection all the way down to the webserver, and downloading it again over the (slow) internet links. Both user as other internet users benefit from this approach. The user himself is quite clear. He avoids to go on the internet. The other users benefit (a little bit) due to the fact that some of the traffic which should be on the internet has disappeared.
"
Proxy caching If several users access the internet through the same link, eg. users from the same corporate, they might also want to retrieve the same webpages from a (for the corporate) popular website. In this case, each user would go to the internet the first time anyway. This can also be improved for the corporate, by retrieving the page once and give it to all users who need it. This is the function of the web-proxy. So a web-proxy collects popular pages in his cache, and sends them to the users. If the requested page is not available, then the user (in fact the web-proxy in behave of the user) can still go to the webserver itself. Of course, the users have to contact the webproxy first, and it makes only sense if multiple users are behind this webproxy. The advantage for the users is that the proxy server is located on the intranet, which is typically a LAN and nearby. The users have thus a fast connection. However, the user is not forced to use proxy servers. The situation is shown below.
166 / 245
4 Interconnecting LANs
(2)
user
web server
Figure 116
1. The first user selects a webpage from an outside site. The webbrowser client verifies if it has to connect to the proxy-server to retrieve the page. This information can be found in the webclient parameter settings (see below for an example) The webclient establishes a connection with the proxy server and posts the request to this server. This is, for http, a TCP-connection. Note also that this connection is made between client and proxy-server and not between client and webserver as in a normal case. 2. The proxy server keeps the connection open and examines the request. It checks if this page is known. Because it is the first time a request for this page, the proxy server in turn establishes now a connection with the webserver and retrieves the page or information. This information is sent to the client and also stored in the cache on the proxy server. The connections to the webserver and the user client are closed. 3. A second user might also want to get this page. In this case, the proxy server detects this page in its cache and sends it to this second user. No connection outside the corporate is made. 4. If a new request is made, by one of the users, the page is retrieved from the local cache on the hosts disk. No connection is made at all.
167 / 245
4 Interconnecting LANs
"
Information consistency There is however a possible danger in this scenario. Each time a page is not retrieved from the webserver it self, but from a local or webproxy cache, there is the chance that the real page was updated without an update in these caches. This is a known problem. So it is required for the user to influence the retrieval of the pages. The user can therefor - Deactivate the local cache. He can ask an update only the first time, each time a new session, or always. - Deactivate the proxy server - Once in a while force an update from the webserver itself. In Netscape this can be done with the button Reload if the shift key is pressed at the same time. Note that a normal reload retrieves the page from one of the caches if present. After some time, the caches (both local and proxy server) are full, after which the oldest requested pages are replaced by the newer ones. This can eventually update the information also.
"
Netscape configuration Indication of local cache usage can be found under the preferences (edit, preferences, advanced, cache).
168 / 245
4 Interconnecting LANs
Figure 117
Netscape configuration of local cache usage As local cache, one can choose between memory, which is cleared after quitting the Netscape client, or disk.
169 / 245
4 Interconnecting LANs
Figure 118
Netscape configuration of proxy settings Selection of the proxy type can be : - Direct connection : This is no proxy server is used - Manual proxy configuration : In this case, the user manually fills in the required configuration as shown in the second window - Automatic proxy configuration : In this case, there is a configuration file on the proxy server (or any server as long as
170 / 245
4 Interconnecting LANs
the URL is known) which has all the information. The Netscape client will first contact this server and retrieve the file indicated by the URL. The advantage is that, if the information for the proxy settings changes, only the server needs to update its file. The disadvantage is that if the server is not available, there will be no proxy server setting information. The latter is not that bad because if this file is located on this proxy server, then if the server is down, no proxy settings can be downloaded but at that moment they are not of any use. In this case, however, Netscape startup will take much longer while it will try to find the proxy server. For hosts which are regularly not connected to the (same) network, this might be an important disadvantage if Netscape is used then. (Example, portable PCs) Some applications allow multiple configurations at startup to solve this problem. In case of the manual configuration as shown in the figure : The domains indicated in the exceptions are those domains which will in any case be directly contacted, even if a proxy server is available. Typically, this should be the internal websites. A few remarks. A proxy can be used or not. In previous example it is very logical to use the proxy server for websites outside the corporate and NOT to use it for internal websites. It is however possible that a proxy server is never used, in which case the client goes to the internet each time he needs a page (not retrieved from his local cache). It is also possible to use a proxy-server anyway, also for internal websites. Both cases are not advised. In the latter case, the proxy server could be overloaded by traffic which is faster if contacted directly. In most cases, a proxy server has to be configured for external sites, due to firewall limitations. In this case, the firewall allows only the web-proxy to make external connections. Note finally that proxy server and firewall may be installed on the same physical host.
171 / 245
4 Interconnecting LANs
Users
Figure 119
Radius proxy
Suppose a Telecom Operator provides access for users to different corporates, ISPs. At the moment a user requests access to a Corporate he sends out a RADIUS request. The Telecom Operator receives his request and has to verify if he can connect this user to one of the networks. This means that the Telecom operator needs to search a database for both (all) corporates to find a match for the user authentication. The telecom operator can collect all this database information of all the connected ISPs. But this is probably not the best approach :
"
The Telecom Operator has to maintain all this information and is not as such gaining something with it. The support of these 'huge' databases require a lot of resources. The ISP might want to keep his subscribed users as private and confidential information.
"
As a result, the Telecom Operator is not really interested in the authentication and authorization process itself. It suffices that he can relay the request and just get the information if he can connect this user or not. This is where the SMC-proxy server comes in. The user sends a connection request to the SMC for a connection to his (known) network. The user is or might be, only aware of the Access Network. The Telecom Operators SMC which retrieves this request verifies the requested service, checks his database of the known services and the location of the SMC corresponding to this known service and forwards then the users request to this SMC. At that moment, the SMC of the Telecom Operator might filter already some of the information of the user request before he sends it to the SMC of the ISP This SMC then . verifies if the user is known, has specified the correct password
172 / 245
4 Interconnecting LANs
and is allowed to this service and sends this result back to the SMC at the Telecom Access Network. Finally this SMC notifies the RAN, which establishes the connection and notifies the user of his access. Notice that
"
The users do not need to know about the SMC at the ISP They . have all one access point to ALL there services. The ISP's SMCs do not need to know about the user location and access point.
"
4.7.2
A world shortage of IP addresses Security needs Ease and flexibility of network administration
IP addresses
In an IP network, each computer is allocated a unique IP address. In the current version of IP protocol, IP version 4, an IP address is 4 bytes. Since an address is 4 bytes, the total number of available addresses is 2 to the power of 32 = 4,294,967,296. This represents the TOTAL theoretical number of computers that can be directly connected to the Internet. In practice, the real limit is much smaller for several reasons. Each physical network has to have a unique Network Number, comprising some of the bits of the IP address. The rest of the bits are used as a Host Number to uniquely identify each computer on
173 / 245
4 Interconnecting LANs
that network. The number of unique Network Numbers that can be assigned in the Internet is therefore much smaller than 4 billion, and it is very unlikely that all of the possible Host Numbers in each Network Number are fully assigned. To allow for a range from big networks, with a lot of computers, to small networks, with a few hosts, the IP address space is divided into 4 classes, called class A, B, C and D. Most class A and B addresses have already been allocated, leaving only class C available. This means that total number of available addresses on the Internet is 2,147,483,774. Each major world region has an authority which is given a share of the addresses and is responsible for allocating them to Internet Service Providers (ISPs) and other large customers. Because of routing requirements, a whole class C network (256 addresses) has to be assigned to a client at a time; the clients (e.g.. ISPs) are then responsible for distributing these addresses to their customers. While the number of available addresses seems large, the Internet is growing at such a pace that it will soon be exhausted. While the next generation IP protocol, IP version 6, allows for larger addresses, it will take years before the existing network infrastructure migrates to the new protocol. In the early days of the Internet, when just the Universities and the government were using it, the amount of IP Addresses were considered to be vastly more than we would ever need. In fact, this is true. However, this false sense of wealth resulted in the dispensing of huge blocks of addresses to those that asked. For example, consider:
" " " " "
MIT has 16,843,008 registered IP Addresses. USC has 16,911,360. General Electric has 17,206,528. IBM has 17,542,656. AT&T has 19,800,320.
The list could go on and on. Had those in charge foreseen the present situation, they would have been more careful in issuing IP Addresses. Because IP addresses are a scarce resource, most Internet Service Providers (ISPs) will only allocate one address to a single customer. In majority of cases this address is assigned dynamically, so every time a client connects to the ISP a different address will be provided. Big companies can buy more addresses, but for small businesses and home users the cost of doing so is prohibitive. Because such users are given only one IP address, they can have
174 / 245
4 Interconnecting LANs
only one computer connected to the Internet at one time. With an NAT gateway running on this single computer, it is possible to share that single address between multiple local computers and connect them all at the same time. The outside world is unaware of this division and thinks that only one computer is connected. Be aware that
"
The use of dynamic IP-addresses does not increase the number of hosts which can be active at the same time. Dynamic IP-addresses do allow more clients ( = potential users of... ) to be connected" to the Internet, but only because in this large group of users there are always a number which are not connected at a certain moment, which means that their IP-addresses can be recuperated for others which are connected. NAT does increase the number of hosts which can be connected at the same time, due to the fact that NAT can hide the IP-addresses. This means that if two hosts are behind a NAT gateway, they can have the same IP-address as long as the NAT gateways have different IP-addresses. Networks behind a NAT gateway can also have private IP-addresses.
"
"
Security considerations
Many people view the Internet as a "one-way street"; they forget that while their computer is connected to the Internet, the Internet is also connected to their computer. That means that anybody with Net access can potentially access resources on their computers (such as files, email, company network etc.). Most personal computer operating systems are not designed with security in mind, leaving them wide open to attacks from the Net. To make matters worse, many new software technologies such as Java have actually reduced security since it is now possible for a Java applet to take control of a computer it is running on. Many times it is not even possible to detect that such applets are running; it is only necessary to go to a Web site and the browser will automatically load and run any applets specified on that page. The security implications of this are very serious. For home users, this means that sensitive personal information, such as emails, correspondence or financial details (such as credit card or cheque numbers) can be stolen. For business users the consequences can be disastrous; should confidential company information such as product plans or marketing strategies be stolen, this can lead to major financial losses or even cause the company to fold. To combat the security problem, a number of firewall products are available. They are placed between the user and the Internet and verify all traffic before allowing it to pass through. This means, for
175 / 245
4 Interconnecting LANs
example, that no unauthorized user would be allowed to access the company's file or email server. The problem with firewall solutions is that they are expensive and difficult to set up and maintain, putting them out of reach for home and small business users. NAT automatically provides firewall-style protection without any special set-up. That is because it only allows connections that are originated on the inside network. This means, for example, that an internal client can connect to an outside FTP server, but an outside client will not be able to connect to an internal FTP server because it would have to originate the connection, and NAT will not allow that. It is still possible to make some internal servers available to the outside world via inbound mapping, which maps certain well know TCP ports (e.g.. 21 for FTP) to specific internal addresses, thus making services such as FTP or Web available in a controlled way.
Administrative considerations
IP networks are more difficult to set up than local desktop LANs; each computer requires an IP address, a subnet mask, DNS address and a default router. This information has to be entered on every computer on the network; if only one piece of information is wrong, the network connection will not function and there is usually no indication of what is wrong. In bigger networks the task of coordinating the distribution of addresses and dividing the network into subnets is so complicated that it requires a dedicated network administrator. NAT can help network administration in several ways:
"
It can divide a large network into several smaller ones. The smaller parts expose only one IP address to the outside, which means that computers can be added or removed, or their addresses changed, without impacting external networks (see also figure 120).
176 / 245
4 Interconnecting LANs
www
Itf
NAT NAT
NAT principle
Some modern NAT gateways contain a Dynamic Host Configuration Protocol (DHCP) server. DHCP allows client computers to be configured automatically; when a computer is switched on, it searches for a DHCP server and obtains TCP/IP setup information. Changes to network configuration are done centrally at the server and affect all the clients; the administrator does not need to apply the change to every computer in the network. For example, if the DNS server address changes, all clients will automatically start using the new address the next time they contact the DHCP server. Many NAT gateways provide for a way to restrict access to the Internet. For example, some NAT software has built-in filtering, which allows administrators to prohibit access to dubious material. Another useful feature is traffic logging; since all the traffic to and from the Internet has to pass through a NAT gateway, it can record all the traffic to a log file. This file can be used to generate various traffic reports, such as traffic breakdown by user, by site, by network connection etc. Since NAT gateways operate on IP packet-level, most of them have built-in internetwork routing capability. The internetwork they are serving can be divided into several separate sub networks (either using different backbones or sharing the same backbone) which further simplifies network administration and allows more computers to be connected to the network (see also figure 121).
"
"
"
177 / 245
4 Interconnecting LANs
Figure 121
Internetwork routing
A proxy is any device that acts on behalf of another. The term is most often used to denote Web proxying. A Web proxy acts as a "half-way" Web server: network clients make requests to the proxy, which then makes requests on their behalf to the appropriate Web server. Proxy technology is often seen as an alternative way to provide shared access to a single Internet connection. The main benefits of Web proxying are:
"
Local caching: a proxy can store frequently-accessed pages on its local hard disk; when these pages are requested, it can serve them from its local files instead of having to download the data from a remote Web server. Proxies that perform caching are often called caching proxy servers. Network bandwidth conservation: if more than one client requests the same page, the proxy can make one request only to a remote server and distribute the received data to all waiting clients.
"
Both these benefits only become apparent in situations where multiple clients are very likely to access the same sites and so share the same data. Unlike NAT, Web proxying is not a transparent operation: it must be explicitly supported by its clients. Due to early adoption of Web proxying, most browsers, including Internet Explorer and Netscape Communicator, have built-in support for proxies, but this must normally be configured on each client machine, and may be changed by the naive or malicious user. Web proxying has the following disadvantages:
178 / 245
4 Interconnecting LANs
"
Web content is becoming more and more dynamic, with new developments such as streaming video & audio being widely used. Most of the new data formats are not cacheable, eliminating one of the main benefits of proxying. Clients have to be explicitly set to use Web proxying; whenever there is a change (e.g. proxy is moved to a new IP address) each and every client has to be set up again. A proxy server operates above the TCP level and uses the machine's built-in protocol stack. For each Web request from a client, a TCP connection has to be established between the client and the proxy machine, and another connection between the proxy machine and the remote Web server. This puts lot of strain on the proxy server machine; in fact, since Web pages are becoming more and more complicated the proxy itself may become bottleneck on the network. This contrasts with a NAT which operates on packet level and requires much less processing for each connection.
"
"
NAT operation
The basic purpose of NAT is to multiplex traffic from the internal network and present it to the Internet as if it was coming from a single computer having only one IP address. The TCP/IP protocols include a multiplexing facility so that any computer can maintain multiple simultaneous connections with a remote computer. It is this multiplexing facility that is the key to single address NAT. To multiplex several connections to a single destination, client computers label all packets with unique "port numbers". Each IP packet starts with a header containing the source and destination addresses and port numbers (see also figure 122)
179 / 245
4 Interconnecting LANs
IPd IPd
Pd Pd
IPx IPy
Px Px
P1 P2
NAT IPp
IPd IPp Pd P1
data
IPd IPx
Pd Px
data
IP datagram S D S D S D
TCP segment S D
Figure 122
NAT operation
This combination of numbers completely defines a single TCP/IP connection. The addresses specify the two machines at each end, and the two port numbers ensure that each connection between this pair of machines can be uniquely identified. Each separate connection is originated from a unique source port number in the client, and all reply packets from the remote server for this connection contain the same number as their destination port, so that the client can relate them back to its correct connection. In this way, for example, it is possible for a web browser to ask a web server for several images at once and to know how to put all the parts of all the responses back together. A modern NAT gateway must change the Source address on every outgoing packet to be its single public address. It therefore also renumbers the Source Ports to be unique, so that it can keep track
180 / 245
4 Interconnecting LANs
of each client connection. The NAT gateway uses a port mapping table to remember how it renumbered the ports for each client's outgoing packets. The port mapping table relates the client's real local IP address and source port plus its translated source port number to a destination address and port. The NAT gateway can therefore reverse the process for returning packets and route them back to the correct clients. When any remote server responds to an NAT client, incoming packets arriving at the NAT gateway will all have the same Destination address, but the destination Port number will be the unique Source Port number that was assigned by the NAT. The NAT gateway looks in its port mapping table to determine which "real" client address and port number a packet is destined for, and replaces these numbers before passing the packet on to the local client. This process is completely dynamic. When a packet is received from an internal client, NAT looks for the matching source address and port in the port mapping table. If the entry is not found, a new one is created, and a new mapping port allocated to the client:
" " "
Incoming packet received on non-NAT port. Look for source address, port in the mapping table. If found, replace source port with previously allocated mapping port and replace source address with NAT address. If not found, allocate a new mapping port. Replace source address with NAT address, source port with mapping port
"
Incoming packet received on NAT port Look up destination port number in port mapping table If found, replace destination address and port with entries from the mapping table If not found, the packet is not for us and should be rejected
"
Each client has an idle time-out associated with it. Whenever new traffic is received for a client, its time-out is reset. When the time-out expires, the client is removed from the table. This is also called ageing. Ageing ensures that the table is kept to a reasonable size. The length of the time-out varies, but taking into account traffic variations on the Internet should not go below 2-3 minutes. Most NAT implementations can also track TCP clients on a per-connection basis and remove them from the table as soon
181 / 245
4 Interconnecting LANs
as the connection is closed. This is not possible for UDP traffic since it is not connection based. Because the port mapping table relates complete connection information - source and destination address and port numbers - it is possible to validate any or all of this information before passing incoming packets back to the client. This checking helps to provide effective firewall protection against Internet-launched attacks on the private LAN. Each IP packet also contain checksums that are calculated by the originator. They are recalculated and compared by the recipient to see if the packet has been corrupted in transit. The checksums depend on the contents of the packet. Since the NAT must modify the packet addresses and port numbers, it must also recalculate and replace the checksums. Careful design in the NAT software can ensure that this extra processing has a minimal effect on the gateway's throughput. Before doing so it must check for, and discard, any corrupt packets to avoid converting a bad packet into a good one.
Application considerations
As seen so far, NAT has a lot of advantages. There are however a few considerations to be made when using NAT because some applications can not be run. The limitations can be listed in three categories : 1. NAT uses ports. So pure IP-applications are not possible. 2. Connections can only be opened starting from the client side. 3. Applications which rely on specific client ports are probably not supported. From the other hand, all applications which do not suffer from previous limitations are inherently supported even if there are not known at the time of implementation.
Security considerations
NAT provides additional security for the users. It hides the internal network, which means that all users of this network present themselves with the same IP-address, so nothing of the network structure is shown. It is also the case that connections can only be initiated from inside, which means that external intrusion is limited. As the Internet continues to expand at an ever-increasing rate, Network Address Translation offers a fast and effective way to expand secure Internet access into existing and new private networks, without having to wait for a major new IP addressing structure. It offers greater administrative flexibility and
Conclusions
182 / 245
4 Interconnecting LANs
performance than the alternative application-level proxies, and is becoming the de facto standard for shared access.
4.7.3
applic
tunnel server
PPP server
IP
PPP
Internet
IPtnl'
IPcln
Suppose that the client is working on the corporate network and sends a packet to the server. The client has a Corporate related IP-address IPcln. The server has IP-address IPsrv. The packet is tunneled over the Internet. The tunnel is created between the client entry point at address IPtnl' and the tunnel-gateway at address IPtnl. The user sends the packet to the tunnel entry point which sends the encapsulated IP-packet to the tunnel-gateway, thus to the IP-address IPtnl.
183 / 245
4 Interconnecting LANs
1. When the packet arrives at this gateway, it is forwarded to the IP-process. 2. This process determines that the data inside the IP-packet is encapsulated PPP data coming out a tunnel. So it is the protocol field which determines that the packet has to be delivered to the tunnel server and not to another application. 3. This tunnel server unpacks the PPP-packets inside the IP-packet and delivers them to the PPP-driver. 4. The PPP-driver retrieves the data, which is the IP-packet between client and server (from IPcln to IPsrv). 5. The PPP-server detects that the protocol inside the PPP-packet is (again) an IP-packet (from a certain PPP-session) and delivers it, a second time, to the IP-process. Remember that at first, the PPP-server had to terminate the PPP-session established by the client-PC. 6. In the IP-process, the destination address is verified. If this is another host on the network, eg. IPsrv, it is forwarded to the network driver which sends it out again to the network. 7. If the IP-process decides that the destination address is the local host, eg. IPcrp, then it is sent up the protocol stack again in which case the protocol field now indicates not the tunnel server but one of the applications on this host. It is not required that the tunnel-gateway has a different IP-address for the tunnel and the server. IPcrp can be the same as IPtnl, and is in most cases. Although this process is a little bit elaborate, but does not seem to be too difficult to understand, it has some consequences for the routing tables. Typically, it should be something like following : Network 0.0.0.0 {IPcln} {Intranet} Netmask Gateway Interface Metric 0.0.0.0 client net net IPR1 IPtnl IPR2 IPcrp tunnel IPcrp 1 1 1
The important aspect is that the tunnel has to be considered as an interface too, after all, it is using a PPP connection, which is the interface for the client network. Indeed, it does not matter if the PPP itself is running over ATM, IP dial-up,... , The considerations concerning routing tables in the tunnel gateway are also important for the client, but things are mostly much simpler here.
184 / 245
4 Interconnecting LANs
4.7.4
Security
As already mentioned, for security reasons, a firewall might be installed in between the corporate LAN and the Internet. This firewall can have following functionality
"
Avoid malicious external users to enter the corporate, steal information, do some damage, or just look around Avoid own members to have access to certain sites Supervision and monitoring incoming and outgoing traffic. (evesdropping)
" "
It is also clear that previous mechanisms, proxy, tunneling access, NAT add to security. So it makes sense to collect all this functionality and place it on one Supervising gateway or firewall, the guardian of the network. Security can be categorize as follows 1. By devices
D D D D
bridges routers and tunnel gateways NAT-gateways firewalls packet filtering packet/content analyzing authentication and signatures encryption
2. By mechanisms
D D D D
A detailed study of security and all the aspects involved as such is a broad field which is, especially today, subject of research and experiment. It is beyond the scope of this text to go any further in detail. A lot of literature can be found to which the reader is referred.
185 / 245
5 Internet applications
5 Internet applications
5.1 Standard services
These can be categorized by
" " " "
postal and news services data and file transfer remote work applications databases
5.1.1
email newsgroups
These are a set of protocols to send messages and information to groups or selected users.
email
Electronic mail used to be ,in the early days, nothing else then the transfer of messages, which are nothing else then (small) files, between two hosts. In order to be able to send a mail message to another user, one needed to establish a connection, using the SMTP between its own host and the host of the user. Establishing a , connection between two hosts is only possible when both stations are online at the same moment. After this connection was set-up, the file, or E-mail-message was placed in a mailbox of the destination. This mailbox is basically nothing else then a directory in the user file space. This is shown in the next picture.
187 / 245
5 Internet applications
LAN
SMTP connection
user A
user B
Figure 124
Today, with all the dial-in users, another solution was required for all those users which are only rarely online, and prevented direct SMTP-connectivity between the stations of the two users which send mail messages to each other. In this case, an intermediate agent will collect all the mail messages and keep them ready for users to retrieve them the moment they become online. This is exactly the function as a post office, hence the POP (Remark, POP . means here Post Office Protocol!) As a result, dial-in users send there message to the post office (POP-server), rather then directly to the destination. After this the POP-server will contact the POP-server of the destination and transfer the mail message to this server. Finally, when the destination users becomes active, he can login to his POP-server check if there are any new messages and retrieve it on his local PC whenever he wants. The interaction between the two POP-servers solve the problem that both users are not online at the same time.
Internet
SMTP connection
POP3
SMTP
POP3 SMTP
user A
user B
Figure 125
188 / 245
5 Internet applications
This mechanism can also be used on a single LAN, in which case all users connect to the same POP-server. Sending mail over the internet creates the problem of finding out where the user is located, or at least his POP-server. This is solved by adding the domainname of the user. Other problems arise if mails are sent to different mail-type services. Today, additions to the original protocols exist. Eg. the POP can be replaced by the IMAP (Interactive Mail Access Protocol), which allows you to retrieve your mail, independent of the location where you are. This is because the server keeps all your mail centralized. An example of a mail client (Netscape Messenger) is given below. The user uses this program to get and send his mail messages. Today, the messages can be composed of all kind of material, like pictures, multimedia content, ...
Figure 126
One of the difficulties with email is that there is in principle no privacy whatsoever. Every message sent can be read by anyone (and is read by certain organizations). Another aspect is the integrity of the mail message. Reading it is the first step. Changing it can be the next. Today, there are encryption methods which avoids this, but they are not yet frequently used. These methods avoid reading by third parties and avoid also changing it. It is somewhat cynic that a lot of people go into great effort to put letters and postcards in envelopes, but that most of them, even
189 / 245
5 Internet applications
companies, do not bother to encrypt mail. Of course a holiday postcard contains much more essential information then an email with my new salary next month...
News
Apart from mail services, the previous picture also shows the news servers. The idea is the same, only that in this case, you do not send a message to a user but to a group of users with the same interest, a newsgroup. Each user can read the messages posted to this newsgroup. This service uses NNTP (Network News Transfer Protocol). Newsgroups can be created locally on an intranet or exist on the Internet. On the internet, newsgroups are divided in different categories. An overview :
" " " " " " " " "
biz : business comp : computers, software sci : scientific discussions misc : miscellaneous, not belonging to the others soc : social subjects talk : discussions news : actuality rec : recreation, art, free time subjects alt : less formal subjects
5.1.2
http
190 / 245
5 Internet applications
It is only after some time, that the webpages received a better look. This is thanks to the definition of the HTML (HyperText Markup Language). This language was originally a subset of a standardized set of commands which allow publishers to specify the layout of the text, Standardized Graphics Markup Language (SGML). It is therefore up to the application itself to do the interpretation of the downloaded files and present them in an appropriate way. Today, evolution is going on to break free of the pure information retrieval, be it in text or graphic style. Interaction with buttons and forms are added, as the ability to create complete programs which can do anything you want. At this point it is for the server interesting to have code running on the user PC itself. This in order to avoid too much load if a lot of users connect at the same time. The problem arises however that the server can not know in advance which kind of host and OS is connecting. To solve this, standardized programming languages are developed which any OS understands, and makes programming platform independent. Examples are Java, JavaScript,... Development is also going on to create virtual worlds in which the user can walk around, manipulate objects, ... This is eg. done with (Virtual Reality Modelling Language (VRML). And although it should be able to do this with Java or other programs, this language was designed to have the smoothest interaction possible which is still a difficulty with todays speed of processors and communications. Other extensions are Shockwave, ActiveX. The HTTP-protocol HTTP is a protocol with very simple commands only :
"
GET <file/path> : Get a web-page from the indicated destination PUT <file/path> : Create a file on the destination HEAD, POST, CHECKIN, CHECKOUT, DELETE,...
"
There are some other less used and not yet fully implemented like
"
An example of a get message is shown below. The right column indicate the bytes which are sent through the TCP connection established. The left column is the meaning of these bytes.
Message type: Message: Referer: Connection: User-agent: Full Request GET /Notes/Library/index.html (Request regarding URL) http://138.203.48.253/Notes/In dex.html Keep-Alive Mozilla/4.5 [en] (Win95; I)
191 / 245
5 Internet applications
no-cache 138.203.48.253 image/gif, image/x-xbitmap, image/ jpeg, image/pjp, eg, image/png, */* gzip en iso-8859-1,*,utf-8 RCuid=MTM4LjIwMy40OC4xMjAx <CRLF>
Notice that in the message itself, the location (IP-address) is not used anymore, only the file and path indication. Also, the GET is transferred as simple text, not as a code. It is up to the server to interpret this text. The end of the bytestream is indicated by a <CRLF> character.
ftp
Next to this there is still the pure file transfer which is performed, regarding of the file contents. This is done by the ftp (file transfer protocol). In the early days this was probably the most used application over the internet And although it seems today less important, it becomes again more and more used due to the fact that several commercial programs implement this facility into its applications. In this case, a file can be saved directly on an ftp server rather then on a local disk, as if this ftp server was part of the local disk.
gopher
Other file related applications can be found in $ 5.3.
5.1.3
192 / 245
5 Internet applications
"
These are pure text based terminal sessions. In some cases, the server supports graphical remote sessions also. This will be further explained in $5.3.
5.2
5.3
Supporting applications
These services do not provide any user applications but make the use of these applications over the Internet much more friendly. Supporting applications can be classified in following categories :
" " " " "
remote terminals, like X-windows name resolving file sharing security and VPN support Proxy and caching mechanisms
5.4
Distributed Processing
It might at first glance seem exaggerated to talk about distributed processing, when discussing the internet. But what is distributed processing ? Although many authors have different opinions about distributed systems and what they really are, a good start is following definition :
"
A distributed system is a system in which a task is solved by more than one processor.
Taking it very general, it does not mean that those processors which are performing some calculation have to be located into the same physical system. They only have to cooperate on some
193 / 245
5 Internet applications
certain problem. Cooperation means of course interaction, and interaction implies some form of communication. Interprocessor communication can be over a network. In a reference following definition is proposed for OS (Operating Systems) : Table 4 Generation first Operating System System centralized op erating system Characteris tics process, memory, I/O, file manage ment Goals resource man agement ex tended ma chine (virtual ity)
second
remote access, resource shar information ing (interoper exchange, net ability) work browsing global view of : file system, name space, time, security, computational power open and co operative dis tributed ap plications single comput er view of mul tiple computer system (trans parency) cooperative work (auto nomicity)
third
fourth
The last generation is very clearly a system in which the processors are hosted in separate units. In a certain sense, this existed all along. Indeed, previously it was indicated that on UNIX stations, people could launch remote processes. Nothing (apart from authorization mechanisms) prevented one host to start a process which started several sub-processes on other machines, which is in fact a multiprocessing system. The methods used were nothing else then rsh (remote shell) running over TCP/IP Important . resources as files were also available to multiple hosts already in the early days (eg. Network File System (NFS)). Today, much more is possible. As an example take the Search For Extraterrestrial Life. The idea is the following. The Arecibo Telescope has gathered so much data that it is simply not possible
194 / 245
5 Internet applications
to calculate all the retrieved information. The data can however be split in separate different units, on which a lot of calculations have to be done. Typically, one unit requires about 100 hours of calculations on a standard 100 MHz Pentium. So why not reusing all the PC sold and let them do some of the calculations during the time they are not doing anything for the user. So if the user wants, on his PC a screen saver is installed which will do following :
"
The screen saver tries to connect to the server. If a connection can be established, a small packet of measurement data will be downloaded and stored into a file on the users PC. After this, the connection is terminated. With a modem this only lasts a minute or two. The data size of such a packet is a few 100 kbytes. During screen-saving time (if this screen saver is activated) the PC is doing some calculations. Each time some progress is made is stored in the results file again After finishing a packet, the cycle starts over again for the user PC and a new one is downloaded. On the server all this information is collected and further analyzed to see if something special has been found. In which case the data can be further analyzed and contact with ET can be made...
"
"
"
195 / 245
5 Internet applications
Figure 127
Distributed Processing example over the Internet. A few values : Since the start in may 1999 there are more then 13552702 units calculated, which represent a total of 399985812 hours (45660.years) calculation (09 july 1999). Achieved in a bare three months. More interesting is that 973875 hosts/users are participating. This is almost as much as 1 in 25 PCs have this screen saver running, literally all over the world (223 listed), even in countries in which Internet connectivity is still a technological miracle. The systems on which this program runs are standard 386 PCs running Windows 95 up to impressive machines and OS you have never heard of. Finally, it is imaginable that, some day, someone creates a 'killer-app' written in Java which everyone wants or even needs to have. A killer app, which will be downloaded and run regularly on an enormous number of hosts. But suppose that the original programmer had a hidden agenda and added some part of software which could do something for him. Examples are cracking passwords, calculating decryptions, typically things which can create a lot of money but require to much processing power for a single host or even a hundred hosts. With the millions of
196 / 245
5 Internet applications
5.5
Electronic commerce
Although this is not an application as such, it should be noted that in order to be able to let a technology evolve and become widely used, someone has to pay and someone has to make money with it. One way or another. Several things can be found :
"
Publicity in the form of banners, required links before you can continue,... Suppress logistic costs. The user himself will now pay to get the material. (It is his telephone bill for downloading the manual, getting the datasheet, the new version, patch, ...) Doing commercial transactions, buying on the internet. It is very clear that security is very important here. You do not want competitors to see what you are buying or how much money you make. You especially do not want to be cheated. Ways of both proving and hiding information in a controlled manner is important.
"
"
"
Electronic money Electronic money is not as simple as it seems. If I show you a one dollar bill, you are pretty convinced it is worth one dollar. But can I convince you that a certain series of bytes is worth one dollar, or a thousand dollars? How would you know? Money needs certain characteristics. Some of them are listed below :
D
unique (uncopyable) Lets say that I go to the bank with a floppy and I pay 1 dollar for a series of bytes which the bank guarantees me that if the series is returned, they will pay one dollar again. How can they prevent that I do not copy a million times this series (and become a rich person)? Dollar bills can not be copied. There are special mechanisms which make this very hard
197 / 245
5 Internet applications
verifiable Can you verify, if the bank gives you a series that it is really the amount you asked, and not something less? Or if someone random" gives you this series. How can you see this? A dollar bill has a clear imprint of his value. (In some countries the bills and coins have marks which makes it easier for the blind people to verify its value too)
transferable (anonymity) If I give you a dollar bill to buy something, the I want you to forget that you receive the bill from me to buy this item. My bill goes together with all the other can not be identified anymore as coming from me. I do not even want the bank to see what I am buying A dollar bill has no name of the owner on it.
Universality, Clarity If I show you a dollar bill, I can use it in a lot of countries and on a countless number of places. Currency which is only used in one place does not make much sense on a worldwide scale. Everyone knows what a dollar bill is!
5.6
Final Note
Today, the Internet as such has matured in the sense that it is a sufficient reliable network which can be exploited for commercial and mass-market goals. The most important evolutions today are: Supporting real-time services Supporting safe commerce Guaranteeing quality in the field
198 / 245
The TCP/IP reference model, more specific the Internet layer and the Transport layer. The TCP/IP protocol stack. Basic functionality of TCP UDP and IP , .
" "
In this chapter TCP UDP and IP are explained in more detail. For , each protocol the header-layout is explained.
6.1
6.1.1
199 / 245
Class A addresses, which are used for large networks. These addresses devote 7 bits to the net-id and 24 bits to the host-id. The first bit is set to 0. Class B addresses, which are used for intermediate size networks. The net-id consists of 14 bits and the host-id of 16. The first two bits are set to 1 and 0. Class C addresses are used for small networks. The net-id consists of 21 bits and the host-id of 8. The first three bits are set to 1,1 and 0. Class D addresses are reserved for multicast groups. The four highest order bits are set to 1,1,1 and 0. Class E addresses are also defined by IP but are reserved for future use. The five highest order bits are set to 1,1,1,1 and 0.
"
"
"
"
Local area networks like Ethernet are usually assigned Class C addresses. Large networks, like the ARPANET are assigned Class A numbers. The host-id field can be divided into two parts : the subnet address part and the host address part. Subnet addresses are privately administered and only present if the network administrator has decided that the network should be divided into subnetworks.
Class A 0 netid (7b) 128 hostid (24b) 16.777.216
Class B
Class C
Class D
Class E
Figure 128
IP Address formats
200 / 245
Note that the Internet address has been defined in such a way that it is possible to extract the host-id or net-id portions in constant time. Gateways which base routing on the net-id, depend on such efficient extraction. For the use in technical documents and application programs the Internet addresses are written as four decimal integers separated by points, where each integer gives the value of one byte of the Internet address. This notation is called dotted decimal notation. For example, the internet address : 11010011 - 00101011 - 00001111 - 11101011 is written 211 . 43 . 15 . 235 By convention, host-id 0 is never assigned to an individual host. Instead it is used to refer to the network itself. Another reserved address consists of all 1s. It is reserved for broadcast (figure 129). Class B 0 1
1 0 00 0 . . . 0 00 0 . . . 1 1 11 1 . . . 1 11 1 . . .
15 16
31
0 1
All ones signifies all networks or all hosts or both Class B Figure 129
1 0 00 0 . . . 0 11 1 . . .
All hosts on this network Reserved address formats. Summarized the ranges for the different classes of IP addresses are: Class A B C D E Range 0.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 240.0.0.0 to 247.255.255.255
All Internet addresses are assigned by a central authority: Network Information Center (NIC)
201 / 245
6.1.2
IP subnetting
IP networks can also be divided into smaller units, called subnets. Subnets provide extra flexibility for network administrators. For example, assume that a network has been assigned a class B address, and all the nodes on the network currently conform to the class B address format. Then assume that the dotted decimal representation of this network's address is 138.203.0.0 (all zeros in the host field of an address specifies the entire network). Rather than change all the addresses to some other basic network number, the administer can subdivide the network using subnetting. This is done by borrowing bits from the host portion of the address and using them as a subnet field, as shown in figure 130. Class B 0 1
10
net id
15 16
host id
31
10
net id
subnet id host id
If a network administrator has chosen to use 8 bits of subnetting, the third octet of a class B IP address provides the subnet number. For example, address 138.203.1.0 refers to network 138.203, subnet 1; address 138.203.2.0 refers to network 138.203, subnet 2; and so on. The number of bits borrowed for the subnet address is variable. To specify how many bits are used, IP provides the subnet mask. Subnet masks use the same format and representation technique as IP addresses. Subnet masks have ones in all bits except those bits that specify the host field. For example, the subnet mask that specifies 8 bits of subnetting for class B address 138.203.0.0 is 255.255.255.0. This can also be indicated by adding '/24' at the end of the IP-address. The subnet mask that specifies 6 bits of subnetting for class B address 138.203.0.0 is 255.255.252.0 or '/22'.
202 / 245
6.2
The network standard for byte order specifies that binary fields are sent most significant bit first. This means from left to right with the most significant bit left, and from the top downward. We will now continue with a further discussion about the different fields in the IP header.
6.2.1
Version
The version-field indicates the format of the IP-header. The current version is 4 or 0100 binary. The purpose of this field is to allow evolution of the protocol. At this moment IPV6 is defined but it will take some time before this protocol will be used., which is not unrealistic since ISO has started a research group to study the TCP/IP suite.
203 / 245
0 Figure 132
0 1 0 0
The Version field
6.2.2
0 1 0 1
The Default IHL value of 5
6.2.3
However, only recently QoS is becoming more and more important because corporates are using the Internet for professional purposes, voice over IP is becoming popular, ... To cope with this two models have been defined:
"
IntServ Model This model defines the Guaranteed Service (GS), the Controlled Load (CL) and the Best Effort classes. This model uses the Resource reSerVation Protocol (RSVP) as a signalling protocol to reserve resources for a stream of packets along a fixed path of network elements.
204 / 245
"
Diffserv Model Provides scalable service discrimination in the Internet without the need for per-flow state and signalling at every hop. A wide range of services can be provided by setting bits in the TOS octet at the network edges and using these bits to determine how packets are treated by the routers in the network. Therefore the TOS byte has been redefined as the DS byte (Diffserv byte).
6.2.4
6.2.5
Fragmentation Control
The TCP layer agrees upon a Maximum Segment Size (MSS) end-to-end. Let us assume that the MSS was 1500 after initialization. Now, it is possible that along the way there is a slow serial line with a MTU (Maximum Transfer Unit) size of 576. In this case the IP datagrams are to long and fragmentation is necessary. Conclusion:
" "
At the TCP layer segmentation is done (vertical) At the IP layer, if necessary, fragmentation takes place (horizontal)
Three fields in the datagram header : Identification, Flags, and Fragment Offset control fragmentation and reassemble of datagrams.
Identification (ID)
The Identification field is an identifying value used to associate fragments of the same datagram. This value is typically supplied
205 / 245
by higher layer protocols (e.g. TCP) as an interface parameter. If not, IP generates datagram identification for each higher layer protocol that it serves. The combination of identification number and protocol field makes the identity of each datagram unique (see section 6.2.7). Any gateway that fragments the datagram copies the Identification field into every fragment.
Flags
Because the length field in a fragment header refers to the size of the fragment and not the size of the original datagram, the destination cannot use the length field to tell whether it has collected all fragments. Thus it needs the MORE DATA bit to mark the end of the original datagram. 0 1 2
0
bit 0 : bit 1 : bit 2 : Figure 134
DF MF
Reserved, must be 0 0 = may fragment 1 = don't fragment 0 = last fragment 1 = more fragments
The Fragment Offset is used along with the "More Data" flag to specify the position of this fragment's data relative to the beginning of the data carried by the original datagram. Each offset value is expressed in units of 8 bytes or 64 bits. Remark : The maximum value is 2 13 times 8 bytes which is just enough because the maximum message length is 2 16. The fragmentation mechanism for breaking a large datagram into smaller datagrams is a solution to the problems arising from the difference between variable subnetwork capacity. It provides a flexibility rather than defining a restrictive datagram size that is sufficiently small for any subnetwork on the internet. Normally, fragmentation is performed only by the IP modules in the gateways. When a gateway encounters a datagram that is too big to be transmitted through a subnetwork, it applies its fragmentation mechanism. First the data portion of the datagram is divided into two or more pieces. For each piece, it then builds an IP-header. Fragmentation data is adjusted in the new headers
206 / 245
to correspond to the data's relative position within the original datagram. The fragments are also subject to further fragmentation if 'smaller-packet' subnetworks are subsequently traversed. The minimum fragment length is 28 bytes : a header of 20 bytes and 8 bytes data. The result is a set of smaller datagrams, each carrying a portion of the data (fig 135). Max datagram length 1500 bytes Max datagram length 512 bytes
Ethernet
Gateway
Serial
Fragmentation
Header 640 bytes L = 660 FO = 0 MF = 0 128 bytes Header L = 148 FO = 64 MF = 0 512 bytes
Reassembly
Header L = 532 FO = 0 MF = 1
Figure 135
Fragmentation IP also contains a reassemble mechanism which reverses the fragmentation to enable delivery of intact data portions. Reassembling is provided at the destination because fragments may follow different routes. All fragments having the same value for the identification, source address, destination address, security and protocol are combined into a reassemble area relative to its position in the original datagram. Remark : If "DON'T FRAGMENT" is set and a gateway cannot handle a datagram of this size an error message is generated using the Internet Control Message Protocol (ICMP) (see section 6.3). The ICMP protocol gives extra support to the management of the internetworking service.
6.2.6
207 / 245
the network. These packets reduce the internet bandwidth and waste processing time. To prevent these problems the TTL mechanism is used. The units of this field are seconds. Thus the maximum Time-To-Live is 28 = 255 seconds or 4.25 minutes. The problem remains the synchronization between different IP-gateways. Therefore an alternative is implemented. Each IP-gateway decrements the TTL field by 1 as it forwards a datagram. This is called the hop-count. Any how, today most routers keep the datagram less than 1 second. A default TTL value of 64 is used indicating the packet cannot pass more than 64 gateways on its way to its destination. 0 Figure 136 The default TTL value of 64 7
0 1 0 0 0 0 0 0
6.2.7
Protocol (PROT)
The Protocol number in the IP-header identifies to which next higher layer protocol the datagram should be sent. In other words this field is the access point to the transport layer entity (fig 137). The combination of the Protocol number with the Identification number (see section 6.2.7) provided by the higher layer programs, offers a unique determination for each datagram. Datagrams with the same Identification number must have different Protocol numbers and vice versa.
208 / 245
TCP (Prot 6)
IP
IP header Protocol 6 TCP header Data Figure 137 The function of the Protocol field
6.2.8
Header Checksum
The IP protocol provides a checksum mechanism to protect the IP-header from transmission errors. The data portion is not covered by the IP checksum. An IP gateway recalculates the checksum each time the IP-header is changed. If the result of the calculation is different from the checksum the datagram will be discarded; no acknowledgment is sent. To calculate the checksum the IP-header is considered to be composed of 16 bit integers with the checksum field set to zero. Then the checksum algorithm is the one's complement of the one's complement sum of the 16 bit integers (fig 138). Because the receiver executes the same calculation including the checksum calculated by the transmitter, the result at receiving side must be all one's. If different from all one's, there is an error and the datagram is discarded.
209 / 245
6.2.9
Internet Addressing
The internet addressing system is a fully global addressing scheme. Internet addresses have a fixed length of 4 bytes which provides an address range up to 232 addresses or about 4.109 possible users. (remark : Ethernet offers an address field of 48 bits). An internet address begins with a network number (netid), followed by a local address (hostid). To provide for flexibility in assigning addresses to small or large sized networks, there are 4 formats or classes of internet addresses : Class A, B, C and an extended address class. Some devices are however connected to several subnetworks. That is, provisions have to be made offering such devices more than one address. An overview of the advantages and disadvantages are given in the table below.
Advantages # Because the netid and the hostid are sepa rated less memory is needed to provide address translation. # The routing algorithms can be kept simple.
Disadvantages # A host connected to more than one net work requires more than one address. # Moving a device requires an address change. # Central authority is required to ensure ad dress uniqueness. # There is a fixed maximum number of users which is hard to modify.
210 / 245
6.2.10
Options
The option field contains additional items to the IP-header. The field size is variable and there are two different format types : A single octet of option type or a combination of an octet of option type, an option length octet and the option data octets. E.g. source routing/ record routing. The options are all facultative. Thereby an option is allocated from a higher layer protocol. This means that two users only can communicate if they give support to the same option from a higher level protocol.
211 / 245
6.3
6.3.1
Failures of communication lines and processors. The destination machine is temporarily disconnected from the network. The time-to-live counter expires. Network congestion.
" "
To overcome these problems, designers added a special message mechanism to the Internet protocols. It is known as Internet Control Message Protocol or ICMP . ICMP is considered as part of IP and must be included in every IP implementation.
INTERNET LAYER
Figure 139
ICMP messages travel across the Internet in the data portion of IP datagrams like all other traffic. The ultimate destination of an ICMP message is not a user process on the destination machine, but the IP software on that machine. That is, when an ICMP error message arrives, the IP software module handles the problem itself; it does not pass the ICMP message to the application program whose datagram caused the problem.
212 / 245
6.3.2
Figure 140
These messages are treated as data messages except that no ICMP message will be generated for errors that result from datagrams carrying ICMP messages. Except for a few, all the ICMP messages have the same format (fig. 141). They all begin with three fields : an 8-bit integer MESSAGE TYPE field, an 8-bit CODE field and a 16-bit CHECKSUM field. The next 32 bits are unused. In addition, ICMP messages that report errors always include the Internet header and the first 64 data bits of the datagram causing the problem. 0 Type Code Information Figure 141 The ICMP message structure 15 16 Checksum Unused (must be zero) 31
The Type field defines the meaning of the message and the format of the packet. For example, a TYPE = 11 is a 'Time Exceeded' report. When a timer concerning a data message is expired in a gateway an ICMP message with TYPE = 11 is generated. The CODE field provides further information about the message type. In our example there are two possible time-outs. One counter is the time-to-live counter or sometimes called the hop
213 / 245
count. It prevents datagrams from circling in the Internet forever. In this case the Type and Code fields are : Type = 11 Code = 0 Another counter is the 'Reassemble' timer. Every host receiving a fragmented datagram starts a timer. The host considers it an error if the timer expires before all the pieces of the datagram arrive. In this case the fields are : Type = 11 Code = 1 The ICMP checksum algorithm is the same as the IP checksum. Our ICMP 'Time Exceeded' message is shown in figure 142. 0 Type (11) 15 16 Code (0 or 1) 31 Checksum
Figure 142
214 / 245
6.4
6.4.1
6.4.2
215 / 245
UDP Header
Figure 143
A UDP message
The user datagram header is divided into four 16-bit fields that specify the port from which the message was sent, the port to which the message is destined, the message length and a UDP checksum. Figure 144 gives the details, showing a UDP datagram in 32-bit segments. 0 Source Port Length Figure 144 UDP header 15 16 Destination Port UDP Checksum 31
The SOURCE PORT and DESTINATION PORT fields contain the 16-bit UDP protocol port numbers used to demultiplex datagrams among the processes waiting to receive them. The SOURCE PORT is optional. When used, it specifies the port to which replies should be sent. The LENGTH field contains a count of bytes in the UDP datagram, including the UDP header as well as the user data. Thus, the minimum value for Length is 8, the length of the header alone. The UDP checksum is optional; a value of zero in the CHECKSUM field means that the checksum has not been computed. The UDP checksum calculation includes the data part and also a pseudo header (see also figure 145). The pseudo header includes a part of the IP datagram and assures that there is a double check that the datagram arrived at its correct destination. Recall that IP does not compute a checksum on the data portion of a datagram. Thus, the UDP checksum provides the only way to guarantee that data has arrived intact and should be used.
216 / 245
31
UDP Header
Data
6.4.3
In practice, layering UDP above IP means that a complete UDP message, including the UDP header and data, is encapsulated in an IP datagram as it travels across the Internet as figure 147 shows.
217 / 245
The division of duties among various protocol layers is clear : the IP layer is responsible only for transferring data between hosts on the Internet, while the UDP layer is responsible only for differentiating among multiple sources or destinations within one host. Thus the UDP protocol provides a multiplexing and demultiplexing service among different application ports and the IP layer (fig. 148).
Port 1
Port 2
Port 3
218 / 245
6.5
6.5.1
Service Connection establishment and release Sequenced delivery Multiplexing of several transport connections onto a single IP service Flow control End-to-end acknowledgments Error checking Expedited data service
TCP * * * * * * *
UDP
TCP is part of the Internet protocol suite. Together with IP they offer a reliable transport service on whatever physical network. In a multiple network environment, the combination TCP/IP is very useful. Nevertheless, TCP as well as IP is an independent entity and can be used over a single network like an Ethernet. Just like UDP TCP is layered above IP This means that a complete , . TCP message, including the TCP header and data, is encapsulated in an IP datagram as it travels across the Internet as figure 149 shows.
219 / 245
IP datagram IP Header TCP Header TCP data area TCP Segment Figure 149 A TCP message
In the next sections we will discuss TCP looking at the different fields of the TCP header. The format of a TCP segment with a TCP header followed by data is given in figure 150. The unit of transfer between the TCP entities on two machines is called a SEGMENT. Segments are exchanged to establish a connection, to transfer data, to send acknowledgments, to advertise window size, and to close a connection. 0 Source Port 15 16 Destination Port Sequence Number Acknowledgement Number Offset Res. Cntrl flags Options Data ... Figure 150 The format of a TCP segment Window Urgent pointer Padding Checksum 31
6.5.2
Pre-assigned by user agreement Pre-assigned by some central authority Dynamically assigned by some type of handshake.
220 / 245
Port no. 0 1 2-4 5 13 15 20 21 23 25 42 53 67 68 69 80 111 161 162 247 - 255 256 - 1024
Port Application TCPMUX RJE DAYTIME NETSTAT FTP-DATA FTP-CONTROL TELNET SMTP NAMESERVER DNS BOOTPS BOOTPC TFTP HTTP SUNRPC SNMP SNMPTRAP
Description Reserved TCP Port Service Multiplexer Unassigned Remote Job Entry Daytime Network users Status File Transfer Protocol (data) File Transfer Protocol Terminal connection Simple Mail Transport Protocol Host name Server Domain Name System Bootstrap Protocol Server Bootstrap Protocol Client Trivial File Transfer Protocol HyperText Transfer Protocol SUN Remote Procedure Call Simple Network Management P . SNMP traps Reserved Unix Standard ports
Table 3 : Examples of assigned TCP port numbers. Like UDP TCP combines static and dynamic port binding, using a , set of reserved port assignments defined by D.O.D. but leaving most port numbers available for local network operating system to allocate as programs need them. Some of the currently assigned TCP (UDP) ports are listed in the previous table. Unlike UDP TCP is a connection oriented protocol that needs two , endpoints to make communication meaningful. Before TCP traffic can pass across the Internet, application programs at both ends of the connection must agree that the connection is desired. Therefore special request primitives have been defined as Passive Open and Active Open. The application program on one end perform a Passive Open function by contacting its operating system and indicating that it will accept an incoming connection. At that time, the operating system assigns a port number for one end of the connection. The application program at the other end must then contact its operating system using an Active Open
221 / 245
request to establish a connection. Once a connection has been created, the TCP software modules at each end can begin passing data. More about establishing a connection will be given in section 6.5.8.
6.5.3
Sequence Number
The Sequence Number uniquely identifies each TCP segment in a message stream. TCP views a data stream coming from an application as a sequence of bytes that it divides into segments for transmission. However, any segment length is allowed; there is no maximum specified. Usually, each segment travels across the Internet in a single IP datagram. The sequence number specifies the number of the first byte of each segment. Therefore the sequence number is a byte count and not a segment count.
6.5.4
Acknowledgement Number
One of the TCP services is to provide reliability. The protocol software must do this independent of the underlying packet delivery network service. The technique used in TCP/IP is known as Positive Acknowledgment with Retransmission. In this technique the receiver sends back an acknowledgment message every time it receives data. The sender keeps a record of each packet it sends and waits for an acknowledgment before sending the next packet. The sender also starts a timer when it sends a packet and retransmits a packet if the timer expires before an acknowledgment arrives. Figure 151 illustrates the positive acknowledgment technique in normal operation.
222 / 245
Sender
TCP segments
Receiver
Receive ACK 2
Figure 151
The positive acknowledgment protocol. Time out and retransmission occurs when a timer is expired. Figure 152 shows the messages exchanged between the sender and receiver. The timer at the sender side is expired due to packet lost.
223 / 245
Sender
Receiver
Figure 152
Positive acknowledgment with retransmission. It is possible that networks experience high delays. These can cause premature retransmission and thus message duplications. To avoid confusion caused by delayed or duplicated messages the positive acknowledgment protocol uses helpful mechanisms. First, sequence numbers are sent back in the ACKNOWLEDGMENT field. This allows the sender to associate acknowledgments with transmitted segments. Second, to avoid unnecessary retransmissions due to high transmission delays, TCP uses an adaptive retransmission algorithm. In an Internet, the path between a pair of machines may traverse a single high speed network, or it may wind across multiple intermediate networks through multiple gateways. Thus it is impossible to know a priori how quickly an acknowledgment will return. Therefore the TCP software at the sender records the time at which each segment is sent, and the time at which an acknowledgment
224 / 245
arrives. The elapsed time is known as the Round Trip Time (RTT). Whenever it measures a new RTT, TCP adjusts its notion of the average RTT for the connection. Algorithms used to do this can be compared with the following averaging technique : Let:
" "
RTT be the latest measured Round Trip Time and T0 be the used time out or average RTT, T1 = T0 + (1-) RTT
where 0 < < 1 is a weighing factor. Choosing a value for close to 1 makes the weighted average immune to changes. Choosing a value for close to 0 makes the weighted average respond to changes in delay very quickly. Usually, is chosen closer to 1 to keep a single delay from affecting TCP dramatically.
6.5.5
Data Offset
The Data Offset field identifies the number of 32 bit words in the TCP header. The default value is 5. 0 Figure 153 1 2 3
0 1 0 1
The default data offset value of 5
6.5.6 6.5.7
Reserved
A field reserved for future and as yet unspecified use.
Window
Before explaining the control flags we first discuss the TCP window field. The TCP window mechanism is called Transmission Credit Protocol. It works slightly different from the Sliding Window Protocol used in HDLC and LAPB for instance. The motivation for the positive acknowledgment and retransmission mechanism was to achieve reliability. The sender transmits a packet and then waits for an acknowledgment before transmitting another. The network will be completely idle during
225 / 245
times that machines delay responses. In a network characterized by high transmission delays this method will be very inefficient. The sliding window technique use network bandwidth better because it allows the sender to transmit multiple packets before waiting for an acknowledgment. As figure 154 shows, once the sender receives an acknowledgment for the first packet inside the window, it slides the window along.
226 / 245
0123456701234567...
0123456701234567...
Ns = 0
0123456701234567...
Ns = 1
0123456701234567...
Ns = 2
0123456701234567...
Ns = 3
0123456701234567...
Nr = 2
0123456701234567...
Ns = 4
0123456701234567...
Nr = 4
0123456701234567...
Ns = 5
227 / 245
TCP uses a specialized sliding window mechanism called the Transmission Credit Protocol. This technique has been chosen to solve one of the two important data flow problems. First, TCP/IP need end-to-end flow control between the source and ultimate destination. For example, when a PC is connected with a mainframe computer, the PC has to regulate the amount of data coming from the mainframe otherwise the PC protocol software would overrun quickly. Second, Internet protocols need a flow control mechanism that allows intermediate machines like gateways to control a source that sends more traffic than they can tolerate. We observe that TCP solves only the end-to-end flow control. Therefore TCP allows the window size to vary over time. The TCP window mechanism operates at the byte level, not at the packet level. Each acknowledgment, which specifies how many bytes have been received, contains a window advertisement indicated in the WINDOW field. The window advertisement specifies how many additional bytes of data the receiver is prepared to accept. This results in a slightly different data flow as figure 155 indicates. In response to a decreased window credit, the sender decreases the size of its window and in response to an increased window credit, the sender increases the size of its window and proceeds to send data that have not been acknowledged.
228 / 245
0123456701234567...
Nr = 0 Cr = 6
0123456701234567...
Ns = 0
0123456701234567...
Ns = 1
0123456701234567...
Ns = 2
0123456701234567...
Ns = 3
0123456701234567...
Nr = 2 Cr = 4
0123456701234567...
Ns = 4
0123456701234567...
Nr = 4 Cr = 6
0123456701234567...
Ns = 5
229 / 245
The advantage of using a variable window size is that it provides flow control. Figure 156 also shows that TCP doesn't use a segment based sequence number. The sequence and acknowledgement numbers are byte based. The flow control principle is as follows. If the receiver's buffer begin to become full, it cannot tolerate more packets, so it sends a smaller window advertisement. In the extreme case, the receiver advertises a window size of zero to stop all transmissions. Later, when buffer space becomes available, the receiver advertises a non zero window size to trigger the flow of data again. Remark : The Transmission Credit Protocol solves the end-to-end flow control. However, this mechanism does not solve the flow control between intermediate gateways. Therefore TCP/IP must rely on the use of the ICMP protocol e.g. an ICMP Source Quench message. The latter will indicate a receive buffer overflow in intermediate nodes.
230 / 245
Figure 156
231 / 245
6.5.8
Control Flags
In the beginning of this chapter we mentioned that TCP offers a connection oriented transport service. The control flags will be used to establish, maintaining and releasing a connection. An overview of the flags is given in the table below.
URG ACK PSH RST SYN FIN The Urgent Pointer is set An acknowledgment is sent The receive buffer must be cleared Reset the connection Synchronize the sequence numbers The end of message indication
Table 4 : The flags in the TCP protocol. To establish a connection, TCP uses a three-way handshake. The connection scenario proceeds as figure 157 shows. Together with the messages sent between station A and B, the state of both users is indicated. After initiating an active open request primitive station A sends a message with the SYN flag set. The second message has both the SYN and ACK flag set, indicating that it acknowledges the first SYN segment as well as continuing the handshake. The final handshake message is only an acknowledgment and is merely used to inform the destination that both sides agree that a connection has been established. It is possible to send the MSS (see before) value in the SYN message. The other side can accept the MSS value or send backwards a smaller value, for example.
232 / 245
Client A
Server B
A c t iv e Op e n TCP segments Closed SYN SYN sent Seq 100 Ack 101 SYN, Seq 450 Ack 451 Connection Established
Connection Established
Figure 157
Usually, the TCP software on one machine waits passively for the handshake and the TCP software on another machine initiates it. However, the handshake is carefully designed to work even if both machines attempt to initiate a connection simultaneously (fig 158). For example, two E-mail servers contacting each other. Thus a connection can be established from either end or from both ends simultaneously. Once the connection has been established, data can flow in both directions equally well.
233 / 245
Server A
Server B
SYN sent
Figure 158
As discussed in previous section, a segment is retransmitted after a timer is expired. Trouble arises if retransmitted requests arrive while the connection is being established. The RST flag and the rule that TCP ignores additional requests for connection establishing solves these problems. The RST flag is used when abnormal conditions arise that force an application program or the network software to break a connection. When the RST flag is set the receiver responds immediately by aborting the connection. It also informs the application program that a reset occurred. An abort means that transfer in both directions ceases immediately, and resources such as buffers are released. The RESET function is used in abnormal situations. In a normal TCP disconnection another mechanism is used. When an application program tells TCP that it has no more data to send, TCP will close the connection in that direction. To close its half of a connection, the sending TCP finishes transmitting the remaining data and then sends a segment with the FIN flag set. The receiving TCP acknowledges the FIN segment and informs the application that no more data is available.
234 / 245
Once a connection has been closed in a given direction, TCP refuses to accept more data for that direction. Meanwhile, data can continue to flow in the opposite direction until the sender closes it. When both directions have been closed, the connection is deleted. (fig 159)
Client A
Server B
A c t iv e Op e n TCP segments Closed ... Connection Established FIN, Seq 1350 FIN wait Ack 1351, FIN, Seq 7150
Figure 159
6.5.9
Checksum
The checksum field covers the entire segment (header + data) plus a 96-bit (12 bytes) pseudo-header prefixed to the TCP header at the time of calculation. The pseudo-header contains the source IP-address, destination IP-address, protocol, and TCP segment length (figure 160). On transmission, these parameters are the same ones that are passed to IP in the SEND-primitive. On reception, these parameters are available from the IP DELIVER primitive.
235 / 245
By including the pseudo-header in the checksum, TCP protects itself from misdelivery by IP . 0 15 16 Source Address Destination Address Zero Protocol Segment Length 31
TCP Header
Data
Figure 160
6.5.10
Urgent Pointer
There is no segment length specified in the TCP protocol. So TCP can chose a segment division as large as possible. This results in the advantage of reducing the high overhead that occurs when segments contain only a few data bytes. Although buffering improves network throughput, it can interfere with some applications. Consider using a TCP connection to pass characters from an interactive terminal to a remote machine. The user expects instant response to each keystroke. If TCP buffers the data, response may be delayed. To accommodate interactive users, TCP provides a PUSH operation that an application program can use to force data delivery without waiting for the buffer to fill. If the Push operation is requested, the PSH flag is set in the header. The data will now immediately be sent to the receiver. Thus, when sending data from an interactive terminal, the application uses the Push function after each keystroke. In addition to the Push function, TCP provides an URGENT POINTER facility. The urgent pointer refers to a specific position in
236 / 245
the data segment. Data further along that position should be processed first as soon as possible. For example, special characters are used for flow control during the scrolling of text on a screen. [Ctrl] [S] stops scrolling and [Ctrl] [Q] restarts scrolling. These characters might be considered urgent because the receiver should process them immediately.
6.5.11
Options
TCP software use the OPTIONS field to communicate with the TCP software at the other end of the connection. In particular, the TCP software at one end of a connection can specify a Maximum Segment Size that it is willing to receive. This is the only additional option specified up to now.
6.5.12
Padding
The last field of a TCP header. As with IP this field contains zeros to ensure that the header extends to an exact multiple of 32 bits.
237 / 245
Abbreviations
Abbreviations
ADSL ARP ARPA BGP BRI CHAP CSMA/CD DHCP DN DNS DSP DV EGP FDDI FR FTP HTML HTTP IAP ICMP IDRP IGMP IMAP IP IPCP IS-IS ISDN ISO ISP L2F L2TP Asymmetric Digital Subscriber Line Address Resolution Protocol Advanced Research Project Agency Border Gateway Protocol Basic Rate Interface Challenge Handshake Authentication Protocol Carrier Sense Multiple Access with Collision Detection Dynamic Host Configuration Protocol Directory Number Domain Name System Digital Signal Processing Distance Vector Exterior Gateway Protocol Fiber Distributed Data Interface Frame Relay File Transfer Protocol Hypertext Markup Language Hypertext Transfer Protocol Internet Access Provider Internet Control Message Protocol Interdomain Routing Protocol Internet Group Management Protocol Interactive Mail Access Protocol Internet Protocol IP Control Protocol Intermediate System to Intermediate System Protocol Integrated Services Digital Network International Standards Organization Internet Service Provider Layer Two Forwarding Layer Two Tunneling Protocol
239 / 245
Abbreviations
LAC LAN LCP LNS LSA MIB NAS NCP NFS NMC NNTP NSF NT OSI OSPF PAP PoP POP PPP PPPoE PPTP PRA RARP RIB RIP SDH SGML SMC SMTP SNMP SOHO TCP UDP
L2TP Access Concentrator Local Area Network Link Control Protocol L2TP Network Server Link State Algoritm Management Information Base Network Access Servers Network Control Protocol Network File System Network Management Centre Network News Transfer Protocol National Science Foundation Network Termination Open Systems Interconnection Open Shortest Path First Password Authentication Protocol Point of Presence Post Office Protocol Point to Point Protocol PPP over Ethernet Point to Point Tunneling Protocol Primary Rate Access Reverse Address Resolution Protocol Routing Information Base Routing Information Protocol Synchronous Digital Hierarchy Standardized Graphics Markup Language Service Management Centre Simple Mail Transfer Protocol Simple Network Management Protocol Small Office - Home Office Transmission Control Protocol User Datagram Protocol
240 / 245
Abbreviations
Uniform Resource Locator very high speed Backbone Network Service Virtual Private Network Virtual Reality Modelling Language Wide Area Information System World Wide Web
241 / 245
Abbreviations
242 / 245
Appendix A
References
Appendix A
References
It does not make sense to try to give an exhaustive list of references or valuable resources on the Internet Story. For the text, following books were a help, but many more exist. Nr [1] [2] [3] [4] [5] [6] [7] [8] Title TCP/IP Illustrated vol.1 Computer Networks TCP/IP Network Administration Linux Network Administrator's Guide Het complete Internet Handboek Interconnections, bridges and routers Distributed Operating Systems Author R. Stevens A. Tanenbaum C. Hunt O. Kirch S. Bang ea. R. Perlman R. Chow
243 / 245
Appendix B
Relevant RFCs
Appendix B
Relevant RFCs
To get the detailed information about the bits and the bytes, and how the mechanisms work, one should consult the RFCs (Request for comments). They are created as they become necessary. Each RFC has a number and is a text concerning some aspect of networking. There is no structure in the numbering (apart from cronology). A good place to start is following link :
"
http://www.iepg.org/docset
Follwoing table gives a short list of the RFC relating some topics in the text. Some others are added also. Nr Hosts 1600 1340 1122, 1123 1009 Encapsulation Link Layer 1483 826 903 894, 1340 1042 1055, 1144 1548, 1332, 1661 IP Layer 791 1340, 1349, 1141, 1071 950, 1219 792 1256 Title The official protocol standards Assigned numbers Host requirenments Router requirenments Multi protocol encapsulation over ATM-AAL5 ARP RARP Ethernet IEEE 802 SLIP PPP
244 / 245
Appendix B
Relevant RFCs
Nr 1112 Routing 1058 1388 1247 1654, 1655 1518, 1519 Tunneling 1631 1234 1226, 1234, 1241, 1479 Transport Layer 768 793 Application Layer 1034, 1035 1157, 1441, 1155, 1213 821, 822, 1521 2128, 2139
Title IGMP router discovery RIP v1 RIP v2 OSPF BGP v4 CIDR NAT IPX through IP Generic routing encapsulation
SMTP MIME ,
RADIUS
245 / 245