CHAPTER 6: The OSI Model and Networking Protocols 256 The TDI Boundary Layer The TDI provides a portal into the transport protocols for kernel mode components such as servers and redirectors. In essence, it is the gateway between the transport layer and the session layer in the OSI model, providing a common interface developers can use to access both transport and session layer functionality. The API Boundary Layer The API is the interface through which developers can access network infra- structure services such as various application layer protocols. Dynamic Host Configuration Protocol (DHCP), DNS, and Windows Internet Name Service (WINS) all work at this level and connect to the lower layers through APIs. There are also Windows Sockets (WinSock), NetBIOS, telephony, and messaging APIs used to assist in carrying out lower-level network functions. Understanding Component Layers Within each layer are component layers that provide very specific functionality. The NDIS Wrapper The NDIS wrapper is a library of common NDIS functions that can be used both by the MAC protocols beneath it and by TCP/IP above it. The NDIS wrapper is implemented by a file called Ndis.sys, which is software code that surrounds all NDIS device drivers. It provides a common interface for device and protocol drivers. The NDIS wrapper is used to reduce platform dependencies during development of network interface devices. Network Transport Protocols Network Transport Protocols all applications or clients to send and receive data over the network. Other network transport protocols include IPX/SPX, Asynchronous Transfer Mode (ATM), NetBEUI, Infrared Data Association (IrDA), AppleTalk, and SNA. These protocols are used on a variety of non-Microsoft operating systems including Novell, Apple, and IBM. File System Drivers The file system drivers are the Redirector and the Server service. When there is a request to open a shared file, the I/O Manager sends a request to the Redirector, which selects the appropriate transport layer protocol via the TDI layer. When there is a request to access a local file, the Server service responds to requests from the remote Redirector and provides The DoD Networking Model 257 access to the requested file. Named pipes, mailslots, Server service, and Redirector are file system drivers that work at both the presentation and session layers of the OSI model. Applications and User Mode Services Applications must interface with the lower layer protocols and must interact in some manner with the user. These services are implemented in a number of ways, but there are four commonly used APIs implemented at this point that provide access to lower transport protocols. The WinSock API allows Windows-based applications to communicate with the lower layers. Winsock is a protocol-independent networking API that provides standardized access to datagram and session services over TCP/IP, IPX/SPX, AppleTalk, and others. Telephony integrates computers with telephone technology and utilizes the Telephony API (TAPI) to provide a standardized interface to networking protocols for various telephony applications. The NetBIOS API has been used for developing client/server applications and is supported in Windows 2003 for backward compatibility. The Messaging API (MAPI) is an industry standard that assists applications in interfacing with messaging services via a single interface. Microsoft Exchange uses MAPI. So in sum, although you won’t be asked questions on the Network exam that are directly related to this information, not having it at all leaves massive gaps in your networking information. Understanding these concepts helps to give you key terminology you may encounter on the exam so you will under- stand what it means when you see it, which will help to differentiate wrong answers and so on. Now, let’s learn about the DoD model and map it to the OSI model to understand the similarities and differences among these two models. THE DoD NETWORKING MODEL In the mid-1960s, computer systems were huge mainframes that were all owned and maintained by large companies, universities, and governmental agencies. Users, especially in the academic, scientific, and governmental arenas, often needed to share data with other users. The problem was that mainframe computers all ran different proprietary software, and operating systems could not easily communicate with one another. To share data, programmers had to write code that would allow one mainframe to communicate with another specific mainframe. This cumbersome one-to-one process was prohibitive, both in terms of the time and cost required to develop unique, proprietary solutions, and CHAPTER 6: The OSI Model and Networking Protocols 258 in terms of the limitations those solutions often imposed. After an interface was written, that main- frame still could communicate only with its specified counterpart. If either mainframe’s operating system changed, the interface might be broken and programmers would have to be called back in to reestablish the communication system between the two mainframes. The U.S. Department of Defense Advanced Research Projects Agency (DARPA) tackled this problem with an experiment designed to demon- strate a way to share computer data across a wide area. This experiment was called Advanced Research Proj- ects Agency Network (ARPANet) and it became the foundation for what we know today as the Internet. It also resulted in the development of the TCP/IP protocols in the late 1960s. TCP/IP is one of the few computer technologies from the 1960s that is still in prominent use today, a testament to the superb design of the TCP/IP suite. Although it has undergone some modifications over time, TCP/IP is still the protocol suite of choice for almost all large networks and for global connectivity to the Internet, which relies on TCP/IP. The DARPA architecture, known as the DARPA model or the Department of Defense (DoD) model, defines four layers starting at the network cable (or interface) and working its way up. This model can be seen in Figure 6.10. Each layer is designed with a specific function and together they provide the foundation for Internetworking. Different protocols within the TCP/IP suite work at different layers, as you’ll discover when we examine the individual components of the TCP/IP suite. Layer 1: Network Interface The Network Interface layer of the DoD model corresponds to the lowest level of the TCP/IP protocol architecture and correlates to Layers 1 and 2 in the OSI model. Figure 6.11 shows the mapping of layers from the OSI FIGURE 6.10 The DoD Networking Model. The DoD Networking Model 259 model to DoD model. The Network Interface layer provides most of the capabilities provided for in the physical and data link layers of the OSI model. Let’s begin with a brief overview of the hardware involved in the network at this level. We have the network medium, which is typically coaxial, fiber optic, or twisted-pair cabling (although wireless networking is increasing in popularity – see Chapter 5); and we have the NIC that has both a physical MAC address and a logical IP address (we’ll discuss the MAC and IP addresses a bit later). The NIC has logic (a circuit board and chips) built into it that gives it basic functionality. It uses a driver, which is a small software program that interfaces between the hardware and the operating system, to provide additional functionality. The specifications related to how the network technology is imple- mented are defined by IEEE (called the Eye-triple E by industry members). The IEEE helps define common standards for use in a variety of technical fields, including computing. Although it may seem like humorous trivia, it’s FIGURE 6.11 Mapping the OSI Model with DoD Model. The OSI Model The DoD Model Physical Network Interface Host-to-Host Internet Process/ Application Data Link Network Transport Session Presentation Application CHAPTER 6: The OSI Model and Networking Protocols 260 absolutely true that the standard known as the 802 standard was named so because the initial committee meeting was in 1980, in February (the second month). This standard defines specifications for the lower-level networking technologies; that is, those at the physical layer (NIC, connectors, and cables) and at the data link layer (access methods). As you’ll see, the standards vary, depending on the network technology (Ethernet, Token Ring, ATM, and Frame Relay). Because TCP/IP works independently of network technology, it can be used with each of these types of networks and can be used to send information between two dissimilar networks as well. For more information on the IEEE, you can visit the IEEE at www.ieee.org. The standards set by the 802 committee pertaining to networking are as follows:  802.1: Internetworking standards that deal with the management of LANs and metropolitan area networks (MANs), including bridges and the spanning tree algorithm used by bridges to prevent looping.  802.2: LLC and the division of OSI Layer 2 into two sublayers, LLC and MAC.  802.3: CSMA/CD, the MAC method used on Ethernet networks and frame formats for Ethernet.  802.4: Token Bus networks that use 75 ohm coax or fiber-optic cabling and the token-passing access method.  802.5: Token Ring, the technology developed by IBM that uses a physical star and logical ring topology with twisted-pair cabling (shielded or unshielded) and the token-passing access method.  802.6: MANs, networks of a size and scope that falls between that of the LAN and the WAN. Exam Warning For the Network exam, it’s imperative that you understand the IEEE 802 model and its specific standards. Although there are many standard committees, you should definitely focus on the newer ones affecting today’s current technologies (or areas of technology), such as Ethernet, wireless, and security. Most significantly, Ethernet is defined in 802.3, Token Ring in 802.5, and wireless networking in 802.11. The DoD Networking Model 261  802.7: Broadband transmissions that use frequency-division multiplexing (FDM), including CATV.  802.8: Fiber optics networks, including FDDI using the token-passing access method.  802.9: Integrated services (voice and data) over Integrated Services Digital Network (ISDN).  802.10: Virtual Private Networking (VPN) to create a secure connection to a private network over the public Internet.  802.11: Wireless networking technologies, including the most common 802.11b, faster 802.11a, and newer 802.11g and 802.11n wireless communications methods.  802.12: The 100VG AnyLAN technology developed by Hewlett Packard, which uses the demand priority access method.  802.15: Wireless personal area networks  802.16: Broadband Wireless MANs  802.17: Resilient Packet Rings  802.18: Radio Regulatory Technical Advisory Group  802.19: Coexistence Technical Advisory Group  802.20: Mobile Broadband Wireless Access (MBWA) Note The missing numbers in the 802.xx series may be unused or disbanded prior to reaching the standard. The 802 committee pertaining to network standards works continuously in bringing newer, faster, more efficient, and more secured protocols. To know the latest, please visit www.ieee802.org or www.ieee.org. Note Although some of this material may have been covered earlier, knowing it is imperative to passing the test, and repetition builds your ability to recall information when needed. The 802 standards need to be committed to memory, as you will definitely need to know them come exam time. CHAPTER 6: The OSI Model and Networking Protocols 262 MAC Media access control refers to the method used to allocate the use of the medium among the computers and devices on the network. The MAC method performs a function similar to the chairperson of a meeting, whose responsibility it is to recognize each speaker in turn and keep everyone from talking at once. In networking, access control is important only when many devices share a common medium, such as a coaxial cable or twisted-pair cable, and then it is very important. Various schemes have been devised to control access to the media by the connected devices. If no methods were in place, all devices would send data whenever it suited them. On a small network, this might not be a problem, but if there are more than a few devices, it quickly causes congestion, collisions, and errors because everybody’s talking at once. Therefore, as the size of the typical network grew, it was important to develop standard methods to control access to the shared media so that communication would proceed in an orderly and predictable manner. The access control method lays out rules defining how access is allocated, just as Robert’s Rules of Order govern how meetings proceed (to see Robert’s Rules of Order, visit www.constitution.org/rror/rror 00.htm). MAC is performed by MAC layer protocols. Although there are many different MAC protocols for a wide variety of media used by many different communications technologies (cellular, cable TV, satellite, etc.), we’re going to concentrate on those that are most common in computing today. These include as follows: CSMA/CD CSMA/CA Token passing Network Interface Hardware/Software The network interface is established through the NIC. Each type of NIC uses a different type of connector to connect to the physical medium. The connector types are delineated in the IEEE 802 specifications. Each network technology is delineated in its own section of the 802 specification, as described previously. Again, most significantly, Ethernet is defined in 802.3, Token Ring in 802.5, and wireless networking in 802.11. The NIC uses both hardware and software in connecting the device to the network media. The TCP/IP Network Interface layer defines protocols used by the NIC to receive, assemble, address, and transmit. For example, most Ethernet networks in use today employ an Ethernet NIC, which, The DoD Networking Model 263 among other things, uses CSMA/CD to control media access. The most common type of Ethernet NIC uses a Category 5 or greater unshielded twisted-pair cable (typically referred to as UTP CAT5, CAT5e, or CAT6) with specified pin connections. In some cases (although not very common anymore by today’s standards), Ethernet is still deployed occasionally over thin (diameter, 1/4 inch) or thick (diameter, 1/2 inch) coaxial cable. Ethernet can also be deployed over fiber-optic cable. Regardless of the cable type, Ethernet networks use the same contention-based access control method. UTP cabling connects to the NIC via an RJ-45 modular plug and jack (similar to a large phone jack), and thin coax (Thinnet) connects via a BNC connector (Bayonet Neill Concelman, after its twist-on style and the two men who invented it) shaped like a T. Thick coax (Thicknet) is connected via a vampire tap (a metal pin that penetrates the cable) to an external transceiver, which in turn connects to the NIC. Other types of Ethernet NICs have the transceiver built onto the NIC itself. Some NICs (seen in older PC deployments), called combo cards, have connectors for more than one type of cable. The Ethernet NIC is also responsible for receiving/sending and assembling/disassembling data to and from the network connection. The Network Interface layer in the DoD model encompasses the functions of the OSI model’s physical and data link control layers and controls media access and the assembly/disassembly of data at the lowest level of the hierarchy. Layer 2: Internet The next layer in the DARPA model is the Internet layer, which maps to the network layer of the OSI model. The Internet layer, so-called because of the addressing scheme that makes communications possible across a network Test Day Tip It’s common to see new technologies being learned, standardized, and implemented at a very rapid speed, but it’s also common to be replacing older technologies with said new ones. Therefore, it’s common to see historical information on the Network  exam, historical in that it covers technologies that are not commonly installed anymore but are definitely commonly removed, migrated, upgraded, or replaced. Prevalent in older renditions of the exam was the need to know about things that were very common to older networking topologies such as coaxial cabling, 10Base5, 10Base2 technologies, Bus networking topologies, and so on. It still holds true today that you should know about these technologies for the exam, so do not overlook studying for them. CHAPTER 6: The OSI Model and Networking Protocols 264 of networks, or internetwork, is responsible for packaging, addressing, and routing the data. When this layer was originally conceived, the Internet as we know it today did not exist. The concept behind this layer was to define a framework for two computers to connect to one another to share data. This laid the foundation for widespread internetworking, which led to what we now know as the Internet. Before data can be sent out over the network interface, they must have a standard format, size, and addressing scheme. The Network Interface layer is responsible only for taking the data it is given and translating them into signals on a physical medium. The Internet layer defines packet structure (what each bit of a data segment means), addressing, and routing. Layer 3: Host-to-Host Layer 3 in the DARPA model is the Host-to-Host Transport layer, some- times called the transport layer since this layer maps to the transport layer (Layer 4) in the OSI model. As the name implies, this layer is responsible for transporting the data. It sets up communications between the application layer and the lower layers. The Internet layer is responsible for formatting, addressing, and routing the data, and the Host-to-Host Transport layer is responsible for setting up the connection between hosts so that formatted data can be sent. Because this layer establishes a connection, it can also take on some of the responsibilities of the session layer of the OSI model. In TCP/IP, the two core protocols used at the Host-to-Host Transport layer are TCP and the UDP. TCP is a more complex protocol that provides reliable data transport, the application sending the data receives acknowledgement that the data was received. UDP is a much simpler protocol that does not provide acknowledgement messages. Although this makes UDP data transport less reliable, it is a very useful protocol in certain applications where fast, simple communication is required. Layer 4: Application The application layer of the DARPA model operates at the session, presentation, and application layers of the OSI model. One of the main reasons why the DoD model is still used when referencing TCP/IP is because the TCP/IP protocol suite’s protocols (such as FTP, Telnet, and so on) do not map perfectly into the OSI model; they have overlap, and this is why you will see three OSI model layers under one layer in the DoD model. The DoD model’s application layer enables applications to communicate with Networking Protocols 265 one another and it provides access to the services of the other underlying layers (Network Interface, Internet, and Host-to-Host Transport). There are wide varieties of application layer protocols, and more are continually being developed because they can rely on all the services beneath them. If you think of how your computer software is configured, you will realize that you use many different applications that rely upon the services of the underlying operating system. Each application does not have to provide duplicate services, such as a routine for accessing your disk drive; that is provided by the operating system and the application utilizes that functionality. This is how the application layer of the networking model works as well. It relies upon the underlying services. In this way, developers do not have to write code continually to provide the underlying functionality but can simply access that functionality by adhering to agreed-upon standards and specifications. We’ll look at a number of application layer protocols when we look at TCP/IP in detail. We’ve discussed the four layers of the DARPA or DoD model of internetworking. Throughout this discussion, we’ve mentioned the OSI model. Now, let’s take a look at the application layer protocols. NETWORKING PROTOCOLS We briefly mentioned some of the application layer protocols in our discussion of the OSI application layer. In the following sections, we describe some of these in more detail. We won’t cover every single application layer protocol in use today (we couldn’t, without turning this book into an encyclopedia set), but we will cover some of the protocols and services that you’re not only likely to work with on the job as a network technician but that you’re also likely to encounter on the Network certification exam. NetBIOS over TCP NetBIOS over TCP (NetBT) is a legacy protocol and naming service that has been largely supplanted by the use of DNS, discussed later. However, in organizations running operating systems or applications that cannot use DNS for name services, NetBT must still be enabled. NetBT is an application layer set of protocols that provides name, session, and datagram services for NetBIOS applications. NetBIOS was originally developed for IBM by Systek Corporation to extend the capabilities of the BIOS to include the ability to work across a network. It is a software interface and a naming convention, not a protocol (although you will see it referred . interface was written, that main- frame still could communicate only with its specified counterpart. If either mainframe’s operating system changed, the interface might be broken and programmers. called back in to reestablish the communication system between the two mainframes. The U.S. Department of Defense Advanced Research Projects Agency (DARPA) tackled this problem with an experiment. the Internet, which relies on TCP/IP. The DARPA architecture, known as the DARPA model or the Department of Defense (DoD) model, defines four layers starting at the network cable (or interface)