Computer Network Table of Content References: Data- Computer Communication handbook- William Stallings Part3 TCP/IP Protocol Suite and IP Format 3 CCNA- semester1-2-3-4 Internet addresses TCP/IP Illustrated, Volume I - W.R Stevens Introduction to TCP/IP Model ICMP TCP UDP IP Addressing TCP/IP model development • The late-60s The Defense Advance Research Projects Agency (DARPA) originally developed Transmission Control Protocol/Internet Protocol (TCP/IP) to interconnect various defense department computer networks INTRODUCTION TO TCP/IP TCP/IP protocol stack TCP/IP protocol stack • The Internet, an International Wide Area Network, uses TCP/IP to connect networks across the world Cases of Access Network • Focus on IP Network level: •Multiple higherlayer protocols to applications WAN WAN to WAN •Multiple lowerlayer protocols to physical links •Only IP protocol at the network layer Internal Using in ptithcm LAN to WAN LAN to LAN IP Suite: End Hosts vs Routers The Network Access Layer host HTTP message HTTP router IP IP packet TCP • Deals all the details in the OSI physical and data link layers router IP packet IP • To LAN with Ethernet, Tokenring, FDDI • To WAN with dial-up/PSTN, Frame relay, ADSL/ATM, leaseline … TCP segment TCP • Provide the ways and means to access to the internal network (LAN) or external network (WAN) HTTP host IP IP packet – Connectors with electrical, mechanical, procedural and functional specifications IP – Media access control with • Data rate, Distances, synchronization Ethernet interface Ethernet interface SONET interface SONET interface Ethernet interface • Frames, physical addressing, flow control, error control Ethernet interface • Multiplexing The internet layer The Transport Layer • IP provide provides an unreliable connectionless best effort service (also called: “datagram service”) – Unreliable: IP does not make an attempt to recover lost packets – Connectionless: Each packet (“datagram”) is handled independently IP is not aware that packets between hosts may be sent in a logical sequence – Best effort: IP does not make guarantees on the service (no throughput guarantee, no delay guarantee,…) • Consequences: – Higher layer protocols have to deal with losses or with duplicate packets – Packets may be delivered out-of-sequence • Responsibility Application layer • • Responsibility – Handles high-level protocols, issues of representation, encoding, and dialog control, and assures this data is properly packaged for the next layer Concerned – File Transfer ( TFTP, FTP, NFS) – E-Mail (SMTP) – Remote Login (Telnet, rlogin) – Network management (SNMP) – Name Management (DNS) Internal Using in ptithcm – Provides reliable transport services from the source host to the destination host (end-to-end) over networks • Concerns – Segments, data stream, datagram – Defines end-to-end connectivity between host applications – Transmission control protocol (TCP) – Connection oriented – User datagram protocol (UDP) – Connectionless Internet layer other protocols • Internet Control Message Protocol (ICMP) − Provides control and messaging capabilities – IP communication service messages like PING, TRACEROUTE and ROUTER • Internet Group Message Protocol (IGMP) – IP communications based on multicasting (sending to groups of hosts) • Address Resolution Protocol (ARP) − Determines the data link layer address, MAC address, for known IP addresses • Reverse Address Resolution Protocol (RARP) − Determines IP addresses when the MAC address is known Internet layer other protocols • Routing protocols: – RIP/ RIPng (for IPv6) – OSPF v2, v3 – BGP • For security: – 802.1x – IPsec – SSL/ TLS – SSH • For QoS control: RSVP… IP Datagram Format bit # version header length IP Datagram Format 15 16 23 ECN DS Identification D M F QoS controlling at transit routers: F time-to-live (TTL) 24 31 bit # total length (in bytes) protocol Fragment offset time-to-live (TTL) DS- Differentiated Service / Type-of-Service (TOS) payload IP Datagram Format version header length 15 16 Identification time-to-live (TTL) 23 24 total length (in bytes) D M F F protocol Fragment offset header checksum source IP address • Header checksum field: detects error occurring destination IP address options (0 to 40 bytes) payload bytes Internal Using in ptithcm 31 D M F F protocol Fragment offset header checksum IP Datagram Format ECN DS 24 •Used as follows: bytes •Sender sets the value (e.g., 64) •Each router decrements the value by •When the value reaches 0, the datagram is dropped bytes •and fragment offset4fields bit # 23 total length (in bytes) source IP address options (0 to 40 bytes) • more flag 15 16 ECN DS •Protocol field: specifying the higher-layer protocol destination IP •Time To Live (TTL) (1 byte): of address •Protocol field value •Specifies longest paths ICMP,bytes): UDP,08 dropped options (0 to 40 datagram is : EGP : 06 : TCP, 01 : before 17 •Role of TTL field: Ensure that packet is eventually payload dropped when a routing loop occurs • total length destination IP address Explicit Congestion Notification to TCP (ECN-2bits) •don’t fragment header length Identification header checksum Fragmenting and re-assembly functions using source IP address field • identification version 31 •In some cases option with source route also used for 15 16 23 24 31 routing header Several options can be added to IP header: ECN version DS total length (in bytes) length • Source route D M Identification Fragment offset • Record route F F time-to-live (TTL) • Timestamp protocol header checksum bit # source IP address destination IP address •Routing datagram by destination address and source address fields payload •In some cases option with source route also used for routing bytes options (0 to 40 bytes) IP Functions (1/2) • QoS controlling at transit routers: – DS- Differentiated Service / Type-of-Service (TOS) field • Explicit Congestion Notification to TCP (ECN-2bits): • Fragmenting and re-assembly functions using total length, identification, don’t fragment, more flag and fragment offset fields • Routing datagram by destination address and source address fields In some cases option with source route also used for routing – Several options can be added to IP header: • Record route • Source route • Timestamp Routing • End systems and routers maintain routing tables – Indicate next router to which datagram should be sent – Static • May contain alternative routes – Dynamic • Flexible response to congestion and errors • Source routing – Source specifies route as sequential list of routers to be followed – Security – Priority • Route recording Fragmentation and Re-assembly IP Functions (2/2) • Time To Live (TTL) (1 byte): – Specifies longest paths before datagram is dropped – Role of TTL field: Ensure that packet is eventually dropped when a routing loop occurs Used as follows: – Sender sets the value (e.g., 64) – Each router decrements the value by – When the value reaches 0, the datagram is dropped • Specifying the higher-layer protocol – Protocol field: 06 : TCP, 01 : ICMP, 17 : UDP,08 : EGP • Detecting error datagram by Header checksum (2 bytes Datagram Lifetime • Datagrams could loop indefinitely – Consumes resources – Transport protocol may need upper bound on datagram life • Datagram marked with lifetime – Time To Live field in IP – Once lifetime expires, datagram discarded (not forwarded) – Hop count • Decrement time to live on passing through a each router – Time count • Need to know how long since last router IP Fragmentation (1) • Different packet sizes • When to re-assemble – At destination • Results in packets getting smaller as data traverses internet – Intermediate re-assembly • Need large buffers at routers • Buffers may fill with fragments • All fragments must go through same router – Inhibits dynamic routing Internal Using in ptithcm • IP re-assembles at destination only • Uses fields in header – Data Unit Identifier (ID) • Identifies end system originated datagram – Source and destination address – Protocol layer generating data (e.g TCP) – Identification supplied by that layer – Data length • Length of user data in octets IP Fragmentation (2) Fragmentation Example – Offset • Position of fragment of user data in original datagram • In multiples of 64 bits (8 octets) – More flag • Indicates that this is not the last fragment Dealing with Failure Error Control • Re-assembly may fail if some fragments get lost • Need to detect failure • Not guaranteed delivery • Re-assembly time out – Assigned to first fragment to arrive – If timeout expires before all fragments arrive, discard partial data • Router should attempt to inform source if packet discarded – e.g for time to live expiring • Use packet lifetime (time to live in IP) – If time to live runs out, kill partial data • Source may modify transmission strategy • May inform high layer protocol • Datagram identification needed • (Look up ICMP) No Flow Control • Allows routers and/or stations to limit rate of incoming data • Limited in connectionless systems • Send flow control packets – Requesting reduced flow • e.g ICMP Internal Using in ptithcm INTERNET ADDESSES Reserved IP Addresses IP Addressing - Overview IP Addressing - Overview • Not associated with hardware • 32-bit Unique Host Address with Hierarchical form: • Or • Dotted-decimal Notation: nnn.nnn.nnn.nnn (nnn: to 255) Ex: 100.10.1.50 – Here is: Network-id Network-id • IP address= 100.10.20.30 – All Host-id bit with refers to the entire subnet/ network=> subnet/ network-id Host-id Subnet-id • net-id=100.0.0.0 or network address=100.0.0.0 Host-id – All net-id bit with refers to host-id • host-id=0.10.20.30 – Represents a combined subnet/ network number and HOST number – All Host-id bit with refers to all host (broadcast) in subnet/ network • Broadcast address= 100.255.255.255 – Loop back address= 127.0.0.1 Address Classes IP Address Classes (32 Bit Address • Class A Class B a b c d Public vs Private IP addresses • Public IP: an internet routable IP address, assigned by the Internet Numbering Private IP: – Private IP addresses are a solution to the problem of the exhaustion of public IP addresses – Subnetting is a way of taking an existing class license and breaking it down to create more Network Addresses • Purposes for Organization – This will always reduce the number of host addresses for a given network • Use of different physical media • Preservation of address space • Security – Their ranges are: 10.x.y.z (10.0.0.0 to 10.255.255.255) • 172.16.x.y (172.16.0.0 to 172.31.255.255 ) A begin with 0xxx, or to 126 decimal B begin with 10xx, or 128 to 191 decimal C begin with 110x, or 192 to 223 decimal D begin with 1110, or 224 to 239 decimal E begin with 1111, or 240 to 254 decimal Subnetting Addresses that is only used on an internal network not routed on the Internet backbone: • Class Class Class Class Class • Authority • Determining the class of the address by looking at the first bits of the IP address: – – – – – Host ID Host ID Network ID Network ID Class C • Host ID Host ID Network ID Network ID There are different address classes – Class A, B, C for unicast addressing – Class D for multicast addressing – Class E for experiment Host ID Host ID Network ID Network ID 232 = 4.2 billion possible addresses) • Control network traffic • Subnet masks are applied to an IP address to identify the Network portion and the Host portion of the address • 192.168.x.y (192.168.0.0 to 192.168.255.255 ) Internal Using in ptithcm Subnet Masks • Classless and Prefix Subnet masks are applied to an IP address to identify the Network portion and the Host portion of the address Subnet masks have the form like IP address exception of series of bit “1” that delegates bits of Network-id and subnet-id if having subneted For examples of determining the subnet address to the IP address below: Ip address: • • • • Classless is used when an organization is granted a block of addresses, it can create subnets with variable subnet mask lengths to meet its needs • Classless addressing allows to assign as few or as many variable-sized blocks of IP addresses as requested – Variable-Length Subnet Mask –VLSM – Prefix – another name for the common part of the address range (netid) – Prefix length – the length of the prefix Class B IP address: 140.179.220.200 Subnet Mask: • • 255.255.192.0 In Binary: ex1: 195.10.100.0/24 => block of 28(255) ip host addresses have the same prefix of 195.10.100.0 ex2: 195.10.100.0/26 => block of 26 (64) ip host addresses have the same prefix of 195.10.100.192 10001100.10110011.11110000.11001000 11111111.11111111.11000000.00000000 10001100.10110011.11000000.00000000 The computer has found that Subnet Address is 140.179.192.0 AND Subnet Masks & Prefix Transport In classful addressing, the mask for each block is implicit – 255.0.0.0 /8 – 255.255.0.0 /16 – 255.255.255.0 /24 • In classless addressing, we need the address and the mask to find the block the address belongs to (prefix) TCP Network • Internet Control Message Protocol (ICMP) ARP RARP UDP IP ICMP Destination unreachable Echo (Ping) Others • ICMP is the component of the TCP/IP protocol stack that addresses this basic limitation of IP • An error/information reporting protocol for IP IP header format: Protocol Encapsulation of an ICMP in an IP packet Frame Header Type •• •• bits bits Indicates which upper-layer protocol Indicates which upper-layer protocol receives incoming packets after IP receives incoming packets after IP processing has been completed processing has been completed •• 06 :: TCP 06 TCP •• 17 :: UDP 17 UDP Datagram Header ICMP Header 16 Code ICMP Data 31 Checksum Option Header Option Data … 01 :: ICMP 01 ICMP 08 :: EGP 08 EGP Internal Using in ptithcm ICMP Types of Control messages Type Description Destination unreachable Source quench Redirect / Change request Echo Request • Error ICMP sends the error report to source host about: Echo reply Routers advertisment 10 Time exceeded 12 Parameter problem 13 Timestamp 14 Timestamp reply 15 Information Request 16 Information Reply 17 Address Mask Request 18 • Control ICMPs, are used to inform hosts of conditions such as network congestion or the existence of a better gateway to a remote network Router Selection 11 •Error condition occurred during datagram transmission Destination unreachable message Type(3) 16 Code(0-12) 31 Checksum Unused (must be zero) Internet Header + First 64 bits of datagram Address Mask Reply • Query ICMP are used to provide information for network management Code values for destination unreachable message Code Description • The value of in the type field indicates it is a destination unreachable message • The code value indicates the reason the packet could not be delivered Error reporting but error correction Net unreachable Destination unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed and DF set Source route failed Destination network unknown Destination host unknown Source Host Isolated Communication with destination network administratively prohibited 10 Communication with destination network administratively prohibited 11 Network unreachable for type of device • It does not propagate information about network changes to routers 12 Host unreachable for type of device • Does not correct the encountered network problem Fa0/0 IP ICMP C A Workstation Workstation • ICMP reports on the status of the delivered packet only to the source device Destination unreachable Using ping to test destination reachability I don not know How to get to Z! Send ICMP Send Data To Z A C Data network To Z Yes, I am here Is B reachable A A B C ICMP echo request Destination unreachable • An ICMP destination unreachable message is send if: ICMP echo reply •Host or port unreachable •Network unreachable Internal Using in ptithcm Miscellaneous error reporting ICMP echo messages 16 Type (3 or 8) Code (0) 31 Type (12) Checksum Identifier 16 Code (0-2) Pointer Sequence number 31 Checksum Unused ( Must be zero) Internet Header + First 64 bits of datagram Option Data … … • The value of in the type field indicates it is the echo request • The value of in the type field indicates it is the echo reply • Parameter problem • When the code value is 0, the pointer field indicates the octet of the datagram that produced the error Detecting excessively long routes ICMP redirect/change requests Type (12) 16 Code (0-2) Pointer 31 Checksum Unused ( Must be zero) Internet Header + First 64 bits of datagram … • When the TTL of the datagram value reaches zero, the packet is discarded • ICMP uses a time exceeded message to notify the source device that the TTL of the datagram has been exceeded ICMP redirect/change requests C Router B Router A E0 172.16.1.100 172.16.1.1/24 Default GW: 172.16.1.100 10.0.0.1/8 E0 172.16.1.200 B • Router A sends an ICMP redirect/change request to Host B telling it to use Router B as the gateway to forward all future requests to network 10.0.0.0/8 Internal Using in ptithcm • Parameter problem • When the code value is 0, the pointer field indicates the octet of the datagram that produced the error Conditions to send ICMP redirect/change request • Default gateways only send ICMP redirect/change request messages if the following conditions are met: –The interface on which the packet comes into the router is the same interface on which the packet gets routed out –The subnet/network of the source IP address is the same subnet/network of the next-hop IP address of the routed packet –The datagram is not source-routed –The route for the redirect is not another ICMP redirect or a default route –The router is configured to send redirects (By default, Cisco routers send ICMP redirects The interface subcommand no ip redirects will disable ICMP redirects.) The ICMP redirect/change request message Type (5) 16 Code (0-3) Clock synchronization and transit time estimation 16 31 Checksum Type (13 or 14) Identifier Router Internet address Sequence number Receive Timestamp Transit Timestamp … • The Router Internet Address field in the ICMP redirect is the IP address that should be used as the default gateway for a particular network • Allows a host to ask for the current time according to the remote host • More robust protocols such as Network Time Protocol (NTP) at the upper layers of the TCP/IP protocol stack perform clock synchronization in a more reliable manner Information requests and reply message formats Type (15 or 16) Checksum Originate Timestamp Internet Header + First 64 bits of datagram Code (0) 31 16 Code (0) Address mask requirements 31 Identifier Type (17 or 18) Checksum 16 Code (0) Identifier Sequence number 31 Checksum Sequence number Address Mask … • Originally intended to allow a host to determine its network number, is considered obsolete • Subnet mask is crucial in identifying network, subnet, and host bits in an IP address • Other protocols such as BOOTP and Dynamic Host Configuration Protocol (DHCP) are now used to allow hosts to obtain their network numbers • If a host does not know the subnet mask, it may send an address mask request to the local router or broadcast • When the router receives the request, it will respond with an address mask reply This address mask reply will identify the correct subnet mask Router discovery message Type (9) Number of addresses 16 Router solicitation message 31 Code (0) Checksum Address entry size Lifetime Router address Type (10) 16 Code (0) 31 Checksum Reversed Preferences Level Router address Preferences Level •Hosts use router discovery message to learn of available routers (gateway) •Using the multicast address 224.0.0.2 as the destination address May also be broadcast •A host generates an ICMP router solicitation message in response to a missing default gateway •This message is sent via multicast and it is the first step in the router discovery process •A local router will respond with a router advertisement identifying the default gateway for the local host •If router that does not support the discovery process, the solicitation will go unanswered Internal Using in ptithcm 10 Congestion and flow control messages Network congestion is experienced at the WAN link ow Sl •TCP k lin High speed LAN • UDP • ICMP source-quench messages are used to reduce the amount of data lost • The source-quench message asks senders to reduce the rate at which they are transmitting packets • Most Cisco routers not send source-quench messages by default TCP and UDP port numbers Application Multiplexing Illustrated 00 -17 C RF Both TCP and UDP use port (or socket) numbers to pass information to the upper layers More… Multiplexing of sessions by ports Port number and socket Port number and socket : Web Mail HTTP STMP 80 25 TCP IP ETHERNET The same of MAC address :IP address Internal Using in ptithcm • Port numbers are used to track multiple sessions that can occur between hosts • Socket=Network address +protocol+ port number • Example: http://192.168.20.245:8080 Range of ports: • bytes: – 65535 – Numbers below 255 : for public applications – Numbers from 255 - 1023 : assigned to companies for marketable applications – Numbers above 1023 : are unregulated • End systems use port numbers to select proper applications 11 Examples of Port number TCP Segment Format • Originating source port numbers are dynamically assigned by the source host; usually, it is a number larger than 1023 • Web server application is assigned port 80 • Web client application obtains port 32938 • TCP segment sent from client to server has – source port number 32938 – destination port number 80 UDP Datagram Format • When web server responds, TCP segment has – source port number 80 – destination port number 32938 Transport Layer: TCP • TCP supplies a reliably transportation between end-user applications by dealing with the quality-of-service issues of reliability, flow control, and error correction • These are its characteristics: – Connection-oriented: Establishing end-to-end operations TCP OPERATION – Segmenting upper-layer application data – Sending segments from one end device to another end device – Flow control provided by sliding windows – Reliability provided by sequence numbers and acknowledgments, re-sends anything not received by acknowledgement – Multiplexing by port numbers TCP Header format 76 CRF TCP Header format 76 CRF •For multiplexing sessions to a certain service •Such as web with port of 80 For flow control and retransmission Internal Using in ptithcm 12 TCP Header format 61 -7 C RF TCP Header format 61 -7 C RF •Error detection URG ACK PSH RST SYN FIN TCP Reliable Data Transmission • Positive Acknowledgement – Receiver returns short message when data arrives – Call an acknowledgement • Retransmission – Sender starts timer whenever message is transmitted – If timer expires before acknowledgement arrives, sender retransmits message • TCP on one computer uses IP to communicate with TCP on another computer How Long Should TCP Wait Before Retransmitting? • Time for acknowledgement to arrive depends on – Distance to destination – Current traffic conditions • Multiple connections can be open simultaneously • Traffic conditions change rapidly Purpose of the transport layer • IP addresses allow for the routing of packets between networks But they made no provision for assuring our data reliably travels end-to-end across the often vast network path • The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination – Sliding windows – Sequencing numbers – Acknowledgments Internal Using in ptithcm 13 Synchronization or 3-way handshake Denial of service attacks • Denial of service (DoS) attacks are designed to deny services to legitimate hosts attempting to establish connections A B • DoS attacks are a common method that hackers utilize to halt system response One type of DoS is known as SYN flooding • SYN flooding exploits the normal three-way handshake and causes targeted devices to ACK to source addresses that will not complete the handshake Denial of service attacks To defend against these attacks •To defend against these attacks, system administrators may: − Decrease the connection timeout period − Increase the connection queue size − Software also exists that can detect these types of attacks and initiate defensive measures Windowing and window size: Sliding window Internal Using in ptithcm Sequencing numbers 14 Transport Layer: TCP TCP Flow Control • TCP supplies a reliably transportation between end-user applications • These are its characteristics: – Connection-oriented – Supplies a virtual circuit between end-user applications – Breaking outgoing messages into segments and reassembles messages at the destination – Resends anything not received by acknowledgement • Receiver – Advertises available buffer space – Called the window • Sender – Can send up to entire window before ACK arrives • Also called a sliding window protocol – Flow control: Windowing • The protocols that use TCP include: FTP, HTTP SMTP, Telnet Transport Layer: UDP Window Advertisement • UDP transports data unreliably between hosts • Characteristics: • Each acknowledgement carries new window information – Connectionless: – Call window advertisement – Can be zero (called closed window) • Unreliable, no software checking for message delivery • Interpretation: I have received up through X and can take Y more octets • Without acknowledgements – No flow control (no window) – No error recovery (no ACKs) • Provides application multiplexing (port number) • Error detection optional (checksum field) • Transmit messages, does not need reassemble incoming messages UDP Header format • Multiplexing by ports 76 CRF Error detection • UDP is a simplest datagram protocol that exchanges datagrams, only functions of multiplexing and error detecting • Applications: – Routing Protocols – Streaming Audio – Gaming – Video Conferencing Internal Using in ptithcm 15 ... component of the TCP /IP protocol stack that addresses this basic limitation of IP • An error/information reporting protocol for IP IP header format: Protocol Encapsulation of an ICMP in an IP packet... Internet layer other protocols • Routing protocols: – RIP/ RIPng (for IPv6) – OSPF v2, v3 – BGP • For security: – 802.1x – IPsec – SSL/ TLS – SSH • For QoS control: RSVP… IP Datagram Format bit.. .IP Suite: End Hosts vs Routers The Network Access Layer host HTTP message HTTP router IP IP packet TCP • Deals all the details in the OSI physical and data link layers router IP packet IP