TCP/IP Refresher

1
TCP/IP Refresher

• Prabhaker Mateti
• (ack Many many sources )

2
TCP/IP ?

• TCP Transmission Control Protocol
• IP Internet Protocol
• Almost always includes other protocols
• UDP, User (Unreliable) Datagram
• ICMP, Internet Control Message
• ARP, Address Resolution

3
Whats a Protocol?

• An agreed upon convention for communication.
• Protocols must be formally defined and unambiguous

4
Layers
TCP
 
UDP  
    ICMP other
IP layer IP layer IP layer IP layer
Physical Physical Physical Physical Physical   Physical
 
The relative heights indicate the level of
functionality.
5
Unix is a Layered System
Applications
Libraries
System Calls
Kernel
6
Layers

• The routines/methods of Layer N will not call
  Layer N1.
• The routines/methods of Layer N typically do call
  the same layer methods.
• The routines/methods of Layer N typically do call
  Layer N-1 methods.

7
DoD model Four Layers

1. Network Access Layer Delivery over physical
   media in use.
2. Internet Layer Delivery across different
   physical networks that connect source and
   destination machines.
3. Host-to-Host Layer Connection rendezvous, flow
   control, retransmission of lost data, etc. TCP
   and UDP protocols are in this layer.
4. Process Layer User-level functions, such as
   SMTP, FTP and rlogin.

8
OSI Reference Model

• Seven Layers
• 7. Application
• 6. Presentation
• 5. Session
• 4. Transport
• 3. Network
• 2. Data Link
• 1. Physical

9
TCP/IP OSI

• In OSI reference model terminology -the TCP/IP
  protocol suite covers the network and transport
  layers.
• TCP/IP can be used on many data-link layers (can
  support many network hardware implementations).

10
Process
Process
Process Layer
TCP
UDP
Transport Layer
ICMP, ARP RARP
IP
Network Layer
802.3
Data-Link Layer
11
Physical Layer

• Responsibility
• transmission of raw bits over a communication
  channel.
• Issues
• mechanical and electrical interfaces
• time per bit
• distances

12
Data Link Layer - Data Link Control

• Responsibility
• provide an error-free communication link
• Issues
• framing (dividing data into chunks)
• header trailer bits
• addressing

10110110101
01100010011
10110000001
13
The Data Link Layer - The MAC sub layer

• Medium Access Control (MAC) - needed by
  multi-access networks.
• MAC provides DLC with virtual wires on
  multi-access networks.

14
Ethernet A Data-Link Layer

• IEEE 802.3
• Variety of physical layers.
• Multi-access (shared medium).
• Interface has a unique 6-byte hardware address.
  (E.g. 00-D0-09-E8-08-61)
• The broadcast address is all 1s.
• Addresses are assigned to vendors by a central
  authority.

15
An Ethernet Frame
8 bytes
6
6
2
0-1500
4

• Preamble is a sequence of alternating 1s and 0s
  used for synchronization.
• CRC is Cyclic Redundancy Check

16
Ethernet Addressing

• Each NIC looks at every frame and inspects the
  destination address. If the address does not
  match the hardware address of the interface or
  the broadcast address, the frame is discarded.
• Some NICs can be programmed to recognize
  multicast addresses.

17
The Network Layer

• Responsibilities
• path selection between systems (routing).
• subnet flow control.
• fragmentation reassembly
• translation between different network types.
• Issues
• packet headers
• virtual circuits

18
The Transport Layer

• Responsibilities
• provides virtual end-to-end links between peer
  processes.
• end-to-end flow control
• Issues
• headers
• error detection
• reliable communication

19
The Session Layer

• Responsibilities
• establishes, manages, and terminates sessions
  between applications.
• service location lookup
• Many protocol suites do not include a session
  layer.

20
The Presentation Layer

• Responsibilities
• data encryption
• data compression
• data conversion
• Many protocol suites do not include a
  Presentation Layer.

21
The Application Layer

• Responsibilities
• anything not provided by any of the other layers
• Issues
• application level protocols
• appropriate selection of type of service

22
Layering Headers

• Each layer needs to add control information.
• Typically prefixed to the data before passing on
  to the lower layer.

23
Headers
DATA
Process
Process
Transport
Transport
DATA
H
Network
DATA
H
H
Network
Data Link
Data Link
DATA
H
H
H
24
Example Headers

• Physical no header
• Data Link
• address of the receiving endpoints
• address of the sending endpoint
• length of the data
• checksum

25
Network layer header - examples

• protocol
• header checksum
• source network address
• destination network address

• protocol suite version
• type of service
• length of the data
• packet identifier
• fragment number
• time to live

26
Connecting Networks

• Repeater physical layer
• Bridge data link layer
• Router network layer
• Gateway network layer and above.

27
Repeater

• Copies bits from one network to another
• Does not look at any bits
• Allows the extension of a network beyond physical
  length limitations

REPEATER
28
Bridge

• Copies frames from one network to another
• Can operate selectively - does not copy all
  frames (looks at data-link headers).
• Extends the network beyond physical length
  limitations.

BRIDGE
29
Router

• Copies packets from one network to another.
• Makes decisions about what route a packet should
  take (looks at network headers).

30
Gateway

• Operates as a router
• Data conversions above the network layer.
• Conversions
• encapsulation - use an intermediate network
• translation - connect different application
  protocols
• encryption - could be done by a gateway

31
Encapsulation Example
Gateway
Gateway

• Provides service connectivity even though
  intermediate network does not support protocols.

32
Translation
Gateway

• Translate from green protocol to brown protocol

33
Encryption gateway
34
Hardware v. Software

• Repeaters are typically hardware devices.
• Bridges can be implemented in hardware or
  software.
• Routers and gateways are typically implemented in
  software so that they can be extended to handle
  new protocols.
• Many workstations can operate as routers or
  gateways.

35
Modes of Service

• connection-oriented vs. connectionless
• sequencing
• error-control
• flow-control
• byte stream vs. message based
• full-duplex vs. half-duplex.

36
Connection-Oriented Service

• establishment of a logical connection between two
  processes.
• transfer data
• terminate connection.

37
Connectionless Service

• Sends independent messages.

38
Sequencing

• Sequencing provides support for an order to
  communications.
• A service that includes sequencing requires that
  messages (or bytes) are received in the same
  order they are sent.

39
Error Control

• Some services require error detection.
• Checksums provide a simple error detection
  mechanism.
• Error control sometimes involves notification and
  retransmission.

40
Flow Control

• Flow control prevents the sending process from
  overwhelming the receiving process.
• Flow control can be handled in a variety of ways.

41
Byte Stream vs. Message

• Byte stream implies an ordered sequence of bytes
  with no message boundaries.
• Message oriented services provide communication
  service to chunks of data called datagrams.

42
Full- v. Half-Duplex

• Full-Duplex services support the transfer of data
  in both directions.
• Half-Duplex services support the transfer of data
  in one direction.

43
End-to-End v. Hop-to-Hop

• Service modes, flow control and error control can
  be
• Either between endpoints of the communication.
• Or between consecutive nodes on the path between
  the endpoints.

44
End-to-End
45
Hop-by-Hop
46
Buffering

• Buffering can provide more efficient
  communications.
• Buffering is most useful for byte stream services.

Process A
Process B
Send Buffer
Recv. Buffer
47
Addresses

• Physical Layer no address necessary
• Data Link Layer address must be able to select
  any host on the network.
• Network Layer address must be able to provide
  information to enable routing.
• Transport Layer address must identify the
  destination process.

48
Broadcasts

• Broadcast sending a message from one host to
  all other hosts on the network.
• A special address called the broadcast address
  is created.
• Some popular network services are based on
  broadcasting (YP/NIS, rup, rusers)

49
The IP in TCP/IP

• IP is the network layer
• packet delivery service (host-to-host).
• translation between different data-link protocols.

50
IP Datagrams

• IP provides connectionless, unreliable delivery
  of IP datagrams.
• Connectionless each datagram is independent of
  all others.
• Unreliable there is no guarantee that datagrams
  are delivered correctly or at all.

51
IP Addresses

• The address must include information about what
  network the receiving host is on. This makes
  routing feasible.
• IP addresses are not the same as the underlying
  data-link (MAC) addresses.

52
IP Addresses

• Includes a network ID and a host ID.
• A Network ID is assigned to an organization by a
  global authority (http//www.iana.org/ )
• Host IDs are assigned locally by a system
  administrator.

53
IP Addresses

• A single NIC is assigned one IP address.
• A host may have multiple NICs, and therefore
  multiple host addresses.
• Hosts that share a network all have the same IP
  network address (the network ID).

54
Subnet Addresses

• An organization can subdivide its host address
  space into groups called subnets.
• The subnet ID is generally used to group hosts
  based on the physical network topology.
• It is possible to have a single wire network with
  multiple subnets.

NetID
SubnetID
HostID
55
IP4 Addresses
Class
56
IP Addresses

• An IP broadcast address has a host- ID of all
  1s.
• An IP address that has a host ID of all 0s is
  called a network address and refers to an entire
  network.

57
IP Addresses v. MAC Addresses

• IP Addresses are not recognized by NIC.
• The process of finding the MAC address of a host
  given the IP address is called Address
  Resolution.
• The process of finding out the IP address of a
  host given a hardware address is called Reverse
  Address Resolution.

58
IPv6 addresses

• Address is 128 bits long (16 bytes)
• Addresses are written in hexadecimal
• Addresses can be abbreviated
• 3FFE0B00000000000000000000000001
• 3FFE0B000001
• 3FFEB001
• There is no broadcast addresses, only multicast.
• Loopback address is 1
• Addresses are scoped
• Link-local, site-local, global

59
IP6 Address
60
IP4-Compatible IP6 Address
80 bits of 0s followed by 16 bits of 0s, followed
by a 32 bit IP4 Address
0000 . . . 0000
IP4 Address
0000
80 bits
32 bits
16 bits
61
ARP

• ARP is a broadcast protocol. Each host checks the
  request against its own host addresses - the
  matched one responds.
• Hosts remember the hardware addresses of others.
• ARP protocol specifies that the receiving host
  should also remember the IP and hardware
  addresses of the sending host.

62
Services provided by IP

• Connectionless Delivery (each datagram is treated
  individually).
• Unreliable (delivery is not guaranteed).
• Fragmentation / Reassembly (based on hardware
  MTU).
• Routing.
• Error detection.

63
IP Datagram
64
IP Datagram Fragmentation

• Fragmentation can happen when datagrams are
  forwarded through a network for which they are
  too big.
• IP specifies that datagram reassembly is done
  only at the destination (not on a hop-by-hop
  basis).
• If any of the fragments are lost the entire
  datagram is discarded (and an ICMP message is
  sent to the sender).

65
ICMP (Internet Control Message Protocol)

• ping www.yahoo.com
• ICMP uses IP to deliver messages.
• ICMP messages are usually generated and processed
  by the IP layer, not the user process.

66
ICMP

• If packets arrive too fast the receiver discards
  excessive packets and sends an ICMP message to
  the sender (SOURCE QUENCH).
• If an error is found (header checksum problem,
  say) the packet is discarded and an ICMP message
  is sent to the sender.

67
ICMP Message Types

• Echo Request
• Echo Response
• Destination Unreachable
• Redirect
• Time Exceeded
• Redirect (route change)
• more ...

68
UDP (User Datagram Protocol)

• UDP is a transport protocol
• Uses IP to deliver datagrams
• Connectionless, Unreliable, Minimal
• UDP uses ports to provide communication services
  to individual processes.

69
Ports

• Port an abstract destination point.
• Ports are identified by a positive 16-bit
  integer.
• Operating systems provide some mechanism that
  processes use to specify a port.

70
Ports
Host A
Host B
Process
Process
Process
Process
Process
Process
71
UDP Datagram Format
72
Sockets
73
Sockets

• An active socket is connected to a remote active
  socket. Closing the connection destroys the
  active sockets at each endpoint.
• A passive socket is not connected, but rather
  awaits an incoming connection, which will spawn a
  new active socket.

74
Sockets v. Ports

• A socket is not a port. A socket is associated
  with a port. This is a many-to-one relationship.
• Each port can have a single passive socket,
  awaiting incoming connections, and multiple
  active sockets, each corresponding to an open
  connection on the port.

75
TCP

• Transmission Control Protocol
• Connection-oriented
• Reliable
• Full-duplex
• Byte-Stream

76
Connection

• Four Numbers Source IP Address, Source Port,
  Destination IP Address, Destination Port
• connection is established Operating Systems of
  both source and destination hosts are maintaining
  state information re the connection.

77
Connection-Oriented

• Connection oriented means that a virtual
  connection is established before any payload data
  is transferred.
• If the connection cannot be established the user
  program is notified.
• If the connection is ever interrupted the user
  program is notified.

78
Connection establishment

• Connection establishment phase is required
• Ensures that the receiving process is
  available and to synchronize sequence
  numbers, etc.

79
TCP State Diagram
80
Reliable

• Every transmission of data is acknowledged by the
  receiver.
• If the sender does not receive ACK within a
  specified amount of time, the sender retransmits
  the data.
• ACK can be piggybacked on data.

81
Byte Stream

• Stream means that the connection is treated as a
  stream of bytes.
• The user application does not need to package
  data in individual datagrams (as with UDP).

82
Buffering

• TCP is responsible for buffering data and
  determining when it is time to send a datagram.
• It is possible for an application to tell TCP to
  send the data it has buffered without waiting for
  a buffer to fill up.

83
Full Duplex

• TCP provides transport in both directions.
• To the application program these appear as two
  unrelated data streams, although TCP can
  piggyback control and data communication by
  providing control information (such as an ACK)
  along with user data.

84
TCP Ports

• Interprocess communication via TCP is achieved
  with the use of ports (just like UDP).
• UDP ports have no relation to TCP ports
  (different name spaces).

85
TCP/UDP Ports

• Reserved Ports less than 1024 Only root can bind
  to these ports.
• Local Port of a process that requested the
  connection. Usually a random number, 0-65535.
• Remote Port What application accepted the
  connection. Usually a known number.
  /etc/services. E.g.,
• 80 for HTTP
• 143 for IMAP
• 443 for HTTP/SSL

86
TCP Segments

• The chunk of data that TCP asks IP to deliver is
  called a TCP segment.
• Each segment contains
• data bytes from the byte stream
• control information that identifies the data
  bytes

87
TCP Segment Format
88
Sequence Number

• The positional number of the first data byte in
  this segment, except when SYN control flag is 1. 
  
• If SYN is 1 the sequence number is the initial
  sequence number (ISN).
• 32 bit unsigned integer

89
Sequence Number

• Initial Sequence Number (ISN) is randomly
  generated.
• What if ISN is not random?
• You can hijack and kill arbitrary connections!

90
Acknowledgment Number

• If the ACK control bit is set, this field
  contains the value of the next sequence number
  the sender of the segment is expecting to
  receive. Once a connection is established this is
  always included.

91
Control Bits

• URG Urgent Pointer field significant
• PSH Push Function
• ACK Acknowledgment field significant
• RST Reset the connection
• SYN Synchronize sequence numbers
• FIN No more data from sender

92
TCP v. UDP

• Q Which protocol is better ? A It depends on
  the application.
• TCP provides a connection-oriented, reliable byte
  stream service (lots of overhead).
• UDP offers minimal datagram delivery service (as
  little overhead as possible).

93
TCP three-way handshake

• Establishes a connection.
• A I would like to talk to you B.A sends a SYN
  packet to B
• B Ok, let's talk.B sends a SYN-ACK packet to
  A
• A Thanks for agreeing.A sends ACK to B

94
TCP three-way handshake

• Flags src dst seq ack
• SYN 1037 80 102723769 0
• SYN-ACK 80 1037 1527857206 102723770
• ACK 1037 80 102723770 1527857207

95
Four-Way Handshake

• The Four-Way Handshake terminates a previously
  established connection
• A to B FIN
• B to A ACK
• B to A FIN
• A to B ACK

96
Connection Resetting

• Host X sends an RST packet resetting the
  connection if
• Y requested a connection to a non-existent port P
  on host X, or
• For whatever reason (idle for a long time, or an
  abnormal condition, ...), the host X (client or
  the sever) wishes to close the connection.
• Resetting is unilateral.