Transcript (network address).

Internet Administration
Internet Society (ISOC)
Internet Architecture Board (IAB)
Internet Engineering Task Force (IETF)
Internet Research Task Force (IRTF)
Internet Assigned Numbers Authority (IANA)
Internet corporation for Names and Numbers (ICANN)
Network Information Center (NIC)
Internet administration
Internet Society
International non profit organization
formed in 1992
to provide support for the internet standards process
Internet Architecture Board
Technical Advisor to ISOC
Oversee the continuing development of the TCP/IP
Internet Engineering Task Force(IETF)
Forum of working groups managed by IESG
responsible for identifying operational problems and proposing
to these problems
develop and review internet standards
Areas
Application
User Services
Internet Protocols
Routing Operations and management
Network management
Transport Security
solutions

Internet Research Task Force(IRTF)
 Working
groups managed by IRSG
 Focus on long term research to
 Internet
protocols
 Applications
 Architecture
 Technology


Internet Assigned Numbers Authority(IANA)
Internet Corporation for Assigned Names and
Numbers(ICANN)
Responsible for the management of Internet domain
names and addresses

Network Information Center(NIC)
 Responsible
for collecting and distributing information
about TCP/IP protocols
Internet Standards




Is a thoroughly tested specification that is useful to
and adhered to by those who work with the Internet
Specification begins as an internet draft
After approval from authorities a draft may be
published as Request for Comments(RFC)
Request For Comments(RFC)

Documentation of work on the internet, proposals
for new or revised protocols, and TCP/IP protocols
standards all appear in a series of technical reports
called Internet Request For Comments,RFC’s
RFC Maturity Levels
1)
Proposed Standard
-- specification is usually tested and implemented by several different
groups
2)
3)
4)
5)
6)
Draft Standard
Internet Standard
Historic
Experimental—does not affect the operational of the internet
Informational—general, historic, tutorial
RFC Requirement Levels
1)
2)
3)
Required—Must be implemented
Recommended—not required for minimum conformance but is useful
Elective
Note required and not recommended but can use for local benefit
4)
Limited use
should be used only in limited situations, eg. experimental
1)
Not Recommended – eg. historic
IP Address


The identifier used in the IP layer of the TCP/IP
protocol to identify each device connected to the
internet is called Internet Address or IP Address
IP addresses are unique
Address space



Total number of addresses used by the protocol
IPv4- 32 bits
232 = 4,294,967,296
Notation




3 Types
Binary Notation
Dotted Decimal Notation
Hexadecimal Notation
Binary Notation




IP address is displayed as 32 bits.
To make readable , one or more space is inserted
between each octet.
e.g
01110101 10010101 00011101 11101010
Dotted Decimal Number



Internet addresses are usually written in decimal
form with a decimal point(dot) separating the bytes.
Each number in the dotted decimal notation is
between 0-255
E.g.
128.11.13.31
Change the following IP addresses from binary notation to
dotted-decimal notation.
a. 10000001 00001011 00001011 11101111
b. 11000001 10000011 00011011 11111111
c. 11100111 11011011 10001011 01101111
d. 11111001 10011011 11111011 00001111
Solution
We replace each group of 8 bits with its equivalent decimal
number and add dots for separation:
a. 129.11.11.239
c. 231.219.139.111
b. 193.131.27.255
d. 249.155.251.15
Hexadecimal Notation





Each hexadecimal digit is equivalent to four bits.
Often used in network programming
Replace each group of 4 bits with its hexadecimal
equivalent.
0X or 0x is added at the beginning or the subscript 16
at the end to show that the number is in hexadecimal
E.g. 0X810B0BEF 810B0BEF16
Classful Addressing


In classful addressing the IP address space is
divided into five classes: A B C D E
Each class occupies some part of the whole address
space.
Occupation of the address space
Addresses per class
Finding the class in binary notation
Figure 4.4
Finding the address class
Finding the class in decimal notation
Netid and hostid
Blocks in class A
Blocks in class B
Blocks in class C
Network Address
Network address is the first address in the block
Given the network address we can find the class of the
address, the block, and the range of addresses in the
block
Mask
A Mask is a 32 bit number that gives the first address in the
block, the network address, when bitwise ANDed with an address in
the block.
Given the address 23.56.7.91, find the beginning address
(network address).
Solution
The default mask is 255.0.0.0, which means that only the first
byte is preserved and the other 3 bytes are set to 0s. The network
address is 23.0.0.0.
Given the address 132.6.17.85, find the beginning address
(network address).
Solution
The default mask is 255.255.0.0, which means that the first 2
bytes are preserved and the other 2 bytes are set to 0s. The
network address is 132.6.0.0.
Given the address 201.180.56.5, find the beginning address
(network address).
Solution
The default mask is 255.255.255.0, which means that the first 3
bytes are preserved and the last byte is set to 0. The network
address is 201.180.56.0.
Multihomed Devices
A computer that is connected to different networks is called a multihomed
computer and will have ore than one address, each possibly belonging to
a different class.
Location, Not name
An Internet address defines the network location of a device,
not its identity. An internet address is made of two parts,
netid and hostid, it can only define the connection of a device
to a specific network.
Network address
Direct Broadcast Address
In classes A,B,C , if the host id is all 1s , the address is called a direct broadcast address. It
is used by a router to send packet to all hosts in a specific network. All host will accept a
packet having this type of destination address
Limited Broadcast Address
In classes A,B,C , an address with all 1s for the netid and hostid defines a broadcast
address in the current network. A host that wants to send a message to every other host can
use this address as a destination address in an IP packet.
Limited broadcast address
This host on this network
If an IP address is composed of all zeros, it means this host on this network. The host sends
an IP packet to a bootstrap server using this address as the source address and a limited
broadcast address as the destination address to find its own address
“this host on this network”
Specific Host on this network
An IP address with a netid of all zeros means a specific host on this
network. It is used by a host to send a message to another host on
the same network
“specific host on this network”
Loopback address
The IP address with first byte equal to 127 is used fro the loopback address, which is
an address used to test the software on a machine. When this address is used , a
packet never leaves the machine; it simply returns to the protocol software. It can be
used for testing.
Example of loopback address
Private Addresses
A number of blocks in each class are assigned for private use. They are not recognized
globally.
Unicast , Multicast and Broadcast addresses
1) Unicast Address
Unicast communication is one to one. A packet is sent from an individual source to an
individual destination
2)Mutlicast
Communication is one to many.A packet is sent from an individual source to a group of
destinations.
3)Broadcast
Communication is one to all
Category addresses
Addresses for conferencing
Sample internet
Subnetting
A network is divided into several subnet works with each subnetwork having its
own subnetwork address
Two levels of hierarchy
Three levels of hierarchy
A network with two levels of hierarchy (not subnetted)
A network with three levels of hierarchy (subnetted)
Addresses in a network with and without subnetting
Hierarchy concept in a telephone number
What is the subnetwork address if the destination address is
200.45.34.56 and the subnet mask is 255.255.240.0?
Solution
We apply the AND operation on the address and the subnet
mask.
Address
➡ 11001000 00101101 00100010 00111000
Subnet Mask
➡ 11111111 11111111 11110000 00000000
Subnetwork Address ➡ 11001000 00101101 00100000 00000000.
Comparison of a default mask and a subnet mask
A supernetwork
In subnetting, we need the first address
of the subnet and the subnet mask to
define the range of addresses.
In supernetting, we need the first
address of the supernet and the
supernet mask to define the range of
addresses.
Comparison of subnet, default, and supernet masks
Classless Addressing
In classless addressing variable-length blocks are assigned that belong to no class. In
this architecture, the entire address space (232 addresses) is divided into blocks of
different sizes.
Variable-length blocks
Restrictions
1) Number of addresses in a block
The number of addresses in block must be a power of two
1) First address
The first address must be evenly divisible by the number of addresses
Example
Which of the following can be the beginning address of
a block that contains 16 addresses?
a. 205.16.37.32
b.190.16.42.44
c. 17.17.33.80
d.123.45.24.52
Solution
Only two are eligible (a and c). The address
205.16.37.32 is eligible because 32 is divisible by 16.
The address 17.17.33.80 is eligible because 80 is
divisible by 16.
Example 2
Which of the following can be the beginning address of
a block that contains 256 addresses?
a.205.16.37.32
b.190.16.42.0
c.17.17.32.0
d.123.45.24.52
Solution
In this case, the right-most byte must be 0. As we
mentioned in Chapter 4, the IP addresses use base 256
arithmetic. When the right-most byte is 0, the total
address is divisible by 256. Only two addresses are
72
eligible (b and c).
Example 3
Which of the following can be the beginning address of
a block that contains 1024 addresses?
a. 205.16.37.32
b.190.16.42.0
c. 17.17.32.0
d.123.45.24.52
Solution
In this case, we need to check two bytes because
1024 = 4 × 256. The right-most byte must be divisible
by 256. The second byte (from the right) must be
divisible by 4. Only one address is eligible
(c).
73
CIDR Notation
(Classless inter domain routing)
The number of 1s in the mask is added after
a slash at the end of the address.
e.g. 18.46.74.10 written as
18.46.74.10/8 – for default mask
The mask of
class A block is 255.0.0.0/8
Class B 255.0.0.0/16
Class C 255.0.0.0/24
In classless addressing when an address in given , the block the
address belongs to can not be found unless we have the mask. In
classless addressing the address must be accompanied by the
mask. The mask is given in CIDR notation with the number of 1s in
the mask.
Format of classless addressing address
Prefix lengths
What is the first address in the block if one of the
addresses is 167.199.170.82/27?
Solution
The prefix length is 27, which means that we must keep
the first 27 bits as is and change the remaining bits (5)
to 0s. The following shows the process:
Address in binary:
10100111 11000111 10101010
Keep the left 27 bits: 10100111 11000111 10101010
Result in CIDR notation: 167.199.170.64/27
01010010
01000000
What is the first address in the block if one of the
addresses is 140.120.84.24/20?
Solution
Figure 5.3 shows the solution. The first, second, and
fourth bytes are easy; for the third byte we keep the bits
corresponding to the number of 1s in that group. The
first address is 140.120.80.0/20.
Figure 5.3
Example 5
81
TCP/IP Protocol Suite
Find the number of addresses in the block if one of the
addresses is 140.120.84.24/20.
Solution
The prefix length is 20. The number of addresses in the
block is 232−20 or 212 or 4096. Note that
this is a large block with 4096 addresses.
Using the first method, find the last address in the block
if one of the addresses is 140.120.84.24/20.
Solution
We found in the previous examples that the first address
is 140.120.80.0/20 and the number of addresses is
4096. To find the last address, we need to add 4095
(4096 − 1) to the first address.
Example 10
Find the block if
190.87.140.202/29.
one
of
the
addresses
is
Solution
We follow the procedure in the previous examples to
find the first address, the number of addresses, and the
last address. To find the first address, we notice that the
mask (/29) has five 1s in the last byte. So we write the
last byte as powers of 2 and retain only the leftmost five
as shown below:
An organization is granted the block 130.34.12.64/26.
The organization needs 4 subnets. What is the subnet
prefix length?
Solution
We need 4 subnets, which means we need to add two
more 1s (log2 4 = 2) to the site prefix. The subnet prefix
is then /28.
The site has 232−26 = 64 addresses. Each subnet has
232–28 = 16 addresses. Now let us find the first and last
address in each subnet.
1. The first address in the first subnet is 130.34.12.64/28,
using the procedure we showed in the previous examples.
Note that the first address of the first subnet is the first
address of the block. The last address of the subnet can be
found by adding 15 (16 −1) to the first address. The last
address is 130.34.12.79/28.
2.The first address in the second subnet is
130.34.12.80/28; it is found by adding 1 to the last
address of the previous subnet. Again adding 15 to
the first address, we obtain the last address,
130.34.12.95/28.
3. Similarly, we find the first address of the third
subnet to be 130.34.12.96/28 and the last to be
130.34.12.111/28.
4. Similarly, we find the first address of the fourth
subnet to be 130.34.12.112/28 and the last to be
130.34.12.127/28.
An organization is granted a block of addresses with the
beginning address 14.24.74.0/24. There are 232−24= 256
addresses in this block. The organization needs to have 11
subnets as shown below:
a. two subnets, each with 64 addresses.
b. two subnets, each with 32 addresses.
c. three subnets, each with 16 addresses.
d. four subnets, each with 4 addresses.
As another example, assume a company has three
offices: Central, East, and West. The Central office is
connected to the East and West offices via private,
point-to-point WAN lines. The company is granted a
block of 64 addresses with the beginning address
70.12.100.128/26. The management has decided to
allocate 32 addresses for the Central office and divides
the rest of addresses between the two offices. Figure 5.8
shows the configuration designed by the management.
Figure 5.8
Example 15
Delivery, Forwarding,
and Routing of IP Packets
DELIVERY

The network layer supervises delivery, the
handling of the packets by the underlying
physical networks. Two important concepts
are the type of connection and direct versus
indirect delivery
IP is a connectionless protocol.
Direct delivery
The final destination of the packet is host connected to the same
physical network
* Mapping the IP address to the physical address.
Indirect delivery
In direct delivery the address mapping is between the IP
address of the final destination and the physical address
of the final destination
In indirect delivery the address mapping is between the
IP address of the next router and the physical address of
the next router.
FORWARDING
Forwarding means to place the packet in its
route to its destination. Forwarding requires a
host or a router to have a routing table. .
Next-hop method
Network-specific method & Host-specific routing
Default routing
Simplified forwarding module in classful address without subnetting
Example 1
Figure 6.8 shows an imaginary part of the Internet.
Show the routing tables for router R1.
Figure 6.8
Configuration for routing, Example 1
Example 1 (Continued)
Solution
Figure 6.9 shows the three tables used by router R1.
Note that some entries in the next-hop address column
are empty because in these cases, the destination is in
the same network to which the router is connected
(direct delivery). In these cases, the next-hop address
used by ARP is simply the destination address of the
packet
107
TCP/IP Protocol Suite
Figure 6.9
Tables for Example 1
108
TCP/IP Protocol Suite
Example 2
Router R1 in Figure 6.8 receives a packet with
destination address 192.16.7.14. Show how the packet
is forwarded.
Solution
The destination address in binary is 11000000 00010000 00000111 00001110.
A copy of the address is shifted 28 bits to the right. The result is 00000000
00000000 00000000 00001100 or 12. The destination network is class C. The
network address is extracted by masking off the leftmost 24 bits of the
destination address; the result is 192.16.7.0. The table for Class C is
searched. The network address is found in the first row. The next-hop address
111.15.17.32. and the interface m0 are passed to ARP.
Example 3
Router R1 in Figure 6.8 receives a packet with destination
address 167.24.160.5. Show how the packet is forwarded.
Solution
The destination address in binary is 10100111 00011000 10100000 00000101.
A copy of the address is shifted 28 bits to the right. The result is 00000000
00000000
00000000
00001010 or 10. The class is B. The network address can be found by
masking off 16 bits of the destination address, the result is 167.24.0.0. The
table for Class B is searched. No matching network address is found. The
packet needs to be forwarded to the default router (the network is somewhere
else in the Internet). The next-hop address 111.30.31.18 and the interface
number m0 are passed to ARP.
Figure 6.10
Simplified forwarding module in classful address with subnetting
111
Example 4
Figure 6.11 shows a router connected to four subnets.
112
Figure 6.11
Configuration for Example 4
113
TCP/IP Protocol Suite
Example 4 (Continued)
Note several points. First, the site address is 145.14.0.0/16 (a
class B address). Every packet with destination address in the
range 145.14.0.0 to 145.14.255.255 is delivered to the interface
m4 and distributed to the final destination subnet by the router.
Second, we have used the address x.y.z.t/n for the interface m4
because we do not know to which network this router is
connected. Third, the table has a default entry for packets that
are to be sent out of the site. The router is configured to apply
the mask /18 to any destination address.
Example 5
The router in Figure 6.11 receives a packet with
destination address 145.14.32.78. Show how the packet
is forwarded.
Solution
The mask is /18. After applying the mask, the subnet
address is 145.14.0.0. The packet is delivered to ARP
with the next-hop address 145.14.32.78 and the
outgoing interface m0.
115
TCP/IP Protocol Suite
Example 6
A host in network 145.14.0.0 in Figure 6.11 has a
packet to send to the host with address 7.22.67.91.
Show how the packet is routed.
Solution
The router receives the packet and applies the mask (/18). The
network address is 7.22.64.0. The table is searched and the address
is not found. The router uses the address of the default router (not
shown in figure) and sends the packet to that router.
Note:
In classful addressing we can have a
routing table with three columns;
in classless addressing, we need at least
four columns.
Figure 6.12
Simplified forwarding module in classless address
Example 7
Make a routing table for router R1 using the
configuration in Figure 6.13.
Solution
Table 6.1 shows the corresponding table.
119
TCP/IP Protocol Suite
Figure 6.13
Configuration for Example 7
120
TCP/IP Protocol Suite
Table 6.1 Routing table for router R1 in Figure 6.13
121
TCP/IP Protocol Suite
Example 8
Show the forwarding process if a packet arrives at R1
in Figure 6.13 with the destination address
180.70.65.140.
Solution
The router performs the following steps:
1. The first mask (/26) is applied to the destination
address. The result is 180.70.65.128, which does not
match the corresponding network address.
Example 8 (Continued)
2. The second mask (/25) is applied to the destination
address. The result is 180.70.65.128, which matches
the corresponding network address. The next-hop
address (the destination address of the packet in this
case) and the interface number m0 are passed to ARP
for further processing.
Example 9
Show the forwarding process if a packet arrives at R1
in Figure 6.13 with the destination address 201.4.22.35.
Solution
The router performs the following steps:
Example 9 (Continued)
1. The first mask (/26) is applied to the destination address. The
result is 201.4.22.0, which does not match the corresponding
network address (row 1).
2. The second mask (/25) is applied to the destination address.
The result is 201.4.22.0, which does not match the corresponding
network address (row 2).
3. The third mask (/24) is applied to the destination address. The
result is 201.4.22.0, which matches the corresponding network
address. The destination address of the package and the interface
number m3 are passed to ARP.
Example 10
Show the forwarding process if a packet arrives at R1
in Figure 6.13 with the destination address 18.24.32.78.
Solution
This time all masks are applied to the destination address, but no
matching network address is found. When it reaches the end of
the table, the module gives the next-hop address 180.70.65.200
and interface number m2 to ARP. This is probably an outgoing
package that needs to be sent, via the default router, to some
place else in the Internet.
Figure 6.17
Hierarchical routing with ISPs
127
TCP/IP Protocol Suite
ROUTING
Routing deals with the issues of creating and maintaining routing tables.
Static Versus Dynamic Routing Tables
Routing Table
Common fields in a routing table
Flags
1)
2)
3)
4)
5)
U (Up)
G (Gateway)
H(Host Specific)
D(added by redirection)
M(modified by redirection)
6.4 STRUCTURE OF A ROUTER
We represent a router as a black box that accepts incoming packets from
one of the input ports (interfaces), uses a routing table to find the departing
output port, and sends the packet from this output port.
Components
130
TCP/IP Protocol Suite
Router components
Figure 6.21
Input port
132
TCP/IP Protocol Suite
Figure 6.22
Output port
133
TCP/IP Protocol Suite
Figure 6.23
Crossbar switch
134
TCP/IP Protocol Suite
Figure 6.24
A banyan switch
135
TCP/IP Protocol Suite
Figure 6.25
Examples of routing in a banyan switch
136
TCP/IP Protocol Suite
ARP and RARP
The hosts and routers recognized at the network level by their
logical addresses.
A logical address is an internetwork address
A logic address is unique universally
The logical addresses in the TCP/IP protocol suite are called IP
addresses
Implemented in software
At the physical level , the hosts and routers are
recognized by their physical address.
A physical address is a local address
It should be unique locally
Usually it is implemented in hardware
ARP and RARP
ARP
ARP associates an IP address with its physical address. On a
typical physical network, such as a LAN, each device on a link
is identified by a physical or station address that is usually
imprinted on the NIC.
ARP operation
Example 1
A host with IP address 130.23.43.20 and physical
address B2:34:55:10:22:10 has a packet to send to
another host with IP address 130.23.43.25 and physical
address A4:6E:F4:59:83:AB (which is unknown to the
first host). The two hosts are on the same Ethernet
network. Show the ARP request and reply packets
encapsulated in Ethernet
frames.
See Next
Slide
142
TCP/IP Protocol Suite
Example 1 (Continued)
Solution
Figure 7.7 shows the ARP request and reply packets.
Note that the ARP data field in this case is 28 bytes,
and that the individual addresses do not fit in the 4-byte
boundary. That is why we do not show the regular 4byte boundaries for these addresses. Also note that the
IP addresses are shown in hexadecimal. For
information on binary or hexadecimal notation see
143 TCP/IP Protocol Suite
Appendix B.
Figure 7.7
Example 1
144
TCP/IP Protocol Suite
ARP packet
1)
2)
3)
4)
5)
6)
Hardware type : Type of the network on which ARP is running
Protocol Type: 16 bit defining the protocol
Hardware Length: 8 bit field, For Ethernet , value is 6
Protocol Length: 8 bit field, for IPv4 value is 4
Operation: 16 bit field, ARP requet(1) ARP Reply (2)
Sender Hardware Address: Variable length field, physical
address of the sender
7) Sender protocol address: logical address
8) Target Hardware address: physical address of targer
9) Target protocol address: logical address of target
Encapsulation of ARP packet
Four cases using ARP
An ARP request is broadcast;
an ARP reply is unicast.
ARP PACKAGE
ARP package involves five modules: a cache table, queues, an output
module, an input module, and a cache-control module.
Cache Table
Queues
Output Module
Input Module
Cache-Control Module
ARP components
Cache table
RARP
RARP finds the logical address for a machine that only knows its physical
address.
RARP operation
Internet Protocol
Position of IP in TCP/IP protocol suite
156
TCP/IP Protocol Suite
8.1 DATAGRAM
A packet in the IP layer is called a datagram, a variable-length packet
consisting of two parts: header and data. The header is 20 to 60 bytes in
length and contains information essential to routing and delivery.
157
TCP/IP Protocol Suite
Figure 8.2
IP datagram
158
TCP/IP Protocol Suite
Figure 8.3
Service type or differentiated services
159
TCP/IP Protocol Suite
Table 8.1 Types of service
160
TCP/IP Protocol Suite
Table 8.3 Values for codepoints
161
TCP/IP Protocol Suite
Table 8.4 Protocols
162
TCP/IP Protocol Suite
Example 1
An IP packet has arrived with the first 8 bits as shown:
01000010
The receiver discards the packet. Why?
Solution
There is an error in this packet. The 4 left-most bits (0100) show
the version, which is correct. The next 4 bits (0010) show the
header length; which means (2 × 4 = 8), which is wrong. The
minimum number of bytes in the header must be 20. The packet
163 TCP/IP Protocol Suite
has been corrupted in transmission.
Example 2
In an IP packet, the value of HLEN is 1000 in binary. How many
bytes of options are being carried by this packet?
Solution
The HLEN value is 8, which means the total number of bytes in
the header is 8 × 4 or 32 bytes. The first 20 bytes are the base
header, the next 12 bytes are the options.
164
TCP/IP Protocol Suite
Example 3
In an IP packet, the value of HLEN is 516
and the value of the total length field is 002816 . How
many bytes of data are being carried by this packet?
Solution
The HLEN value is 5, which means the total number of bytes in
the header is 5 × 4 or 20 bytes (no options). The total length is
40 bytes, which means the packet is carrying 20 bytes of data (40
− 20).
165
TCP/IP Protocol Suite
Example 5
A packet has arrived with an M bit value of 0. Is this the first
fragment, the last fragment, or a middle fragment? Do we know
if the packet was fragmented?
Solution
If the M bit is 0, it means that there are no more fragments; the
fragment is the last one. However, we cannot say if the original
packet was fragmented or not. A nonfragmented packet is
considered the last fragment.
166
TCP/IP Protocol Suite
Example 6
A packet has arrived with an M bit value of 1. Is this the first
fragment, the last fragment, or a middle fragment? Do we know
if the packet was fragmented?
Solution
If the M bit is 1, it means that there is at least one more
fragment. This fragment can be the first one or a middle one, but
not the last one. We don’t know if it is the first one or a middle
one; we need more information (the value of the fragmentation
offset).
167
TCP/IP Protocol Suite
Example 7
A packet has arrived with an M bit value of 1 and a
fragmentation offset value of zero. Is this the first fragment, the
last fragment, or a middle fragment?.
Solution
Because the M bit is 1, it is either the first fragment or a middle
one. Because the offset value is 0, it is the first fragment.
168
TCP/IP Protocol Suite
8.2 FRAGMENTATION
The format and size of a frame depend on the protocol used by the
physical network. A datagram may have to be fragmented to fit the
protocol regulations.
Maximum Transfer Unit (MTU)
169
TCP/IP Protocol Suite
Table 8.5 MTUs for some networks
170
TCP/IP Protocol Suite
Figure 8.7
Flags field
171
TCP/IP Protocol Suite
Figure 8.8
Fragmentation example
172
TCP/IP Protocol Suite
Internet Control Message Protocol
(ICMP)


One of the core protocols in the Internet
Primarily used to communicate errors among
routers and hosts
IP datagram errors
Communicate routing information/errors
Communicate diagnostics
ICMP
•
•
•
The IP protocol has no error-reporting facility
1.
A router discarded a IP packet because it cannot find the route
2.
A packet was discarded because all fragments didn't arrive
The IP protocol lacks a mechanism for host and management queries.
1.
How to check if router/host is alive
The Internet Control Message Protocol (ICMP) has been designed to
compensate for the above two deficiencies. It is a companion to the IP
protocol

ICMP messages are divided into errorreporting messages and query messages. The
error-reporting messages report problems that
a router or a host (destination) may encounter.
The query messages get specific information
from a router or another host.
Figure 9.3
ICMP messages
176
TCP/IP Protocol Suite
NEED FOR ICMP



Used to communicate IP status and error messages between hosts and routers
Uses IP to route its messages between hosts
Must be implemented with IP



IP is just a packet delivery system
 transmits and routes datagrams from sources to destinations through a series of
interconnected networks
 it has a checksum in the IP header to detect lost bits
 no error detection on the datagram payload though
 but has no native mechanism for source host notification
This is where ICMP comes in
 its used to report IP errors to the source host
ICMP data is carried as the payload of an IP datagram
 specifies additional message formats within this area
General Format of ICMP
Types of ICMP messages
1. Error-Reporting messages
2. Query messages
Message Format
•
8 byte header
•
Variable Data Section
•
Type: Type of ICMP message
•
Code : Specifies the reason for this particular message
•
Rest of header: message specific
•
Data Section : contains Information for finding the original packet or data related to
query message type
ICMP messages
Code for type 3
Code 1 : The host is unreachable
Code 2 : The protocol is unreachable
Code 3 : The port is unreachable
Code 5 : Source routing can not be accomplished
Code 7 : The Destination host is unknown
Destination-unreachable format
181
TCP/IP Protocol Suite
❏ No ICMP error message will be generated in response to a
datagram carrying an ICMP error message.
❏ No ICMP error message will be generated for a datagram having
a multicast address.
❏ No ICMP error message will be generated for a datagram having
a special address such as 127.0.0.0 or 0.0.0.0.

No ICMP error message will be generated for a
fragmented datagram that is not the first fragment
Contents of data field for the error messages
•
•
ICMP data = IP header + first 8 bytes of that IP Packet’s Data
This first 8 bytes of data will provide information about TCP/UDP headers
Error Reporting
•
•
•
•
ICMP doesn’t correct errors ; but reports them
ICMP always reports error to original source
ICMP uses the source IP address in IP packet to send error report back to sender
Five types of errors are handles by ICMP
Destination Unreachable
•
A Router or Destination System which could not process the packet will send this ICMP
message back to the sender
•
This will notify the Sender that the packet was dropped because either Router could not
find an appropriate route or Host couldn’t deliver it
Source Quench
•
To overcome the flow control deficiency of IP
•
When packets are discarded by Routers/Host due to congestion source-quench messages
are send.
•
This will inform that the packet has been dropped and also ask the sender to slow down
sending packet
Time Exceed
•
When a packet is dropped due to TTL=0 then this message is sent
•
When all fragments didn't arrive and the packet is dropped then also this message is
sent
Parameter Problem
•
If some of the IP header parameters are wrong ; then the packet is dropped and error
message is send
Redirection
•
If the host send the IP Packet to wrong router R1
•
Then R1 will forward the packet to correct router and it informs Host that the packet
should have been sent through R2- this message is called Redirection
•
Host routing table is updated accordingly
Query Messages
•
•
Query message works in Pairs
An ICMP message is sent and a ICMP reply is obtained
Echo Request and Reply
•
Used for diagnostic purpose
•
With this message we can check if two systems are communicating properly at IP level
•
It also ensures all the intermediate routers are functioning
Time Stamp
•
To find out the round trip time of network
•
Also used to synchronize clock of systems
Address Mask
•
When a host doesn’t know its mask it send this message to router
•
Router responds with the mask
•
If IP of Router is not known the Host broadcast the message
Router Solicitation
•
Used for Router discovery by Sender; Router replies with its routing table info which is called as
router advertisement
Router-solicitation message format
Router-advertisement message format
Transmission Control Protocol (TCP)
TCP lies between the application layer and the network layer and
serves as the intermediary between application programs and the
network operations
TCP/IP
TCP Services
TCP is process to process protocol
TCP provides process to process communication using port numbers
Table 12.1 Well-known ports used by TCP
Stream Delivery Service
TCP is stream oriented protocol
TCP allows the sending process to deliver data as a stream of bytes
and allows the receiving process to obtain data as a stream of bytes
Stream delivery
Sending and receiving buffers
Segments
TCP groups number of bytes together into a packet called a segment
TCP adds a header to each segment and delivers the segment to the
IP layer for transmission
TCP offers full duplex communication
TCP is connection oriented service
TCP segments
TCP Features
1)
2)
3)
4)
Numbering System
Flow control
Error Control
Congestion Control
Numbering System
Byte Number
The bytes of data being transferred in each connection are numbered
by TCP. The numbering starts with a randomly generated number
Sequence Number
The sequence number for each segment is the number of the first byte
carried in that segment
Suppose a TCP connection is transferring a file of 5000 bytes.
The first byte is numbered 10001. What are the sequence
numbers for each segment if data is sent in five segments, each
carrying 1000 bytes?
Segment 1 ➡ Sequence Number: 10,001 (range: 10,001 to 11,000)
Segment 2 ➡ Sequence Number: 11,001 (range: 11,001 to 12,000)
Segment 3 ➡ Sequence Number: 12,001 (range: 12,001 to 13,000)
Segment 4 ➡ Sequence Number: 13,001 (range: 13,001 to 14,000)
Segment 5 ➡ Sequence Number: 14,001 (range: 14,001 to 15,000)
The value of the acknowledgment field
in a segment defines the number of the
next byte a party expects to receive.
The acknowledgment number is
cumulative.
SEGMENT
A packet in TCP is called a segment
TCP segment format
Control field
Description of flags in the control field
I
Encapsulation
A TCP segment is encapsulated in an IP datagram , which in
turn is encapsulated in a frame at the data link layer.
A TCP CONNECTION
TCP is connection-oriented. A connection-oriented transport
protocol establishes a virtual path between the source and
destination. All of the segments belonging to a message are
then sent over this virtual path. A connection-oriented
transmission requires three phases:
connection establishment,
data transfer, and
connection termination.
Three way handshaking



The connection establishment in TCP is called Three
way handshaking.
Passive open: ready to accept connection
Active open: needs to be connected to server
Connection establishment using three-way handshaking
Three way handshaking
1) The client sends first segment, a SYN segment, in which
only SYN flag is set.
This segment is for synchronization of sequence
numbers.
This randomly generated sequence number is called
initial sequence number.
No window size
No Acknowledge number
Three way handshaking
2) The server sends the second segment, SYN+ACK.
two flag bit set SYN and ACK
Defines the receiver window size
Three way handshaking
3) The client sends the third segment
ACK segment with ACK flag set
client define server window size
SYN Flooding Attack


This happens when a malicious attacker sends a
larger number of SYN segments to a server
pretending that each of them is coming from a
different client by faking the source IP address in
the datagrams.
server will allocate resources
Denial of Service attack

This SYS flooding attack belongs to a group of
security attacks known as denial of service attack,
in which an attacker monopolizes a system with so
many service requests that the system collapses and
denies service to every request.
Solutions



Limit the connection requests during a specified
period of time
Filter out datagrams coming from unwanted source
address
Postpone resource allocation until the entire
connection is set up.
Data Transfer



After connection is established bidirectional data
transfer will take place.
The client and server can send data and
acknowledgement in both the directions
The acknowledgement is piggybacked with the
data
Data transfer
Pushing Data





Application program at the sending site request a push
operation.
Means that the sending TCP must not wait for the
window to be filled.
It must create a segment and send it immediately
Set PSH flag
Receiving TCP must deliver the segment to the process
without waiting more data to come.
Urgent Data



Sending application program wants a piece of data to
be read out of order by the receiving application
program.
The sending TCP creates a segment and insert the
urgent data at the beginning of the segment. Rest of
the segment contain normal data
Set the URG flag


Receiving TCP extracts the urgent data from the
segment using the value of the urgent pointer.
Delivers it to the receiving application program in
out of order.
Connection termination


Three way handshaking
Four way handshaking with half close option
Three way handshaking


1) client TCP , after receiving a close command from
the client process, sends the first segment, a FIN
segment in which the FIN flag is set.
It can contain last data or only control segment
Three way handshaking


2)The server TCP after receiving the FIN segment,
informs the process and sends the second segment,
a FIN+ACK segment to confirm the receipt.
3) The client TCP sends the last segment, an ACK
segment to confirm the receipt of the FIN segment
from the server.
Connection termination using three-way handshaking
Half-close
Connection Reset
RST(Reset) flag is used to deny a connection request, abort a
connection or to terminate an idle connection
Flow control

Flow control regulates the amount of data a
source can send before receiving an
acknowledgment from the destination. TCP
defines a window that is imposed on the buffer
of data delivered from the application
program.
Extreme Cases
1) One Byte
wait for acknowledgement
2) All data
without waiting for acknowledgement
TCP sends an amount of data defined by the sliding
window protocol
Sliding Window Protocol
In sliding window protocol , a host uses a window for
outbound communication. The window spans a
portion of the buffer containing bytes received from
the process. The bytes inside the window are the
bytes that can be in transit; they can be sent without
worrying about acknowledgement
Sliding window


A sliding window is used to make transmission
more efficient as well as to control the flow of
data so that the destination does not become
overwhelmed with data.
TCP’s sliding windows are byte oriented
What is the value of the receiver window (rwnd) for host A if the
receiver, host B, has a buffer size of 5,000 bytes and 1,000 bytes
of received and unprocessed data?
Solution
The value of rwnd = 5,000 − 1,000 = 4,000. Host B can receive
only 4,000 bytes of data before overflowing its buffer. Host B
advertises this value in its next segment to A.
What is the size of the window for host A if the value of rwnd is
3,000 bytes and the value of cwnd is 3,500 bytes?
Solution
The size of the window is the smaller of rwnd and cwnd, which is
3,000 bytes.
In the above figure the host receives a packet with an
acknowledgment value of 210 and an rwnd of 5. The host has
sent bytes 206, 207, 208, and 209. The value of cwnd is still 20.
Show the new window.
Solution
The value of rwnd is less than cwnd, so the size of the window is
5. The next figure shows the situation. Note that this is a case not
allowed by most implementations. Although the sender has not
sent bytes 215 to 217, the receiver does not know this.
How can the receiver avoid shrinking the window in the previous
example?
Solution
The receiver needs to keep track of the last acknowledgment
number and the last rwnd. If we add the acknowledgment
number to rwnd we get the byte number following the right wall.
If we want to prevent the right wall from moving to the left
(shrinking), we must always have the following relationship.
new ack + new rwnd ≥ last ack + last rwnd
or
new rwnd ≥ (last ack + last rwnd) − new ack
Silly Window Syndrome
A problem in the sliding window operation when either the
sending window application program creates data slowly
or the receiving application program consumes data
slowly or both.
Syndrome created by the sender

E.g. one byte at a time
Creates a segment and send
 Total size of datagram = 20+20+1= 41
Wait for more bytes--- how long?

Nagle’s Algorithm
Step 1: The sending TCP sends the first piece of data it receives from the
sending application program even if it is only one byte
Step 2: After sending the first segment, the sending TCP accumulates data in
the output buffer and waits until either the receiving TCP sends an
acknowledgement or until enough data has accumulated to fill a maximum
size segment.
Step 3: step 2 is repeated for rest of the transmission
Syndrome created by the Receiver
Application program consumes one byte at a time
Solutions
1) Clarks Solutions
send an acknowledgement as soon as the data arrives,
but announce a window size of zero until either there is
enough space to accommodate a segment of maximum
size or until half of the buffer is empty.

Delayed Acknowledgement


Delay sending the acknowledgement.
When segment arrives , it is not acknowledged
immediately , the receiver waits until there is a
decent amount of space in its incoming buffer
before acknowledging the arrived segments.
ERROR CONTROL
TCP provides reliability using error control,
which detects corrupted, lost, out-of-order,
and duplicated segments. Error control in
TCP is achieved through the use of the
 checksum,
 acknowledgment, and
 time-out.

Checksum


Each segment includes a checksum field which is
used to check for a corrupted segment.
If the segment is corrupted , it is discarded by the
destination TCP and is considered as lost.
Acknowledgement



TCP uses acknowledgements to confirm the
receipt of data segments
ACK segments do not consume sequence numbers
and are not acknowledged
Control segments that carry no data, but consume
a sequence number are also acknowledged
Generating Acknowledgements

Rules





Piggyback
Delayed wait—500 ms
There should not be more than two in-order unacknowledged segments.
When a segment arrives with an out of order sequence number that is
higher than expected, send acknowledgement immediately with sequence
number of expected segment.
When a missing segment arrives , the receiver immediately sends an
acknowledgement.
Acknowledgement types

Accumulative Acknowledgement


The receiver advertises the next byte it expects to receive,
ignoring all segments received out of order.
Selective Acknowledgement

ACK+ additional information
Block of data that is out of order, block of segments that are
duplicated
 Implemented as an option at the end of the TCP header.

Retransmission

A segment is retransmitted
 When
a retransmission timer expires
 When the sender receives three duplicate ACKs
Retransmission after RTO



The source TCP starts one retransmission time
out(RTO) for each segment sent.
When the timer matures , the corresponding
segment is considered to be either corrupted or lost
and the segment is retransmitted.
RTO is based on round trip time(RTT)
Out of order



Discard (original TCP)
Store them temporarily and flag them as out of
order until the missing segment arrives.
Out of order segments are not delivered to the
process.
Normal operation
Lost segment
Fast retransmission
Lost acknowledgment
Lost acknowledgment corrected by resending a segment



Delayed Segment
Duplicate Segment
Deadlock
CONGESTION CONTROL
Congestion control refers to the mechanisms and techniques to keep the
load below the capacity.
Router queues
Packet delay and network load
Throughput versus network load
Congestion control Mechanisms
Open Loop
Retransmission policy
Acknowledgement policy
Discard Policy
Closed loop
Back pressure
Choke point
Implicit signaling
Explicit Signaling
Congestion Control in TCP
Congestion Window
Three phases
Slow start
Congestion Avoidance
Congestion Detection
Slow start, exponential increase
Congestion avoidance, additive increase
Note:
Most implementations react differently to
congestion detection:
❏ If detection is by time-out, a new slow start phase
starts.
❏ If detection is by three ACKs, a new congestion
avoidance phase starts.
Time out
1)
2)
3)
Sets the value of the threshold to half of the
current window size
Sets the cwnd to the size of one segment
Starts the slow start phase
Three acks received
1)
2)
3)
Sets the value of the threshold to half of the
current window size
Sets the cwnd to the value of the threshold
Starts the congestion avoidance phase
TCP timers
Retransmission
When TCP sends a segment it creates a
retransmission timer for that particular segment
 Retransmission is based on Round Trip Time(RTT)
Retransmission time out
RTO= RTTs+ 4 * RTTd

Round Trip Time(RTT)
Measured RTT
1)
Measured RTT for a segment is the time required for the
segment to reach the destination and be acknowledged.
Smoothed RTT
2)
1)
2)
3)
Initially RTTs=RTTm
RTTs= (1-α ) RTTs + α * RTTm
α= 1/8
RTT Deviation
RTTd = RTTm /2
 RTTd= (1- β) RTTd + β * | RTTs-RTTm |
 β= ¼
Retransmission time out
RTO= RTTs+ 4 * RTTd


Karns Algorithm
 Do
not consider the round trip time of a retransmitted
segment in the calculation of the new RTT.
 Do not update the value of the RTT until you send a
segment and receive an acknowledgement without the
need for retransmission.
Exponential Backoff


The value of RTO is doubled for each retransmission
If the segment is retransmitted once,the value is two
times RTO, if it is retransmitted twice, the value is
four times the RTO and so on.
Persistence Timer





Persistence Timers are used to correct deadlock
When it receives window size is zero , it starts
persistence timer.
When timer goes off it sends a segment called probe
Initial value of the persistence timer is the value of the
retransmission time.
Persistence time is doubled and reset.
Keepalive Timer




To prevent a long idle connection between two TCPs
Will be reset whenever server gets any communication
from client
When timer goes off – a probe segment will send
After 10 probe segment – it terminate the connection
Time-wait




Time-waited timer is used during connection termination.
When TCP closes the connection, it must first wait enough time to
receive all segments and acknowledgements that are possibly in
flight. Once received these are discarded and TCP can finally close.
The value of this timer is typically twice the expected lifetime of a
segment.
Typical value of the maximum segment lifetime (MSL) is 16 seconds
TCP package
TCBs
Transmission control block holds information about each
connection
Transmission Control Block(TCB)







State: state of the connection
Process: defines the process
Local IP address
Local Port number
Remote IP address
Remote port number
Interface: defines the local interface









Local window
Remote window
Sending sequence number
Receiving sequence number
Sending ACK number
Round trip time
Time out values- retransmission time out, keepalive time
out, persistence time out
Buffer size
Buffer pointer.
User Datagram Protocol(UDP)


Process to process communication
Host to host communication
UDP versus IP
Port Number


In computer networking, a port is an application-specific
or process-specific software construct serving as a
communications endpoint in a computer's host operating
system
A port is identified for each address and protocol by a
16-bit number, commonly known as the port number.
ICANN

ICANN has divided the port numbers into three ranges
Well Known
Assigned and controlled by ICANN
 Registered

Not assigned and or controlled by ICANN but are registered with
ICANN to prevent duplication

Dynamic(Private)
Neither controlled or nor registered
ICANN ranges
Ephemeral Port Number

The client program defines itself with a port number
called Ephemeral Port number
Well-known ports used with UDP
Socket Address

The combination of IP address and a port number is
called a socket address.
User Datagram

UDP packets are called user datagrams and
have a fixed-size header of 8 bytes.
User datagram format
Checksum

the checksum includes three sections:
A pseudoheader,
The UDP header, and
The data coming from the application layer.
Pseudoheader for checksum calculation
Checksum calculation at sender
1)
2)
3)
4)
5)
6)
7)
8)
Add the pseudoheader to the UDP datagram
Fill the checksum field with zeros
Divide the total bits into 16 bit words
If the total number of bytes is not even, add 1 byte of padding(all zeros).
Add all 16 bit sections using one’s complement arithmetic
Complement the result
Drop the psuedoheader and any added padding
Deliver the UDP user datagram to the IP software for encapsulation
Checksum calculation at receiver
1)
2)
3)
4)
5)
6)
Add the psuedoheader to the UDP user datagram
Add padding if needed
Divide the total bits into 16 bit sections
Add all 16 bit sections using one’s complement arithmetic
Complement the result
If the result is all 0’s drop the psuedoheader and any
added padding and accept the user datagram else
discard the user datagram
Checksum calculation of a simple UDP user datagram
UDP Operations





Connectionless Services
Flow and Error Control
Encapsulation and Decapsulation
Queuing
Multiplexing and Demultiplexing
Encapsulation





Process send message to UDP with pair of socket
address and length of data
UDP receives and adds UDP header
UDP then pass the user datagram to IP with the socket
address
IP adds its own header using the value 17 in the
protocol field
Then to datalink layer
Encapsulation and decapsulation
Queues in UDP
Multiplexing and demultiplexing
Use of UDP





UDP is suitable for a process that requires simple request –
response communication with little concern for flow and error
control
UDP is suitable for a process with internal flow and error control
mechanisms(Trivial File Transfer Protocol)
UDP is suitable transport protocol for multicasting
UDP is used for management process such as SNMP
UDP is used for some route updating protocols such as Routing
Information Protocol(RIP)
UDP Package

Five components
Control Block Table
Input Queues
A control block module
An input module
An output module
UDP design
Control block table
To keep track of the open ports
Control block Module
Responsible for management of Control block table
When a process starts it ask for a port number from OS.
The process pass the process ID, Port number to the control
block module to create a entry in the control block
table for the process.

Input Module



Input module receives a user datagram from the IP.
It searches the control block table to find an entry
having the same port number as this user datagram.
If found enqueue the data
If not found generate ICMP message
Output Module

Responsible for creating and sending user
datagrams