Datalink & Nw Layer
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Datalink & Nw Layer as PDF for free.
More details
- Words: 5,409
- Pages: 112
3
Data Link and Network Layer TCP/IP Protocols A Guide to TCP/IP
Chapter 3
1
3 Objectives After reading this chapter and completing the exercises you will be able to: • Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP • Distinguish among various Ethernet and token ring frame types • Understand how hardware addresses work in a TCP/IP environment, and the services that ARP and RARP provide for such networks Chapter 3
2
3 Objectives After reading this chapter and completing the exercises you will be able to: • Appreciate the overwhelming importance of the Internet Protocol (IP), and how IP packets behave on TCP/IP networks • Understand the structures and functions of an IP header • Appreciate the function of the Maximum Transfer Unit (MTU) for any physical medium, and why fragmentation is sometimes required of the Network layer Chapter 3
3
3 Data Link Protocols • The Data Link layer performs several key jobs with the two most important being: – Managing access to whatever networking medium is in use, called Media Access Control (usually abbreviated as MAC) – Creating temporary point-to-point links between a pair of MAC layer addresses to enable data transfer, called Logical Link Control (usually abbreviated as LLC)
• A point-to-point data transfer involves shipping data from a specific MAC layer address that represents the point of transmission to another specific MAC layer address that represents the point of reception on a single network segment, or TCP/IP subnet Chapter 3
4
3 Data Link Protocols • This same point-to-point technique also works for data transfer across wide area network (WAN) links —such as analog telephone lines, digital connections, or X.25—which is why certain TCP/IP data link protocols may sometimes be called WAN protocols • The data encapsulation techniques used to enclose packet payloads for transmission across WAN links differ from those used for LAN connections, and involve specialized protocols that operate at the Data Link layer Chapter 3
5
3 Data Link Protocols • The specific protocols are: – Serial Line Internet Protocol (SLIP) – Point-to-Point Protocol (PPP) – Special handling for X.25, frame relay, and Asynchronous Transfer Mode (ATM) connections
• The key to understanding the material is to recognize that both SLIP and PPP support a straightforward point-topoint connection between two parties, or nodes, on a link • These kinds of two-party connections include analog phone lines, Digital Subscriber Line (DSL) connections, and T-carriers, such as T1, T3, E1, or E3 Chapter 3
6
3 Data Link Protocols • Special handling is necessary for X.25, frame relay, and Asynchronous Transfer Mode (ATM) WAN links, which use packet or circuit-switching technologies, and must explicitly address sender and receiver at the Data Link layer • WAN encapsulation of frames at the Data Link layer involves one or more of the following services (they vary according to the requirements of the type of link used): – Addressing
– Bit-level integrity check
– Delimitation
– Protocol identification (PID)
Chapter 3
7
3 The Serial Line Internet Protocol (SLIP) • SLIP is the original point-to-point protocol for TCP/IP traffic, still used for connecting to some ISPs today • SLIP uses a special END character (0xC0) that is placed at the beginning and end of each IP datagram to delimit the payload • The SLIP ESC character is not the same as the American Standard Code for Information Interchange (ASCII) ESC character, the hex DBDC sequence is usually denoted 0xDB-DC Chapter 3
8
3 The Serial Line Internet Protocol (SLIP) • If the SLIP ESC character occurs in a frame’s payload 0xDB-DD replaces it • AS specified in RFC 1055, the maximum size of a SLIP data gram is 1066 bytes • Most systems continue to set the upper bound for SLIP datagram at 1066 bytes, but Windows 2000 permits MTUs of 1500 bytes for SLIP datagrams to avoid fragmentation when a SLIP connection links two Ethernet segments • RFC 1144 was developed to permit IP and TCP headers to be compressed when sent across a SLIP link • This version of SLIP is called compressed SLIP (C-SLIP) Chapter 3
9
3 Point-to-Point Protocol (PPP) • PPP is a general-purpose, point-to-point protocol that overcomes SLIP’s deficiencies, and provides WAN data link encapsulation services similar to those available for LAN encapsulation • RFC 1661 provides the detailed specifications for PPP, and includes the following characteristics: – Encapsulation methods that support simultaneous use of multiple protocols across the same link – A special Link Control Protocol (LCP) used to negotiate the characteristics of any point-to-point link established using PPP Chapter 3
10
3 Point-to-Point Protocol (PPP) – A collection of negotiation protocols used to establish the Network layer properties of protocols carried over the point-topoint link, called Network Control Protocols (NCPs). RFCs 1332 and 1877 describe an NCP for IP, known as the Internet Protocol Control Protocol (IPCP), used to negotiate an IP address for the sending party, addresses for DNS servers, and (optional) use of the Van Jacobsen TCP compression protocol, where possible
• PPP encapsulation and framing techniques are based on the ISO High-level Data Link Control (HDLC) protocol, which is in turn based on IBM’s work on the Synchronous Data Link Control (SDLC) protocol used as part of its Systems Network Architecture (SNA) protocols
Chapter 3
11
3 Point-to-Point Protocol (PPP) • Although PPP framing supports addressing and link control information derived from HDLC, most PPP implementations use an abbreviated form that skips this unnecessary information • The fields in the PPP header and trailer include the following values: – Flag – Protocol identifier – Frame Check Sequence (FCS) Chapter 3
12
3 Point-to-Point Protocol (PPP) • When PPP is used with synchronous technologies, such as T1, Integrated Services Digital Network (ISDN), DSL, or Synchronous Optical Network (SONET) links, a faster, more efficient technique of bit substitutions is used, rather than the wholesale character replacement used with asynchronous links • PPP supports a default MTU of 1500 bytes, which makes it ideal for interconnecting Ethernet-based networks (or peers) Chapter 3
13
3 Special Handling for PPP Links • When any particular switched technologies, such as X.25, frame relay, or ATM, are used to link together PPP peers, additional control and addressing information must be included in PPP headers to manage the connection • RFCs describe encapsulation of PPP datagrams for these technologies: – X.25: RFC 1356 – Frame relay: RFC 2427 – ATM: RFCs 1557 and 1626 Chapter 3
14
3 Frame Types • At the Data Link layer, protocol data units are called frames; in TCP/IP terminology, these PDUs may also be called IP datagrams, which can be encapsulated in a variety of frame types
Chapter 3
15
3 Ethernet Frame Types • The Ethernet II frame type is the de facto standard frame type used for IP datagram transmissions over Ethernet networks • The Ethernet II frame has a protocol identification field (the Type field) that contains the value 0x0800 to identify the encapsulated protocol as IP • Before an IP datagram is transmitted onto the cable, the data link driver puts the leading frame onto the datagram Chapter 3
16
3 Ethernet Frame Types • If a frame does not meet the minimum frame size of 64 bytes, the driver must pad the Data field • The Ethernet NIC performs a Cyclical Redundancy Check (CRC) procedure on the contents of the frame, and places a value at the end of the frame in the Frame Check Sequence field • Finally, the NIC sends the frame, led by a preamble, which is a leading bit pattern used by the receiver to correctly interpret the bits as ones and zeroes Chapter 3
17
3 Ethernet Frame Types • There are three Ethernet frame types that TCP/IP can use: – Ethernet II – Ethernet 802.2 Logical Link Control (LLC) – Ethernet 802.2 Sub-Network Access Protocol (SNAP) Chapter 3
18
3 Ethernet II Frame Structure • The Ethernet II frame type consists of the following values, fields, and structure: – Preamble – Destination Address field – Source Address field – Type field – Data field – Frame Check Sequence field Chapter 3
19
3 Ethernet II Frame Structure
Chapter 3
20
3 Ethernet II Frame Structure Preamble •
The preamble is eight bytes long and consists of alternating ones and zeroes
•
This special string of bits precedes the actual Ethernet frame itself, and is not counted as part of the overall frame length
Destination Address Field •
The Destination Address field is six bytes long and indicates the data link address (also referred to as the hardware address or MAC address) of the destination IP host
•
The destination address may be broadcast, multicast, or unicast
Chapter 3
21
3 Ethernet II Frame Structure Source Address Field • The Source Address field is six bytes long and indicates the sender’s hardware address • This field can only contain a unicast address—it cannot contain a broadcast or multicast address
Type Field • The Type field is two bytes long and identifies the protocol that is using this frame type Chapter 3
22
3 Assigned Protocol Types (by Number)
Chapter 3
23
3 Ethernet II Frame Structure Frame Check Sequence Field • The Frame Check Sequence field is four bytes long and includes the result of the CRC calculation • Upon receipt of an Ethernet II frame, an IP host checks the validity of the contents by performing a CRC check on its contents, and comparing the result to the value contained in the Frame Check Sequence field • At the Data Link layer, the frame is examined to determine the actual destination address (broadcast, multicast, or unicast)
Chapter 3
24
3 Ethernet 802.2 LLC Frame Structure •
Figure 3-2 depicts the format of an Ethernet 802.2 Logical Link Control (LLC) frame
•
The Ethernet 802.2 LLC frame type consists of the following fields: – Preamble – Start Frame Delimiter (SFD) field – Destination Address field – Source Address field – Length field – Destination Service Access Point (DSAP) field – Source Service Access Point (SSAP) field – Control field – Data field – Frame Check Sequence (FCS) field
Chapter 3
25
3 Ethernet 802.2 LLC Frame Structure Preamble • This preamble does not end in consecutive ones
Start Frame Delimiter (SFD) Field • The 1-byte SFD field consists of the pattern 10101011 and indicates the start of the Destination Address field
Length Field • The 2-byte Length field indicates the number of bytes in the data portion of the frame • This frame does not use a Type field in this location—it uses a Service Access Point (SAP) field to indicate the upcoming protocol Chapter 3
26
3 Ethernet 802.2 LLC Frame Structure Destination Service Access Point (DSAP) Field • This 1-byte field indicates the destination protocol • Table 3-2 lists some of the assigned SAP numbers (defined by the IEEE)
Source Service Access Point (SSAP) Field • This 1-byte field indicates the source protocol (typically the same as the destination protocol) Chapter 3
27
3 Assigned SAP Numbers
Chapter 3
28
3 Ethernet 802.2 LLC Frame Structure Control Field • This 1-byte field indicates whether this frame is unnumbered format (connections) or informational/supervisory format (for connectionoriented and management purposes)
Ethernet SNAP Frame Structure • RFC 1042, “A Standard for the Transmission of IP Datagrams over IEEE 802 Networks,” specifies how IP traffic should be encapsulated to 802.2 LLC frames that include the Sub-Network Access Protocol (SNAP) portion Chapter 3
29
3 Ethernet 802.2 LLC Frame Structure Ethernet SNAP Frame Structure • Although Windows 2000 defaults to transmitting IP and ARP communications over the Ethernet II frame type, you can edit the Registry to support transmission of IP and ARP over the Ethernet 802.2 SNAP frame structure by adding the ArpUseEtherSNAP Registry setting, as listed in Table 3-3. Chapter 3
30
3 ArpUseEtherSNAP Registry Setting
Chapter 3
31
3 Ethernet 802.2 LLC Frame Structure Ethernet SNAP Frame Structure •
The Registry entry ArpUseEtherSNAP must be set to 1 to enable use of the Ethernet 802.2 SNAP frame format for IP and ARP traffic over Ethernet
•
Figure 3-3 depicts the format of an Ethernet SNAP frame Chapter 3
32
3 Ethernet 802.2 LLC Frame Structure Organization Code Field • This 3-byte field identifies the organization that assigned the Ethernet type number used in the Ether Type field that follows
Ether Type Field • The 2-byte Ether Type field indicates the network protocol that is using this Ethernet SNAP frame format Chapter 3
33
3 Token Ring Frame Types • The IEEE 802.5 standard defines token ring networking • Token ring networks rely on a physical star design, although they use a logical ring transmission paths, as shown in Figure 3-4 • On a token ring network, each token ring workstation acts as a repeater—repeating each packet received back onto the network • There are two variations of token ring frames: Token Ring 802.2 LLC frames and Token Ring SNAP frames Chapter 3
34
Token Ring Networks Are Physically Stars, But Logically Rings
Chapter 3
3
35
3 Token Ring 802.2 LLC Frame Format •
The standard Token Ring 802.2 LLC frames include the same LLC fields used by the Ethernet 802.2 LLC frame
Chapter 3
36
3 Token Ring 802.2 LLC Frame Format Start Delimiter Field • The 1-byte Start Delimiter field is used to designate the beginning of a token ring frame
Access Control Field • The 1-byte Access Control field indicates whether the upcoming fields constitute a token or a frame, the priority of the token or frame, and if the frame or token already circled the ring once Chapter 3
37
3 Token Ring 802.2 LLC Frame Format Frame Control Field • This 1-byte field indicates whether the frame contains token ring management information or data
Destination Address Field • This 6-byte field indicates the destination hardware address Chapter 3
38
3 Token Ring 802.2 LLC Frame Format Source Address Field • This 6-byte field indicates the source hardware address • This field must contain a unicast address
Destination Service Access Point (DSAP) Field (LLC 802.2) • This 1-byte field is the start of the LLC section, and indicates the destination protocol Chapter 3
39
3 Token Ring 802.2 LLC Frame Format Source Service Access Point (SSAP) Field (LLC 802.2) • This 1-byte field indicates the source protocol in use
Control Field (LLC 802.2) • This 1-byte field indicates whether this frame is unnumbered (connectionless) or supervisory/informational (for connectionoriented and management purposes) Chapter 3
40
3 Token Ring 802.2 LLC Frame Format Data Field • This field can be between zero and 18,000 bytes long and contains the TCP/IP data
Frame Check Sequence Field • The Frame Check Sequence field is four bytes long and includes the result of the CRC calculation used to error check the packet
End Delimiter Field • This 1-byte field indicates the end of the token ring frame (except for the Frame Status field) Chapter 3
41
3 Token Ring 802.2 LLC Frame Format End Delimiter Field • This 1-byte field indicates the end of the token ring frame (except for the Frame Status field)
Frame Status Field • This 1-byte field is used to indicate if the frame’s destination address was recognized, and if the frame was copied Chapter 3
42
3 Token Ring SNAP Frame Format • The Token Ring SNAP frame format expands the standard 802.2 LLC layer by adding an Organization Code field and an Ether Type field Chapter 3
43
3 Token Ring SNAP Frame Format Organization Code Field • This 3-byte field identifies the organization that assigned the Ethernet type number used in the Ether Type field that follows
Ether Type Field • The 2-byte Ether Type field indicates the network protocol that is using this Ethernet SNAP frame format Chapter 3
44
3 Hardware Addresses in the IP Environment • IP addresses are used to identify individual IP hosts on a TCP/IP internetwork • TCP/IP networking uses ARP to determine the hardware address of the local target for the packet • IP hosts maintain an ARP cache—a table of hardware addresses learned through the ARP process—in memory • ARP is used only to find the hardware address of local IP hosts Chapter 3
45
ARP Broadcasts Identify the Source and the Desired IP Address
Chapter 3
3
46
3 Hardware Addresses in the IP Environment • If the IP destination is remote (on another network), the IP host must refer to its routing tables to determine the proper router for the packet • This is referred to as the route resolution process • ARP is not routable • ARP can also be used to test for a duplicate IP address on the network Chapter 3
47
3 ARP Frame Structure
Chapter 3
48
3 ARP Duplicate IP Address Test
Chapter 3
49
3 ARP Packet Fields and Functions • By default, Windows 2000 uses the Ethernet II frame type for all ARP traffic • There are two basic ARP packets—the ARP request packet and the ARP reply packet • The most confusing part of ARP is the interpretation of the sender and target address information • Figure 3-11 shows the ARP reply packet Chapter 3
50
3 ARP Request for IP Host 10.1.0.99
Chapter 3
51
3 ARP Reply Packet Is a Unicast Packet
Chapter 3
52
3 Hardware Type Field • This field defines the hardware or data link type in use, is also used to determine the hardware address length, which makes the Length of Hardware Address field redundant Chapter 3
53
3 Protocol Type Field •
This field defines the protocol address type in use, and uses the standard protocol ID values that are also used in the Ethernet II frame structures
Chapter 3
54
3 Length of Hardware Address Field • This field defines the length (in bytes) of the hardware addresses used in this packet
Chapter 3
55
3 Length of Protocol Address Field • This field indicates the length (in bytes) of the protocol (network) addresses used in this packet • This field is redundant because the Protocol Type field also determines this value Chapter 3
56
3 Opcode Field • This field defines whether this ARP packet is a request or reply packet, and defines the type of address resolution taking place
Chapter 3
57
3 Sender’s Hardware Address Field • This field indicates the hardware address of the IP host that sends this request or reply
Chapter 3
58
3 Sender’s Protocol Address Field • This field indicates the protocol, or network, address of the IP host that sends this request or reply
Chapter 3
59
3 Target Hardware Address Field • This field indicates the desired target’s hardware address, if known • In ARP replies, this field should contain one of the following: – The hardware address of the desired IP host if the sender and destination share a common data link – The hardware address of the next router in the path to the destination if they don’t share a common data link. This is known as the next-hop router to that IP host, in which that device will be the first of one or more routers that will convey the data from sender to receiver Chapter 3
60
3 Target Protocol Address Field • This field indicates the desired target’s protocol, or network, address
Chapter 3
61
3 ARP Cache • ARP information (hardware addresses and their associated IP addresses) is kept in an ARP cache in memory on most operating systems, including Linux, BSD, UNIX, Windows 95, Windows 98, Windows NT, and Windows 2000
Chapter 3
62
3 ARP Cache • Windows-based systems also have a utility you can use to view your IP and hardware addresses • You can use the Windows utility WINIPCFG on Windows 95 systems • You can use the command-line utility IPCONFIG on Windows 98 and Windows 2000 systems • The IPCONFIG utility also indicates that the default gateway is 10.2.0.99 • On a Windows 2000 system, ARP cache entries are kept in memory for 120 seconds Chapter 3
63
IPCONFIG Utility Indicates the Device’s IP and Hardware Addresses
Chapter 3
3
64
3 ArpCacheLife Registry Setting
Chapter 3
65
3 Proxy ARP • Proxy ARP is a method that allows an IP host to use a simplified subnetting design • Proxy ARP also enables a router to “ARP” in response to an IP host’s ARP broadcasts Chapter 3
66
3 ARP Proxy Network Design
Chapter 3
67
3 Reverse ARP (RARP) • Reverse ARP is, as its name implies, the reverse of ARP • RARP was initially defined to enable diskless workstations to find their own IP addresses Chapter 3
68
3 Network Layer Protocols • The primary function of Network layer protocols is to move datagrams through an internetwork connected by routers • Network layer communications are end-to-end communications that define the originator as the source Network layer address, and the target as the destination Network layer address • Internet Protocol is the Network layer protocol used in the TCP/IP suite • IP version 4 (IPv4) is widely implemented • Internet Protocol version 6 (IPv6) is undergoing some initial implementations Chapter 3
69
3 About Internet Protocol (IP) • We examine how an IP datagram is formed, how an IP host learns whether the destination is local or remote, how packets are fragmented and reassembled, as well as the details of IP packet structures Chapter 3
70
3 Sending IP Datagrams • IP offers connectionless service with end-to-end Network layer addressing • Building an IP datagram packet to send on the wire has certain requirements • We must know the: – IP addresses of the source and destination – Hardware address of the source and next-hop router
• Your system needs to resolve the name fred to an IP address • This is called the name resolution process Chapter 3
71
Data Link Header Is Stripped Off and Reapplied by the IP Router as the Packet Is Forwarded
Chapter 3
3
72
3 Route Resolution Process • The route resolutions process enables an IP host to determine if the desired destination is local or remote
Chapter 3
73
3 Local or Remote Destination? • Upon determination of the IP address of the desired destination, the IP host compares the network portion of the destination address to its own local network address
Chapter 3
74
3 If Remote, Which Router? • Now that the local IP host knows that the destination is remote, the IP host must determine the hardware address of the appropriate router for the packet • The IP host looks in its local routing tables to determine if it has a host entry or network router entry for the target • If neither a host entry nor network entry is listed, the IP host checks for a default gateway entry Chapter 3
75
3 If Remote, Which Router? • The default gateway offers a path of blind faith —because the IP host does not have a route to the destination, it sends the packet to the default gateway, and just hopes the default gateway can figure out what to do with the packet • If IP hosts cannot communicate with each other, you can use a protocol analyzer to determine what went wrong Chapter 3
76
3 If Remote, Which Router? • Perhaps one of the following faults occurred: – The IP host can ARP only for IP hosts that are local— perhaps the actual destination is remote (check the source subnet mask and the destination’s IP address) – Perhaps the destination is local, but not replying to the ARP because it is not completely functional (a duplicate IP address was detected, or the destination is simply down) – Maybe the IP address the source received from a name resolution process, such as DNS, is incorrect Chapter 3
77
Sample of an ARP Failure Due to a Discomfiture Network Mask
Chapter 3
3
78
3 If Remote, Which Router? • It is time to examine the following unique characteristics of IP communications: – Lifetime of an IP datagram – Fragmentation and reassembly – Service delivery options – IP header fields and functions Chapter 3
79
3 Lifetime of an IP Datagram • All IP packets have a predefined lifetime indicated in each packet’s Time to Live (TTL) field • This ensures that packets cannot indefinitely circle a looped internetwork • The recommended starting TTL value is 64 • The default TTL in Windows 2000 is 128 • If a packet with TTL=1 arrives at a router, the router must discard the packet because it cannot decrement the TTL to zero and forward the packet Chapter 3
80
3 Lifetime of an IP Datagram •
If a packet with TTL=1 arrives at a host, what should the host do?
•
Process the packet, of course
•
The hosts do not need to decrement the TTL value upon receipt
•
TRACEROUTE uses the TTL value and the timeout process to trace the end-to-end path through an internetwork
Chapter 3
81
3 Fragmentation and Reassembly • IP fragmentation enables a larger packet to be automatically fragmented by a router into smaller packets to cross a link that supports a smaller MTU, such as Ethernet link • Once fragmented, no reassembly occurs until those fragments arrive at the destination, where they will be reassembled at the Transport layer • When the first fragment arrives at the destination, however, the destination host begins counting down from the TTL value of that packet Chapter 3
82
3 Fragmentation and Reassembly • Figure 3-17 through 3-19 show the first, middle, and last fragments of a fragment set Chapter 3
83
3
Second Packet of a Fragment Set (More to Come Bit Is Set to 1 and the Offset Is 185 [1480 bytes])
Chapter 3
84
3 Fragmentation and Reassembly •
When the fragments arrive at the destination IP host, they are put back in order based on the Fragment Offset value contained in the IP header
•
On a network that is low on available bandwidth, the fragment retransmission process causes more traffic on the wire Chapter 3
85
3 Service Delivery Options • IP supports a method for defining packet priority and route priority • The Type of Service (TOS) field in the IP header section is separated into two distinct fields: – Precedence – Type of Service Chapter 3
86
3 Precedence • A router uses precedence to determine what packet to send when several packets are queued for transmission from a single-output interface • One example of precedence use is Voice over IP (VoIP) • The precedence for VoIP traffic may be set to five to support VoIP real-time functionality Chapter 3
87
3 Type of Service (TOS) • Routers use TOS to select a routing path when there are multiple paths available • OSPF and Border Gateway Protocol (BGP) are two examples of routing protocols that support multiple types of services
Chapter 3
88
3 Type of Service (TOS)
Chapter 3
89
3 Type of Serviced Functionality
Chapter 3
90
3 Type of Serviced Functionality
Chapter 3
91
3 IP Header Fields and Functions • Figure 3-20 depicts the entire IP header structure
Chapter 3
92
3 Version Field • The first field in the IP header is the Version field
• We are currently at version 4
Chapter 3
93
3 Header Length Field • This field is also referred to as the Internet Header Length (IHL) field • This field denotes the length of the IP header only • This field value is provided in multiples of four bytes Chapter 3
94
3 Type of Service Field • The TOS field actually has two components: precedence and Type of Service • Precedence is defined in the first three bits, and may be used by routers to prioritize traffic that goes through router queues
Chapter 3
95
3 Type of Service Field
Chapter 3
96
3 Type of Service Bit Settings
Chapter 3
97
3 Total Length Field • This field defines the length of the IP header and any valid data (does not include any data link padding) • In the example shown in Figure 3-22, the total length is 213 bytes Chapter 3
98
3 Identification Field • Each individual packet is given a unique ID value when it is sent • If the packet must be fragmented to fit on a network that supports a smaller packet size, the same ID number is placed in each fragment Chapter 3
99
3 Flags Field • The Flags field is actually three bits long; the bit value assignments are shown in Table 3-14
Chapter 3
100
3 Fragment Offset Field • If the packet is a fragment, this field shows where to place this packet’s data when the fragments are reassembled into a single packet (at the destination IP host)
Chapter 3
101
3 Time to Live (TTL) Field • This field denotes the remaining lifetime (defined as seconds, but implemented as hops through routers) of the packet • Typical starting TTL values are 32, 64, and 128 Chapter 3
102
3 Protocol Field • Headers should have some field that defines what is coming up next
Chapter 3
103
3 Header Checksum Field • The IP Header Checksum field provides error detection on the contents of the IP header only —it does not cover other contents of the packet, nor does it include the Checksum field itself in the calculation • This is an error-detection mechanism in addition to the data link error-detection mechanism (such as the Ethernet CRC) Chapter 3
104
3 Source Address Field • This is the IP address of the IP host that sent the packet
Chapter 3
105
3 Destination Address • This field can include a unicast, multicast, or broadcast address
• This is the final destination of the packet
Chapter 3
106
3 Options Fields •
The IP header can be extended by several options (although these options are not often used)
•
If the header is extended with options, those options must end on a 4-byte boundary because the Internet Header Length (IHL) field defines the header length in 4-byte boundaries
Chapter 3
107
3 Summary • Because they manage access to the networking medium, data link protocols also manage the transfer of datagrams across the network • When WAN protocols, such as SLIP or PPP, come into play, it’s possible to use analog phone lines, digital technologies that include ISDN, DSL, or Tcarrier connections, or switched technologies, such as X.25, frame relay, or ATM, to establish links that can carry IP and other datagrams from a sender to a receiver Chapter 3
108
3 Summary • Ethernet II frames are the most common frame type on LANs, but a variety of other frame types exist that carry TCP/IP over Ethernet or token ring networks • Understanding frame layouts is crucial for proper handling of their contents, regardless of the type of frame in use • At the lower level of detail, it’s important to understand the difference in field layouts and meanings when comparing various frame types for any particular network medium Chapter 3
109
3 Summary • Because hardware or MAC layer addresses are so important when identifying individual hosts on any TCP/IP network segment, it’s imperative to understand how TCP/IP manages the translation between MAC layer addresses and numeric IP addresses • Understanding ARP packet fields greatly helps to illuminate the address resolution process, particularly the use of the “all-zeroes” address in the Target Hardware Address field to indicate that a value is needed
Chapter 3
110
3 Summary • A more advanced mechanism called proxy ARP permits a router to interconnect multiple network segments and make them behave like a single network segment • Network layer protocols make their way to the Data Link layer through a process known as data encapsulation Chapter 3
111
3 Summary • When a frame must travel from one network segment to another, a process to resolve its route must occur • Other important characteristics of IP datagrams include: Time to Live (TTL) values, which prevent stale frames from persisting indefinitely on a network; fragmentation of incoming frames when the next link on a route uses a smaller MTU than the incoming link Chapter 3
112
Data Link and Network Layer TCP/IP Protocols A Guide to TCP/IP
Chapter 3
1
3 Objectives After reading this chapter and completing the exercises you will be able to: • Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP • Distinguish among various Ethernet and token ring frame types • Understand how hardware addresses work in a TCP/IP environment, and the services that ARP and RARP provide for such networks Chapter 3
2
3 Objectives After reading this chapter and completing the exercises you will be able to: • Appreciate the overwhelming importance of the Internet Protocol (IP), and how IP packets behave on TCP/IP networks • Understand the structures and functions of an IP header • Appreciate the function of the Maximum Transfer Unit (MTU) for any physical medium, and why fragmentation is sometimes required of the Network layer Chapter 3
3
3 Data Link Protocols • The Data Link layer performs several key jobs with the two most important being: – Managing access to whatever networking medium is in use, called Media Access Control (usually abbreviated as MAC) – Creating temporary point-to-point links between a pair of MAC layer addresses to enable data transfer, called Logical Link Control (usually abbreviated as LLC)
• A point-to-point data transfer involves shipping data from a specific MAC layer address that represents the point of transmission to another specific MAC layer address that represents the point of reception on a single network segment, or TCP/IP subnet Chapter 3
4
3 Data Link Protocols • This same point-to-point technique also works for data transfer across wide area network (WAN) links —such as analog telephone lines, digital connections, or X.25—which is why certain TCP/IP data link protocols may sometimes be called WAN protocols • The data encapsulation techniques used to enclose packet payloads for transmission across WAN links differ from those used for LAN connections, and involve specialized protocols that operate at the Data Link layer Chapter 3
5
3 Data Link Protocols • The specific protocols are: – Serial Line Internet Protocol (SLIP) – Point-to-Point Protocol (PPP) – Special handling for X.25, frame relay, and Asynchronous Transfer Mode (ATM) connections
• The key to understanding the material is to recognize that both SLIP and PPP support a straightforward point-topoint connection between two parties, or nodes, on a link • These kinds of two-party connections include analog phone lines, Digital Subscriber Line (DSL) connections, and T-carriers, such as T1, T3, E1, or E3 Chapter 3
6
3 Data Link Protocols • Special handling is necessary for X.25, frame relay, and Asynchronous Transfer Mode (ATM) WAN links, which use packet or circuit-switching technologies, and must explicitly address sender and receiver at the Data Link layer • WAN encapsulation of frames at the Data Link layer involves one or more of the following services (they vary according to the requirements of the type of link used): – Addressing
– Bit-level integrity check
– Delimitation
– Protocol identification (PID)
Chapter 3
7
3 The Serial Line Internet Protocol (SLIP) • SLIP is the original point-to-point protocol for TCP/IP traffic, still used for connecting to some ISPs today • SLIP uses a special END character (0xC0) that is placed at the beginning and end of each IP datagram to delimit the payload • The SLIP ESC character is not the same as the American Standard Code for Information Interchange (ASCII) ESC character, the hex DBDC sequence is usually denoted 0xDB-DC Chapter 3
8
3 The Serial Line Internet Protocol (SLIP) • If the SLIP ESC character occurs in a frame’s payload 0xDB-DD replaces it • AS specified in RFC 1055, the maximum size of a SLIP data gram is 1066 bytes • Most systems continue to set the upper bound for SLIP datagram at 1066 bytes, but Windows 2000 permits MTUs of 1500 bytes for SLIP datagrams to avoid fragmentation when a SLIP connection links two Ethernet segments • RFC 1144 was developed to permit IP and TCP headers to be compressed when sent across a SLIP link • This version of SLIP is called compressed SLIP (C-SLIP) Chapter 3
9
3 Point-to-Point Protocol (PPP) • PPP is a general-purpose, point-to-point protocol that overcomes SLIP’s deficiencies, and provides WAN data link encapsulation services similar to those available for LAN encapsulation • RFC 1661 provides the detailed specifications for PPP, and includes the following characteristics: – Encapsulation methods that support simultaneous use of multiple protocols across the same link – A special Link Control Protocol (LCP) used to negotiate the characteristics of any point-to-point link established using PPP Chapter 3
10
3 Point-to-Point Protocol (PPP) – A collection of negotiation protocols used to establish the Network layer properties of protocols carried over the point-topoint link, called Network Control Protocols (NCPs). RFCs 1332 and 1877 describe an NCP for IP, known as the Internet Protocol Control Protocol (IPCP), used to negotiate an IP address for the sending party, addresses for DNS servers, and (optional) use of the Van Jacobsen TCP compression protocol, where possible
• PPP encapsulation and framing techniques are based on the ISO High-level Data Link Control (HDLC) protocol, which is in turn based on IBM’s work on the Synchronous Data Link Control (SDLC) protocol used as part of its Systems Network Architecture (SNA) protocols
Chapter 3
11
3 Point-to-Point Protocol (PPP) • Although PPP framing supports addressing and link control information derived from HDLC, most PPP implementations use an abbreviated form that skips this unnecessary information • The fields in the PPP header and trailer include the following values: – Flag – Protocol identifier – Frame Check Sequence (FCS) Chapter 3
12
3 Point-to-Point Protocol (PPP) • When PPP is used with synchronous technologies, such as T1, Integrated Services Digital Network (ISDN), DSL, or Synchronous Optical Network (SONET) links, a faster, more efficient technique of bit substitutions is used, rather than the wholesale character replacement used with asynchronous links • PPP supports a default MTU of 1500 bytes, which makes it ideal for interconnecting Ethernet-based networks (or peers) Chapter 3
13
3 Special Handling for PPP Links • When any particular switched technologies, such as X.25, frame relay, or ATM, are used to link together PPP peers, additional control and addressing information must be included in PPP headers to manage the connection • RFCs describe encapsulation of PPP datagrams for these technologies: – X.25: RFC 1356 – Frame relay: RFC 2427 – ATM: RFCs 1557 and 1626 Chapter 3
14
3 Frame Types • At the Data Link layer, protocol data units are called frames; in TCP/IP terminology, these PDUs may also be called IP datagrams, which can be encapsulated in a variety of frame types
Chapter 3
15
3 Ethernet Frame Types • The Ethernet II frame type is the de facto standard frame type used for IP datagram transmissions over Ethernet networks • The Ethernet II frame has a protocol identification field (the Type field) that contains the value 0x0800 to identify the encapsulated protocol as IP • Before an IP datagram is transmitted onto the cable, the data link driver puts the leading frame onto the datagram Chapter 3
16
3 Ethernet Frame Types • If a frame does not meet the minimum frame size of 64 bytes, the driver must pad the Data field • The Ethernet NIC performs a Cyclical Redundancy Check (CRC) procedure on the contents of the frame, and places a value at the end of the frame in the Frame Check Sequence field • Finally, the NIC sends the frame, led by a preamble, which is a leading bit pattern used by the receiver to correctly interpret the bits as ones and zeroes Chapter 3
17
3 Ethernet Frame Types • There are three Ethernet frame types that TCP/IP can use: – Ethernet II – Ethernet 802.2 Logical Link Control (LLC) – Ethernet 802.2 Sub-Network Access Protocol (SNAP) Chapter 3
18
3 Ethernet II Frame Structure • The Ethernet II frame type consists of the following values, fields, and structure: – Preamble – Destination Address field – Source Address field – Type field – Data field – Frame Check Sequence field Chapter 3
19
3 Ethernet II Frame Structure
Chapter 3
20
3 Ethernet II Frame Structure Preamble •
The preamble is eight bytes long and consists of alternating ones and zeroes
•
This special string of bits precedes the actual Ethernet frame itself, and is not counted as part of the overall frame length
Destination Address Field •
The Destination Address field is six bytes long and indicates the data link address (also referred to as the hardware address or MAC address) of the destination IP host
•
The destination address may be broadcast, multicast, or unicast
Chapter 3
21
3 Ethernet II Frame Structure Source Address Field • The Source Address field is six bytes long and indicates the sender’s hardware address • This field can only contain a unicast address—it cannot contain a broadcast or multicast address
Type Field • The Type field is two bytes long and identifies the protocol that is using this frame type Chapter 3
22
3 Assigned Protocol Types (by Number)
Chapter 3
23
3 Ethernet II Frame Structure Frame Check Sequence Field • The Frame Check Sequence field is four bytes long and includes the result of the CRC calculation • Upon receipt of an Ethernet II frame, an IP host checks the validity of the contents by performing a CRC check on its contents, and comparing the result to the value contained in the Frame Check Sequence field • At the Data Link layer, the frame is examined to determine the actual destination address (broadcast, multicast, or unicast)
Chapter 3
24
3 Ethernet 802.2 LLC Frame Structure •
Figure 3-2 depicts the format of an Ethernet 802.2 Logical Link Control (LLC) frame
•
The Ethernet 802.2 LLC frame type consists of the following fields: – Preamble – Start Frame Delimiter (SFD) field – Destination Address field – Source Address field – Length field – Destination Service Access Point (DSAP) field – Source Service Access Point (SSAP) field – Control field – Data field – Frame Check Sequence (FCS) field
Chapter 3
25
3 Ethernet 802.2 LLC Frame Structure Preamble • This preamble does not end in consecutive ones
Start Frame Delimiter (SFD) Field • The 1-byte SFD field consists of the pattern 10101011 and indicates the start of the Destination Address field
Length Field • The 2-byte Length field indicates the number of bytes in the data portion of the frame • This frame does not use a Type field in this location—it uses a Service Access Point (SAP) field to indicate the upcoming protocol Chapter 3
26
3 Ethernet 802.2 LLC Frame Structure Destination Service Access Point (DSAP) Field • This 1-byte field indicates the destination protocol • Table 3-2 lists some of the assigned SAP numbers (defined by the IEEE)
Source Service Access Point (SSAP) Field • This 1-byte field indicates the source protocol (typically the same as the destination protocol) Chapter 3
27
3 Assigned SAP Numbers
Chapter 3
28
3 Ethernet 802.2 LLC Frame Structure Control Field • This 1-byte field indicates whether this frame is unnumbered format (connections) or informational/supervisory format (for connectionoriented and management purposes)
Ethernet SNAP Frame Structure • RFC 1042, “A Standard for the Transmission of IP Datagrams over IEEE 802 Networks,” specifies how IP traffic should be encapsulated to 802.2 LLC frames that include the Sub-Network Access Protocol (SNAP) portion Chapter 3
29
3 Ethernet 802.2 LLC Frame Structure Ethernet SNAP Frame Structure • Although Windows 2000 defaults to transmitting IP and ARP communications over the Ethernet II frame type, you can edit the Registry to support transmission of IP and ARP over the Ethernet 802.2 SNAP frame structure by adding the ArpUseEtherSNAP Registry setting, as listed in Table 3-3. Chapter 3
30
3 ArpUseEtherSNAP Registry Setting
Chapter 3
31
3 Ethernet 802.2 LLC Frame Structure Ethernet SNAP Frame Structure •
The Registry entry ArpUseEtherSNAP must be set to 1 to enable use of the Ethernet 802.2 SNAP frame format for IP and ARP traffic over Ethernet
•
Figure 3-3 depicts the format of an Ethernet SNAP frame Chapter 3
32
3 Ethernet 802.2 LLC Frame Structure Organization Code Field • This 3-byte field identifies the organization that assigned the Ethernet type number used in the Ether Type field that follows
Ether Type Field • The 2-byte Ether Type field indicates the network protocol that is using this Ethernet SNAP frame format Chapter 3
33
3 Token Ring Frame Types • The IEEE 802.5 standard defines token ring networking • Token ring networks rely on a physical star design, although they use a logical ring transmission paths, as shown in Figure 3-4 • On a token ring network, each token ring workstation acts as a repeater—repeating each packet received back onto the network • There are two variations of token ring frames: Token Ring 802.2 LLC frames and Token Ring SNAP frames Chapter 3
34
Token Ring Networks Are Physically Stars, But Logically Rings
Chapter 3
3
35
3 Token Ring 802.2 LLC Frame Format •
The standard Token Ring 802.2 LLC frames include the same LLC fields used by the Ethernet 802.2 LLC frame
Chapter 3
36
3 Token Ring 802.2 LLC Frame Format Start Delimiter Field • The 1-byte Start Delimiter field is used to designate the beginning of a token ring frame
Access Control Field • The 1-byte Access Control field indicates whether the upcoming fields constitute a token or a frame, the priority of the token or frame, and if the frame or token already circled the ring once Chapter 3
37
3 Token Ring 802.2 LLC Frame Format Frame Control Field • This 1-byte field indicates whether the frame contains token ring management information or data
Destination Address Field • This 6-byte field indicates the destination hardware address Chapter 3
38
3 Token Ring 802.2 LLC Frame Format Source Address Field • This 6-byte field indicates the source hardware address • This field must contain a unicast address
Destination Service Access Point (DSAP) Field (LLC 802.2) • This 1-byte field is the start of the LLC section, and indicates the destination protocol Chapter 3
39
3 Token Ring 802.2 LLC Frame Format Source Service Access Point (SSAP) Field (LLC 802.2) • This 1-byte field indicates the source protocol in use
Control Field (LLC 802.2) • This 1-byte field indicates whether this frame is unnumbered (connectionless) or supervisory/informational (for connectionoriented and management purposes) Chapter 3
40
3 Token Ring 802.2 LLC Frame Format Data Field • This field can be between zero and 18,000 bytes long and contains the TCP/IP data
Frame Check Sequence Field • The Frame Check Sequence field is four bytes long and includes the result of the CRC calculation used to error check the packet
End Delimiter Field • This 1-byte field indicates the end of the token ring frame (except for the Frame Status field) Chapter 3
41
3 Token Ring 802.2 LLC Frame Format End Delimiter Field • This 1-byte field indicates the end of the token ring frame (except for the Frame Status field)
Frame Status Field • This 1-byte field is used to indicate if the frame’s destination address was recognized, and if the frame was copied Chapter 3
42
3 Token Ring SNAP Frame Format • The Token Ring SNAP frame format expands the standard 802.2 LLC layer by adding an Organization Code field and an Ether Type field Chapter 3
43
3 Token Ring SNAP Frame Format Organization Code Field • This 3-byte field identifies the organization that assigned the Ethernet type number used in the Ether Type field that follows
Ether Type Field • The 2-byte Ether Type field indicates the network protocol that is using this Ethernet SNAP frame format Chapter 3
44
3 Hardware Addresses in the IP Environment • IP addresses are used to identify individual IP hosts on a TCP/IP internetwork • TCP/IP networking uses ARP to determine the hardware address of the local target for the packet • IP hosts maintain an ARP cache—a table of hardware addresses learned through the ARP process—in memory • ARP is used only to find the hardware address of local IP hosts Chapter 3
45
ARP Broadcasts Identify the Source and the Desired IP Address
Chapter 3
3
46
3 Hardware Addresses in the IP Environment • If the IP destination is remote (on another network), the IP host must refer to its routing tables to determine the proper router for the packet • This is referred to as the route resolution process • ARP is not routable • ARP can also be used to test for a duplicate IP address on the network Chapter 3
47
3 ARP Frame Structure
Chapter 3
48
3 ARP Duplicate IP Address Test
Chapter 3
49
3 ARP Packet Fields and Functions • By default, Windows 2000 uses the Ethernet II frame type for all ARP traffic • There are two basic ARP packets—the ARP request packet and the ARP reply packet • The most confusing part of ARP is the interpretation of the sender and target address information • Figure 3-11 shows the ARP reply packet Chapter 3
50
3 ARP Request for IP Host 10.1.0.99
Chapter 3
51
3 ARP Reply Packet Is a Unicast Packet
Chapter 3
52
3 Hardware Type Field • This field defines the hardware or data link type in use, is also used to determine the hardware address length, which makes the Length of Hardware Address field redundant Chapter 3
53
3 Protocol Type Field •
This field defines the protocol address type in use, and uses the standard protocol ID values that are also used in the Ethernet II frame structures
Chapter 3
54
3 Length of Hardware Address Field • This field defines the length (in bytes) of the hardware addresses used in this packet
Chapter 3
55
3 Length of Protocol Address Field • This field indicates the length (in bytes) of the protocol (network) addresses used in this packet • This field is redundant because the Protocol Type field also determines this value Chapter 3
56
3 Opcode Field • This field defines whether this ARP packet is a request or reply packet, and defines the type of address resolution taking place
Chapter 3
57
3 Sender’s Hardware Address Field • This field indicates the hardware address of the IP host that sends this request or reply
Chapter 3
58
3 Sender’s Protocol Address Field • This field indicates the protocol, or network, address of the IP host that sends this request or reply
Chapter 3
59
3 Target Hardware Address Field • This field indicates the desired target’s hardware address, if known • In ARP replies, this field should contain one of the following: – The hardware address of the desired IP host if the sender and destination share a common data link – The hardware address of the next router in the path to the destination if they don’t share a common data link. This is known as the next-hop router to that IP host, in which that device will be the first of one or more routers that will convey the data from sender to receiver Chapter 3
60
3 Target Protocol Address Field • This field indicates the desired target’s protocol, or network, address
Chapter 3
61
3 ARP Cache • ARP information (hardware addresses and their associated IP addresses) is kept in an ARP cache in memory on most operating systems, including Linux, BSD, UNIX, Windows 95, Windows 98, Windows NT, and Windows 2000
Chapter 3
62
3 ARP Cache • Windows-based systems also have a utility you can use to view your IP and hardware addresses • You can use the Windows utility WINIPCFG on Windows 95 systems • You can use the command-line utility IPCONFIG on Windows 98 and Windows 2000 systems • The IPCONFIG utility also indicates that the default gateway is 10.2.0.99 • On a Windows 2000 system, ARP cache entries are kept in memory for 120 seconds Chapter 3
63
IPCONFIG Utility Indicates the Device’s IP and Hardware Addresses
Chapter 3
3
64
3 ArpCacheLife Registry Setting
Chapter 3
65
3 Proxy ARP • Proxy ARP is a method that allows an IP host to use a simplified subnetting design • Proxy ARP also enables a router to “ARP” in response to an IP host’s ARP broadcasts Chapter 3
66
3 ARP Proxy Network Design
Chapter 3
67
3 Reverse ARP (RARP) • Reverse ARP is, as its name implies, the reverse of ARP • RARP was initially defined to enable diskless workstations to find their own IP addresses Chapter 3
68
3 Network Layer Protocols • The primary function of Network layer protocols is to move datagrams through an internetwork connected by routers • Network layer communications are end-to-end communications that define the originator as the source Network layer address, and the target as the destination Network layer address • Internet Protocol is the Network layer protocol used in the TCP/IP suite • IP version 4 (IPv4) is widely implemented • Internet Protocol version 6 (IPv6) is undergoing some initial implementations Chapter 3
69
3 About Internet Protocol (IP) • We examine how an IP datagram is formed, how an IP host learns whether the destination is local or remote, how packets are fragmented and reassembled, as well as the details of IP packet structures Chapter 3
70
3 Sending IP Datagrams • IP offers connectionless service with end-to-end Network layer addressing • Building an IP datagram packet to send on the wire has certain requirements • We must know the: – IP addresses of the source and destination – Hardware address of the source and next-hop router
• Your system needs to resolve the name fred to an IP address • This is called the name resolution process Chapter 3
71
Data Link Header Is Stripped Off and Reapplied by the IP Router as the Packet Is Forwarded
Chapter 3
3
72
3 Route Resolution Process • The route resolutions process enables an IP host to determine if the desired destination is local or remote
Chapter 3
73
3 Local or Remote Destination? • Upon determination of the IP address of the desired destination, the IP host compares the network portion of the destination address to its own local network address
Chapter 3
74
3 If Remote, Which Router? • Now that the local IP host knows that the destination is remote, the IP host must determine the hardware address of the appropriate router for the packet • The IP host looks in its local routing tables to determine if it has a host entry or network router entry for the target • If neither a host entry nor network entry is listed, the IP host checks for a default gateway entry Chapter 3
75
3 If Remote, Which Router? • The default gateway offers a path of blind faith —because the IP host does not have a route to the destination, it sends the packet to the default gateway, and just hopes the default gateway can figure out what to do with the packet • If IP hosts cannot communicate with each other, you can use a protocol analyzer to determine what went wrong Chapter 3
76
3 If Remote, Which Router? • Perhaps one of the following faults occurred: – The IP host can ARP only for IP hosts that are local— perhaps the actual destination is remote (check the source subnet mask and the destination’s IP address) – Perhaps the destination is local, but not replying to the ARP because it is not completely functional (a duplicate IP address was detected, or the destination is simply down) – Maybe the IP address the source received from a name resolution process, such as DNS, is incorrect Chapter 3
77
Sample of an ARP Failure Due to a Discomfiture Network Mask
Chapter 3
3
78
3 If Remote, Which Router? • It is time to examine the following unique characteristics of IP communications: – Lifetime of an IP datagram – Fragmentation and reassembly – Service delivery options – IP header fields and functions Chapter 3
79
3 Lifetime of an IP Datagram • All IP packets have a predefined lifetime indicated in each packet’s Time to Live (TTL) field • This ensures that packets cannot indefinitely circle a looped internetwork • The recommended starting TTL value is 64 • The default TTL in Windows 2000 is 128 • If a packet with TTL=1 arrives at a router, the router must discard the packet because it cannot decrement the TTL to zero and forward the packet Chapter 3
80
3 Lifetime of an IP Datagram •
If a packet with TTL=1 arrives at a host, what should the host do?
•
Process the packet, of course
•
The hosts do not need to decrement the TTL value upon receipt
•
TRACEROUTE uses the TTL value and the timeout process to trace the end-to-end path through an internetwork
Chapter 3
81
3 Fragmentation and Reassembly • IP fragmentation enables a larger packet to be automatically fragmented by a router into smaller packets to cross a link that supports a smaller MTU, such as Ethernet link • Once fragmented, no reassembly occurs until those fragments arrive at the destination, where they will be reassembled at the Transport layer • When the first fragment arrives at the destination, however, the destination host begins counting down from the TTL value of that packet Chapter 3
82
3 Fragmentation and Reassembly • Figure 3-17 through 3-19 show the first, middle, and last fragments of a fragment set Chapter 3
83
3
Second Packet of a Fragment Set (More to Come Bit Is Set to 1 and the Offset Is 185 [1480 bytes])
Chapter 3
84
3 Fragmentation and Reassembly •
When the fragments arrive at the destination IP host, they are put back in order based on the Fragment Offset value contained in the IP header
•
On a network that is low on available bandwidth, the fragment retransmission process causes more traffic on the wire Chapter 3
85
3 Service Delivery Options • IP supports a method for defining packet priority and route priority • The Type of Service (TOS) field in the IP header section is separated into two distinct fields: – Precedence – Type of Service Chapter 3
86
3 Precedence • A router uses precedence to determine what packet to send when several packets are queued for transmission from a single-output interface • One example of precedence use is Voice over IP (VoIP) • The precedence for VoIP traffic may be set to five to support VoIP real-time functionality Chapter 3
87
3 Type of Service (TOS) • Routers use TOS to select a routing path when there are multiple paths available • OSPF and Border Gateway Protocol (BGP) are two examples of routing protocols that support multiple types of services
Chapter 3
88
3 Type of Service (TOS)
Chapter 3
89
3 Type of Serviced Functionality
Chapter 3
90
3 Type of Serviced Functionality
Chapter 3
91
3 IP Header Fields and Functions • Figure 3-20 depicts the entire IP header structure
Chapter 3
92
3 Version Field • The first field in the IP header is the Version field
• We are currently at version 4
Chapter 3
93
3 Header Length Field • This field is also referred to as the Internet Header Length (IHL) field • This field denotes the length of the IP header only • This field value is provided in multiples of four bytes Chapter 3
94
3 Type of Service Field • The TOS field actually has two components: precedence and Type of Service • Precedence is defined in the first three bits, and may be used by routers to prioritize traffic that goes through router queues
Chapter 3
95
3 Type of Service Field
Chapter 3
96
3 Type of Service Bit Settings
Chapter 3
97
3 Total Length Field • This field defines the length of the IP header and any valid data (does not include any data link padding) • In the example shown in Figure 3-22, the total length is 213 bytes Chapter 3
98
3 Identification Field • Each individual packet is given a unique ID value when it is sent • If the packet must be fragmented to fit on a network that supports a smaller packet size, the same ID number is placed in each fragment Chapter 3
99
3 Flags Field • The Flags field is actually three bits long; the bit value assignments are shown in Table 3-14
Chapter 3
100
3 Fragment Offset Field • If the packet is a fragment, this field shows where to place this packet’s data when the fragments are reassembled into a single packet (at the destination IP host)
Chapter 3
101
3 Time to Live (TTL) Field • This field denotes the remaining lifetime (defined as seconds, but implemented as hops through routers) of the packet • Typical starting TTL values are 32, 64, and 128 Chapter 3
102
3 Protocol Field • Headers should have some field that defines what is coming up next
Chapter 3
103
3 Header Checksum Field • The IP Header Checksum field provides error detection on the contents of the IP header only —it does not cover other contents of the packet, nor does it include the Checksum field itself in the calculation • This is an error-detection mechanism in addition to the data link error-detection mechanism (such as the Ethernet CRC) Chapter 3
104
3 Source Address Field • This is the IP address of the IP host that sent the packet
Chapter 3
105
3 Destination Address • This field can include a unicast, multicast, or broadcast address
• This is the final destination of the packet
Chapter 3
106
3 Options Fields •
The IP header can be extended by several options (although these options are not often used)
•
If the header is extended with options, those options must end on a 4-byte boundary because the Internet Header Length (IHL) field defines the header length in 4-byte boundaries
Chapter 3
107
3 Summary • Because they manage access to the networking medium, data link protocols also manage the transfer of datagrams across the network • When WAN protocols, such as SLIP or PPP, come into play, it’s possible to use analog phone lines, digital technologies that include ISDN, DSL, or Tcarrier connections, or switched technologies, such as X.25, frame relay, or ATM, to establish links that can carry IP and other datagrams from a sender to a receiver Chapter 3
108
3 Summary • Ethernet II frames are the most common frame type on LANs, but a variety of other frame types exist that carry TCP/IP over Ethernet or token ring networks • Understanding frame layouts is crucial for proper handling of their contents, regardless of the type of frame in use • At the lower level of detail, it’s important to understand the difference in field layouts and meanings when comparing various frame types for any particular network medium Chapter 3
109
3 Summary • Because hardware or MAC layer addresses are so important when identifying individual hosts on any TCP/IP network segment, it’s imperative to understand how TCP/IP manages the translation between MAC layer addresses and numeric IP addresses • Understanding ARP packet fields greatly helps to illuminate the address resolution process, particularly the use of the “all-zeroes” address in the Target Hardware Address field to indicate that a value is needed
Chapter 3
110
3 Summary • A more advanced mechanism called proxy ARP permits a router to interconnect multiple network segments and make them behave like a single network segment • Network layer protocols make their way to the Data Link layer through a process known as data encapsulation Chapter 3
111
3 Summary • When a frame must travel from one network segment to another, a process to resolve its route must occur • Other important characteristics of IP datagrams include: Time to Live (TTL) values, which prevent stale frames from persisting indefinitely on a network; fragmentation of incoming frames when the next link on a route uses a smaller MTU than the incoming link Chapter 3
112
Related Documents
Datalink & Nw Layer
June 2020 8
Datalink
November 2019 18
Datalink Protocal
May 2020 15
Datalink Fix
May 2020 34
Vhf Datalink
November 2019 27