Source Port
Offset
Reserved Checksum
Destination Port Sequence Number Acknowledgement Number Control Bits
Header
Window Urgent Pointer
Options Data begins here ...
Padding
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Ethernet
Workstation
Workstation
1 2 3 4 5 6
Router Router
Workstation
Version
IHL Type of Service Identification Flag Time-to-live Protocol Source Address Destination Address Options Data begins here ...
Token Ring
Workstation
Workstation
Router Router
Workstation
Total Length Fragment Offset Header Checksum
Padding
Ethernet
Workstation
Workstation
Header
1 2 3 4 5 6
Words
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
4/4/2002
[email protected]
Table of Contents: Introduction.............................................................................................1 Telematics ...............................................................................................................1 Data-communication................................................................................................1 Data-transmission....................................................................................................1 Accident-proof network ............................................................................................1
Network Media........................................................................................2 Network Medium ......................................................................................................2 Twisted-pair cable....................................................................................................2
Unshielded Twisted-Pair ..................................................................................................................2 Shielded Twisted-Pair.......................................................................................................................2
Coaxial cable ...........................................................................................................2
Thick coax ........................................................................................................................................2 Thin coax..........................................................................................................................................2
Fibre-optic cable ......................................................................................................3
Network Components .............................................................................4 Network Operating System ......................................................................................4 Network Interface Card ............................................................................................4 Client........................................................................................................................4 Server ......................................................................................................................4 Client-Server model .................................................................................................5 Local Resource........................................................................................................5 Remote Resource....................................................................................................5 Node ........................................................................................................................6 Concentrator ............................................................................................................6 Hub ..........................................................................................................................6 Repeater ..................................................................................................................6 Bridge ......................................................................................................................6 Router ......................................................................................................................7 Gateway...................................................................................................................7 Backbone.................................................................................................................7
Networks.................................................................................................8 Network Topology....................................................................................................8
Bus Networks ...................................................................................................................................8 Ring Network ....................................................................................................................................9 Star Network.....................................................................................................................................9 Hub Network...................................................................................................................................10
Local Area Networks..............................................................................................10
Circuit-Switched networks ..............................................................................................................11 Packet-Switched networks .............................................................................................................11 Backbone Network .........................................................................................................................12 Thinnet Network .............................................................................................................................12 10BASET Network .........................................................................................................................12
Wide Area Networks ..............................................................................................12
The seven-layer Open Systems Interconnection Reference Model ......13 Communication Protocols......................................................................................13
Characteristics of Layered Architectures:.......................................................................................13
Description of each of these layers........................................................................14
Layer 1, the Physical Layer ............................................................................................................14
Table of Contents
I
4/4/2002
[email protected]
Layer 2, the Data Link Layer ..........................................................................................................15 Layer 3, the Network Layer ............................................................................................................17 Layer 4, the Transport Layer ..........................................................................................................19 Layer 5, the Session Layer .............................................................................................................20 Layer 6, the Presentation Layer .....................................................................................................21 Layer 7, the Application layer .........................................................................................................21
Characteristics of Layered Protocols .....................................................................22
IEEE LAN’s...........................................................................................24 Terminology ...........................................................................................................24
Access method’s ............................................................................................................................24
Architecture of the IEEE 802 Standards ................................................................24
Logical Link Control........................................................................................................................24 Medium Access Control .................................................................................................................26
802 LAN Physical Address ....................................................................................26 IEEE 802.3 Networks.............................................................................................27
How Ethernet Works ......................................................................................................................27 IEEE 802.3 Media...........................................................................................................................30 IEEE 802.3 Frames ........................................................................................................................30 Implementing TCP/IP over IEEE 802.3 ..........................................................................................31
IEEE 802.5 Networks.............................................................................................31
How Token Ring Works .................................................................................................................31 Several reasons can be cited for Token Ring' s lower popularity....................................................33 IEEE 802.5 Frames ........................................................................................................................33
Protocols and Protocol Stacks ..............................................................35 Operating Dual Protocol Stacks.............................................................................36 Network Driver Interface Standard.........................................................................36 Open Datalink Interface .........................................................................................37
Delivering Data Through Internetworks.................................................39 The way data are delivered through internetworks ................................................39 Multiplexing............................................................................................................39 Switching Data .......................................................................................................40
Circuit Switching .............................................................................................................................40 Packet Switching ............................................................................................................................40
Bridges, Routers, and Switches.............................................................................41
Bridges ...........................................................................................................................................41 Routers ...........................................................................................................................................42 Switches .........................................................................................................................................43
Digital Data Services ............................................................................44 Leased line ............................................................................................................44
Dedicated Leased Lines .................................................................................................................44 Switched Digital Lines ....................................................................................................................44
The Internet Model................................................................................44 What TCP/IP provides ...........................................................................................44 Description of each of these layers........................................................................44
Network Access Layer....................................................................................................................44 Internetwork Layer..........................................................................................................................44 Host-to-Host Transport Layer.........................................................................................................44 Process/Application Layer ..............................................................................................................44
Addressing, Routing, and Multiplexing..................................................44 IP Host Address.....................................................................................................44 IP Address Classes ...............................................................................................44 Subnets..................................................................................................................44 Routing ..................................................................................................................44
The Routing Table..........................................................................................................................44
Table of Contents
II
4/4/2002
[email protected]
Internet Routing Architecture .................................................................................44
The Routing Table..........................................................................................................................44
Address Resolution................................................................................................44
RARP..............................................................................................................................................44
Protocols, Ports, and Sockets................................................................................44
Protocol Numbers...........................................................................................................................44 Port Numbers .................................................................................................................................44 Sockets...........................................................................................................................................44
Names and Addresses ..........................................................................................44
The Host Table...............................................................................................................................44 The Network Information Centre Host Table..................................................................................44 Domain Name Service ...................................................................................................................44 The Domain Hierarchy ...................................................................................................................44 Creating Domains and Subdomains...............................................................................................44 Domain Names...............................................................................................................................44 Network Information Service ..........................................................................................................44
Remote Procedure Call .........................................................................................44
Remote Procedure Call Execution .................................................................................................44
External Data Representation................................................................................44
An overview of TCP/IP components .....................................................44 Internet Protocol ....................................................................................................44 Internet Control Message Protocol ........................................................................44 Transmission Control Protocol...............................................................................44 User Datagram Protocol ........................................................................................44 Telnet.....................................................................................................................44 File Transfer Protocol ............................................................................................44 Simple Mail Transfer Protocol................................................................................44 Domain Name System...........................................................................................44 Simple Network Management Protocol..................................................................44 Network File Server ...............................................................................................44 Remote Procedure Calls........................................................................................44 Trivial File Transfer Protocol ..................................................................................44 Boot Protocol .........................................................................................................44 Address Resolution Protocol .................................................................................44 Reverse Address Resolution Protocol ...................................................................44 Network Time Protocol ..........................................................................................44
The TCP/IP Family of Protocols............................................................44 Transport ...............................................................................................................44 Routing ..................................................................................................................44 Network Address ...................................................................................................44 User services .........................................................................................................44 Gateway Protocols.................................................................................................44 Others ....................................................................................................................44
Implementing TCP/IP............................................................................44 Multiple Protocol Stacks ........................................................................................44 NetBIOS and NetBEUI...........................................................................................44 Basic Input Output System ....................................................................................44 NetBIOS over TCP/IP ............................................................................................44 Windows Internet Name Service ...........................................................................44 DNS Windows Name Resolution ...........................................................................44 LMHOSTS File Lookup..........................................................................................44 TCP/IP Applications...............................................................................................44
Table of Contents
III
4/4/2002
[email protected]
Reverse Address Resolution Protocol ...................................................................44 Bootstrap Protocol .................................................................................................44 Dynamic Host Configuration Protocol ....................................................................44 Network File System ..............................................................................................44 Simple Mail Transfer Protocol................................................................................44 Post Office Protocol ...............................................................................................44 Multipurpose Internet Mail Extensions ...................................................................44 File Sharing............................................................................................................44
Interaction of TCP/IP and Other Protocols............................................44 Application Programming Interface........................................................................44 Redirectors and File Sharing .................................................................................44 NOS Gateways and Servers..................................................................................44 NOS Support for Native IP.....................................................................................44
Building an Internet Server ...................................................................44 Isolating the Server................................................................................................44 Providing Full Internet Connectivity .......................................................................44
A basic rule of TCP/IP security is as follows ..................................................................................44 Traffic can be filtered in various ways ............................................................................................44
Simple Network Management Protocol .................................................44 Object Identifier Hierarchy .....................................................................................44
Microsoft TCP/IP...................................................................................44 Microsoft Network Protocols ..................................................................................44 Microsoft Network Protocol Architecture................................................................44 NetBEUI Frame Protocol .......................................................................................44 NWLink ..................................................................................................................44 TCP/IP ...................................................................................................................44
DHCP Concept and Operation .......................................................................................................44 Managing WINS .............................................................................................................................44 Resolving Names on Microsoft Networks ......................................................................................44 Architecture of the Windows Internet Name Service......................................................................44 Naming versus Browsing................................................................................................................44
Managing LMHOST Files.......................................................................................44 Managing DNS ......................................................................................................44 Name Resolution with HOSTS Files ......................................................................44
Transmission Line Theory.....................................................................44 Troubleshooting TCP/IP........................................................................44 Introduction ............................................................................................................44
Tree steps in tracking down the real problem are ..........................................................................44 Some hints on analysing the test results are..................................................................................44
Troubleshooting TCP/IP ........................................................................................44
Approaching a problem ..................................................................................................................44 Troubleshooting Hints ....................................................................................................................44 Diagnostic tools ..............................................................................................................................44 Testing Basic Connectivity .............................................................................................................44
Abbreviations ........................................................................................44 Table of Figures....................................................................................44 Index.....................................................................................................44
Table of Contents
IV
4/4/2002
Alex Peeters
Introduction: Telematics: Telematics is the combination of informatics and telecommunication. It includes a total of services connected with the usage of informatics. The are accessible for the transmission of data by middle from networks. Data-communication: Data-communication is the combination of data-processing and telecommunication. It includes the processing of data of program' s running on computer-systems, and the communication over great distance where the information is transported by using of electrical-conductivity, radio-ways, light-signals, etc.. With data-communication is it possible to communicate over great distances from terminals connected on the communication network.
Figure 1 shows different possibilities for communication of great distance.
Data-transmission: Character-sets (ASCII & EBCDIC), parallel/serial, method' s of transmission (Asynchronically: all characters are directly and independently from eachother transmitted. It begins with a start-, and ends with a stop-bit. & Synchronically: The information-packet is transmitted in block.), simplex/half-duplex/fullduplex, and the speed from the data-transmission. Accident-proof network: Is designed so that the actions of one user do not affect the network access of another user. No network is really accident-proof. Therefore, we must reduce the impact of a user' s mistake on the other users, while knowing well that some accidents cannot be planned for. Design a network that a user cannot bring down by merely disconnecting his PC, or even by accidentally cutting a wire in his office.
Introduction
1
4/4/2002
Alex Peeters
Network Media: A Network Medium is the type of cabling used in a network. There are many types of cables used in networks today, although only a few are commonly used. The type of cabling can have an influence on the speed of the network. A Twisted-pair cable has a pair of wires twisted around eachother to reduce the interference. There can be two, four, or even more sets of twisted pairs in a network cable. Twisted-pair cables are usually attached to the network devices with a jack that looks like a telephone modular jack, but a little wider, supporting up to eight wires. The most commonly used jacks are called RJ-11 (6 wires) and RJ-45 (8 wires), depending on the size of the connector and the number of wires inside.
Figure 2 shows the symbol used for a Twisted-Pair line tag. There are two types of Twisted-Pair cable in use: • A Unshielded Twisted-Pair (UTP) cable is one of the most commonly used network media because it is cheap and easy to work with. • A Shielded Twisted-Pair (STP) cable has the same basic construction as its unshielded cousin, but the entire cable is wrapped in a layer of insulation for protection from interference. The same type of connectors are used with both forms of twisted-pair cables. A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insulation, and the second a mesh or foil conductor surrounded the insulation. Outside the mesh is a layer of outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission than twisted-pair cable. Coax is also broadband, supporting several network channels on the same cable.
Figure 3 shows the symbol used for a Coaxial line tag. There are two types of coaxial cable in use: • Thick coax is a heavy cable that is used as a network backbone for the bus network. This cable is formally known as Ethernet PVC coax, but is usually called 10BASE5. Because thick coax is so heavy and stiff, it is difficult to work with and is quit expensive. • Thin coax is the most common type used in Ethernet networks. It goes by several names, including Thin Ethernet, 10BASE2, and cheapernet. Formally, thin coax is called RG-58. Thin coax is the same as your television cable. The inner connector can be made of a single solid copper wire or fashioned out of thin strands of wire braided together. Thin coax is quite flexible and has a low impedance, so it is capable of fast throughput rates. It is not difficult to lay out, as it is quite flexible, and it is easy to construct cables with the proper connectors, usually BNC connectors, at each end. Thin coax is broadband, although most local area networks use only a single channel of the cable.
Network Media
2
4/4/2002
Alex Peeters
A Fibre-optic cable is becoming popular for very high-speed networks (500 Mbits). It is very expensive but capable of supporting many channels at tremendous speed. Fibre-optic cable is almost never used in local area networks, although some large corporations do use it to connect many LAN’s together into a wide area network. The supporting hardware to handle fibre-optic backbones is quite expensive and specialised.
Figure 4 shows the symbol used for a Fibre-optic line tag.
Network Media
3
4/4/2002
Alex Peeters
Network Components: A Network Operating System (NOS) controls the interaction between all the machines on the network. The network operating system is responsible for controlling the way information is sent over the network medium and handles the way data from one machine is packaged and send to another. The NOS also has to handle what happens when two or more machines try to send at the same time. • Local area networks that have a single server with many clients connected to it who put the NOS on the server. The main part of the NOS sits on the server, while the smaller client software packages are loaded onto each client. • With larger networks that don' t use a single server, such as a network running TCP/IP, the NOS may be part of each machine' s software. A Network Interface Card (NIC) is an adapter that usually sits in a slot inside the PC. Some NIC’s can plug into parallel or SCSI ports. The network interface card handles the connection to the network itself through one or more connectors on the backplane of the card. You must make sure that the network interface card you are using in your machine works with the network operating system. NIC
Figure 5 shows the symbol used for a Network Interface Card.
A Client is any machine that request something from a server. The server supplies files and sometimes processing power to the smaller machines connected to it. Each machine is a client in this type of network.
Figure 6 shows the symbol used for a Client.
A Server is any machine that can provide files, resources, or services to another machine. Any machine that you request a file from is a server. This is the essence of client-server networks: One machine, the client, request something from another machine, the server. A single machine may be both client and server. The more commonly used definition for a server is related to local area networks, where the server is a powerful machine that holds main files and large applications. Other machines on the network connect to the server to access those files and applications. In this type of network, a single machine usually acts as the server and all the other machines are clients. Simply put, the server is any machine on the network that your machine request something from.
Figure 7 shows the symbol used for a Server.
Network Components
4
4/4/2002
Alex Peeters
In the Client-Server model, a client is the machine that initiates a request to a server. This type of terminology is common with TCP/IP networks, where no single machine is a central repository.
initiates a request the response
Figure 8 shows a Client-Server model.
A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so on) that is attached to your machine. Since the machine doesn' t have to go on the network to get to the device, it is called a local device or a local resource. your machine
Modem Local Resources
Figure 9 shows Local Resources.
A Remote Resource is any device that must be reached through the network. Any devices attached to a server, are remote resources. Server
Network
your machine
Modem Remote Resources
Figure 10 shows Remote Resources.
Network Components
5
4/4/2002
Alex Peeters
A Node is any device on a network (server, workstation, printer, scanner, or any other kind of peripheral) that is accessed directly by the network. A node has a unique name or IP address so the rest of the network can identify it. Network
Modem
Node
Node
Node
Node
Figure 11 shows a Node.
A Concentrator is a device that concentrates several network connections at a single point. It is a electronic unit that converts signals coming from different slower devices to a signal that can be transmitted over faster communication-channels with a bigger bandwidth. Concentrator
Figure 12 shows the symbols used for a Concentrator.
A Hub is a multipurpose network device that lies at the centre of a star-topology network. Most hubs do the same job as concentrators. Hubs support a variety of different interface cards, from concentrator cards to router cards. Hubs are also expandable within a single chassis. Despite these differences, the term hub and concentrator are often used interchangeably. There are active and passive hubs. Hub
Figure 13 shows the symbol used for a Hub.
A Repeater is a network device that boosts the power of incoming signals to allow the length of a network to be extended.
Figure 14 shows the symbol used for a Repeater.
A Bridge is a network device capable of connecting networks that use similar protocols. It connects two local area networks running the same network operating system. Bridge Router
Figure 15 shows the symbol used for a Bridge.
Network Components
6
4/4/2002
Alex Peeters
A Router is a network device that connects LAN’s, that may be running on different operating systems, into an internetwork and routes traffic between them. The router can have software that converts on NOS' s packets to the other' s. A router is more complicated than a bridge in that it can make decisions about where and how to send packets of information. Router Router
Figure 16 shows the symbol used for a Router.
A Gateway forwards data between IP networks. It is a machine that acts as an interface between a small network and a much larger one, such as a local area network connecting to the internet. Gateways are also used in large corporations to connect small office-based LAN’s into the larger corporate mainframe networks. Usually, the gateway connects to a high-speed network cable or medium called the backbone. Gateway Router
Figure 17 shows the symbol used for a Gateway.
A Backbone is a set of nodes and links connected together comprising a network, or the upper layer protocols used in a network. A star network has no backbone. Backbone Ethernet Backbone Cable
Vampire-Tap Tranceiver
Figure 18 shows the symbol used for a Backbone.
Network Components
7
4/4/2002
Alex Peeters
Networks: A Network Topology describes the way network cabling is laid out. This doesn' t mean the physical layout (how it loops through walls and floors), but how the logical layout looks when viewed in a simplified diagram. A Bus Networks is one of the most widely used network topologies. A bus network uses a cable to which all the network devices are attached, either directly or through a junction box. The method of attachment depends on the type of bus network, the network protocol, and the speed of the network. The main cable that is used to connect all the devices is called the backbone. Bus Terminator Bus Backbone Connector
Workstation
Workstation
File Server
•
Workstation
Workstation
Figure 19 shows a schematic of a bus network. In figure 19, the backbone has a number of junction boxes (transceivers) attached. This allows for a high-speed backbone that is usually also immune to problems with any network card within a device. The junction box allows traffic through the backbone whether or not a device is attached to the junction box. Each end of the backbone, called the bus, is terminated with a block of resistors or a similar electrical device. A popular variation of the bus network topology is found in many small LAN’s. This consists of a length of cable that snakes from machine to machine. There are no transceivers along the network. Instead, each device is connected into the bus directly using a T-shaped connector (Bus Network Connector) on the network interface card. The connector connects the machine to the two neighbours through two cables, one to each neighbour. At the ends of the network, a simple resistor is added to one side of the T-connector to terminate the network electrically. T-Connector NIC
NIC
Terminator NIC
NIC
NIC
Coaxial Cable
Figure 20 shows a schematic of a machine-to-machine bus network. In figure 20, each network device has a T-connector attached to the network interface card, leading to the two neighbours. The two ends of the bus are terminated with resistors. Some devices on this type of network use a telephone jack connector, called RJ-45, instead of a Tconnector and BNC jacks. In this case, a special adapter must be coupled into the network backbone to accept the telephone jacks. This connector acts much like a transceiver in the true bus network. This machine-to-machine network, also called a peer-to-peer network, is not capable of sustaining the high speeds possible with a backbone-based bus network. A machine-to-machine network is usually built using coaxial cable. Until recently, these networks were limited to a throughput of about 10 Mbps. Recent improvements allow 100 Mbps on this type of network.
Networks
8
4/4/2002
Alex Peeters
The problem with this type of machine-to-machine network is that if one machine is taken off the network cable or the network interface card malfunctions, the backbone is broken and must be tied together again with a jumper of some sort. •
A Ring Network is a closed network structure in the form of a circle, to which all nodes are connected. Despite misconceptions, there is no physical loop made of the network cable, at least not in the case of the most common form of ring network called Token Ring. The ring name comes from the design of the central network device, which has a loop inside it to which are attached cables for all the devices on the network. With a Token Ring network, a central control unit called a Media Access Unit (MAU) has a cable ring inside it to which all devices are attached.
MAU
Figure 21 shows a schematic of a Token Ring network. In figure 21, with the MAU at the centre of the network containing the bus ring. Attached to the ring through junction boxes are all the network devices. There are some true ring networks that have a physically closed loop of the network cable. The ring network has some advantages from a design point of view in that network problems with traffic collisions are handled more easily than on a bus network. A problem is that as with the bus-based machine-to-machine network, any problem with one machine' s connection to the network cable can crash the entire network.
n ke To
am Fr
e
Figure 22 shows the token access method in a Token Ring network. In figure 22, a Token Frame is transported in only one direction, until it reaches it’s destination. Thereafter it’s back transported by the Token Ring network until the sending node recognise it and remove it from the ring. • A Star Network is arranged in a central structure with branches radiating from it. The central point of the star-structure is called a concentrator, into which plug all the cables from individuals machines. On machine on the network usually acts as the central controller or network server. A star network has one major advantage over the machine-to-machine bus and ring networks: When a machine is disconnected from the concentrator, the rest of the network continues functioning unaffected.
Networks
9
4/4/2002
Alex Peeters
Concentrator
Figure 23 shows a schematic of a star network. In figure 23, each cable from the concentrator to the device comes out of one of a row of slots or connectors, each identified by a number. Network traffic on a star network proceeds from your machine to the concentrator, then out to the target machine. A star network needs a lot of cable because each machine has to have a cable straight to the concentrator. • A Hub Network is similar to the bus network in that it uses a backbone cable that has a set of connectors on it. The cable is called a backplane in a hub network. Each connector leads to the hub device, which leads off to network devices. This allows a very high-speed backplane to be used, which can be as long and complex as needed. Hub networks are commonly found in large organisations that must support many network devices and need high speed. The hubs that lead off the backplane can support many devices, depending on the type of connector. They can support hundreds of PC each, so a hub network can be used for very large networks. The cost of a hub network is usually very high because of the high-speed backbone and the fast hub devices. Hub or Port
Hub or Port
Hub or Port
Hub or Port
Hub or Port
High-Speed Backplane
Figure 24 shows a schematic of a hub network.
A Local Area Networks (LAN) is a number of devices (computers, printers, and other special peripherals) that are connected to eachother by some form of wiring, all of which are treated as a single entity for TCP/IP configuration. This usually means they share a subnet IP address in common. A LAN enables independent devices to communicate directly with each other through peer-to-peer communications. A LAN does not exceed a span of about 10 kilometre’s and is usually limited to a single building or group of close buildings. LAN’s use a moderate data rate, which means they are slower than mainframe-to-mainframe links. A LAN is a physical and logical accumulation of machines, called nodes, and cables or other communications method' s between the machines, called links. Usually the links are simple coaxial or twisted-pair cables. In larger LAN’s, there may have to be amplifiers or repeaters positioned along the cables to ensure the signal is not lost due to lack of strength.
Networks
10
4/4/2002
Alex Peeters
There are three characteristics of LAN’s that must always be considered: • The transmission medium (the type of cabling used as the link). • The transmission technique (the technique used to handle transmission on the medium). • The access control method (which decides how a machine accesses the medium). The medium is straightforward: • It' s a choice between one type of cable or another, dependent primarily on the speed of the network and the adapter cards, as well as the type of network topology. The transmission technique is usually one of two: • Circuit-Switched networks, this networks uses dedicated connections between any two machines (or more properly, between any two nodes). As long as the circuit exists, the sending machine can always talk directly to the destination machine. The connection between the two machines is left in place until no longer needed. This doesn' t mean that a cable has to be strung between the two devices, the connection may be made inside a switching box of some sort, which can connect and disconnect between any two machines running into it quickly and flexibly. The connection between two machines is exclusively used by those two machines only, and no other transmission is allowed on the connection. E D C B A
Original Message
E
D
C
B
A
Message Fragments
Circuit Switching Network
E
D
C
B
A
Message Fragments
Reassembled Message
E D C B A
Figure 25 shows fragmentation and reassemble of a message on a circuit switching network. • Packet-Switched networks, this networks divides all messages on the local area network into small chunks called packets and attaches information to the front of the packet that identifies the recipient. The packets from all the machines on the local area network are placed on a high-bandwidth cable running through all the machines on the network. As a packet moves around the network, each machine analyses the header to see if the packet is for it. If not, it is sent further on. E D C B A
Original Message
E
D
C
B
A
Message Fragments
Packet Switching Network
E
D
C
B
A
Message Fragments
Reassembled Message
E D C B A
Figure 26 shows fragmentation and reassemble of a message on a packet switching network. While packet switching is a more flexible approach than circuit switching, it does have a few problems. The primary problem is network traffic. As the number of nodes on the network increases, the network traffic increases too, sometimes reaching the network limit' s. Another problem with packet switching is that there is no guarantee of packets getting from source to destination, which is one of the strong points of circuit switching.
Networks
11
4/4/2002
Alex Peeters
Some examples of common used networks: • A Backbone Network: Local Area Network
Local Area Network
Router Router
Router Router Backbone Network Ethernet Backbone Cable Vampire-Tap Tranceiver
Router Router
Local Area Network
Router Router
Local Area Network
Figure 27 shows a schematic of a Backbone Network. • A Thinnet Network:
Internal tranceiver Thinnet cable Terminator External tranceiver AUI cable
Figure 28 shows a schematic of a Thinnet Network. • A 10BASET Network: 10BASET Concentrator
Figure 29 shows a schematic of a 10BASET Network.
A Wide Area Networks (WAN) is a number of local area networks that are connected to form a large, logical entity. The LAN’s are connected through a gateway or bridge, cabled to each other with a highspeed network cable. WAN’s can be close together physically or separated by a large distance. For example, the design of the WAN is such that machines-to-machines connections are simpler than going out over the internet, and usually much faster. WAN’s can share a subnet IP address, or they can have different subnets. The design of the WAN is more a choice of logical configuration and can be tailored to meet traffic, security, and speed considerations. WAN’s are used by most corporations that maintain multiple offices.
Networks
12
4/4/2002
Alex Peeters
The seven-layer Open Systems Interconnection (OSI) Reference Model: A heterogeneous network (predict the users in freedom of choice) exist out products from different suppliers of computers, hardware, software, periphery and/or network-products. An architectural model developed by the International Standards Organisation (ISO) is frequently used to describe the structure and function of data communication protocols. This architectural model, called the Open Systems Interconnect (OSI) Reference Model, contains seven layers that define the functions of data communications protocols. Each layer represents a function performed when data is transferred between co-operating applications across an intervening network. A layer does not define a single protocol, it defines a data communications function that may be performed by any number of protocols. Therefore, each layer may contain multiple protocols, each providing a service suitable to the function of that layer. Every protocol communicates with its peer. A peer is an implementation of the same protocol in the equivalent layer on a remote system. Each protocol is only concerned with communicating to its peer, it does not care about the layer above or below it. However, there must also be agreement on how to pass data between the layers on a single computer, because every layer is involved in sending data from a local application to an equivalent remote application. The individual layers do not need to know how the layers above and below them function, they only need to know how to pass data to them. Isolating network communications functions in different layers minimises the impact of technological change on the entire protocol suite. New applications can be added without changing the physical network, and new network hardware can be installed without rewriting the application software. Although the OSI model is useful, the TCP/IP protocols don' t match its structure exactly. • Communication Protocols: The approach used to designing a communication system is known as a layered architecture. Each layer has specific responsibilities and specific rules for carrying out those responsibilities, and knows nothing about the procedures the other layers follow. The layer carries out its task and delivers the message to the next layer in the process, and that is enough. Characteristics of Layered Architectures: • They break the communication process into manageable chunks. Designing a small part of a process is much easier than designing the entire process, and simplifies engineering. • A change at one layer does not affect the other layers. New delivery technology' s can be introduced without affecting other layers. • When a layer receives a message from an upper layer, the lower layer frequently encloses the message in a distinct package. • The protocols at the various layers have the appearance of a stack, and a complete model of a data communication architecture is often called a protocol stack. • Layers can be mixed and matched to achieve different requirements. • Layers follow specific procedures for communicating with adjacent layers. The interfaces between layers must be clearly defined. • An address mechanism is the common element that allows packets to be routed through the various layers until it reaches its destination. Sometimes, layers add their own address information. • Essentially, each layer at the sender' s end communicates with the corresponding layer at the receiver' s end. • Errors can occur at any of the layers. For critical messages, error-detecting mechanisms should be in place to either correct errors or notify the sender when they occur.
The seven-layer OSI Reference Model
13
4/4/2002
Alex Peeters
Presentation Layer standardises data presentation to the applications
5
Session Layer manages sessions between applications
4
Transport Layer provides end-to-end error detection and correction
3
Network Layer manages connections across the network for the upper layers
2
Data Link Layer provides reliable data delivery across the physical link
1
Physical Layer defines the physical characteristics of the network interface
Network Protocol Stack
6
Lower Layers
Application Layer consists of application programs that use the network
Network Interface
7
Higher Layers
Network protocols are typically described with a layered model, in which the protocols are stacked on top of each other. Data coming into a machine is passed from the lowest-level protocol up to the highest, and data sent to other hosts moves down the protocol stack. The layered model is a useful description because it allows network services to be defined with their functions, rather than their specific implementation. New protocols can be substituted at lower levels without affecting the higher-level protocols, as long as these new protocols behave in the same manner as those that were replaced. Each layer has certain functions. Communication in a heterogeneous network can take place if the functions in each layer successfully are executed conform with the standards.
Figure 30 shows the seven-layer Open Systems Interconnection Reference Model. In figure 30, each layer provides a specific type of network service. It illustrates why groups of related protocols are frequently called protocol stacks. • The connection between the different applications the are running on these processors are carried by the higher layers (5-7). • The connection between the different processors are carried by the lower layers (1-4). • The physical and the data link layers, the lower layers 1 & 2, of the network protocol stack together define a machine' s network interface. From a software perspective, the network interface defines how the Ethernet device driver gets packets from or to the network. Ethernet is the best known implementation of the physical- and data link layers. The Ethernet specification describes how bits are encoded on the cable and also how stations on the network detect the beginning and end of a transmission. Ethernet can be run over a variety of media, including thinnet, thicknet, and unshielded twisted-pair cables. All Ethernet media are functionally equivalent, they differ only with their convenience, cost of installation, and maintenance. Converters from one media to another operate at the physical layer, making a clean electrical connection between two different kinds of cable. Description of each of these layers: • Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carry the data transmission signal. Things such as voltage levels, and the number and locations of interface pins, are defined in this layer (RS232C, V.35, IEEE 802.3, ...). TCP/IP does not define physical standards, it makes use of existing standards. Describes the way data is actually transmitted on the network medium. The Physical Layer communicates directly with the communication medium, and has two responsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit of information in data communication. A bit can have only two values, 0 or 1, represented by different states on the communication medium. Other communication layers are responsible for collecting these bits into groups that represent message data.
The seven-layer OSI Reference Model
14
4/4/2002
Alex Peeters
Bits are represented by changes in signals on the network medium. Some wire media represent 0’s and 1’s with different voltages, some use distinct audio tones, and yet others use more sophisticated methods, such as state transitions. A wide variety of media are used for data communication, including electric cable, fibre optics, light waves, radio, and microwaves. The medium used can vary, a different medium simply necessitates a different set of physical layer protocols. Thus, the upper layers are completely independent from the particular process used to deliver bits through the network medium. The physical layer describes the bit patters to be used, but does not define the medium, it describes how data are encoded into media signals and the characteristics of the media attachment interface. • Layer 2, the Data Link Layer is responsible for delivering the data without errors to the next layer. It formats the packets for transmitting after delivery. Defines the network-frames. This layer synchronises the transmission and is responsible for error-control on frame-level (a frame is a block of data within network-specific addressing information), also error-correction so that information can be transmitted from the physical layer. It formats the message into a data frame, and the CRC-verification (this checks on errors into the frame) is in this layer established. This layer carries the access-method' s for Ethernet and Token Ring. This layer also provide the address information for the physical layer on top of the transmitted frame. Data Frame Format: As data is exchanged between computers, communication processes need to make decisions about the various aspects of the exchange process: • As the receiving computer listens to the wire to recover messages send to it, it requires a mechanism by which it can tell whether to treat signals it detects as datacarrying signals or to discard them as mere noise. • If it is determined by the detection mechanism that what is on the wire is indeed data-carrying signals, the second decision the receiving end must be able to make is whether the data was intended for itself, some other computer on the network, or a broadcast. • If the receiving end engages in the process of recovering data from the wire, it needs to be able to tell where the data train intended for the receiver ends. After this determination is made, the receiver should discard subsequent signals unless it can determine that they belong to a new, impeding transmission. • When data reception is complete, another concern arises, and that is of establishing that the recovered data withstood corruption from noise and electromagnetic interference. In the event of detecting corruption, the receiver must have the capability of dealing with the corruption. As can be concluded from the points made earlier, in addition to user data, computers must be able to exchange additional information about the progress of the physical communication process. To accommodate these decision-making requirements, network designers decided to deliver data on the wire is well defined packages called data frames. It is important to realise that the primary concern of the receive process is the reliable recovery of the information embedded in the information field, with no attention paid to the nature of the actual contents of that field. Instead, processing the data in the information field is delegated to another process as the receive process reverse to listening mode to take care of future transmissions.
The seven-layer OSI Reference Model
15
4/4/2002
Alex Peeters
The reliable delivery of data across the underlying physical network is handled by the Data Link Layer. TCP/IP rarely creates protocols in this layer. Most RFC' s that relate to this layer talk about how IP can make use of existing data link protocols. Defines how these streams of bits are put together into manageable chunks of data. Devices that can communicate on a network frequently are called nodes, station or device. The data link layer is responsible for providing node-to-node communication on a single, local network. To provide this service, the data link layer must perform two functions. It must provide an address mechanism that enable messages to be delivered to the correct nodes. Also, it must translate messages from upper layers into bits that the physical layer can transmit. When the data link layer receives a message to transmit, it formats the message into a data frame (packets). The sections of a frame are called fields. Start Indicator
Source Address
Destination Address
Control
Data
Error Control
Figure 31 shows an example of a data frame. The fields in figure 31 are as follows: • Start Indicator
: A specific bit pattern indicates the start of a data frame.
• Source Address
: The address of the sending node so that replies to messages can be addressed properly.
• Destination Address : The address of the receiving node to identifies messages that it should receive. • Control
: Additional control information.
• Data
: All data that were forwarded to the data link layer from upper protocol layers.
• Error Control
: Contains information that enables the receiving node to determinate whether an error occurred during transmission.
Frame delivery on a local network is extremely simple. A sending node simply transmits the frame. Each node on the network sees every frame, and examines the destination address. When the destination address of a frame matches the node' s address, the data link layer at the node receives the frame and sends it up the protocol stack. Data units at the data link layer are most commonly called frames, although the term packet is used with some protocols. MAC Address = 3
MAC Address = 5
DA = 7 DA = Destination Address
MAC Address = 7
DA = 7 DA is not Hardware Address, Frame is discarded.
DA matches Hardware Address, Frame is received.
Figure 32 shows how simple delivering of a frame on a local network can be. In figure 32, the source node simply builds a frame that includes the recipient’s destination address. The sender’s responsibility ends when the addressed frame is placed on the network. On LAN’s, each node examines each frame that is sent on the network, looking for frames with a destination address that matches its own MAC address. Frames that matches are received. Frames the don’t match are discarded by Ethernet networks or forwarded to the next node by Token Ring networks.
The seven-layer OSI Reference Model
16
4/4/2002
Alex Peeters
Frames and Network Interfaces: The data link layer defines the format of data on the network. A series of bits with a definite beginning and, constitutes a network frame, commonly called a packet. A proper data link layer packet has checksum and network-specific addressing information in it so that each host on the network can recognise it as a valid or invalid frame and determine if the packet is addressed to it. The largest packet that can be sent through the data link layer defines the Maximum Transmission Unit (MTU), of the network. All hosts have at least one network interface, although any host connected to an Ethernet has at least two: The Ethernet interface and the loopback interface. The Ethernet interface handles the physical and logical connection to the outside world, while the loopback interface allows a host to send packets to itself. If a packet' s destination is the local hosts, the data link layer chooses to send it via the loopback, rather than Ethernet, interface. The loopback device simply turns the packet around and enqueues it at the bottom of the protocol stack as if it were just received from the Ethernet. Ethernet Addresses: Associated with the data link layer is it a method for addressing hosts on the network. Every machine on the Ethernet has a unique, 48-bit address called its Ethernet address or Media Access Control (MAC) address. Vendors making network ready equipment ensure that every machine in the world has unique MAC address. 24-bit prefixes for MAC addresses are assigned to hardware vendors, and each vendor is responsible for the uniqueness of the lower 24-bits. MAC addresses are usually represented as colon-separated pairs of hex digits. Note that MAC addresses identify a host, and a host with multiple network interfaces may (or should) use the same MAC address on each. Part of the data link layer' s protocol-specific header are the packet' s source and destination MAC address. Each protocol layer supports the notation of a broadcast, which is a packet or set of packets that must be sent to all hosts on the network. The broadcast MAC address is: ff:ff:ff:ff:ff:ff. All network interfaces recognise this wildcard MAC address as a broadcast address, and pass the packet up to a higherlevel protocol handler. • Layer 3, the Network Layer transmit the data and decide which route the data must follow through the internetwork. The network layer receives data-packets from the upper layer from the transmitter, and transmit these by so many connections and subsystems as needed to reach it destination. Defines the network packets. Controls the routing and the switching from the data through the network. This layer controls the transmitting from packets between stations. On basics from certain information will this layer transmit the data sequential from one station to one other by the most economic route, and both logical as physical. This layer permits that data units can be transmit to other networks if the are using special equipment, called routers. Routers are defined in this layer. The Network Layer manages connections across the network and isolates the upper layer protocols from the details of the underlying network. The Internet Protocol (IP), which isolates the upper layers from the underlying network and handles the addressing and delivery of data, is usually described as TCP/IP' s Network layer. The most known protocol in this layer is IP. The network-layer is the limit from the communication subnet: Above this layer increases the level off abstraction dramatically. For layer 3 and lower is there mostly an upper-limit for the size of these packets. In broadcast-networks is the routing very simply, so that the network-layer is thin or event existing. This is the reason why the transport layer-protocol TCP so many times is combined with IP, called TCP/IP. Only the smallest networks consist of a single, local network. The majority of networks must be subdivided. A network that consists of several network segments is frequently called an internetwork, or an internet, not to be confused with the Internet. These subdivisions may be planned to reduce traffic on network segments or to isolate remote networks connected by slower communication media. When networks are subdivided, it can no longer be assumed that messages will be delivered on the local network. A mechanism must be put in place to route messages from one network to another.
The seven-layer OSI Reference Model
17
Alex Peeters
Name Server
4/4/2002
Internet
Router Router Network
Workstation
Workstation
Workstation
Workstation
Workstation
Name Server
Figure 33 shows the schematic of a single, local network.
Internet
Router Router Network
Workstation
Bridge
Workstation
Network
Workstation
Workstation
Name Server
Figure 34 shows the schematic of a bridged network.
Network
Workstation
Workstation
Internet
Router Router
Network
Workstation
Workstation
Figure 35 shows the schematic of a subnetted network. To deliver messages on an internetwork, each network must be uniquely identified by a network address. When it receives a message from the upper layers, the network layer adds a header to the message that includes the source and destination network address. This combination of data plus the network layer is called a packet. The network address information is used to deliver a message to the correct network. After the message arrives on the correct network, the data link layer can use the node address to deliver the message to a specific node. Forwarding packets to the correct network is called routing, and the devices that route packets are called routers.
The seven-layer OSI Reference Model
18
4/4/2002
Alex Peeters
An internetwork has two types of nodes: • End nodes: Provides user services. End nodes do use a network layer to add network address information to packets, but they do not perform routing. End nodes are sometimes called end systems or hosts. • Routers: Incorporate special mechanisms that perform routing. Because routing is a complex task, routers usually are dedicated devices that do not provide services to end users. Routers are sometimes called intermediate systems or gateways. The network layer operates independently of the physical medium, which is a concern of the physical layer. Since routers are network layers devices, they can be used to forward packets between physically different networks. For example, a router can join an Ethernet to a Token Ring network. Routers also are often used to connect a local area network, such as Ethernet, to a wide area network, such as the Internet.
Router Router
Ethernet
Workstation
Workstation
Workstation
Token Ring
Workstation
Workstation
Workstation
Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network.
• Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was sent. In TCP/IP this function is performed by the Transmission Control Protocol (TCP), However, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP) that does not perform the end-to-end reliability checks. All network technologies set a maximum size for frames that can be sent on the network. Ethernet limits the size of the data field to 1500 bytes. This limit is necessary for two reasons: • Small frames improve network efficiency when many devices must share the network. If devices could transmit frames of unlimited size, the might monopolise the network for an excessive period of time. With small frames, devices take turns at shorter intervals, and devices are more likely to have ready access to the network. • With small frames, less data must be retranslated to correct an error. One responsibility of the transport layer is to divide messages into fragments that fit within the size limitations established by the network. At the receiving end, the transport layer reassembles the fragments to recover the original message. When messages are divided into multiple fragments, the possibility that segments might not be received in the order sent increases. When the packets are received, the transport layer must reassemble the message fragments in the correct order. To enable packets to be reassembled in their original order, the transport layer includes a message sequence number in its header. The transport layer is responsible for delivering messages from a specific process on one computer to the corresponding process on the destination computer. The transport layer assigns a Service Access Point (SAP) ID to each packet. The SAP ID is an address that identifies the process that originated the message. The SAP ID enables the transport layer of the receiving node to route the message to the appropriate process.
The seven-layer OSI Reference Model
19
4/4/2002
Alex Peeters
Identifying messages from several processes so that the message can be transmitted through the same network medium is called multiplexing. The procedure of recovering messages and directing them to the correct process is called demultiplexing. Multiplexing is a common occurrence on networks, which are designed to enable many dialogues to share the same network medium. Because multiple protocols may be supported for any given layer, multiplexing and demultiplexing can occur at many layers. Although the data link and network layers can be assigned responsibility for detecting errors in transmitting data, that responsibility generally is dedicated to the transport layer. Two general categories of error detection can be performed by the transport layer: • Reliable delivery: Does not mean that errors cannot occur, only that errors are detected if the do occur. Recovery from a detected error can take the form of simply notifying upper layer processes that the error occurred. Often, however, the transport layer can request the retransmission of a packet for which an error was detected. • Unreliable delivery: Does not mean that errors are likely to occur, but rather, indicates that the transport layer does not check for errors. Because error checking takes time and reduces network performance, unreliable delivery often is preferred when a network is known to be highly reliable, which is the case with majority of local area networks. Unreliable delivery generally is used when each packet contains a completes message, whereas reliable delivery is preferred when messages consist of large number of packets. Unreliable delivery is often called datagram delivery, and independent packets transmitted in this way frequently are called datagrams. Assuming that reliable delivery is always preferable is a common mistake. Unreliable delivery actually is preferable in at least two cases: When the network is fairly reliable and performance must be optimised, and when entire messages are contained in individual packets and loss of a packet is not a critical problem. • Layer 5, the Session Layer manages the sessions (connection) between co-operating applications. In TCP/IP, this function largely occurs in the transport layer, and the term session is not used. For TCP/IP, the term socket and port are used to describe the path over which cooperating applications communicate. This layer is not identifiable as a separate layer in the TCP/IP protocol hierarchy. The Session Layer is responsible for dialogue control between nodes. A dialogue is a formal conversation in which two nodes agree to exchange data. Communication can take place in three dialogue modes: • Simplex: One node transmit exclusively, while another exclusively receives. • Half-duplex: Only one node may send at a given time, and nodes take turns transmitting. • Full-duplex: Nodes may transmit and receive simultaneously. Sessions enable nodes to communicate in an organised manner. Each session has three phases: • Connection establishment: The nodes establish contact. They negotiate the rules of communication, including the protocol to be used and communication parameters. • Data transfer: The nodes engage in a dialogue to exchange data. • Connection release: When the nodes no longer need to communicate, they engage in an orderly release of the session.
The seven-layer OSI Reference Model
20
4/4/2002
Alex Peeters
Connection establishment and Connection release represent extra overhead for the communication process. When devices are managed on a network, they send out periodic status reports that generally consist of single frame messages. If all such messages were sent as part of a formal session, the connection establishment and release phases would transfer far more data than the message itself. In such situation, communicating using a connection-less approach is common. The sending node simply transmits its data and assumes availability of the desired receiver. A connection-oriented session approach is desirable for complex communication. Consider transmitting a large amount of data to another node. Without formal controls, a single error anytime during the transfer would require resending of the entire file. After establishing a session, the sending and receiving nodes can agree on a checkpoint procedure. If an error occurs, the sending node must retransmit only the data sent since the previous checkpoint, The process of managing a complex activity is called activity management. • Layer 6, the Presentation Layer is for co-operating applications to exchange data, they must agree about how data is represented. This layer is handled within the applications in TCP/IP. The Presentation Layer is responsible for presenting data to the application layer. In some cases, the presentation layer directly translates data from one format to another, whereas virtually all other computers use the ASCII encoding scheme. For example, if data is being transmitted from an EBCDIC computer to an ASCII computer, the presentation layer might be responsible for translating between the different character sets. Numeric data is also represented quite differently on different computer architecture and must be converted when transferred between different machines times. A common technique used to improve data transfer is to convert all data to a standard format before transmitting data. This standard format probably is not the native data format of any computer. All computers can be configured to retrieve standard format data, however, and convert it into their native data forms. Other functions that may correspond to the presentation layer are data encryption/decryption and compression/decompression. • Layer 7, the Application layer is the level of the protocol hierarchy where user-accessed network processes reside. An TCP/IP application is any network process that occurs above the transport layer. This include all the processes that the users directly interact with, as well as other processes at this level that users are not necessarily aware of. The Application Layer provides the services user applications needed to communicate through the network. Here are several examples of user application layer services: • Electronic mail transport. • Remote file access. • Remote job execution. • Directories. • Network management.
The seven-layer OSI Reference Model
21
4/4/2002
Alex Peeters
Characteristics of Layered Protocols: Application Layer
Application Data
Presentation Layer
H
Session Layer
H
Transport Layer
H
Network Layer Data Link Layer
H
Application PDU Presentation PDU Session PDU
Transport PDU
H
Network PDU
Physical Layer
Error
Data Link PDU
Figure 37 shows Headers and the OSI protocol layers. When a device transmits data to the network, each protocol layer processes the data in turn. Consider the network layer for the sending device. Data to be transmitted is received from the transport layer. The network layer is responsible for routing and must add its routing information to the data. The network layer information is added in the form of a header, which is appended to the beginning of the data. The term Protocol Data Unit (PDU) is used to describe the combination of the control information for a layer with the data from the next higher layer. Each layer appends a header to the PDU that the next higher layer receives. The data field for each layer consists of the PDU for the next higher layer. The physical layer does not encapsulate in this manner because the physical layer manages data in bit form.
1 2 3 4 5 6
Source Port
Offset
Reserved Checksum
Destination Port Sequence Number Acknowledgement Number Control Bits
Window Urgent Pointer
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Options & Padding Data begins here ...
Figure 38 shows the Protocol Data Unit layout. The fields in figure 38 are as follows: • Source port (16 bits): Identifies the local TCP user. • Destination port (16 bits): Identifies the remote user. • Sequence number (32 bits): A number indicating the position of the current’s position in the overall message. • Acknowledgement number (32 bits): A number indicating the next sequence number to be excepted. • Data offset (4 bits): The number in the TCP header used to enable calculation of the start of the data. • Reserved (6 bits): All bits are set to 0. • Control bits (6 bits): The six control bits are as follow: • URG: A value of 1 indicates urgent. A value of 0 implies not urgent. • ACK : A value of 1 indicates an acknowledgement. A value of o indicates this is not an acknowledgement. • PSH : A value of 1 indicates a push operation. A value of o indicates this is not a push function. • RST : A value of 1 indicates that the connection is to be reset. A value of 0 indicates no reset.
The seven-layer OSI Reference Model
22
4/4/2002
Alex Peeters • SYN : A value of 1 indicates that the sequence numbers are to be synchronised. A value of 0 means no synchronisation. • FIN : A value of 1 indicates that the sender has no more data to send, equivalent to an end-of-transmission marker. A value of 0 indicates more data is to follow.
• Window (16 bits): A number indicating how many blocks of data the receiving machine can accept. • Checksum (16 bits): A value for the data and header together, which enables a receiving machine to verify the contents have not been corrupted. • Urgent Pointer (16 bits): Used if the URG flag was set. It indicates the portion of the data message that is urgent by specifying the offset from the sequence number in the header. • Options (variable): Similar to the IP header options fields, it is used for specifying TCP options. • Padding (variable): Filled with bits to ensure that the size of the header is 32-bit multiple. As received data passes up the protocol stack, each layer strips its corresponding header from the data unit. The process of removing headers from data is called decapsulation. This mechanism enables each layer in the transmitting device to communicate with the corresponding layer in the receiver. Each layer in the transmitting device communicates with its peer layer in the receiving device, in a process called peer-to-peer communication.
The seven-layer OSI Reference Model
23
4/4/2002
Alex Peeters
IEEE LAN’s: Terminology: Access method’s (polling, token passing of contention): This method decides the presentation and possibilities from the network • Polling: Making periodic requests is called polling. Polling also reduces the burden on the network because the polls originate from a single system are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a managed device, the manager does not find out until the agent polled. Mostly used in a star network topology. • Token passing: Token passing that every device on the network receives a periodic opportunity to transmit. The token consists of a special frame that circulates from device to device around the ring. Only the device that possesses the token is permitted to transmit. After transmitting, the device restarts the token, enabling other devices the opportunity to transmit. • Contention (CSMA/CA of CSMA/CD): A condition occuring in some LAN’s wherin the Media Access Control sublayer allows more than one node to transmit at the same time, risking collisions. Mostly used in a bus network topology. Architecture of the IEEE 802 Standards: Network type IEEE 802.2: Defines the LLC sublayer protocol. Network type IEEE 802.3: Network with a bus-topology and the access method CSMA/ CD, 10 Mbps. Defines the MAC and physical layer for CSMA/CD. Network type IEEE 802.4: Network with a bus-topology and the access method token passing, 2.5 Mbps. Network type IEEE 802.5: Network with a ring-topology and the access method token passing, 4 Mbps. Defines the MAC and physical layer for a Token Ring network. • Logical Link Control (LLC): This sublayer provides a network interface to Upper-Layer Protocols (ULP) and is concerned with transmitting data between two stations on the same network segment. An interface between the LLC sublayer and upper-layer protocols is a Link Service Access Point (LSAP). It is a logical address that identifies the upper-layer protocol from which the data originated or to which the data should be delivered. LLC Delivery Service: Was designed to provide a variety of delivery services, which determine the level of communication integrity established between devices.
IEEE LAN’s
24
4/4/2002
Alex Peeters
LCC support the following three types of delivery service: • Type 1 service, Unacknowledged Datagram Service (UDS), supports point-to-point, multipoint, and broadcast transmission. Does not perform error detection and recovery or flow control. • Type 2 service, Virtual Circuit Service (VCS), provides frame sequencing, flow control, and error detection and recovery. • Type 3 service, Acknowledged Datagram Service (ADS), implements point-to-point datagram service with message acknowledgements, and functions somewhere between type 1 and type 2 service. Devices have a limited number of receive buffers, used to store frames that have been received but not processed. If the sending device continues to transmit while the destination receive buffers are full, frames not received are lost. Flow control ensures that frames are not sent at a rate faster than the receiving device can accept them. Sending Computer
...
Communication buffers
Transmitted Data ...
Full Communication buffers
...
Received Data Discarded Data
Figure 39 shows the receiving computer risks losing data whenever its communication buffers become full. A variety of mechanisms can be used to provide flow control: The simple stop-and-wait method requires the receiver to acknowledge received frames, signalling a readiness to accept more data. This mechanism is suitable to a connectionless, datagram service. If the sender must wait for an acknowledgement of each frame, multiframe transmissions are handled inefficiently. The more sophisticated sliding-window technique enables the sender to transmit multiple frames without waiting for an acknowledgement. The receiver can acknowledge several datagrams at one time. A window determines the number of frames that can be outstanding at a given time, ensuring that the receiver' s buffer do not overflow. The complexity of sliding-windows flow control requires a connection-oriented LLC service. Error detection is performed at the MAC layer, but error recovery, when performed at the data link layer, is a function of LLC. Data Flow Control: Data-communication processes allocate memory, commonly known as communication buffers, for the sake of transmission and reception of data. Communication buffers serve as holding areas where inbound data traffic is temporarily kept for subsequent handling by the CPU. Depending on the rate at which incoming data is handled by other components of the communication process, the communications buffers often become full. A computer whose communications buffers become full while still in the process of receiving data runs the risks of discarding extra transmissions and losing data unless a data flow control mechanism is employed. A proper data flow control technique calls on the receiving process to send a stop sending signal to the sending computer whenever it cannot cope with the rate at which data is being transmitted. The receiving process later sends a resume sending signal when data communications buffers become available.
IEEE LAN’s
25
4/4/2002
Alex Peeters
LLC Data Format: The LLC layer constructs a PDU by appending LLC-specific fields to the data received from upper layers. 1
1
1
0 -1497 octets
DSAP
SSAP
Control
Data
LLC Header
Data
Figure 40 shows the format of the LLC protocol data unit. The fields in figure 40 are as follows: • The Destination Service Access Point (DSAP) address that identifies the required protocol stack on the destination computer. • The Source Service Access Point (SSAP) address associated with the protocol stack that originated the data on the source computer. • The Control Information that varies with the function of the PDU. • The Data received from upper-layer protocols in the form of the network layer PDU. • Medium Access Control (MAC): This sublayer provides the method by which devices access the shared network transmission medium. 802 LAN Physical Address: Physical device addresses are defined at the MAC protocol sublevel. Physical addresses, therefore, frequently are referred to as MAC addresses. Bits 4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 Organisation Unique Identification (22 bits) U/L bit: ' 0'= universally administered address & ' 1'= locally administered address I/G bit: ' 0'= individual address & ' 1'= group address
Organisation Administered Address (24 bits)
Figure 41 shows the format of an IEEE 802 MAC address. The bit’s 46 and 47 in figure 41 are as follows: • Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address of one device on the network. If the bit is 1, it specifies a multicast address that identifies a group of devices. • Bit 46 is the U/L bit and indicates whether the address is universally or locally administrated. If the bit is 0, universally administrated address. If the bit is 1, locally administrated address. Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
IEEE 802.2 LLC IEEE 802.3 CSMA/CD
IEEE 802.5 Token Ring
Figure 42 shows IEEE 802 standards related to the OSI reference model.
IEEE LAN’s
26
4/4/2002
Alex Peeters
IEEE 802.3 Networks: Utilise the same CSMA/CD access control mechanism that was developed for Ethernet II. The same media-signalling techniques are employed and 802.3 and Ethernet II network hardware are interchangeable. 802.3 and Ethernet II frames may be multiplexed on the same media. The primary difference between the 802.3 and Ethernet II standards has to do with frame formats. • How Ethernet Works:
Ethernet
Figure 43 shows the schematic of an Ethernet network. Typically, local area networks permit a single node to transmit at a given time. Access control methods are systems that enable many nodes to have access to a shared network medium by granting access to the medium in an organised manner. Ethernet uses an elegant access control method, called carrier sence. When a node has data to transmit, it senses the medium, essentially listening to see if any other node is transmitting. If the medium is busy, the node waits a few microseconds and tries again. If the medium is quiet, the node begins to transmit. The full name for this approach is Carrier Sence Multiple Access (CSMA), permitting multiple nodes to access the medium through a carrier sence method. Carrier Sence Multiple Access/Collision Avoid (CSMA/CA): The listen to the wire to check if there is someone that wants to communicates, the pronounce that the are ready to start with a communication (burst). When two terminals on the same moment are ready to start with a communication then the communication will be delayed for a random time by both terminals. Carrier Sence Multiple Access/Collision Detection (CSMA/CD): The start with there communication when the think that the are the only ones that wants to communicate. When after a searten time seams that the don' t where the only ones that wants to communicate, both terminals stops there communication for a random time before the trey again. With a much better rendement then a token that needs to pass all the different terminals offers the CSMA/CD method the disadvantage that it is not possible to now exactly which response time they need to use with a danger for saturation if there is much intensive traffic. Before the stations can send the need to do next 5 steps on a CSMA/CD-network: 1 - listen to the wire before the can send, 2 - wait if the cable isn' t free, 3 - send and listen to the wire to check if there are collisions, 4 - if there is a collisions, wait again before you can send it again, 5 - send it again or cancel it.
IEEE LAN’s
27
4/4/2002
Alex Peeters Before the stations can recieve the need to do next 4 steps on a CSMA/CD-network: 1 - inspectation of the incoming packets and checking on fragmentation, 2 - read and check the destination address, 3 - when the packet is for the local station, check the packet to sea if it' s intact, 4 - process the packet.
A brief period of time must expire before a transmitted electrical signal reaches the furthest extents of the medium on which it is sent. As the two signals flow through the medium, eventually they overlap in an event called a collision. Collisions always damage data, and having a mechanism for dealing with collisions when they occur is of paramount importance. Ethernet nodes detect collisions by continuing to listen as they transmit. If a collision takes place, the nodes measure a signal voltage that is twice as high as expected. After detecting a collision, the nodes transmit a jamming signal that notifies all nodes on the network that a collision has occurred and the current frame should be disregarded. Then the nodes wait random amount of time before attempting to retransmit. Because each node delays for a different time, the likelihood of a new collision is reduced. This technique of managing collisions is called Collision Detection (CD), making the complete abbreviation for the Ethernet access control method CSMA/CD. Collisions are part of the normal operation of an Ethernet. Because CSMA/CD is an exceptionally efficient access control method, normal collision activity does not seriously affect network performance. They occur when two or more systems transmit at the same time contending for the right to control the network. If a system transmit 64 bytes, it is considered to be in control, and the other systems are supposed to be quiet until the controlling system has finished. It is possible, if the total length of an Ethernet exceeds the specifications, for a system not to know that another system has control of the network and to transmit right over the controlling system' s packet. This creates a packet greater than 64 bytes long with a CRC error. The busier the network, the more this problem becomes.
Ethernet
Figure 44 shows collisions on an Ethernet. Sometimes when an installation doesn' t work because the cable is to long or otherwise out of specification, people use a transceiver or network card that functions even over an out-ofspecification link to solve the problem. Don' t do it. You are not solving the problem. You' re just hiding the problem that may came back to haunt you in the future. In a large 10BASET installation, hubs that can be remotely managed are almost indispensable. Simple Network Management Protocol (SNMP) is the standard management software for TCP/IP networks. The agent is the software that reports information about a device back to the management station. SNMP may help you manage the PC’s on your network. Late collisions are undetected collisions caused by a cable segment that is too long and are one example of why you' ll regret violating the Ethernet specifications.
IEEE LAN’s
28
4/4/2002
Alex Peeters
Ethernet II Frames: 8 octets
6 octets
6 octets
2
46 -1500 octets
4 octets
Preamble
Destination Address
Source Address
Type
Data
FCS
CRC calculation frame length
Figure 45 shows the structure of an Ethernet II frame. • The minimum length of an Ethernet frame is 6+6+2+46+4=64 octets • The maximum length of an Ethernet frame is 6+6+2+1500+4=1518 octets The fields in figure 45 are as follows: • The preamble consists of a series of 8 bits in a specific pattern that notifies receiving nodes that a frame is beginning. The preamble begins with seven octets (8-bit groups, frequently referred to as byte) of the pattern 10101010. The final octet of the preamble has the bit pattern 10101011. The purpose of the preamble is to signal the beginning of a frame, and the preamble is not formally part of the frame. Therefore, the octets in the preamble are not counted as part of the length of the frame. • The destination and source address each consist of 48 bits (6 octets). Each node on the network is assigned a unique 48-bit address. This information enables receiving nodes to identify frames that are addressed to them, and also enables the receiver of a message to reply to the sender. • The type field (EtherType) is a 16-bit (2 octets) field that designates the data type of the data field. The EtherType enables the network drivers to demultiplex the packets and direct data to the proper protocol stack. The type mechanism enables Ethernet networks to support multiple protocol stacks. • The data field contains the Protocol Data Unit (PDU) received from upper-layer protocols. For TCP/IP its constructed of three components: The IP header, the TCP header, and the application data. The length of the data field can bee from 46 to 1500 octets, inclusive. If the data field is less than 46 octets in length, upper-layer protocols must pad the data to the minimum length. • The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to determine if transmission errors have altered the frame. This code is derived through a Cyclic Redundancy Checksum (CRC) calculation which processes all fields except the preamble and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC calculation by the receiver matches the value in the FCS, it is assumed that transmission errors didn’t occur. Ethernet II Node Address: Consist of 48 bits, organised in three fields, commonly organised in sec octets, six groups of 8 bits. Bits 4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 Vendor Code (23 bits)
Globally Administered Address (24 bits)
I/G bit: ' 0'= individual address & ' 1'= group address
Figure 46 shows the structure of an Ethernet II Node Address. \
• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address of one device on the network. If the bit is 1, it specifies a multicast address that identifies a group of devices.
IEEE LAN’s
29
4/4/2002
Alex Peeters
Vendors are assigned unique vendor codes that are used to identify their adapters. This registration system ensures that each Ethernet device that is manufactured has a physical address that is unique in the entire world. The Globally Administrated Address is designated by the manufacturer of the Ethernet equipment. Because each manufacturer is assigned a unique vendor ID, and the manufactures assign a different identification number to each equipment produced, the complete Ethernet ID for each Ethernet device is unique. Ethernet wiring comes in three forms: • Thicknet
: IEEE 10BASE5 standard, coax cable .5" diameter, used for backbone Ethernet to interconnect other networks
• Thinnet
: IEEE 10BASE2 standard, coax cable .2" diameter, used to directly connect PC’s
• UTP
: IEEE 10BASET standard, used to directly connect PC’s, these systems requires a concentrator or hub to operate.
Ethernet wiring limits: Max.
10BASE5
10BASE2
10BASET
Segment length
500 m
185 m
500 m
Repeaters or concentrators
4
4
4
Total length
2500 m
925 m
2500 m
Nodes per segment
100
30
512
Workstation cable
N/A
N/A
100 m
• IEEE 802.3 Media: Each of the cable standards has a three-part name. The first number indicates the data rate in megabits per second. BASE specifies baseband operation, and BROAD indicates a broadband network. The final designation suggest the cable type. • 10BASE5
: Thick, 50-ohm coaxial cable.
• 10BASE2
: Thinner coaxial cable.
• 10BASE-T
: UTP cable.
• 10BROAD36: A broadband cable system that enables multiple 10 Mbps channels to be carried by the same coaxial medium. • 100BASE-TX: Utilises two pairs of high-grade UTP cable, 100 Mbps. • 100BASE-T4: Utilises four pairs of standard grade UTP cable, 100 Mbps • 100BASE-TF: Utilises optical fibre, 100 Mbps. • IEEE 802.3 Frames: 7 octets Preamble Start Frame Delimiter
1
6 octets
6 octets
2
46 -1500 octets
4 octets
Destination Address
Source Address
Len gth
Data
FCS
CRC calculation frame length
Figure 47 shows the format of a IEEE 802.3 Frame. • The minimum length of an IEEE 802.3 frame is 6+6+2+46+4=64 octets. • The maximum length of an IEEE 802.3 frame is 6+6+2+1500+4=1548 octets.
IEEE LAN’s
30
4/4/2002
Alex Peeters
The fields in figure 47 are as follows: • The preamble consists of a series of 8 bits in a specific pattern 10101010. • The Start Frame Delimiter (SFD) is a one octet with the bit pattern 10101011. • The destination and source address each consist of 48 bits (6 octets). Each node on the network is assigned a unique 48-bit address. This information enables receiving nodes to identify frames that are addressed to them, and also enables the receiver of a message to reply to the sender. • The length field consists of 2 octets that specify the number of octets in the LLC data field. This value must be in the range 46 through 1500, inclusive. • The LLC data field contains the Protocol Data Unit (PDU) received from the LLC sublayer, consisting of the LLC header and data. The size of this field can be from 46 to 1500 octets, inclusive. If the data field is less than 46 octets in length, upper-layer protocols must pad the data to the minimum length. • The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to determine if transmission errors have altered the frame. This code is derived through a Cyclic Redundancy Checksum (CRC) calculation which processes all fields except the preamble and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC calculation by the receiver matches the value in the FCS, it is assumed that transmission errors didn’t occur. • Implementing TCP/IP over IEEE 802.3: 1
1
1
3 octets
2 octets
0 -1492 octets
DSAP (= 170)
SSAP (= 170)
Control (= 3)
Organisation Code (= 0)
Ethertype
Data
LLC Header
SNAP Header
Data
Figure 48 shows the format of the SNAP data format.
IEEE 802.5 Networks: IEEE 802.5 Token Ring is the second most commonly employed LAN physical layer, trailing significantly behind Ethernet. • How Token Ring Works: Each time a device needs to transmit, some probability exists that the network will be busy. And, even when the device successfully begins to transmit, some probability exists that another device will also transmit and cause a collision, forcing both devices to back off and try again. These probabilities increase as the network becomes busier, until a point is reached at which a device needing to transmit data becomes extremely unlikely to receive the opportunity to do so. Because network access on a CSMA/CD network is uncertain, CSMA/CD is called a probabilistic access method. The mere probability of access is unacceptable in certain critical situations such as industrial control. Suppose that an overheat urgently needs to send a warning to the factory operators. If even a possibility exists that the sensor cannot access the network, the factory designers will not take the situation lightly. Token access guarantees that every device on the network receives a periodic opportunity to transmit.
IEEE LAN’s
31
4/4/2002
Alex Peeters
Listen to the wire No Detected a preamble Yes Read destination address
Broadcast address
Yes
No Ignore transmission
No
My address Yes Read data frame contents No End of frame Yes Perform integrity check
Discard data
No
Check passed Yes Deliver data to designated process
Figure 49 shows the token access method in a ring network. The token consists of a special frame that circulates from device to device around the ring. Only the device that possesses the token is permitted to transmit. After transmitting, the device restarts the token, enabling other devices the opportunity to transmit. The initial 4 Mbps implementation of Token Ring permitted a single token to circulate on the network. Before releasing a token on the network that enabled other devices to transmit, a device that transmitted a frame waited for the frame to return after circulating the ring. A new feature, called Early Token Release (ETR), introduced with the newer 16 Mbps Token Ring, enables a sending device to release a token immediately after it completes transmission of a frame. Thus a token can circulate at the same time as a data frame. Although token access control appears simple, numerous problems lie beneath the surface. The point of introducing them is to illustrate that the control mechanisms Token Ring uses are significantly more complicated than those required for CSMA/CD. These control mechanisms take up network bandwidth, reducing the efficiently of Token Ring. To compensate for this added complexity, Token Ring offers significant benefits. Data throughput of a Token Ring can never reach zero, as is possible with an Ethernet experiencing excessive collisions. Although network performance slows as demand increases, every device on the network receives a periodic opportunity to transmit. Token Ring possesses a capability to set network access priorities, which is unavailable in Ethernet. High-priority devices can request preferred network access. This capability enables a critical device to gain greater access to the network.
IEEE LAN’s
32
4/4/2002
Alex Peeters
Token Ring was also designed to provide a higher level of diagnostic and management capability than is available with Ethernet. The mechanisms that compensate for Token Ring errors provide a capability for diagnosing other network problems, as well. For example, detecting devices causing network errors and forcing those devices to disconnect from the network, is possible. Also, in the cabling system IBM designed, the network is services by two rings of cable. In the event of a cable break, using the media ring to reconfigure the network and keep it operating is possible. Nevertheless, Ethernet remains the most popular network physical layer. Ethernet works well in the majority of networks and costs considerably less than Token Ring. Equipment for Token Ring costs two-to-three times as much as corresponding Ethernet components.
Wiring Hub
Figure 50 shows how Token Rings are wired in a star. • Several reasons can be cited for Token Ring's lower popularity: • It was developed as an IBM technology. Although Token Ring technology is now offered by great many vendors, many in the user community perceive it as proprietary. • Ethernet is simple, reliable, and effective for the majority of networks, and at the same time, cost significantly less than Token Ring. • TCP/IP has traditionally been wed to Ethernet II. Growing industry demand for TCP/IP has accompanied a recent surge in the Ethernet popularity. Nevertheless, Token Ring is an effective physical layer technology with features that make it preferable under some circumstances. • IEEE 802.5 Frames: 1
1
1
2 or 6 octets
2 or 6 octets
SD
AC
FC
DA
SA
start-of-frame
0 or more octets
4 octets
Information
FCS
data section (FCS coverage)
1
1
ED
FS
end-of-frame
Figure 51 shows the format of a Token Ring frame. Three major sections can be specified, as follow: • Start-of-Frame Sequence (SFS): This section signals the network devices that a frame is beginning. • Data section: This section contains control information, upper-layer data, and that a frame is beginning. • End-of-Frame Sequence (EFS): This section indicates the end of the frame and includes several control bits.
IEEE LAN’s
33
4/4/2002
Alex Peeters
The fields in figure 51 are as follows: • The Starting Delimiter (SD) field is a single octet that consists of electrical signals that cannot appear elsewhere in the frame. The SD violates the rules for encoding data in the frame and contains nondata signals. • The Access Control (AC) field includes priority and reservation bits used to set network priorities. It also includes a monitor bit, used for network management. A token bit indicates whether the frame is a token or a data frame. • The Frame Control (FC) field indicates whether the frame contains LLC data or is a MAC control frame. Several types of MAC frame are used to control network functions. • The Destination Address (DA) specifies the station or stations to which the frame is directed. Multicasts and broadcasts are possible in addition to transmission to a single device. 16- and 48-bit addresses are supported. • The Source Address (SA) specifies the device that originated the frame. The DA and SA address must utilise the same format. • The Information field contains LLC data or control information if it appears in a MAC control frame. • The Frame Check Sequence (FCS) is a 32-bit cyclic redundancy check that is applied to the FC, DA, SA, and information field. • The Ending Delimiter (ED) violates the network data format and signals the end of the frame. This field includes two control bits. The intermediate bit indicates whether this is an intermediate or the final frame in a transmission. The error bit is set by any device that detects an error, such as in the FCS. • The Frame Status (FS) field contains other control bits that indicate that a station has recognised its address and that a frame has been copied by a receiving device.
IEEE LAN’s
34
4/4/2002
Alex Peeters
Protocols and Protocol Stacks: OSI Model
Banyan Vines
MS NT LAN Manager
Novell NetWare
TCP/IP UNIX
Application Layer
Vines Redirector
Server Message Block (SMB)
NetWare Core Protocols (NCP)
Network Applications
Presentation Layer Session Layer
Net RPC
Transport Layer
Direct Socket
NetBIOS
Socket Interface
Named Pipes
SPP & JPC
SPX
TCP
UDP
NetBEUI Network Layer
Vines IP
ICP
IPX
IP
ICMP
Data Link Layer
ARP & RARP Vines Drivers & NDIS
NDIS
ODI / NDIS
ARP & RARP & NDIS
Physical Layer
Network Interface Card
Network Interface Card
Network Interface Card
Network Interface Card
Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the OSI model. In figure 52, each NOS manufacturer has implemented its own networking protocols to provide the required networking functions. These protocols operate as distinct programs or processes that the NOS use to transport data between the network nodes. Each set of programs is commonly referred as a protocol stack. It is important to note that although the underlying functionality of each of these protocol stacks is similar, the implementation within each NOS is unique. A client application sends data down its protocol stack, passing through each of the protocols and interfaces. Information necessary to forward the application data to its destination is added by the programs operating at each level. At the receiving side, the data packets traverse a similar stack of protocols and programs, this time in reverse. Starting at the physical layer, the packet passed through each successive layer until it reaches the top of the stack at the relevant application process. At each layer, the information appended by the different protocols is examined so that the host can forward the packet to its final destination. For the host to accomplish this, both the client and the host need to run the same program at each level. If the server received a data packet that contained protocol information generated from a program not in its protocol stack, it would obviously not be able to understand the contained information. Protocols operating at each layer need to be compatible Client Client Application Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Host Server Application Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Figure 53 provides a generic illustration of a data packet moving through the different protocol layers of the OSI model. Each subsequent layer, additional protocol information is appended to the original data packet. At the host side, the protocol information is stripped away layer by layer to finally leave the application data.
Protocols and Protocol Stacks
35
4/4/2002
Alex Peeters
Network Client
Network Host
Application Data
Application Data
Transport Layer
Application Data
TCP Application Info. Data
Network Layer
Application TCP IP Data Info. Info.
Data Link Layer
Application TCP IP NDIS & Data Data Info. Info. Link Info.
Physical Layer
Application TCP IP NDIS & Data Ethernet Data Info. Info. Link Info. Info.
Application Layer Presentation Layer Session Layer
IP TCP Application Info. Info. Data NDIS & Data IP TCP Application Link Info. Info. Info. Data Ethernet NDIS & Data IP TCP Application Info. Link Info. Info. Info. Data
Transmission over the Network
Figure 54 shows a more specific example of an application packet moving through a TCP/IP network.
Operating Dual Protocol Stacks: The biggest problems in providing multiprotocol support to network clients relate to the operation of the interface at both the top and the bottom of the protocol stack. At the top of the stack, applications are generally written to function through the use of a specific network protocol. The application developer then needs to write different version of the application for it to operate using different network protocols. It is possible, however, for developers to overcome these issues by writing applications based on a common or standard interface such as NetBIOS, WinSock, or BSD sockets. It then becomes the problem of the implemented networking protocol to offer support for these interfaces. Similar interpretability problems are found at the protocol stack, the use of a standard interface offers a possible solution. Each distinct networking solution offers its own protocol drivers to communicate with the installed network interface card. For example, this means, that if you loaded a separate NIC driver for both your NetWare stack and your TCP/IP stack, each driver program would assume that it had complete control over the installed NIC. The result would be that as either driver attempted to access the NIC it could corrupt any communication being carried out by the other program. The solution to this problem requires that you load a single device driver to interface directly with the NIC and that this driver provides simultaneous support to all the installed protocol stacks. Two possible solutions have been developed to provide this support. The first is known as the Network Driver Interface Specification, and the second is the Open Datalink Interface. The implementation of either of these standards enables you to effectively provide multiprotocol support, enabling you to load more than one network protocol on a single workstation. Network Driver Interface Standard (NDIS): The NDIS specification was written to provide an NIC with the capability to simultaneously support multiple protocol stacks through the use of a single NIC device driver. The specification defines three main components: • Media Access Control (MAC) driver: This is a device driver written by the vendors of the NIC that directly interfaces with the NIC hardware. • Upper-Level Protocol driver: This is a device driver written by the NOS vendor that provides the required functionality and interface support for the upper-layer protocols. • Protocol manager program: This is a manager or control program that co-ordinates the joining or binding of the preceding two programs to provide the completed protocol stack support. This program is called PROTMAN.DOS or PROTMAN.OS2, depending on the client operating system employed.
Protocols and Protocol Stacks
36
4/4/2002
Alex Peeters
The initialisation of the NDIS environment starts with the protocol manager, which reads a configuration file, called PROTOCOL.INI, and stores the contained configuration in a predefined structure in an area of memory known as configuration memory. As each of the other device drivers are loaded, they issue requests to the protocol manager for their specific configuration details. The protocol manager provides this information by indicating to each driver where it can find the configuration memory. The drivers then access this area of memory, which provides them with the details they need in order to initialise. After the MAC driver and all the required protocol drivers have been loaded, the protocol manager must connect all the drivers together. This process is known as binding and is initiated by a program called NETBIND. The principal function of NETBIND is to issue the BindAndStart directive to the protocol manager. This indicates that all the drivers and protocols to form the necessary protocol stacks. The protocol manager should initiates communication with the MAC driver by issuing the IniatiateBind directive to each of the protocols that was loaded. Each of the protocols binds to the MAC driver with an indicated vector value. The MAC driver can then multiplexed between each of the loaded protocols based on this vector value. Application Layer
Network Layer
Applications TCP/IP
Applications NOS
TCP/IP Network Protocols
NOS Proprietary Network Protocols
TCP/IP NDIS Compatible Driver
NOS NDIS Compatible Driver
Binding Interface Data Link Layer(s) NIC NDIS Driver Physical Layer
Network Interface Card (NIC)
Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program.
Open Datalink Interface (ODI): The ODI specification is similar in structure and functionality to NDIS. The ODI specification was developed as a means of providing client and server support for network protocols alongside its native networking protocol, IPX. The ODI specification references the following components: • Multiple Link Interface Drivers (MLID): These drivers are similar in functionality to the MAC drivers specified by NDIS. They provide a device interface to the installed NIC within the client or the server. • Link Support Layer (LSL) interface: This interface manages the interaction between the installed MLID and the various installed upper-layer protocols. References within the LSL are made to redirect traffic from the MLID to the specified upper-layer protocol. • Upper-Level Protocol driver: This is a device driver that allows for the integration of other network protocols and their support within the NetWare environment. Configuration and protocol loading within an ODI environment are controlled via the net.cfg file on the workstation. The first program to load is the LSL driver, which provides a basis for the binding of upper-layer protocols and for the loading of the NIC drivers. The file net.cfg contains information relating to the installed NIC driver, or MLID, and the LAN frame type support that is required. After the MLID has been installed, the upper-layer protocol drivers can be loaded to interface individually onto the LSL.
Protocols and Protocol Stacks
37
4/4/2002
Alex Peeters
Listing 1 shows an example ODI dual protocol stack configuration. It indicates the loading of both the IPXODI driver, for IPX support, and the TCP/IP driver to provide a TCP/IP protocol stack. AUTOEXEC.BAT ... REM Load LSL driver LSL REM Load MLID driver, which reference NET.CFG for its configuration 3c509 REM Load IPX upper layer ODI compliant driver IPXODI REM Load TCP/IP upper layer ODI compliant driver TCPIP REM Load redirector program VLM REM TCP/IP and IPX stacks loaded, continue with login routines ... NET.CFG ... link driver 3c509 frame ethernet_803.2 frame ethernet_snap frame ethernet_II frame ethernet_803.3 ... It is also possible to provide for NDIS-compatible environments within the ODI specification. This is provided through inclusion of a program called ODINSUP.COM. This program provides support for upper-layer protocol drivers written to the NDIS specification to interface directly with the installed ODI MLID. In other words, the NDIS protocols bind to the ODI MLID, via ODINSUP.COM, bypassing the installed LSL module. You might undertake this method if the TCP/IP stack you wanted to load supplied only an NDIS-compliant driver.
Protocols and Protocol Stacks
38
4/4/2002
Alex Peeters
Delivering Data Through Internetworks: Router Router
Ethernet
Workstation
Workstation
Workstation
Token Ring
Workstation
Workstation
Router Router
Ethernet
Workstation
Workstation
Workstation
Figure 56 shows an internetwork consisting of several networks. The way data are delivered through internetworks involves several topics: • Methods for carrying multiple data streams on common media. • Methods for switching data through paths on the network. • Methods for determining the path to be used. Multiplexing: LAN’s generally operate in baseband mode, which means that a given cable is carrying a single data signal at any one time. The various devices on the LAN must take turns using the medium. This generally is a workable approach for LAN’s, because LAN media offer high performance at low cost. Long-distance data communication media are expensive to install and maintain, and it would be inefficient if each media path could support only a single data stream. WAN’s, therefore, tend to use broadband media, which can support two or more data streams. Increasingly, as LAN’s are expected to carry more and different kinds of data, broadband media are being considered for LAN as well. To enable many data streams to share a high-bandwidth medium, a technique called multiplexing is employed. B C
D C B A D C B A D C B A D C B A
D
Data Flow
A
Demultiplex
Multiplex
A
B C D
Figure 57 illustrates one method of time-division multiplexing of digital signals.
B C
Multiplex
A A B A C A B A A A C A A B A B A
D
Data Flow
Demultiplex
In figure 57, the signals-carrying capacity of the medium is divided into time slots, with a time slot assigned to each signal, a technique called Time-Division Multiplexing (TMD). Because the sending and receiving devices are synchronised to recognise the same time slots, the receiver can identify each data stream and re-create the original signals. The sending device, which places data into the time slots, is called a multiplexer or mux. The receiving device is called a demultiplexer or demux. TMD can be inefficient. If a data stream falls silent, its time slots are not used and the media bandwidth is underutilised. A B C D
Figure 58 depict a more advanced technique, statistical time-division multiplexing. In figure 58, time slots are still used, but some data streams are allocated more time slots that others. An idle channel, D, is allocated no time slots at all. A device that performs statistical TMD often is called a stat-MUX.
Delivering Data Through Internetworks
39
4/4/2002
Alex Peeters
Switching Data: On an internetwork, data units must be switched through the various intermediate devices until they are delivered to their destination. Two contrasting methods of switching data are commonly used: Circuit switching and packet switching. Both are used in some form by protocols in common use. Circuit Switching: E D C B A
Original Message
E
D
C
B
A
Message Fragments
E D C B A E
D
C
B
A
E
D
C
B
A
Message Fragments
Reassembled Message
E D C B A
Figure 59 illustrates circuit switching. When two devices negotiate the start of a dialogue, they establish a path, called a circuit, through the network, along with a dedicated bandwidth through the circuit. After establishing the circuit, all data for the dialogue flow through that circuit. The chief disadvantage of circuit switching is that when communication takes place at less than the assigned circuit capacity, bandwidth is wasted. Also, communicating devices can’t take advantage of other, less busy paths through the network unless the circuit is reconfigured. Circuit switching does not necessarily mean that a continuous, physical pathway exists for the sole use of the circuit. The message stream may be multiplexed with other message streams in a broadband circuit. In fact, sharing of media is the more likely case with modern telecommunications. The appearance to the end devices, however, is that the network has configured a circuit dedicated to their use. End devices benefit greatly from circuit switching. Since the path is pre-established, data travel through the network with little processing in transit. And, because multipart messages travel sequentially through the same path, message segments arrive in an order and little effort is required to reconstruct the original message. Packet Switching: E D C B A
Original Message
E
D
C
B
A
D
C
A
A
Message Fragments B E
D A
C E
E
D
C
B
E
D
C
B
A
Message Fragments
Reassembled Message
E D C B A
Figure 60 illustrates packet switching.
Delivering Data Through Internetworks
40
4/4/2002
Alex Peeters
Packet switching takes a different and generally more efficient approach to switching data through networks. Messages are broken into sections called packets, which are routed individually through the network. At the receiving device, the packets are reassembled to construct the complete message. Messages are divided into packets to ensure that large messages do not monopolise the network. Packets from several messages can be multiplexed through the same communication channel. Thus, packet switching enables devices to share the total network bandwidth efficiently. Two variations of packet switching may be employed: • Datagram services treat each packet as an independent message. The packets, also called datagrams, are routed through the network using the most efficient route currently available, enabling the switches to bypass busy segments and use under-utilised segments. Datagrams frequently are employed on LAN’s and network layer protocols are responsible for routing the datagrams to the appropriate destination. Datagram service is called unreliable, not because it is inherently flawed but because it does not guarantee delivery of data. Recovery of errors is left to upper-layer protocols. Also, if several messages are required to construct a complete message, upper-layer protocols are responsible for reassembling the datagrams in order. Protocols that provide datagram service are called connectionless protocols. • Virtual circuits establish a formal connection between two devices, giving the appearance of a dedicated circuit between the devices. When the connection is established, issues such as messages size, buffer capacities, and network paths are considered and mutually agreeable communication parameters are selected. A virtual circuit defines a connection, a communication path through the network, and remains in effect as the devices remain in communication. This path functions as a logical connection between the devices. When communication is over, a formal procedure releases the virtual circuit. Because virtual circuit service guarantees delivery of data, it provides reliable delivery service. Upper-layer protocols need not be concerned with error detection and recovery. Protocols associated with virtual circuits are called connection-oriented. Bridges, Routers, and Switches: Data can be routed through an internetwork using the following three types of information: • The physical address of the destination device, found at the data link layer. Devices that forward messages based on physical addresses generally are called bridges. • The address of the destination network, found at the network layer. Devices that use network addresses to forward messages usually are called routers, although the original name, still commonly used in the TCP/IP world, is gateway. • The circuit that has been established for a particular connection. Devices that route messages based on assigned circuits are called switches. Bridges: End Node
Bridge
Application Layer Presenation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Data Link Layer Physical Layer
Network A
End Node Application Layer Presenation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Data Link Layer Physical Layer
Network B
Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model. Bridges build and maintain a database that lists known addresses of devices and how to reach those devices. When it receives a frame, the switch consults its database to determine which of its connections should be used to forward the frame.
Delivering Data Through Internetworks
41
4/4/2002
Alex Peeters
A bridge must implement both the physical and data link layers of the protocol stack. Bridges are fairly simple devices. The receive frames from on connection and forward them to another connection known to be en route to the destination. When more than one route is possible, bridges ordinarily can’t determine which route is most efficient. In fact, when multiple routes are available, bridging can result in frames simply travelling in circles. Having multiple paths available on the network is desirable, however, so that a failure of one path does not stop the network. With Ethernet, a technique called the spanning-tree algorithm enables bridged networks to contain redundant paths. Token Ring uses a different approach to bridging. When a device needs to send to another device, it goes through a discovery process to determine a route to the destination. The routing information is stored in each frame transmitted and is used by bridges to forward the frames to the appropriate networks. Although this actually is a data link layer function, the technique Token Ring uses is called source routing. The bridge must implement two protocol stacks, one for each connection. Theoretically, these stacks could belong to different protocols, enabling a bridge to connect different types of networks. However, each type of network, such as Ethernet and Token Ring, has its own protocols at the data link layer. Translating data from the data link layer of an Ethernet to the data link layer of a Token Ring is difficult, but not impossible. Bridges, which operate at the data link layer, therefore, generally can join only networks of the same type. You see bridges employed most often in networks that are all Ethernet or all Token Ring. A few bridges have been marketed that can bridges networks that have different data link layers. Routers: End Node
Router
Application Layer Presenation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Network Layer Data Link Layer Physical Layer
End Node Application Layer Presenation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Network Layer Data Link Layer Physical Layer
Network A
Network B
Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model. A different method of path determination can be employed using data found at the network layer. At that layer, networks are identified by logical network identifiers. This information can be used to build a picture of the network. This picture can be used to improve the efficiency of the paths that are chosen. Devices that forward data units based on network addresses are called routers. With TCP/IP, routing is a function of the internet layer. By convention, the network on which the data unit originates counts as one hop. Each time a data unit crosses a router, the hop count increases by one.
Router Router A
Router Router B
Router Router C
Router Router D
Router Router
Router Router
E
F
Figure 63 illustrates Hop-count routing.
Delivering Data Through Internetworks
42
4/4/2002
Alex Peeters
A wide variety of paths could be identified between A and F: • • • •
A-E-F (4 hops) A-E-D-F (5 hops) A-E-C-F (5 hops) A-B-C-F (5 hops)
By this method, A-E-F is the most efficient route. This assumes that all of the paths between the routers provide the same rate of service. A simple hop-count algorithm would be misleading if A-D and D-E were 1.5 Mbps lines while A-E was a 56 Kbps line. Apart from such extreme cases, however, hopcount routing is a definite improvement over no routing planning at all. Routing operates at the network layer. By the time data reach that layer, all evidence of the physical network has been shorn away. Both protocol stacks in the router can share a common network layer protocol. The network layer does not know or care if the network is Ethernet or Token Ring. Therefore, each stack can support different data link and physical layers. Consequently, routers posses a capability, fairly rare in bridges, to forward traffic between dissimilar types of networks. Owing to that capability, routers often are used to connect LAN’s to WAN’s. Building routers around the same protocol stack as are used on the end-nodes is possible. TCP/IP networks can use routers based on the same IP protocol employed at the workstation. However, it is not required that routers and end-nodes use the same routing protocol. Because network layers need not communicate with upper-layer protocols, different protocols may be used in routers than are used in the end-nodes. Commercial routers employ proprietary network layer protocols to perform routing. These custom protocols are among the keys to the improved routing performance provided by the bets routers. Switches: Circuit-based networks operate with high efficiency because the path is established once, when the circuit is established. Each switch maintains a table that records how data from different circuits should be switched. Switching is typically performed by lower-level protocols to enhance efficiency, and is associated most closely with the data link layer.
Delivering Data Through Internetworks
43
4/4/2002
Alex Peeters
Digital Data Services: When networks must span more than a few kilometre' s, new categories of technology come into play. Before considering WAN standards, it is useful to take a look at options that might be used by an organisation that wants to build a private WAN. Not all options are examined. A Leased line is a dedicated communication line between two points. It’s usually used by organisations to connect computers over a dedicated telephone line. •
Dedicated Leased Lines: Communication providers offer dedicated, leased lines at a variety of capacities. A dedicated line is a communication channel between two points that is leased by an organisation for its exclusive use. The dedicated line almost certainly does not consist of a pair of wires that stretches continuously between the end-points, and a customer' s signal can pass through any combination of copper and optical fibre cables as well as terrestrial and satellite microwaves. The appearance to the customer, however, is of a directly wired channel. Dedicated lines may be analogue or digital in nature. T1 is an example of a digital leased-line technology. T1 supports full-duplex communication between two points. Originally intended for digital voice communication, T1 adapts as well to data communication, supporting data rates up to 1.544 Mbps. T1 circuits can utilise combinations of cables and microwave links. A T1 line supports 24 multiplexed 64 Kbps channels. Fractional T1 enables organisations to lease part of a T1 line in 64 Kbps increments. Other standards include T2 (6.312 Mbps), T3 (44.736 Mbps) and T4 (274.176 Mbps).
Router Router
CSU/DSU
DDS
CSU/DSU
Router Router
Figure 64 shows connecting remote sites with a Digital Leased Circuit. The interface to the leased line consists of a bridge or router to forward frames to the leased circuit. A Channel Service Unit/Digital Service Unit (CSU/DSU) to translate between LAN and the Digital Data Service (DDS) signal formats. A network interface provided by the communication service vendor. Leased lines can be used to construct quite large networks. The Internet is a world wide network that consists of thousands of host. Most connected by leased lines. The participant in the Internet share the cost of operating the Internet by bearing the cost of one or more leased lines to connect to other host sites. The downside of leased lines is that an organisation bears the full cost of the capacity they have leased. Some allowance must be made for peak traffic periods, and a portion of the channel capacity being paid for may be idle a great deal of the time. Dedicated lines ensure an organisation of a specified communication capacity, but come at a high cost.
Digital Data Services
44
4/4/2002 •
Alex Peeters
Switched Digital Lines: Switched lines provide an alternative to dedicated lines. When remote hosts need to communicate, one dials the other to establish a temporary connection. Switched connection can be configured using conventional modems and voice-grade lines, enabling organisations that have very limited bandwidth needs to avoid the cost of a digital service. A technology of switched digital communication is the Integrated Services Digital Network (ISDN). A variety of ISDN services are possible, providing different amounts of bandwidth. A common basic rate service consists of two 64 Kbps digital channels. Although the potential bandwidth of this service is 128 Kbps, the 64 Kbps channels function separately. Equipment at the customer site must be capable of aggregating the separate 64 Kbps channels into a 128 Kbps logical channel. ISDN has the potential to make switched digital communication widely available at low cost.
Digital Data Services
45
4/4/2002
Alex Peeters
The Internet Model: The protocol architecture for TCP/IP currently is defined by the IETF, which is responsible for establishing the protocols and architecture for the Internet. What TCP/IP provides: • Open protocol standards, freely available and developed independently from any specific operating system or computer hardware platform. Because TCP/IP is so widely supported, it is ideal for uniting different hardware and software, even if you don' t communicate over the Internet. • Independence from specific physical network hardware, it can be run over an Ethernet, a Token Ring, a dial-up line, an X.25 net, and virtually any other kind of physical transmission media. • A globally unique addressing scheme that allows any TCP/IP device to address any other device in the entire network, even if the network is as large as the world-wide Internet. • Support for internetworking and routing, standardised high-level protocols for consistent, widely available user services. TCP/IP attempts to create a heterogeneous network with open protocols that are independent of operating system and architectural difference. TCP/IP protocols are available to everyone, and are developed and changed by consensus, not by the fiat of one manufacturer. Everyone is free to develop products to meet these open protocol specifications. Most information about TCP/IP is published as Request For Comments (RFC), its contain the latest version of the specifications of all standard TCP/IP protocols. 4
Application Layer consists of applications and processes that use the network
3
Transport Layer provides end-to-end data delivery services
2
Internet Layer defines the datagram and handles the routing of data
1
Network Access Layer consists of routines for accessing physical media
Figure 65 shows the Layers in the TCP/IP Protocol Architecture. The four-layered structure of TCP/IP is seen in the way data handled as it passes down the protocol stack from the Application Layer to the underlying physical network. Each layer in the stack adds control information to ensure proper delivery. This control information is called a header because it is placed in front of the data to be transmitted. Each layer treats all of the information it receives from the layer above as data and places its own header in front of that information. The addition of delivery information at every layer is called encapsulation. When data is received, the opposite happens. Each layer strips off its header before passing the data on the layer above. As information flows back up the stack, information received from a lower layer is interpreted as both a header and data. Application Layer
Data
Transport Layer
Internet Layer
Network Access Layer
Header
Header
Data
Header
Header
Data
Header
Header
Data
Figure 66 shows TCP/IP Data Encapsulation.
The Internet model
46
4/4/2002
Alex Peeters
Each layer has its own independent data structures. Conceptually a layer is unaware of the data structure used by the layers above and below it. In reality, the data structures of a layer are designed to be compatible with the structures used by the surrounding layers for the sake of more efficient data transmission. Still, each layer has its own data structure and its own terminology to describe that structure. TCP
UDP
Application Layer
stream
message
Transport Layer
segment
packet
Internet Layer
datagram
datagram
Network Access Layer
frame
frame
Figure 67 shows Data Structures. Figure 67 shows the terms used by different layers of TCP/IP to refer to the data being transmitted. Most networks refer to transmitted data as packets of frames. Application Send continuous data streams
Application Receive continuous data streams Data Steam
TCP Defragment segments, reconstruct data stream
TCP Fragment data stream to segments
Segments
IP Fragment segments if required, prepare datagrams
IP Reconstruct segments from datagrams
Datagrams
Network Access Fragment datagram to bits
Network Access Reconstruct datagrams from bits
Figure 68 shows the processing of data during the transmission and the receiving for TCP.
Description of each of these layers: • The Network Access Layer it is the lowest layer of the TCP/IP protocol hierarchy. The protocols in this layer provide the means for the system to deliver data to the other device on a directly attached network. It defines how to use the network to transmit an IP diagram. Unlike higher-level protocols, it must know the details of the underlying network to correctly format the data being transmitted to comply with the network constraints. The TCP/IP Network Access Layer can encompass the function of all three lower layers of the OSI reference model Network Layer, Data Link Layer, and Physical Layer. Functions performed at this level include encapsulation of IP datagrams into the frames transmitted by the network, and mapping of IP addresses to the physical addresses used by the network. The network access layer is responsible for exchanging data between a host and the network and for delivering data between two devices on the same network. Node physical addresses are used to accomplish delivery on the local network.
The Internet model
47
4/4/2002
Alex Peeters
TCP/IP has been adapted to a wide variety of network types, including switching, such as X.21, packet switching, such as X.25, Ethernet, the IEEE 802.x protocols, frame relay, etc.. Data in the network access layer encode EtherType information that is used to demultiplex data associated with specific upper-layer protocol stacks. SMTP
FTP
Telnet
TFTP
SNMP
Application Layer
UDP
Transport Layer
IP
ICMP
Internet Layer
MAC Driver
RARP
TCP
ARP
NFS
SMTP
FTP
Telnet
TFTP
TCP
ARP
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
Network Access Layer NIC
DATA
NIC
DATA
DATA
DATA
DATA
...
DATA
Actual Physical Connection
Figure 69 shows processes/applications and protocols that rely on the Network Access Layer for the delivery of data to their counterparts across the network. • The Internetwork Layer it is the heart of TCP/IP and the most important protocol. IP provides the basic packet delivery service on which TCP/IP networks are built. All protocols, in the layers above and below IP, use the Internet Protocol to deliver data. All TCP/IP data flows through IP, incoming and outgoing, regardless of its final destination. The Internetwork Layer is responsible for routing messages through internetworks. Devices responsible for routing messages between networks are called gateways in TCP/IP terminology, although the term router is also used with increasing frequency. The TCP/IP protocol at this layer is the Internet Protocol (IP). In addition to the physical node addresses utilised at the network access layer, the IP protocol implements a system of logical host addresses called IP addresses. The IP addresses are used by the internet and higher layers to identify devices and to perform internetwork routing. The Address Resolution Protocol (ARP) enable IP to identify the physical address that matches a given IP address. Internet Protocol (IP): • Defining the datagram, which is the basic unit of transmission in the Internet. • Defining the Internet addressing scheme, moving data between the Network Access Layer and the Host-to-Host Transport Layer. • Routing datagrams to remote hosts. • Performing fragmentation and reassembly of datagrams. The Datagram: Is the packet format defined by Internet Protocol. The internet protocol delivers the datagram by checking the Destination Address (DA). This is an IP address that identifies the destination network and the specific host on that network. If the destination address is the address of a host on the local network, the packet is delivered directly to the destination, otherwise the packet is passed to a gateway for delivery. Gateways are devices that switch packets between the different physical networks. Deciding which gateway to use is called routing. IP makes the routing decision for each individual packet. IP deals with data in chunks called datagrams. The terms packet and datagram are often used interchangeably, although a packet is a data linklayer object and a datagram is a network layer object. In many cases, particularly when using IP on Ethernet, a datagram and packet refer to the same chunk of data. There' s no guarantee that the physical link layer can handle a packet of the network layer' s size. If the media' s MTU is smaller than the network' s packet size, then the network layer has to break large datagrams down into packed-sized chunks that the data link layer and physical layer can digest. This process is called fragmentation. The host receiving a fragmented datagram reassembles the pieces in the correct order.
The Internet model
48
4/4/2002
Alex Peeters
IP Datagram Format:
1 2 3 4 5 6
Version
IHL Type of Service Identification Flag Time-to-live Protocol Source Address Destination Address Options Data begins here ...
Total Length Fragment Offset Header Checksum
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Padding
Figure 70 shows the IP Datagram Format. The field in figure 70 are as follows: Version: IHL: Type of Service: Data in this fields indicate the quality of service desired. The effects of values in the precedence fields depend on the network technology employed, and values must be configured accordingly. Format of the Type of Service field: • Bits 0-2: Precedence
111 = Normal Control 110 = Internetwork Control 101 = CRITIC/ECP 100 = Flash Override 011 = Flash 010 = Immediate 001 = Priority 000 = Routine
• Bit 3
: Delay
0 = normal delay
1 = low delay
• Bit 4
: Throughput
0 = normal throughput
1 = high throughput
• Bit 5
: Reliability
0 = normal reliability
1 = high reliability
• Bits 6-7: Reserved Total Length: The length of the datagram in octets, including the IP header and data. This field enables datagrams to consist of up to 65.535 octets. The standard recommends that all hosts be prepared to receive datagrams of at least 576 octets in length. Identification: An identification field used to aid reassemble of the fragments of a datagram. Flag: If a datagram is fragmented, the MB bit is 1 in all fragments except the last. This field contains three control bits. • Bit 0: Reserved, must be 0. • Bit 1 (DF): 1 = Do not fragment and 0 = May fragment • Bit 2 (MF): 1 = More fragments and 0 = Last fragment Fragment Offset: For fragmented datagrams, indicates the position in the datagram of this fragment. Time-to-live: Indicates the maximum time the datagram may remain on the network. Protocol: The upper layer protocol associated with the data portion of the datagram. Header Checksum: A checksum for the header only. This value must be recalculated each time the header is modified. Source Address: The IP address of the that originated the datagram. Destination Address: The IP address of the host that is the final destination of the datagram. Options: May contain 0 or more options. Padding: Filled with bits to ensure that the size of the header is a 32-bit multiple.
The Internet model
49
4/4/2002
Alex Peeters
Routing Datagrams: Internet gateways are commonly referred to as IP routers because they use Internet Protocol to route packets between networks. Gateways forward packets between networks and hosts don' t. However, if a host is connected to more than one network (a multihomed host), it can forward packets between the networks. When a multihomed host forwards packets, it acts just like any other gateway and is considered to be a gateway. Systems can only deliver packets to other devices attached to the same physical network. Host A1
Gateway AB1
Application Layer Transport Layer Internet Layer Network Access Layer
Internet Layer Network Access Layer
Network A
Gateway BC1
Host C1
Internet Layer Network Access Layer
Application Layer Transport Layer Internet Layer Network Access Layer
Network B
Network C
Figure 71 shows Routing Through Gateways. The hosts (end-systems) process packets through all four protocol layers, while the gateways (intermediate-systems) process the packets only up to the internet layer where the routing decisions are made. Fragmenting Datagrams: As a datagram is routed through different networks, it may be necessary for the IP module in the gateway to divide the datagram into smaller pieces. A datagram received from one network may be to large to be transmitted in a single packet on a different network. This condition only occurs when a gateway interconnects dissimilar physical networks. Each type of network has a Maximum Transmission Unit (MTU), which is the largest packet that it can transfer If the datagram received from one network is longer than the other network' s MTU, it is necessary to divide the datagram into smaller fragments for transmission. This process is called fragmentation. Passing Datagrams to the Transport Layer: When IP receives a datagram that is addressed to the local host, it must pass the data portion of the datagram to the correct transport layer protocol. This is done by using the protocol number of the datagram header. Each transport layer protocol has a unique protocol number that identifies it to IP. Internet Control Message Protocol (ICMP): Is part of the internet layer and uses the IP datagram delivery facility to sends its messages. ICMP sends messages that perform control, error reporting, and informational functions for TCP/IP.
1 2
Type Pointer
Code
Checksum
unused Header & 64 bits from original datagram
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Figure 72 shows the ICMP Header Format. • Flow control: When datagrams arrive to fast for processing, the destination host or intermediate gateway sends an ICMP Source Quench Message back to the sender. This tells the source to temporarily stop sending datagrams. • Detecting unreachable destinations: When a destination is unreachable, the system detecting the problem sends an ICMP Destination Unreachable Message to the datagrams source. If the unreachable destination is a network or host, the message is sent by an intermediate gateway. But if the destination is an unreachable port, the destination host sends the message.
The Internet model
50
4/4/2002
Alex Peeters
• Redirecting routes: A gateway sends the ICMP Redirect Message to tell a host to use another gateway, presumably because the other gateway is a better choice. This message can only be used when the source host is on the same network as both gateways. • Checking remote hosts: A host can send the ICMP Echo Message to see if a remote system' s internet protocol is up and operational. When a system receives an echo message, it sends the same packet back to the source host (e.g. PING). SMTP
FTP
Telnet
TFTP
NFS
Application Layer
UDP
Transport Layer
IP
ICMP
Internet Layer
MAC Driver
RARP
TCP
ARP
SNMP
SMTP
FTP
Telnet
TFTP
TCP
ARP
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
Network Access Layer NIC
DATA
NIC
DATA
DATA
DATA
DATA
...
DATA
Actual Physical Connection
Figure 73 shows processes/applications and protocols rely on the Internet Layer for the delivery of data to their counterparts across the network. • The Host-to-Host Transport Layer has two major jobs: It must subdivide user-sized data buffers into network layer sized datagrams, and it must enforce any desired transmission control such as reliable delivery. The two most imported protocols in this layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP provides reliable data delivery service with end-to-end error detection and correction. UDP provides low-overhead, connectionless datagram delivery service. Both protocols deliver data between the Application Layer and the Internet Layer. Applications programmers can choose whichever service is more appropriate for their specific applications. The Host-to-Host Transport Layer is responsible for end-to-end data integrity. Two protocols are employed at this layer: Transmission control protocol and user datagram protocol. TCP precedes reliable, full-duplex connections and reliable service by ensuring that data is present when transmission result in an error. Also, TCP enables hosts to maintain multiple, simultaneous connections. UDP provides unreliable service that enhances network throughput when error correction is not required at the host-to-host-layer. Protocols defined at this layer accept data from application protocols running at the Application layer, encapsulate it in the protocol header, and deliver the data segment thus formed to the lower IP layer for routing. Unlike the IP protocol, the transport layer is aware of the identity of the ultimate user representative process. As such, the Transport layer, in the TCP/IP suite, embodies what data communications are all about: The delivering of information from an application on one computer to an application on another computer. User Datagram Protocol (UDP): Gives application programs direct access to a datagram delivery service, like the delivery service that IP provides. This allows applications to exchange messages over the network with a minimum of protocol overhead. UDP is an unreliable (it doesn' t care about the quality if deliveries it make), connectionless (doesn' t establish a connection on behalf of user applications) datagram protocol. Within your computer, UDP will deliver data correctly. UDP is used as a data transport service when the amount of data being transmitted is small, the overhead of creating connections and ensuring reliable delivery may be greater than the work of retransmitting the entire data set. Broadcast-oriented services use UDP, as do those in which repeated, out of sequence, or missed requests have no harmful side effects. Since no state is maintained for UDP transmission, it is ideal for repeated, short operations such as the Remote Procedure Call protocol. UDP packets can arrive in any order. If there is a network bottleneck that drops packets, UDP packets may not arrive at all. It' s up to the application built on UDP to determine that a packet was lost, and to resend it if necessary.
The Internet model
51
4/4/2002
Alex Peeters
NFS and NIS are build on top of UDP because of its speed and statelessness. While the performance advantages of a fast protocol are obvious, the stateless nature of UDP is equally important. Without state information in either the client or server, crash recovery is greatly simplified.
1 2
Source Port Length
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Destination Port Checksum Data begins here ...
Figure 74 shows the UDP Datagram Format. The fields in figure 74 are as follows: • Source Port (16 bits): This field is optional and specifies the port number of the application that is originating the user data. • Destination Port (16 bits): This is the port number pertaining to the destination application. • Length (16 bits): This field describes the total length of the UDP datagram, including both data and header information. • UDP checksum (16 bits): Integrity checking is optional under UDP. If turned on, this field is used by both ends of the communication channel for data integrity checks. Version
IHL Type of Service Identification Flag Time-to-live Protocol Source Address Destination Address Options UDP Datagram Source Port Length
Total Length Fragment Offset Header Checksum IP Datagram Padding
Destination Port Checksum
UDP Datagram
Data begins here ...
Figure 75 shows the relationship between UDP and IP headers. There are two points to make: • What IP considers to be data field is in fact another piece of formatted information including both UDP header and user protocol data. To IP it should not matter what the data field is hiding. • The details of the header information for each protocol should clearly convey to the reader purpose of the protocol. Transmission Control Protocol (TCP): Is a fully reliable, connection-oriented, acknowledged, byte stream protocol that provide reliable data delivery across the network and in the proper sequence. TCP supports data fragmentation and reassemble. It also support multiplexing/demultiplexing using source and destination port numbers in much the same way they are used by UDP. TCP provides reliability with a mechanism called Positive Acknowledgement with Retransmission (PAR). Simply stated, a system using PAR sends the data again, unless it hears from the remote system that the data arrived okay. The unit of data exchanged between co-operating TCP modules is called a segment.
The Internet model
52
4/4/2002
Alex Peeters TCP Segment Format:
1 2 3 4 5 6
Source Port
Offset
Reserved Checksum
Destination Port Sequence Number Acknowledgement Number Control Bits
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Window Urgent Pointer
Options Data begins here ...
Padding
Figure 76 shows the data segment format of the TCP Protocol. The fields in figure 76 are as follows: • Source port (16 bits): Specifies the port on the sending TCP module. • Destination port (16 bits): Specifies the port on the receiving TCP module. • Sequence number (32 bits): Specifies the sequence position of the first data octet in the segment. When the segment opens a connection, the sequence number is the Initial Sequence Number (ISN) and the first octet in the data field is at sequence ISN+1 • Acknowledgement number (32 bits): Specifies the next sequence number that is expected by the sender of the segment. TCP indicates that this field is active by setting the ACK bit, which is always set after a connection is established. • Data offset (4 bits): Specifies the number of 32-bit word in the TCP header. • Reserved (6 bits): Must be zero. Reserved for future use. • Control bits (6 bits): The six control bits are as follow: • URG: When set, the Urgent Pointer field is significant • ACK : When set, the acknowledgement Number field is significant • PSH : Initiates a push function • RST : Forces a reset of the connection • SYN : Synchronises sequencing counters for the connection. This bit is set when a segment request opening of a connection. • FIN : No more data. Closes the connection • Window (16 bits): Specifies the number of octets, starting with the octet specified in the acknowledgement number field, which the sender of the segment can currently accept. • Checksum (16 bits): An error control checksum that covers the header and data fields. It does not cover any padding required to have the segment consists of an even number of octets. The checksum also covers a 96-pseudoheader, it includes source and destination addresses, the protocol, and the segment length. The information is forwarded with the segment to IP to protect TCP from miss-routed segments. The value of the segment length fields include the TCP header and data, but doesn' t include the length of the pseudoheader. • Urgent Pointer (16 bits): Identifies the sequence number of the octet following urgent data. The urgent pointer is a positive offset from the sequence number of the segment. • Options (variable): Options are available for a variety of functions. • Padding (variable): 0-value octets are appended to the header to ensure that the header ends on a 32-bit word boundary.
The Internet model
53
4/4/2002
Alex Peeters
1 2 3
Source Address Destination Address Protocol
zero
Header
Words
Bits 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
TCP length
Figure 77 shows the format of the TCP pseudoheader. Each segment contains a checksum that the recipient uses to verify that the data is undamaged. If the data segment is received undamaged, the receiver sends a positive acknowledgement back to the sender. If the data segment is damaged, the receiver discards it. After an appropriate time-out period, the sending TCP module retransmits any segment for which no positive acknowledgement has been received. TCP is connection-oriented. It establishes a logical end-to-end connection between the two communication hosts. Control information, called a handshake, is exchanged between the two endpoints to establish a dialogue before data is transmitted. TCP indicates the control function of a segment by setting the appropriate bit in the flags field of the segment header. SMTP
FTP
Telnet
TFTP
TCP
ARP
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
DATA
SMTP
FTP
DATA
Telnet
ARP
DATA
DATA
DATA
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
Actual Data Including Headers DATA
TFTP
TCP
Preceived Connection
NIC
DATA
Preceived Data
NIC
...
DATA
Actual Physical Connection
Figure 78 shows TCP establishes virtual circuits over which applications exchange data. The type of handshake used by TCP is called a three-way handshake because three segments are exchanged. Three-Way Handshake: Host A
Host B
SYN SYN, ACK
ACK, data data transfer has begun
Figure 79 shows a Three-Way Handshake. Reliability and Acknowledgement: TCP employs the positive acknowledgement with retransmission technique for the purpose of archiving reliability in service. Host A
Host B
DS1
Time
ACK1 DS2 ACK2
Figure 80 shows the positive acknowledgement with retransmission technique.
The Internet model
54
4/4/2002
Alex Peeters
In figure 80, with a laddergram depicting the events taking place between two hosts. The arrows represent transmitted data and/or acknowledgements, and time is represented by the vertical distance down the ladder. When TCP send a data segment, it requires an acknowledgement from the receiving end. The acknowledgement is used to update the connection state table. An acknowledgement can be positive or negative. An positive acknowledgement implies that the receiving host recovered the data and that it passed the integrity check. A negative acknowledgement implies that the failed data segment needs to be retransmitted. It can be caused by failures such as data corruption or loss. Host A Countdown timer starts
Host B
DS1 ACK1
Acknowledgment received Countdown timer starts
DS 2( los
Countdown timer expires Countdown timer starts
t)
DS2 (r etr.) ACK2
Acknowledgment received
Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments. In figure 81, what illustrates what happens when a packet is lost on the network and fails to reach its ultimate destination. When a host sends data, it starts a countdown timer. If the timer expires without receiving an acknowledgement, this host assumes that the data segment was lost. Consequently, this host retransmits a duplicate of the failing segment. TCP keep a copy of all transmitted data with outstanding positive acknowledgement. Only after receiving the positive acknowledgement is this copy discarded to make room for other data in its buffer. Data Stream Maintenance: The interface between TCP and a local process is a port, which is a mechanism that enables the process to call TCP and in turn enables TCP to deliver data streams to the appropriate process. Ports are identified by port numbers. To fully specify a connection, the host IP address is appended to the port number. This combination of IP address and port number is called a socket. A given socket number is unique on the internetwork. A connection between two hosts is fully described by the sockets assigned to each end of the connection. Window 6000 Data Received 1
1001 Initial Sequence Number 0
Current Segment 2001
3001
Acknowledgement Number 2000
4001
5001
6001
7001
Sequence Number 4001
Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0. In figure 82, the receiving system has received and acknowledged 2000 bytes. so the current Acknowledgement Number is 2000. The receiver also has enough buffer space for another 6000 bytes, so it has advertised a Window of 6000. The sender is currently sending a segment of 1000 bytes starting with Sequence Number 4001. The sender has received no acknowledgement for the bytes from 2001 on, but continues sending data as long as it is within the window. If the sender fills the window and receives no acknowledgement of the data previously sent, it will, after an appropriate time-out, send the data again starting from the first unacknowledged byte. Retransmission would start from byte 2001 if no further acknowledgements are received. This procedure ensures that data is reliably received at the far end of the network.
The Internet model
55
4/4/2002
Alex Peeters
Managing Connections: From the perspective of the process, communication with the network involves sending and receiving continuous streams of data. The process is not responsible for fragmenting the data to fit lower-layer protocols. Application Send continuous data streams
Application Receive continuous data streams
Data Steam
TCP Defragment segments, reconstruct data stream
TCP Fragment data stream to segments
Segments
IP Fragment segments if required, prepare datagrams
IP Reconstruct segments from datagrams
Datagrams
Network Access Fragment datagram to bits
Network Access Reconstruct datagrams from bits
Figure 83 shows how data are processed as the travel down the protocol stack, through the network, and up the protocol stack of the receiver. A short explanation of figure 83: • TCP receives a stream of data from the upper-layer process • TCP may fragment the data stream into segments that meet the maximum datagram size of IP • IP may fragment segments as it prepares datagrams that are sized to conform to restrictions of the network. • Network protocols transmit the datagram in the form of bits. • Network protocols at the receiving host reconstruct datagrams from the bits they receive. • IP receives datagrams from the network. Where necessary datagram fragments are reassembled to reconstruct the original segment. • TCP presents data in segments to upper-layer protocols in the form of data streams. SMTP
FTP
Telnet
TFTP
NFS
Application Layer
UDP
Transport Layer
IP
ICMP
Internet Layer
MAC Driver
RARP
TCP
ARP
SNMP
SMTP
FTP
Telnet
TFTP
TCP
ARP
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
Network Access Layer NIC
DATA
NIC
DATA
DATA
DATA
DATA
...
DATA
Actual Physical Connection
Figure 84 shows processes/applications and protocols rely on the Transport Layer for the delivery of data to their counterparts across the network.
The Internet model
56
4/4/2002
Alex Peeters
• The Process/Application Layer includes all processes that use the transport layer protocols to deliver data. There are many applications protocols. A good example of concerns handled by these process is the reconciliation of differences in the data syntax between the platforms on which the applications are running. It should be clear that unless this difference in data representation is handled properly, any exchange of data involving these processes id likely to yield erroneous interpretations of numerical data. To resolve this issue, and other similar issues, TCP/IP defines the eXternal Data Representation (XDR) protocol. Reflecting on the nature of this problem, you can easily see that the problem has nothing to do with the underlying network topology, wiring, or electrical interference. Some applications that uses TCP: • TELNET: The Network Terminal Protocol, provides remote login over the network. • FTP: The File Transfer Protocol, is used for interactive file transfer between hosts. • SMTP: The Simple Mail Transfer Protocol delivers electronic mail. Some applications that uses UDP: • SNMP: The Simple Network Management Protocol, is used to collect management information from network devices. • DNS : Domain Name Service, maps IP addresses to the names assigned to network devices. • RIP: Routing Information Protocol, routing is the central to the way TCP/IP networks. RIP is used by the network devices to exchange routing information. • NFS : Network File System, this protocol allows files to be shared by various hosts on the network as if they were local drives. TCP/IP Protocols Inside a Sample Gateway: Source Host
Gateway
Destination Host
Application Layer Transport Layer Internet Layer Destination Gateway 134.67.32.0 134.67.40.3 134.67.40.0 134.67.40.2 default 134.67.40.1
Internet Layer Destination Gateway 134.67.32.0 134.67.32.5 134.67.40.0 134.67.40.3 default 134.67.40.1
Network Access Layer 134.67.40.2
Network Access Layer 134.67.40.3 134.67.32.5
134.67.40.0
Application Layer Transport Layer Internet Layer Destination Gateway 134.67.32.0 134.67.32.2 default 134.67.32.5 Network Access Layer 134.67.32.2 134.67.32.0
Network A
Network B
Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway. SMTP
FTP
Telnet
TFTP
NFS
Application Layer
UDP
Transport Layer
IP
ICMP
Internet Layer
MAC Driver
RARP
TCP
ARP
SNMP
SMTP
FTP
Telnet
TFTP
TCP
ARP
SNMP
NFS
UDP IP
ICMP
MAC Driver
RARP
Network Access Layer NIC
DATA
NIC
DATA
DATA
DATA
DATA
...
DATA
Actual Physical Connection
Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of data to their counterparts across the network.
The Internet model
57
4/4/2002
Alex Peeters
Addressing, Routing, and Multiplexing: To deliver data between two Internet hosts, it is necessary to move data across the network to the correct host, and within that host to the correct user or process. TCP/IP uses three schemes to accomplish these tasks: • Addressing : IP addresses deliver data to the correct host. • Routing
: Gateway deliver data to the correct network.
• Multiplexing : Protocol and port numbers deliver data to the correct software module within the host. Each of these functions is necessary to send data between two co-operating applications across the Internet. IP Host Address: The Internetwork Protocol identifies hosts with a 32-bit number called IP address or a host address. To avoid confusion with MAC addresses, which are machine or station addresses, the term IP address will be used to designate this kind of address. IP addresses are written as four dot-separated decimal numbers between 0-255. IP addresses must be unique among all connected machines (are any hosts that you can get over a network or connected set of networks, including your local area network, remote offices joined by the company' s wide-area network, or even the entire Internet community). The Internet Protocol moves data between the hosts in the form of datagrams. Each datagram is delivered to the address contained in the destination address of the datagrams header. The Destination Address is a standard 32-bit IP address that contains sufficient information to uniquely identify a network and a specific host on that network. If your network is connected to the Internet, you have to get a range of IP addresses assigned to your machines through a central network administration authority. The IP address uniqueness requirement differs from the MAC addresses. IP addresses are unique only on connected networks, but machine MAC addresses are unique in the world, independent of any connectivity. Part of the reason for the difference in the uniqueness requirement is that IP addresses are 32-bits, while MAC addresses are 48-bits, so mapping every possible MAC address into an IP address requires some overlap. Of course, not every machine on a Ethernet is running IP protocols, so the many-to-one mapping isn' t as bad as the numbers might indicate. There are a variety of reasons why the IP address is only 32 bits, while the MAC address is 48 bits, most of which are historical. Since the network and data link layer use different addressing schemes, some system is needed to convert or map the IP addresses to the MAC addresses. Transport-layer services and user processes use IP addresses to identify hosts, but packets that go out on the network need MAC addresses. The Address Resolution Protocol (ARP) is used to convert the 32-bit IP address of a host into its 48-bit MAC address. When a hosts wants to map an IP address to a MAC address, it broadcasts an ARP request on the network, asking for the host using the IP address to respond. The host that sees its own IP address in the request returns its MAC address to the sender. With a MAC address, the sending host can transmit a packet on the Ethernet and know that the receiving host will recognise it.
Addressing, Routing, and Multiplexing
58
4/4/2002
Alex Peeters
IP Address Classes: An IP address contains a network part and a host part, but the format of these parts in not the same in every IP address. Class A
0
netid
Class B
1 0
Class C
1 1 0
Class D
1 1 1 0
Class E
1 1 1 1 0
hostid netid
hostid netid
hostid Multicast Reserved
31
23
15
7
0
Figure 87 shows the IP address classes. Not all network addresses or host addresses are available for use. The class A addresses, 0 and 127, that are reserved for special use. Network 0 designates the default route (is used to simplify the routing information that IP must handle) and network 127 is the loopback address (simplifies network applications by allowing the local host to be addressed in the same manner as a remote host). We use the special network addresses when configuring a host. There are also some host addresses reserved for special use. In all network classes, host number 0 and 255 are reserved. An IP address with all host bits set to zero identifies the network itself. Addresses in this form are used in routing table listings to refer to entire networks. An IP address with all bits set to one is a broadcast address (is used to simultaneously address every host on a network). A datagram sent to this address is delivered to every individual host on that network. IP uses the network portion of the address to route the datagram between networks. The full address, including the host information, is used to make final delivery when the datagram reaches the destination network.
A
Hosts with the same netids can communicate
134.67.32.1
B 134.67.32.2
Hosts with different netids cannot communicate
C 135.68.32.3
Figure 88 shows host communication on a local network.
Subnets: The standard structure of an IP address can be locally modified by using host address bits as additional network address bits. Essentially, the dividing line between network address bits and host bits is moved, creating additional networks, but reducing the maximum number of hosts that can belong to each network. These newly designed network bits define a network within the larger network, called a subnet. Subnetting allows decentralised management of host addressing. With the standard addressing scheme, a single administrator is responsible for managing host addresses for the entire network. By subnetting, the administrator can delegate address assignment to smaller organisations within the overall organisation. Subnetting can also be used to overcome hardware differences and distance limitations. IP routers can link dissimilar physical networks together, but only if each physical network has its own unique network address. Subnetting divides a single network address into many unique subnet addresses, so that each physical network can have its own unique address.
Addressing, Routing, and Multiplexing
59
4/4/2002
Alex Peeters
Without Subnetting
1 0
netid
Subnet on Octet Boudary
1 0
netid
Subnet Not on Octet Boudary
1 0
netid
31
hostid subnetid
hostid
subnetid
23
hostid
15
7
0
Figure 89 shows IP addresses with and without subnetting. A subnet is defined by applying a bitmask, the subnetmask, to the IP address. If a bit is on the mask, that equivalent bit in the address is interpreted as a network bit. If the bit in the mask is off, the bit belongs to the host part of the address. The subnet is only known locally. To the rest of the Internet, the address is still interpreted as a standard IP address.
A
Hosts with the same netids and subnetids can communicate
134.67.32.1
B
Hosts with different netids or subnetids cannot communicate
134.67.32.2 subnet mask 255.255.240.0
C 135.67.33.3
Figure 90 shows host communication with subnetting.
Routing: As networks grow in size, so does the traffic imposed on the wire, which in turn impacts the overall network performance, including responses. To alleviate such a degradation, network specialist resort to breaking the network into multiple networks that are interconnected by specialised devices, including routers, bridges, and switches. The routing approach calls on the implementation of various co-operative processes, in both routers and workstations, whose main concern is to allow for the intelligent delivery of data to its ultimate destination. Data exchange can take place between any workstation, whether or not both belong to the same network. A1
Token Ring
Gateway Router
G1
X.25
B1
Gateway Router
G2
Ethernet
Figure 91 shows a view of routing. Figure 91 emphasises that the underlying physical networks that a datagram travels through may be different and even incompatible. Host A1 on the Token Ring network routes the datagram through gateway G1, to reach host B1 on the Ethernet. Gateway G1 forwards the data through the X.25 network to gateway G2, for delivery to B1. The datagram traverses three physical different networks, but eventually arrives intact at B1.
Addressing, Routing, and Multiplexing
60
4/4/2002
Alex Peeters
A good place to start when discussing routers is with a through discussion of the addresses, including MAC addresses, network addresses, and the complete addresses. The Routing Table: To perform its function reliably, the routing process is equipped with the capability to maintain a road map depicting the entire internetwork of which it is part. This road map is commonly referred to as the routing table, and it includes routing information depicting every known network is, and how it can be reached. The routing process builds and maintains the routing table by employing a route discovery process known as the Routing Information Protocol (RIP). Routers should be capable of selecting the shortest path connecting two networks. Routers discover the road map of the internetwork by dynamically exchanging routing information among themselves or by being statically configured by network installers, or both. The dynamic exchange of routing information is handled by yet another process besides the routing process itself. In the case of TCP/IP, IP handles the routing process, whereas RIP handles the route discovery process. Internet Routing Architecture: When a hierarchical structure is used, routing information about all of the networks in the internet is passed into the core gateway (a central delivery medium to carry long distance traffic). The core gateway process this information, and then exchange it among themselves using the Gateway-to-Gateway Protocol (GGP). The processed routing information is then passed back out to the external gateways.
Internet Core
Gateway Router
Autonomous System
Gateway Router
Core Gatway
Autonomous System
External Gatway
Figure 92 shows the Internet Routing Architecture. Outside of the Internet Core are groups of independent networks called Autonomous Systems (AS), it is a collection of networks and gateways with its own internal mechanism for collection routing information and passing it to other network systems. The Routing Table: Gateways route data between networks, but all network devices, hosts as well as gateways, must make routing decisions. For most hosts, the routing decisions are simple: • If the destination is on the local network, the data is delivered to the destination host. • If the destination is on the remote network, the data is forwarded to a local gateway.
Addressing, Routing, and Multiplexing
61
4/4/2002
Alex Peeters
Because routing is network oriented, IP makes routing decisions based on the network portion of the address. The IP module determines the network part of the destination' s IP address by checking the high-order bits of the address to determine the address class. The address class determines the portion of the address that IP uses to identify the network. If the destination network is the local network, the local subnet mask is applied to the destination address. After determining the destination network, the IP module looks up the network in the local routing table. Packets are routed toward their destination as directed by the routing table. The routing table may be built by the system administrator or by routing protocols, but the end result is the same, IP routing decisions are simple table look-ups. Route Datagram
Destination and Source Network ID Match
Yes
No Specific Route Found in RIT
Yes
No Route to Network Found in RIT No No
Default Route Defined Yes
Declare Failure: ICMP Host Unreachable
Deliver to Next Router
Deliver Directly to Designated Host
Figure 93 shows a flowchart depiction of the IP routing algorithm. You can display the routing table' s contents with the netstat -r command. The netstat command displays a routing table containing the following fields: • Destination : The destination network or host. • Gateway
: The gateway to use to reach the specified destination.
• Flags
: The flags describe certain characteristics of this route. U: Indicates that the route is up and operational. H: Indicates this is a route to a specific host. G: Means the route uses a gateway. D: Means that this route was adds because of an ICMP redirect.
• Refcnt
: Shows the number of times the route has been referenced to establish a connection.
• Use
: Shows the number of packets transmitted via this route.
• Interface
: The name of the network interface used by this route.
All of the gateways that appear in a routing table are networks directly connected to the local system. A routing table does not contain end-to-end routes. A rout only points to the next gateway, called the next hop, along the path to the destination network. The host relies on the local gateway to deliver the data, and the gateways relies on the other gateways. As a datagram moves from one gateway to another, it should eventually reach one that is directly connected to its destination network, It is this last gateway that finally delivers the data to the destination host.
Addressing, Routing, and Multiplexing
62
4/4/2002
Alex Peeters
Address Resolution: The IP address and the routing table direct a datagram to a specific physical network, but when the data travels across a network, it must obey the physical layer protocol used by that network. The physical networks that underlay the TCP/IP network do not understand IP addressing. Physical networks have their own addressing schemes. and there are as many different addressing schemes as there are different types of physical networks. One task of the network access protocols is to map IP addresses to physical network addresses. 134.67.32.1
134.67.32.2
134.67.32.3
ARP request frame (broadcast) ARP repley frame to 134.67.32.1
Figure 94 show the operation of ARP. The most common example of this network access layer function is the translation of IP addresses to Ethernet addresses. The protocol that performs this function is Address Resolution Protocol (ARP). Hardware Type (16 bits) Protocol Type (16 bits) Protocol Address Length
Hardware Address Length
Operation Code (16 bits) Sender Hardware Address Sender IP Address Recipient Hardware Address Recipient IP Address
Figure 95 shows the layout of an ARP request or ARP reply. In figure 95, when an ARP request is sent, all fields in the layout are used except the Recipient Hardware Address (which the request is trying to identify). In an ARP reply, all the fields are used. The fields in the ARP request and reply can have several values. The ARP software maintains a table of translations between IP addresses and Ethernet addresses. This table is built dynamically. When ARP receives a request to translate an IP address, it checks for the address in its table. If the address is found, it returns the Ethernet address in its table. If the address is not found in the table, ARP broadcast a packet to every host on the Ethernet. The packet contains the IP address for which an Ethernet address is sought. If a receiving host identifies the IP address as its own, it responds by sending its Ethernet address back to the requesting host. The response is then cached in the ARP table. The arp -a command display all the contents of the ARP table.
Routing Domain
Routing Domain
Routing Domain
Figure 96 shows Routing Domains
Addressing, Routing, and Multiplexing
63
4/4/2002
Alex Peeters
RARP: The Reverse Address Resolution Protocol (RARP), is a variant of the address resolution protocol. RARP also translates addresses, but in the opposite direction. It converts Ethernet addresses to IP addresses. The RARP protocol really has nothing to do with routing data from one system to another. RARP helps configure diskless systems by allowing diskless workstations to learn their IP address. The diskless workstations uses the Ethernet broadcast facility to ask which IP address maps to its Ethernet address. When a server on the network sees the request, it looks up the Ethernet address in the table. If it finds a match, the server replies with the workstation' s IP address. Source Host 134.268.67.3
Destination Host 134.268.67.5
00003E2D1C0B
0000B3C2D1E0
Ethernet
Preamble
Dest. Address 00003E2D1C0B
Source Address Type 0000B3C2D1E0
Data
FCS
Version
IHL Type of Service Total Length Identification Flag Fragment Offset Time-to-live Protocol Header Checksum Source Address (134.268.67.3) Destination Address (134.268.67.5) Options Padding Data begins here ...
Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the Ethernet data frame. In figure 97, Shaded fields correspondent to the destination and source address of host A, (the sender) and Host B (the receiver). Protocols, Ports, and Sockets: Once data is routed through the network and delivered to a specific host, it must be delivered to the correct user or process. As the data moves up or down the layers of TCP/IP, a mechanism is needed to deliver data to the correct protocols in each layer. The system must be able to combine data from many applications into a few transport protocols, and from the transport protocols into the Internet Protocol. Combining many sources of data into a single data stream is called multiplexing. Data arriving from the network must be demultiplexed, divided for delivery to multiple processes. To accomplish this, IP uses protocol numbers to identify transport protocols, and the transport protocols use port numbers to identify applications. Telnet port 23 TCP protocol 6 Internet Protocol
Version
IHL Type of Service Total Length Identification Flag Fragment Offset Time-to-live Protocol (6) Header Checksum Source Address Destination Address (134.67.32.3) Options Padding (23) Data begins here ...
Header
Words
destination address 134.67.32.3 1 2 3 4 5 6
Figure 98 shows Protocol and Port Numbers.
Addressing, Routing, and Multiplexing
64
4/4/2002
Alex Peeters
SMTP
FTP
Telnet
TFTP
Application Layer
NFS
UDP
Transport Layer
IP
ICMP
Internet Layer
MAC Driver
RARP
TCP
RARPD
SNMP
Network Access Layer NIC
Figure 99 shows the protocol interdependency between Application level protocols and Transport level protocols. Protocol Numbers: Is a single byte in the header of the datagram. The value identifies the protocol in the layer above IP to which the data should be passed. Port Numbers: A host may have many TCP and UDP connections at any time. Connections to a host are distinguished by a port number, which serves as a sort of mailbox number for incoming datagrams. There may be many processes using TCP and UDP on a single machine, and the port numbers distinguish these processes for incoming packets. When a user program opens a TCP or UDP socket, it gets connected to a port on the local host. The application may specify the port, usually when trying to reach some service with a well-defined port number, or it may allow the operating system to fill in the port number with the next available free port number. After IP passes incoming data to the transport protocol, the transport protocol passes data to the correct application process. Application processes are identified by port numbers, which are 16-bit values. The source port number, which identifies the process that sent the data, and the destination port number, which identifies the process that is to receive the data are contained in the header of each TCP segment and UDP packet. Port numbers are not unique between transport layer protocols, the numbers are only unique within a specific transport protocol. It is the combination of protocol and port numbers that uniquely identifies the specific process the data should be delivered to. Telnet Application Layer
SMTP
23
FTP
25
SNMP 21
Echo
161
7
Port Number
Presentation Layer Session Layer Transport Layer
TCP
6
17
UDP
Protocol Number
Network Layer Physical Layer
Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the targeted TCP/IP applications. In figure 100, if a data packet arrives specifying a transport protocol of 6, it is forwarded to the TCP implementation. If the packet specifies 17 as the required protocol, the IP layer would forward the packet to the programs implementing UDP.
Addressing, Routing, and Multiplexing
65
4/4/2002
Alex Peeters
Source
Destination
3044,23 23,3044
3044,23 23,3044 134.67.32.1
134.268.67.1
Figure 101 shows the exchange of port numbers during the TCP handshake. In figure 101, the source host randomly generates a source port, in this example 3044. It sends out a segment with a source port of 3044 and a destination port of 23. The destination host receives the segment, and responds back using 23 as it source port and 3044 as its destination port. Sockets: Well-known ports are standardised port numbers that enables remote computers to know which port to connect to for a particular network service. This simplifies the connection process because both the sender and the receiver know in advance that data bound for a specific process will use a specific port. There is a second type of port number called a dynamically allocated port. As the name implies, this ports are not pre-assigned. They are assigned to processes when needed. The system ensures that it does not assign the same port number to two processes, and that the number assigned are above the range of standard port numbers. She provide the flexibility needed to support multiple users. The combination of an IP address and a port number is called a socket. A socket uniquely identifies a single network process within the entire internet. One pair of sockets, one socket for the receiving host and one for the sending host, define the connection for connection-oriented protocols such as TCP. Names and Addresses: Every network interface attached to a TCP/IP network is defined by a unique 32-bit IP address. A name, called a host name, can be assigned to any device that has an IP address. Names are assigned to devices because, compared to numeric Internet addresses, names are easier to remember and type correctly. The network software doesn' t require names, but they do make it easier form humans to use the network. In most cases, host names and numeric addresses can be used interchangeably. Whether a command is entered with an address or a host name, the network connection always takes place based on the IP address. The system converts the host name to an address before the network connection is made. The network administrator is responsible for assigning names and addresses and storing them in the database used for the conversion. There are two methods for translating names into addresses. The older method simply looks up the host name in a table called the host table. The newer technique uses a distributed database system called Domain Name Service (DNS) to translate names to addresses. The Host Table: Is a simple text file that associates IP addresses with host names. Most systems have a small host table containing name and address information about the important hosts on the local network. This small table is used when DNS is not running, such as during the initial system start-up. Even if you use DNS, you should create a small host file containing entries for your host, for localhost, and for the gateway and servers on your local net. Sites that use NIS use the host table as input to the NIS host database. You can use NIS in conjunction with DNS, but even when they are used together, most NIS sites create host tables that have an entry for every host on the local network. Hosts connected to the Internet should use DNS.
Addressing, Routing, and Multiplexing
66
4/4/2002
Alex Peeters
The Network Information Centre (NIC) Host Table: Maintain a large table of Internet hosts, which is stored on the host. The NIC places host names and addresses into the file for all sites on the Internet. The NIC table contains three types of entries: Network records, gateway records, and host records. NET : 134 . 67 . 32 . 0 : NetworkName : HOST : 134 . 67 . 32 . 1 : HostName : Computer : OS : Service GATEWAY : 134 . 67 . 32 . 250 , 134 , 67 , 32 , 251 : GatewayName : Computer : OS : Service
Figure 102 shows the format of the Host.txt records. In figure 102, each record begins with a keyword (NET, HOST or GATEWAY) that identifies the record type, followed by an IP address, and one or more names associated with the address. The IP addresses and host names from the Host record are extracted to construct the /etc/hosts file. The network addresses and names from the NET records are used to create the etc/networks file. Domain Name Service (DNS): It is a distributed database system that doesn' t bog down as the database grows. It guarantees that new host information will be disseminated to the rest of the network as it is needed to those who are interested. If a DNS server receives a request for information about a host for which it has no information, it passes on the request to an authoritative server (is any server responsible for maintaining accurate information about the domain which is being queried). When the authoritative server answers, the local server saves (caches) the answer for future use. The next time the local server receives a request for this information, it answers the request itself. The ability to control host information from an authoritative source and to automatically disseminate accurate information makes DNS superior to the host table, even for small networks not connected to the Internet.
Host Name
IP address
Application
Query
Response
Resolver
Name Server
query for address of alex.firm.be referral to be domain name server
root Name Server
query for address of alex.firm.be referral to be domain name server
be Name Server
query for address of alex.firm.be IP address of alex.firm.be
firm.be Name Server
Figure 103 shows resolution of a DNS query. The Domain Hierarchy: DNS is a distributed hierarchical system for resolving host names into IP addresses. Under DNS, there is no central database with all of the Internet host information. The information is distributed among thousands of name servers organised into a hierarchy. DNS has a root domain at the top of the domain hierarchy that is served by a group of name servers called the root server. Information about a domain is found by tracing pointers from the root domain, through subordinate domains, to the target domain. Directly under the root domain are the top level domains. There are two basic types of top-level domains, geographic and organisational.
Addressing, Routing, and Multiplexing
67
4/4/2002
Alex Peeters
. (root)
edu
com
net
org
int
gov
firm
sales
mil
...
R&D
...
...
Figure 104 shows Domain Hierarchy. Creating Domains and Subdomains: The Network Information Centre has the authority to allocate domains. To obtain a domain, you apply to the NIC for authority to create a domain under one of the top-level domains. Once the authority to create a domain is granted, you can create additional domains, called subdomains, under your domain. Domain Names: Reflect the domain hierarchy. Domain names are written from most specific, a host name, to least specific, a top-level domain, with each part of the domain name separated by a dot (
.<subdomain>.<domain>). ..
edu
com
net
org
Generic World Wide Domains
AK
AL
AZ
int
gov
mil
Generic US only
AU
...
US
... ZW
Country
... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
WY
States
Figure 105 shows organisation of the DNS name space. Network Information Service (NIS): Is an administrative database system that provides central control and automatic dissemination of important administrative files, NIS can be used in conjunction with DNS, or as an alternative to it. NIS and DNS have some similarities and some differences. Like DNS, the NIS overcomes the problem of accurately distributing the host table, nut unlike DNS, it only provides service for the local area networks. NIS is not intended as a service for the Internet as a whole. Another difference is that NIS provides access to a wider range of information than DNS. As its name implies, NIS provides much more than name-to-address conversion. It converts several standard UNIX files into databases that can be queried over the network. These databases are called NIS maps. NIS provides a distributed database system for common configuration files. NIS servers manage copies of the database files, and NIS clients request information from the servers instead of using their own, local copies of these files. Once NIS is running, simply updating the NIS server ensures that all machines will be able to retrieve the new configuration file information A major problem in running a distributed computing environment is maintaining separate copies of common configuration files such as the password, group, and hosts files. Ideally, the network should be consistent in its configuration, so that users don' t have to worry about where they have accounts or if they' ll be able to find a new machine on the network. Preserving consistency, however, means that every change to one of these common files must be propagated to every host on the network. The Network Information Service (NIS) addresses these problems. It is a distributed database system that replaces copies of commonly replicated configuration files with a centralised management facility. Instead of having to manage each host' s files, you maintain one database for each file on one central server. Machines that are using NIS retrieve information as needed from these database. If you add a new system to the network, you can modify on file on a central server and propagate this change to
Addressing, Routing, and Multiplexing
68
4/4/2002
Alex Peeters
the rest of the network, rather than changing the hosts file for each individual host on the network. Because NIS enforces consistent views of files on the network, it is suited for files that have no hostspecific information in them. Files that are generally the same on all hosts in a network, fit the NIS model of a distributed database nicely. NIS provides all hosts information from its global database. Master, Slaves, and Clients: NIS is built on the client-server model. An NIS server is a host that contains NIS data files, called maps. Clients are hosts that request information from these maps. Servers are further divided into master and slave servers: The master server is the true single owner of the map data. Slave NIS servers handle client requests, but they do not modify the NIS maps. The master server is responsible for all map maintenance and distribution to its slave servers. Once an NIS map is built on the master to include a change, the new map file is distributed to all slave servers. NIS clients see these changes when the perform queries on the map file, it doesn' t matter whether the clients are talking to a master or a slave server, because once the map data is distributed, all NIS servers have the same information. NIS Master Server
Map Transfers NIS Requests NIS Slave Server
Client
NIS Slave Server
Client
Client
Client
Figure 106 shows NIS masters, slaves, and clients. With the distinction between NIS servers and clients firmly established, we can see that each system fits into the NIS scheme in one of three ways: • Client only: This is a typical of desktop workstations, where the system administrator tries to minimise the amount of host-specific tailoring required to bring a system onto the network. As an NIS client, the host gets all of its common configuration information from an extant server. • Server only: While the host services client request for map information, it does not use NIS for its own operation. Server-only configuration may be useful when a server must provide global host and password information for the NIS clients, but security concerns prohibit the server from using these same files. However, bypassing the central configuration scheme opens some of the same loopholes that NIS was intended to close. Although it is possible to configure a system to be an NIS server only, we don' t recommend it. • Client and server: In most cases, an NIS server also function as an NIS client so that its management is streamlined with that of other client-only hosts. Most precisely, a domain is a set of NIS maps. A client can refer to a map from any of several different domains. Most of the time, however, any given host will only look up data from one set of NIS maps. Therefore, it' s common to use the term domain to mean the group of systems that share a set of NIS maps. All systems that need to share common configuration information are put into an NIS domain. Although each system can potentially look up information in any NIS domain, each system is assigned to a default domain, meaning that the system, by default, looks up information from a particular set of NIS maps. It is up to the administrator to decide how many different domains are needed. An interruption in NIS service affects all NIS clients if no other servers are available. Even if another server is available, clients will suffer periodic slowdowns as the recognise the current server is down and hunt for a new one.
Addressing, Routing, and Multiplexing
69
4/4/2002
Alex Peeters
A second imperative for NIS servers is synchronisation. Clients may get their NIS information from any server, so all servers must have copies of every map file to ensure proper NIS operation. Furthermore, the data in each map file on the slave servers must agree with that on the master server, so that NIS clients cannot get out-of-data or stale data. NIS contains several mechanisms for making changes to map files and distributing these changes to all NIS servers on a regular basis. Remote Procedure Call (RPC): Provides a mechanism for one host to make a procedure call that appears to be part of the local process but is really executed on another machine on the network. Typically, the host on which the procedure call is executed has resources that are not available on the calling host. This distribution of computing services imposes a client/server relationship on the two hosts: The host owning the resource is a server for that resource, and the calling host becomes a client of the server when it needs access to the resource. The resource might be a centralised configuration file (NIS) or a shared filesystem (NFS). Instead of executing the procedure on the local host, the RPC system bundles up the arguments passed to the procedure into a network datagram. The exact bundling method is determined by the presentation layer, described in the next section. The RPC client creates a session by locating the appropriate server and sending the datagram to a process on the server that can execute the RPC. On the server, the arguments are unpacked, the server executes the result, packages the result (if any), and sends it back to the client. Back on the client side, the reply is converted into a return value for the procedure call, and the user application is reentered as if a local procedure call has completed. RPC services may be built on either TCP or UDP transports, although most are UDP-oriented because the are centred short-lived requests. Using UDP also forces the RPC call to contain enough context information for its execution independent of any other RPC request, since UDP packets may arrive in any order, if at all. When an RPC call is made, the client may specify a time-out period in which the call must complete. If the server is overloaded or has crashed, or if the request is lost in transit to the server, the remote call may not be executed before the time-out period expires. The action taken upon an RPC times varies by application, some resend the RPC call, while others may look for another server. Remote Procedure Call Execution: User Process ruser (host)
RPC Server
ruser (host) library call encode arguments RPC client code
RPC server code
decode return value
encode return value
decode arguments execute ruser() locally
Figure 107 shows Remote Procedure Call Execution.
External Data Representation (XDR): Is built on the notion of an immutable network byte ordering, called the canonical form. It isn' t really important what the canonical form is, your systems may or may not use the same byte ordering and structure packing conventions. This form simply allows network hosts to exchange structured data independently of any peculiarities of a particular machine. All data structures are converted into the network byte ordering and padded appropriately. The rule of XDR is sender makes local canonical, receivers makes canonical local. Any data that goes over the network is in canonical form. A host sending data on the network converts it to canonical form, and the host that receives the data converts it back into its local representation. A different way to implement the presentation layer might be receiver makes local. In this case, the sender does noth-
Addressing, Routing, and Multiplexing
70
4/4/2002
Alex Peeters
ing to the local data, and the receiver must deduce the packing and encoding technique and convert it into the local equivalent, While this scheme may send less data over the network, it places the burden of incorporating a new hardware architecture on the receiving side, rather than on the new machine.
Addressing, Routing, and Multiplexing
71
4/4/2002
Alex Peeters
An overview of TCP/IP components: Many of the descriptions included in this section are intended to give you only the basic. Internet Protocol (IP): IP is responsible for several tasks, most importantly determining a route to the description. In addition, IP is responsible for the packing of messages into small network-transportable packets, called datagrams. IP is used with almost all TCP protocols, sitting at the bottom of the TCP protocol stack just above the network-layers. IP has no control over whether messages sent and received are intact. All IP does is handle the sending and receiving, leaving it up to the next higher layer, usually TCP or UDP, to take care of any problems that occur with lost or damaged data. Internet Control Message Protocol (ICMP): ICMP is a special form of IP used to handle error and status messages between IP layers on different machines. Whenever one IP layer has to send information to another, it uses ICMP. Also, whenever IP software detects an error of some sort, it uses ICMP to send reports to the other machine. Probably the most common use of ICMP is for the ping command, which checks whether a machine is responsive by sending a small ICMP message to the machine and waiting for a reply. Transmission Control Protocol (TCP): TCP is used primarily to verify that whatever was sent by the sending machine is received intact by the destination. TCP is called a reliable delivery protocol, meaning that it makes sure everything sent was received properly. TCP adds a header to the front of each message that contains checksums, numbering, and other reliability information to ensure that every packet sent is received without modification. If there is a transmission problem, TCP takes care of resending the information. TCP sits between the application and the IP layer on each machine, acting as a packaging layer for application data and a delivery mechanism of sending packets to an application. TCP usually runs with IP, but it can work with other protocols. TCP is a connection-based protocol, meaning that the sending and the destination machines communicate with each other by sending status messages back and forth. If the connection is lost because of routing problems or machine failures, errors are sent to the applications that use TCP. Some service use TCP to maintain a connection between two machines, notably FTP or Telnet, both of which enable you to move files and commands back and forth between two machines as if you were logged into both at the same time. User Datagram Protocol (UDP): UDP is an alternative to TCP. It is a connection-less protocol, meaning that the sending and receiving machine are not constantly connected to each other. They can send status messages back and forth to indicate reception of packets, but there is no constant connection maintained. UDP is used by services that do not require a connection, such as the TFTP, DNS, NFS, and RPC. Because of the lack of a connection, UDP is often thought of as a less reliable delivery protocol than TCP, although other protocols can pick up the tasks that TCP offers. UDP sits in the layer between the applications and IP. UDP usually uses IP to handle its packets.
An overview of TCP/IP components
72
4/4/2002
Alex Peeters
Telnet: The Telnet service provides a remote login capability. This lets a user on one machine log into another machine and act as if they are directly in front of the second machine. The connection can be anywhere on the local network, or on another network anywhere in the world, as long as the user has permission to log into the remote system. Telnet uses TCP to maintain a connection between two machines. File Transfer Protocol (FTP): FTP enables a file on one system to be copied to another system. Users don' t actually log in as full users to the machine they want to access but instead use the FTP service to provide access. The remote machine must be set up with the permissions necessary to provide the user access to the files. FTP uses TCP to create and maintain a connection between source and destination machines. Once the connection to a remote machine has been established, FTP enables you to copy one or more files to your machine. The term transfer implies that the file is moved from one system to another, but the original is not affected, files are copied from one system to another. Simple Mail Transfer Protocol (SMTP): SMTP is one protocol used for transferring electronic mail. Transparent to the user. SMTP connects to different machines and transfers mail messages, much like FTP transfers files. Domain Name System (DNS): DNS enables a device with a common name to be converted to a special network address. DNS provides the conversion from a common local name to the unique physical address of the device' s network connection. Simple Network Management Protocol (SNMP): SNMP is a network management protocol. SNMP uses UDP as a transport mechanism. SNMP relies on several terms from TCP/IP standard specifications, working with managers and agents instead of clients and servers. An agent provides information about a device, whereas a manager communicates across the network. Network File Server (NFS): NFS is used to transparently enable multiple machines to access each other' s directories. NFS accomplishes this by using a distributed filesystem scheme. NFS systems are common in large corporate environments. Remote Procedure Calls (RPC): RPC are programming functions that enable an application to communicate with another machine, the server. They provide the programming functions, return codes, and predefined variables to support distributed computing.
An overview of TCP/IP components
73
4/4/2002
Alex Peeters
Trivial File Transfer Protocol (TFTP): TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It uses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can be used on many systems that do not enable FTP access. In some ways, TFTP can be analogous to an e-mail message requesting and receiving a file instead of a text body. BOOT Protocol (BOOTP): The BOOT Protocol, called BOOTP, is used to start up machines on a network that do not have their own hard drives or storage devices containing operating systems and network information. BOOTP is used for X-terminals and other diskless workstations. Address Resolution Protocol (ARP): ARP is one of several protocols that helps determine addresses on a network. ARP works with IP to set routes to a destination. ARP converts an IP address to a network interface hardware address. Reverse address Resolution Protocol (RARP): RARP as its name suggest, is the reverse process of ARP. RARP uses a network interface hardware address and from that produces the IP address, whereas ARP produces the IP address from the hardware address. Network Time Protocol (NTP): NTP is used to synchronise clocks across a network. This is important because many packets have a prespectified amount of time to reach their routes. If a clock on one machine is inaccurate, the timers in the packet might expire prematurely. Time is also used to build efficient routing tables that let IP determine the fastest route to a destination.
An overview of TCP/IP components
74
4/4/2002
Alex Peeters
The TCP/IP Family of Protocols: The protocols that make up the TCP/IP family can be divided into groups of similar functionality for convenience.
Application Layer
SMTP
FTP
Telnet
TFTP DNS
Transport Layer Internet Layer
NFS
TCP Routing Protocol
Network Access Layer
ARP, RARP
RPC
SNMP UDP IP
ICMP
ATM, Ethernet II, IEEE 802.x, ISDN, X.25, etc.
Figure 108 shows the TCP/IP family tree.
Transport: Protocols that control the movement of data between two machines. • TCP (Transport Control Protocol): A connection-based service, meaning that the sending and receiving machines are communicating with each other at all times. • UDP (User Datagram Protocol): A connection-less service, meaning that the two machines are not communicating with each other. Routing: Protocols that handle the addressing of data and determine the best routing to the destination. They also handle the breaking up and reassemble of larger messages. • IP (Internet Protocol): Handles the actual transmission of data. • ICMP (Internet Control Message Protocol): Handles status messages for IP, such as errors and network changes that can affect routing. • RIP (Routing Information Protocol): One of several protocols that determines the best routing method. • OSPF (Open Shortest Path First): An alternate protocol for determining routing. Network Address: These protocols handle the way machines are addressed, both by a unique number and a more common symbolic name. • ARP (Address Resolution Protocol): Determines the unique numeric addresses of the machine on the network. • DNS (Domain Name System): Determines numeric addresses from machine names. • RARP (Reverse Address Resolution Protocol): Determines addresses of machines on the network, but in a manner backward from ARP.
The TCP/IP Family and Protocols
75
4/4/2002
Alex Peeters
User services: These are applications to which users have direct access. • BOOTP (BOOT Protocol): Starts up a network machine by reading the boot information from a server. • FTP (File Transfer Protocol): Transfers files from one machine to another without excessive overhead. Uses TCP as the transport. • TFTP (Trivial File Transfer Protocol): A simple file transfer method that uses UDP as the transport. • Telnet: Enables remote logins so that users on one machine can connect to another machine and behave as if they are sitting at the remote machine' s keyboard. Gateway Protocols: These protocols help the network communicate routing and status information. • EGP (Exterior Gateway Protocol): Transfers routing information for external networks. • GGP (Gateway-to-Gateway Protocol): Transfers routing information between Internet gateways • IGP (Interior Gateway Protocol): Transfer routing information for internal networks. Others: Services that don' t fall into any of the preceding categories. • NFS (Network File System): Enables directories on one machine to be mounted on another machine, then accessed by users as if they were on the local machine. • NIS (Network Information Service): Maintains user accounts across networks simplifying logins and password maintenance. • RPC (Remote Procedure Call): Enables remote applications to communicate with each other using function calls. • SMTP (Simple Mail Transfer Protocol): A protocol for transferring electronic mail between machines. • NTP (Network Time Protocol): Used to synchronise clocks of machines on a network. • SNMP (Simple Network Management Protocol): An administrator' s service that sends status messages about the network and devices attached to it.
The TCP/IP Family and Protocols
76
4/4/2002
Alex Peeters
Implementing TCP/IP: • The standard interface defined by Microsoft is the Network Device Interface Specification (NDIS). • The standard interface defined by Novell is the Open Datalink Interface (ODI). These are different and incompatible specifications. Both of these driver interface standards allow multiple protocol stacks to be run on the same PC. This means that TCP/IP can share a single network interface with another protocol. such as NetWare, when an NDIS or ODI driver is used. Multiple Protocol Stacks: TCP/IP Applications
NetWare Services
TCP/IP Protocols
Workstation Shell
ODI Converter
Novell IPX Protocols
Link Support Layer Multiple Link Interface Driver Network Interface Card
Figure 109 shows Multiple Protocol Stacks. • To build complex static routes, use the ROUTE command: ROUTE [-f] [command [destination] [MASK netmask] [gateway] ] -f
: Flush all of the routes from the routing table.
command
: Specifies the action that the command should take ADD, DELETE, CHANGE or PRINT
destination
: This is the network host that is reached trough this route
MASK netmask : Is applied to the address provided in the destination field to determine the true destination of the route. If a bit in the netmask is set to 1, the corresponding bit in the destination field is a significant bit in the destination address. For example, a destination of 134.239.96,1 with a netmask of 255.255.0.0 defines the route to network 134.239.0.0, but the same destination with a mask 255.255.255.255 defines the route to the host 134.239.96.1. If no value is specified for the netmask, it defaults to 255.255.255.255. gateway
: This is the IP address of the gateway for this route
• To build complex dynamic routes, use IP Routing: NetBIOS and the associated protocol NetBEUI (NetBIOS Extended User Interface) have long been the basis of Microsoft' s networking strategy.
Implementing TCP/IP
77
4/4/2002
Alex Peeters
Basic Input Output System (BIOS): It is the part of DOS that defines the I/O calls that applications use to request DOS I/O services. NetBIOS extends this to include calls that support I/O over a network. NetBIOS is an Application Programming Interface (API) that defines how an application program request services from the underlying network. NetBEUI includes the NetBIOS API, the Service Message Block (SMB) protocol, and the NetBIOS Frame (NBF) protocol. SMB is an API that defines how applications ask for network services, but NetBEUI is not just an API. It also includes the NBF protocol that builds NetBIOS frames for transmission over the network. NetBIOS is not just used to refer to the API, it is frequently used to refer to any network that uses NetBIOS. NetBIOS requires very little memory and runs on any type of PC equipment. It is a fast, lightweight protocol suitable for small LAN’s. NetBIOS is only suitable for LAN applications, it cannot be used by itself for a WAN or an enterprise network because it is a non-routable protocol (the protocol cannot be passed through routers, she can only be passed on a single physical network, it has no routing protocol and no independent address structure), and it depends on an underlying broadcast medium (it cannot be used over serial lines, point-to-point networks, or internets built from dissimilar physical networks). NetBIOS over TCP/IP (NBT): Is a standard protocol, by encapsulating the NetBIOS messages inside TCP/IP datagrams. It is based on the B-node (is an end node that uses broadcast messages to register its name and to request the names of other systems on the network) architecture. The NetBIOS messages are encapsulated in UDP messages and sent using the IP broadcast address. In effect, IP acts as the broadcast medium for the NetBIOS protocol. The B-node architecture doesn' t address the problem of broadcast dependence, so NBT loads a cache with NetBIOS-name-to-IP-address mappings from the LMHOSTS file. In the B-node model, broadcast are only needed for name resolution. Other messages are addressed directly to the remote host. Therefore, broadcasts are only needed for names that cannot be resolved by other means. NBT also uses a name cache to further improve performance. The name cache provides information about computers that cannot respond to a broadcast. These are computers located outside of the broadcast area, including computers located behind routers or on non-broadcast links. Broadcasts continue to be used to local computers, so no entries need to be made for them in the LMHOSTS file. This keeps the file small and permits it to be cached in memory. Encapsulating NetBIOS inside IP datagrams reduces the performance and increase the complexity of the protocol. Both protocols requires some level of configuration, whether it is the address for IP or he LMHOSTS file for NetBIOS. • NetBIOS-specific information are the hostname, and are the workgroup name. • NBT-specific information are the scope ID (limits communication between NBT hosts, it limits access and prevents the resources being offered by a system from being seen by systems with a different scope ID), and the location from which the LMHOSTS file should be imported. Windows Internet Name Service (WINS): It is a protocol to provide name service for NetBIOS names. The advantage of WINS is that it dynamically learns names and addresses from the transmission on the network, and that it can be dynamically updated by DHCP. The disadvantage is that it requires an NT server, and it is primarily a NetBIOS service. It is generally not used on TCP/IP networks.
Implementing TCP/IP
78
4/4/2002
Alex Peeters
DNS Windows Name Resolution: Can be used to map a NetBIOS name to an IP address, but only if the NetBIOS name and the Internet hostname of the computer are the same. It is a good idea to always make the NetBIOS name and the hostname the same on every system LMHOSTS File Lookup: Is a simple flat file that associates NetBIOS names with IP addresses. #PRE
Causes the entry to be pre-loaded into the cache and permanently retained there. Normally entries are only cached when they are used for name resolution and are only retained in the cache for a few minutes. Use #PRE to speed up address resolution for frequently used hostnames.
#DOM
Domain identifies NT domain controllers.
#INCLUDE File specifies a remote file that should be incorporated in the local LMHOSTS file. This allows a centrally maintained LMHOSTS file to be automatically loaded. To provide redundant sources for LMHOSTS, enclose a group of #INCLUDE commands inside a pair of #BEGIN_ALTERNATE and #END_ALTERNATE statements. The system tries the various sources in order and stops as soon it successfully downloads one copy of the LMHOSTS file. 134.268.67.1 SERVER01 134.268.67.2 SERVER02 134.268.67.3 SERVER03 #BEGIN_ALTERNATE #INCLUDE \\ SERVER01 \ADMIN\lmhosts #INCLUDE \\ SERVER02\ADMIN\lmhosts #END_ALTERNATE
#PRE #PRE #DOM:DOMAIN01
The system first checks the LMHOSTS file and then issues a DNS query if the NetBIOS name is not found in the file. Many systems use a small LMHOSTS file to provide the addresses of important servers. TCP/IP Applications: Ping, Telnet, FTP, NFS, SMTP, enz.. Reverse Address Resolution Protocol (RARP): Is a protocol that converts a physical network address into an IP address. This is the reverse of what Address Resolution Protocol (ARP) does. Address Resolution Protocol maps an IP address to a physical address so that data can be delivered over a physical network. It does this by broadcasting an ARP packet that contains the IP address in question. When a system receives an ARP packet that contains its IP address, it responds with a packet that contains its physical network address, e.g. its Ethernet address. Reverse Address Resolution Protocol (RARP) maps a physical address to an IP address for a system that doesn' t know its own IP address. The client uses the broadcast services of the physical network to send out a packet that contains the client' s physical network address, and asks if any system on the network knows what IP address is associated with the address. The RARP server responds with a packet that contains the client' s IP address. RARP is a useful tool, but it only provides the IP address. There are still several other values (the subnet mask, default gateway, the list of name servers, and the broadcast address) that need to be manually configured.
Implementing TCP/IP
79
4/4/2002
Alex Peeters
Bootstrap Protocol: Is an alternative to RARP, and when is used, RARP is not needed. BOOTP is a more comprehensive configuration protocol than RARP. It provides much more configuration information, and it continues to evolve to provide ever more comprehensive information. Over time they have expanded to become the Dynamic Host Configuration Protocol (DHCP). The BOOTP client broadcasts a single packet called a BOOTREQUEST packet that contains, at a minimum, the client' s physical network address. The client sends the broadcast using the address 255.255.255.255, which is a special address called the limited broadcast address. The clients wait for a response from the server, and if one is not received within a specified time interval, the client retransmits the request. The server responds to the client' s request with a BOOTREPLY packet. OpCode HTYPE HLEN HOPS Transaction Identification Number Seconds unused Client IP Address Machine IP Address Server IP Address Gateway IP Address Client Hardware Address Server Host Name Boot File Name Vendor-specific Information
8 bits each 32 bits 16 bits each 32 bits 32 bits 32 bits 32 bits Up to 128 bits Up to 512 bits Up to 1024 bits Up to 512 bits
Figure 110 shows the BOOTP message format. BOOTP uses UDP as a transport protocol and, unlike RARP, it does not require any special Network Access Layer protocols. It uses two different well-known port numbers: UDP port number 67 is used for the server, and UDP port number 68 is used for the client. This is very unusual. Most software uses a well-know port on the server side and a randomly generated port on the client side. The random port number ensures that each pair of source/destination ports identifies a unique path for exchanging information. A BOOTP client, however, is still in the process of booting, it may not know its IP address. Even if the client generates a source port for the BOOTREQUEST packet, a server response addressed to that port and the client' s IP address won' t be read by a client that doesn' t recognise the address. Therefore BOOTP sends the response to a specific port on all hosts. A broadcast set to UDP port 68 is read by all hosts, even by a system that doesn' t know its specific address. The system then determines if it is the intended recipient by checking the physical network address embedded in the response. The server fills in all of the fields in the packet for which it has data. There are many different values a server can provide. Parameter bf bs cs ds gw ha hd hn ht im ip lg lp ns rl sm tc to ts vm Tn
Description
Example
Bootfile Bootfile size Cookie servers list Domain name servers list Gateway list Hardware address Bootfile directory Send hostname boolean Hardware type Impress server list Host IP address Log servers list LPR servers list IEN-116 name servers list Resource location servers Subnet mask Template continuation Time offset Time servers list Vendor magic cookie selector Vendor extension n
:bf=null :bs=22050 :cs=134.268.xxx.xxx :ds=134.268.xxx.xxx :gw=134.268.xxx.xxx :ha=7FF8100000AF :hd=/usr/boot :hn :th=ethernet :im=134.268.xxx.xxx :ip=134.268.xxx.xxx :lg=134.268.xxx.xxx :lp=134.268.xxx.xxx :ns=134.268.xxx.xxx :rl=134.268.xxx.xxx :sm=255.255.255.0 :tc=default1 :to=18000 :ts=134.268.xxx.xxx :vm=auto :T132="1234597AD3B"
Implementing TCP/IP
80
4/4/2002 # /etc/bootptab defaults:\ :hd=/usr/boot: :bf=null: :ds=134.268.67.1 134.239.67.3: :sm=255.255.255.0: :gw=134.268.67.5: PC0087: :tc=defaults: :ht=ethernet: :ha=0000c0a15e10: :ip=134.268.67.87: :hn: PC0088: :tc=defaults: :ht=ethernet: :ha=0000c0a10e15: :ip=134.268.67.88: :hn:
Alex Peeters
\ \ \ \ \ \ \ \ \ \ \ \ \ \
It is possible to configure a BOOTP server to handle a very large number of clients. One server for each subnet is a good design because it eliminates the need to pass BOOTP information through a router, which requires a special router configuration. Dynamic Host Configuration Protocol (DHCP): Is the latest generation of BOOTP. It is designed to be compatible with earlier versions. DHCP is only a proposed standard. DHCP uses the same UDP ports, 67 and 68, as BOOTP, and the same BOOTREQUEST and BOOTREPLY packet format. But DHCP is more than just an update of BOOTP. The new protocol expands the functions of BOOTP: • The configuration parameters provided by DHCP server include everything defined in the Requirements for Internet Hosts. DHCP provides a client with a complete set of TCP/IP configuration values. • DHCP permits automated allocation of IP addresses. DHCP uses the portion of the BOOTP packet originally set aside for vendor extensions to indicate the DHCP packet type and to carry a complete set of configuration information. DHCP calls the values in this part of the packet options instead of vendor extensions. This is a more accurate description because DHCP defines how the options are used and does not leave their definition up to the vendors. To handle the full set of configuration values from the Requirements for Internet Hosts, the option field is expanded to 312 bytes from the original 64 bytes of the BOOTP vendor extension field. DHCP allows addresses to be assigned Manual-, Automatic- and Dynamic allocation: • Manual allocation: The network administrator keeps complete control over addresses by specifically assigning them to clients. This is exactly the same way that addresses are handled by BOOTP. • Automatic allocation: The DHCP server permanently assign an address from a pool of addresses. The administrator is not involved in the details of assigning a client an address. • Dynamic allocation: The server assigns an address to a DHCP client for a limited period of time. The client can return the address to the server at any time, but the client must request an extension from the server to retain the address longer than the time permitted. The server automatically reclaims the address after the lease expires if the client has not requested an extension.
Implementing TCP/IP
81
4/4/2002
Alex Peeters
Dynamic allocation is useful in a large distributed network where many PC’s are being added and deleted. Unused addresses are returned to the pool of addresses without relying on users or system administrators to take action to return them. Addresses are only used when and where they' re needed. Dynamic allocation allows a network to make the maximum use of a limited set of addresses. DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses are assigned. Local Network Router with BOOTP enabled Remote Network
Router Router
DHCP Server
DHCP Client
DHCP Client
DHCP Client
Figure 111 illustrates an example of a network running DHCP. In figure 111, it consists of a single DHCP server and a few clients. As shown, a single DHCP server can supply addresses for more than one network. To support DHCP on an internetwork, routers must be configured with BOOTP forwarding. The DHCP server maintains pools of IP addresses, called scopes. When a DHCP client enters a network, it requests and granted a lease to use an address from an appropriate scope. The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This approach ensures that unused addresses become available for use by other clients. A single DHCP server can support clients on several networks in an internetwork. Clients moved to different networks are assigned IP addresses appropriate to the new network. Discover message
Offer message
Request message DHCP Client
DHCP Server Acknowledgement message
Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a DHCP client obtains a lease from a DHCP server.
Implementing TCP/IP
82
4/4/2002
Alex Peeters
Begin
1. Initialising state (sends discover message)
8. Rebinding (obtains new lease)
2. Initialising state (receives offer message)
7. Renewal (attempts to renew lease)
Renewal Granted 3. Selecting state (examines offers)
6. Bound state (attempts to renew lease)
4. Requesting state (sends request message)
5. Requesting state (attempts to renew lease)
Figure 113 shows the life cycle of a DHCP address lease. The stages in the life cycle are as follow: • 1) A DHCP client hosts that enters a network enters an initialising state and broadcasts a discover message on the local network. This message may be relayed to other networks to deliver it to DHCP servers in the Internet. • 2) Each DHCP server that receives the discover message and can service the request responds with an offer message that consists of an IP address and associated configuration information. • 3) The DHCP client enters a selecting state and examines the offer message that it receives. • 4) When the DHCP client selects an offer, it enters a requesting state and sends a request message to the appropriate DHCP server, requesting the offered configuration. • 5) The DHCP server grants the configuration with an acknowledgement message that consists of the IP address and configuration along with a lease to use the configuration for a specific time. The local network administrator establishes lease policies. • 6) The DHCP client receives the acknowledgement and enters a bound state in which the IP configuration is applied to the local TCP/IP protocols. Client computers retain the configuration for the duration of the lease and may be restarted without negotiating a new lease. • 7) When the lease approaches expiration, the client attempts to renew its lease with the DHCP server. • 8) If the lease cannot be renewed, the client reenters the binding process and is assigned a lease to a new address. Non-renewed addresses return to the available address pool. This process is completely transparent to the client and requires little ongoing maintenance on the part of the network administrator. DHCP can be configured to assign specific addresses to specific hosts, which enables administrators to use DHCP to set host protocol options while retaining fixed address assignments. Several types of hosts must assigned fixed, manual addresses so that other hosts can enter the addresses into their configurations.
Implementing TCP/IP
83
4/4/2002
Alex Peeters
Network File System (NFS): Is a TCP/IP file sharing protocol that allows a server to export files that are mounted by clients and used as if they are local files. NFS is a client/server application. The server makes part of its filesystem available for use by its clients, and the client uses the remote filesystem as if it were part of its local filesystem. Attaching a remote directory to the local filesystem (a client function) is called mounting a directory. Offering a directory for remote access (a server function) is called exporting a directory. NFS is a distributed filesystem. An NFS server has one ore more filesystems that are mounted by NFS clients, to the NFS clients, the remote disks look like local disks. NFS filesystems are mounted using the standard UNIX mount command, and all UNIX utilities work just as well with NFS-mounted files as they do with files on local disks. NFS makes system administration easier because it eliminates the need to maintain multiple copies of files on several machines: All NFS clients share the single copy of the file on the NFS server. NFS also makes life easier for users: Instead of logging on to many different systems and moving files from one system to another, a user can stay on one system and access all the files that he or she needs within one consistent file tree. The Network File System is a distributed file system that provides transparent access to remote disks. Just as NIS allows you to centralise administration of user and host information, NFS allows you to centralise administration of disks. Instead of duplicating common directories on every system, NFS provides a single copy of the directory that is shared by all systems on the network. To a host running NFS, remote filesystems are indistinguishable from local ones. For the user, NFS means that he/she doesn' t have to log into other systems to access files. There is no need to use RCP or tapes to move files onto the local system. Once NFS has been set up properly, users should be able to do all their work on their local system, remote files will appear to be local to their own system. NFS and NIS are frequently used together: NIS makes sure that configuration information is propagated to all hosts, and NFS ensures that the files a user needs are accessible from these hosts. NFS is also built on the RPC protocol and imposes a client-server relationship on the hosts that use it. An NFS server is a host that owns one ore more filesystems and makes them available on the network, NFS clients mount filesystems from one or more servers. This allows the normal client-server model where the server owns a resource that is used by the client. In the case of NFS, the resource is a physical disk drive that is shared by all clients of the server. Simple Mail Transfer Protocol (SNMP): Is the TCP/IP mail delivery protocol. It moves mail across the Internet and across your local network. It runs over the reliable, connection-oriented service provided by Transmission Control Protocol (TCP), and it uses well known port number 25. Command
Syntax
Function
Hello
HELLO <sending-host>
Identify sending SMTP
From
MAIL FROM
Sender address
Recipient
RCPT TO:
Recipient address
Data
DATA
Begin a message
Reset
RSET
Abort a message
Verify
VRFY <string>
Verify a username
Expand
EXPN <string>
Expand a mailing list
Help
HELP <string>
Request on-line help
Quit
QUIT
End the SMPT session
SMPT is such a simple protocol you can literally do it yourself. You telnet to port 25 (telnet alex.firm.be 25) on a remote host and type mail in from the command line using the SMTP commands.
Implementing TCP/IP
84
4/4/2002
Alex Peeters
SMTP provides direct end-to-end mail delivery. This is unusual, most mail systems use store and forward protocols that move mail toward its destination one hop at a time, storing the complete message at each hop and then forwarding it on the next system until final delivery is made. If the direct end-toend mail delivery fails, the local system knows it right away. Post Office Protocol (POP): Is used to transfer the contents of the user' s mailbox from the server to the users desktop. POP2 uses port 109 and POP3 uses port 110. These are incompatible protocols that use different commands, but they perform the same basic functions. The POP protocols verify the PC user' s login name and password, and move the user' s mail from the server to the PC where it is read using a local PC mail reader. Command
Syntax
Function
Hello
HELLO user password
Identify user account
Folder
FOLD mail-folder
Select mail folder
Read
READ [n]
Read mail, start with message n
Retrieve
RETR
Retrieve message
Save
ACKS
Acknowledge and save
Delete
ACKD
Acknowledge and delete
Failed
NACK
Negative acknowledge
Quit
QUIT
End the POP2 session
Syntax
Function
USER username
The user' s account name
POP2
POP3
PASS passwordThe user' s password STAT RETR n
Display the number of unread messages/bytes Retrieve message number n
DELE n
Delete message number n
LAST
Display the number of the last message accessed
LIST [n]
Display the size of message n or of all messages
RSET
Undelete all message, reset message number to 1
TOP n l
Print the header and l lines of message n
NOOP
Do nothing
QUIT
End the POP3 session
Multipurpose Internet Mail Extensions (MIME): Is an extension of the TCP/IP mail system, not a replacement for it. MIME is more concerned with what the mail system delivers than it is with the mechanics of delivery. It doesn' t attempt to replace SMTP or POP, it extends the definition of what constitutes mail.
Implementing TCP/IP
85
4/4/2002
Alex Peeters
File Sharing: A true file sharing system allows files to be accessed at the record level. This makes it possible for a client to read a record from a file located on a remote server, update that record, and write it back to the server without moving the full file from the server to the client. File sharing is transparent to the user and to the application software running on the user' s system. Through file sharing, users and programs access files located on the remote systems as if they were local. In a perfect file sharing environment, the user neither knows nor cares where the files are actually stored. • Remote File System (RFS): Is a TCP/IP file sharing protocol. • Andrew File System (AFS): Is a TCP/IP file sharing protocol. • Network File System (NFS): Is the only TCP/IP file sharing protocol widely available for PC' s. • Distributed File System (DFS): Is a new TCP/IP file sharing protocol.
Implementing TCP/IP
86
4/4/2002
Alex Peeters
Interaction of TCP/IP and Other Protocols: It is possible to classify applications as being network-aware or network-unaware. The distinction can be made because some applications, such as Web browsers and client/server applications, need to make explicit use of an underlying network protocol. Other applications, such as standard Windows application suites, simply function within the confines of a workstation' s own operating system. For these applications to make use of network file and print services, it is necessary for the NOS to provide extensions to the functions of the local operating system. The next section examines how these different types of applications can make use of the underlying network. Application Programming Interface (API): Application developers can write network-aware applications by accessing a set of standard procedures and functions through an Application Programming Interface (API). This interface specifies software-defined entry points that developers can use to access the functionality of the networking protocols. The use of an API enables a developer to develop networkable applications, while being shielded from having to understand how the underlying protocols operate. Other API’s define interfaces to other system functionality. Standard API Calls and Procedures
Network Protocol Interface
Application Interface Application Layer Presentation Layer Session Layer API accessing underlying network protocols Transport Layer Network Layer Data Link Layer Physical Layer
Figure 114 provides a visual representation of how a networking API might fit within the OSI sevenlayer model. The majority of network applications have been written specifically to access a single networking protocol. This is because each of the NOS implementations have developed their API’s as a standard. Redirectors and File Sharing: One of the main application requirements within a network is saving files on a central file store. To achieve this, NOS implementations commonly include a program known as a redirector. A redirector program extends the functionality of the workstation operating system to enable it to address remote file stores. In a DOS/Windows environment, file storage areas are denoted with the use of letters, typically with the letters A through E being reserved for local disk drives. When a user wants to access a network file volume, it is common for the NOS to facilitate some form of mapping between a volume name and an available drive letter. After the mapping has been made, it is possible for any application to access the shared file volumes in the same way as the would access a local drive. This is because of the operation of the installed redirector program. The program sits between the workstation operating system and the NOS protocol stack and listens for application calls made to any of the mapped network drives.
Interaction of TCP/IP and other Protocols
87
4/4/2002
Alex Peeters
The functionality of a redirector can be further clarified by considering the example of an application user attempting to save a file on a network drive. The user prompts the application to save the file on a network file volume that the NOS has mapped to the DOS drive I:. The application makes a call to the workstation operating system to complete the required file save operation. The redirector program recognise that the application is attempting to access a network drive and steps in to handle the required data transfer. If the redirector hadn' t been active, the workstation operating system would have been presented with a request to save a file on a drive letter that is knew nothing about, and it would have responded with a standard error message, such as ' Invalid drive specification' . In a UNIX environment, similar file sharing capabilities are provided through the use of a Network File System (NFS). The use of NFS enables the workstation to access file volumes located on remote host machines as if they were extensions to the workstation' s native filesystem. As such, the use of NFS, on the workstation side, is very similar to the use of the NOS redirector as outlined earlier. Implementation of client NFS software are available from several thirdparty companies. These implementations require a TCP/IP protocol stack to operate alongside the installed NOS protocol stack.
NetWare Server
UNIX Server
A workstation configured with both an NOS and a TCP/IP protocol stack is able to operate two independent applications that can provide file sharing access between environments. This is accomplished through the use of the redirector program, to provide access to the NOS file server, and NFS, operating on the TCP/IP protocol stack to provide access to NFS volumes on UNIX-servers.
F: G: H: Workstation
Figure 115 illustrates how a single workstation can be utilise to access both network environments. The indicated workstation loads a NetWare protocol software and the associated redirector software. File areas on the NetWare server are mapped as local drive F: and G:. The TCP/IP stack and NFS implementation are also loaded, and the remote UNIX file system is mounted as the local drive H: on the workstation PC. Files are then available to be saved by any application operating on the workstation to any of the mapped drivers. NOS Gateways and Servers: It is often more efficient to utilise an NOS server as a gateway into an existing TCP/IP network than to run dual protocol stacks upon each network client. In figure 117, the NetWare server has the Novel NFS Gateway software installed. The UNIX host has exported the NFS, which has been mounted to a drive on it. This file area is now available to any of the NetWare client workstations. These users are able to access the UNIX file area through the standard NetWare redirector program, removing the requirement of having to load a TCP/IP protocol stack and run a TCP/IP-based application. The NetWare server provides application gateway services between the IPX/SPX-based networks and the TCP/IP network. To achieve this, it is necessary for the server to load both protocol stacks. On the network clients, however, it is necessary to operate only the standard IPX/SPX protocol. The client directs applications requests to use resources within the UNIX network to the gateway using IPX/SPX protocols. The gateway relays these requests to the UNIX host via its TCP/IP protocol stack. In this way, the use of a gateway greatly reduces the administrative overhead required to provide network clients with access to TCP/IP hosts. Network users are able to utilise UNIX-based resources without the requirement to run multiprotocol stacks.
Interaction of TCP/IP and other Protocols
88
4/4/2002
Alex Peeters
TCP/IP Protocols
TCP/IP Protocol stack
IPX Protocol stack
NFS NetWare Client Workstations
NFS TCP/IP Protocol stack
IPX Protocols
Figure 116 outlines a sample configuration of a NOS server as a gateway. NOS gateways tend to be implemented in one of two ways. The first is through the operation of proxy application services. The use of a proxy service provides the user with a special set of the network applications, such as Telnet, FTP, and Web browsers, that have been specifically written to operate over NOS protocols. The client applications communicate with the gateway process, which forwards the application request to the specified UNIX hosts. An alternative solution utilise a tailored version of a standard WinSock driver. This special WinSock driver provides support for standard WinSock applications, but instead of operating on an underlying TCP/IP protocol stack it communicates using IPX/SPX protocols. Yet again, communication occurs between the client workstation and the gateway application, with the gateway acting to forward application data between the client and UNIX host. The use of the tailored WinSock driver means that network clients are able to utilise any standard. WinSock application and don' t have to rely on the gateway manufacturer to provide specialised application software. Client Workstation operating IPX protocols
NOS Server providing gateway service
UNIX Workstation operating TCP/IP protocols
Standard WinSock client application
UNIX server application process Gateway Tailored WinSock
Standard WinSock
Standard IPX Protocol Stack
TCP/IP Protocol Stack
Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use any standard WinSock application. NOS Support for Native IP: The major NOS vendors have recognised an increasing demand to replace their proprietary communication methods with native TCP/IP protocols. However, network applications have generally interfaced with a specific protocol. If NOS vendors were to suddenly adopt a different protocol, many of the existing network applications would no longer function. For this reason, vendors are looking for ways to replace their proprietary network protocols, but at the same time to provide a degree of backwardcompatibility to protect existing applications. For example, within NetWare it is possible to replace the standard IPX/SPX protocols with a TCP/IP protocol stack to provide standard communication between network client and server. However, within this implementation each data packet actually consists of an IPX packet enclosed within a UDP packet. The inclusion of the IPX header provides NetWare with the backward-compatibility it requires to support its existing application base. However, the inclusion of the IPX header places an additional overhead on each data packet. This overhead is likely to account for around 8 to 10 percent of the total packet size.
Interaction of TCP/IP and other Protocols
89
4/4/2002
Alex Peeters
Other NOS vendors also provide native support for TCP/IP protocols. For example, Windows NT allows for the users of the NetBEUI protocol or TCP/IP protocols or a combination of both. Within NT, network protocols are provided via an interface that it refers to as the Transport Driver Interface (TDI). This is a layer that is loaded toward the top of the protocol stack and is used to provide a standard interface between application environments and any underlying network protocols. NetBIOS Applications
WinSock Applications
NetBIOS Interface
TCP/UDP Services
Transport Device Interface ARP
IP Services
ICMP
Network Device Interface
NDIS Drivers & SLIP/PPP
Physical Network Layer
Network Interface
Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT. At the TDI interface, standard API’s such as NetBIOS and WinSock are able to interact with communication modules, principally TCP/IP and NetBEUI. The TDI model has been designed around a flexible architecture so that it can be adapted to support additional network protocols as required. Under this networking model, applications that have been written to the NetBIOS interface can operate over an installed TCP/IP protocol stack. NetBIOS operates by assigning a unique name to every network node. The assignment and management of the NetBIOS name space results in the generation of a large amount of network traffic. This is because hosts send out broadcasts to all network nodes when they want to register the use of a name they need to perform name resolution. The NetBIOS over TCP/IP standards specifies a method whereby this functionality can occur over a TCP/IP protocol stack. The excessive broadcast requirements effectively limit the use of NetBIOS to small LAN environments where the necessary bandwidth is available. IP networks, on the other hand, often include wide area links where bandwidth might not be sufficient to handle the required broadcasts needed to maintain the NetBIOS address space.
Interaction of TCP/IP and other Protocols
90
4/4/2002
Alex Peeters
Building an Internet Server: Isolating the Server: If an organisation merely wants to offer a service to the Internet community without enabling the users to use the same connection to the Internet, limiting the security risk is easy. local network
Internet
Internet Server
Internet
Figure 119 shows an Internet server isolated from the local network. Figure 119 illustrates a configuration that completely isolates local users computers from the Internet. If someone breaks into your Internet server, access is limited to the server itself. IPX Protocols local network
Internet
Internet Server
Internet TCP/IP Protocols
Figure 120 shows an Internet server that connect to the Internet using TCP/IP. In figure 120, the server is connected to the organisation’s LAN using NWLink (IPX/SPX). Windows NT servers do not route between different protocol stacks, and this approach very effectively isolates outside TCP/IP users from inside users connected using NWLink. Providing Full Internet Connectivity: Suppose that you want your Internet connection to enable outside users to connect in and inside users to connect out. Don’t use an insecure Internet connection. If an outsider attempts to violate security, you’ll know it. After all, the intruder can be readily identified because he will be using a nonlocal netid.
Buiding an Internet Server
91
4/4/2002
Alex Peeters
local network
Windows NT Router Internet
Internet Server
Internet TCP/IP Protocols
Figure 121 shows an insecure Internet connection. Unfortunately, IP addresses aren’t secure. Any reasonably knowledgeable Internet snoop can use a technique known as IP spoofing to make his packets appear to have originated on your local network. All the intruder needs to do is listen into your network for awhile, pick up a few usernames and passwords, which are transmitted in the clear, spoof an IP address, and break in. Once in, an intruder can gain entry to dozen of TCP/IP systems. If the intruder can spoof in using the address of a user logged on to a server, the intruder might be able to impersonate the logged-on user and access files using that user’s security permissions. A basic rule of TCP/IP security is as follows: • Never base security on IP addresses. Security must always be based on a secure login procedure that authenticates all users who are given access to critical systems. • Isolate your Internet servers from your LAN clients, you can use therefore firewalls. A firewall is a filter that can be configurated to block certain types of network traffic. Traffic can be filtered in various ways: Restricting certain protocols. Restricting certain types of packets. Permitting inside traffic out, while preventing outside traffic from entering. A firewall is essentially an IP router that has had its routing function replaced by a more secure method of forwarding messages. Some firewalls are specialised pieces of hardware, while other firewalls might consist of software running on a multihomed TCP/IP host. Firewall Router
all packets are forwarded through the IP layer.
no packets are forwarded, packets addressed to the firewall are processed locally by the firewall machine
Figure 122 shows a comparison between a firewall and an IP router.
Buiding an Internet Server
92
4/4/2002
Alex Peeters
In figure 122, the router handles packets up through the IP layer. The router forwards each packet based on the packet’s destination address, and the route to that destination indicated in the routing table. A host, on the other hand, does not forward packets, and the firewall system is just a special type of multihomed host. Just like any host, the firewall accepts packets that are addressed to it, and processes those packets through the Application Layer. The firewall ignores packets that are not addressed to it. local network
Internet
firewall/Internet Server
Internet TCP/IP Protocols
Figure 123 shows a basic firewall/Internet server combination. Figure 123 illustrates a firewall configuration in which on Internet host provides all Internet services and runs firewall software. The firewall/Internet server combination is configured to enable inside users to connect out to the Internet. Outside users are not permitted to connect to the LAN. local network
Additional Internet Server
Internet
firewall/Internet Server
Internet TCP/IP Protocols
Figure 124 shows a firewall configuration that poses potential problems. In figure 124, if you must configure more than on Internet server, you should avoid this example. No matter how tightly the firewall is configured to restrict outside users from accessing specific hosts, an intruder still could circumvent the firewall and gain access to other LAN-based hosts. You should isolate the servers on a separate network segment and configure the firewall to route traffic appropriately.
Buiding an Internet Server
93
4/4/2002
Alex Peeters
Additional Internet Server
local network
Internet
firewall/Internet Server
Internet TCP/IP Protocols
Figure 125 shows a more secure firewall configuration. In figure 125, the firewall permits outside users to access designated servers on one network segment, but prevent access to systems on the other segments. Because firwalls are used in place of routers, the are usually thought of as a way to separate an internal network from the external world. However, isolating an entire network behind a firwall may not be required. Even at sites that need a firewall, most workstations and desktop computers may not contain information or applications that need this level of protection. Frequently, only a limited set of computers contain truly sensitive data or processes critical to the operation or the organisation. One way to limit the impact of a firewall on the operation of a network is to use an internal firewall that isolates selected critical systems, while allowing all other systems to operate in a normal manner. Internet
Internet
Router
Internal network of non-sensitive systems
internal firewall
Router Router
Internet
Internet
external firewall
Internal network of sensitive and non-sensitive systems
Secure network of sensitive systems
Figure 126 illsutrates networks using both Internal and External Firewalls. The difficulty of identifying all sensitive systems, and the fear of making a mistake that could compromise critical information, causes many security-conscious sites to prefer an external firewall, or even a combination of internal and external firewalls. However, if sensitive systems can be identified and isolated, the majority of users benefit from a more user friendly network because the entire network is not isolated behind an external firewall. The techniques for cracking into TCP/IP networks are advancing at least as quickly as the techniques for building firewalls. and potting too much faith in the security you implement in unwise. For many, a secure network is merely an inspiration to try harder. For this reason, physical isolation of critical computers remain the one certain way to prevent intrusion.
Buiding an Internet Server
94
4/4/2002
Alex Peeters
Simple Network Management Protocol (SNMP): Is a client/server (agent/manager) protocol. The network management software used on TCP/IP based networks is based on the SNMP. The agent (the server) runs on the device being managed, which is called the Managed Network Entity. The agent monitors the status of the device and reports that status to the manager. The manager (the client) runs on the Network Management Station, it collects information from all of the different devices that are being managed, consolidates it, and presents it to the human network manager. SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP. Reliability is not required because each request generates a response. If the SNMP application does not receive a response, it simply reissues the request. Sequencing is not needed because each request and each response travels as a single datagram. The request and response messages that SNMP sends in the diagrams are called Protocol Data Units (PDU). These message types allow the manager to request management information, and when appropriate, to modify that information. The messages also allow the agent to respond to manager requests and to notify the manager of unusual situations. SNMP Protocol Data Units: PDU
Use
GetRequest
Manager requests an update
GetNextRequest
Manager requests the next entry in a table
GetResponse
Agent answers a manager request
SetRequest
Manager modifies data on the managed device
Trap
Agent alerts manager of an unusual event
The NMS periodically requests the status of each device (GetRequest) and each agent responds with the status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the burden on the agent because the NMS decides when polls are needed, and the agent simply responds. Polling also reduces the burden on the network because the polls originate from a single system are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a managed device, the manager does not find out until the agent polled. To handle this, SNMP uses a modified polling system called trap-directed polling. A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent does not wait for the manager to poll, instead it immediately sends information to the manager. Traps allow the agent to inform the manager of unusual events while allowing the manager to maintain control of polling. SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and listens for traps on port 162.
Simple Network Management Protocol
95
4/4/2002
Alex Peeters
Generic Trap: Trap
Meaning
coldStart
Agent restarted, possible configuration changes
warmStart
Agent reinitialised without configuration changes
enterpriseSpecific
An event significant to this hardware or software
authenticationFailure
Agent received an unauthenticated message
linkDown
Agent detected a network link failure
linkUp
Agent detected a network link coming up
egpNeighborLoss
The device' s EGP neighbour is down
The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol (SGMP), which was a tool for tracking the status of network routers. Routers are generally the only devices that have multiple network links to keep track of and are the only devices that run Exterior Gateway Protocol (EGP). These traps are not significant for PCs. The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are defined differently by every vendor' s SNMP agent software. Therefore it is possible for the trap to be tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that is privately defined by a vendor or organisation as opposed to something that is globally defined by an RFC. The Structure of Management Information (SMI) defines how data should be presented in an SNMP environment. The SMI defines how managed objects are named, the syntax in which they are defined, and how they are encoded for transmission over the network. The SMI is based on previous ISO work. Each managed object is given a globally unique name called an object identifier. The object identifier is part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is identified by a number. All SNMP managed object start with the number 1.3.6.1 . Object Identifier Hierarchy: The number of the root is not included in the identifier. Objects are defined just as formally as they are named. The syntax used to define managed objects is Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It makes the data definition independent of rules for encoding data for transfer over a network. Installing SNMP: Only one copy of the manager software is needed for a network. SNMP agents are installed in every system.
Simple Network Management Protocol
96
4/4/2002
Alex Peeters
Microsoft TCP/IP: Microsoft Network Protocols: Microsoft Windows operating systems support three network transport protocols: • NetBIOS Frame protocol (NBF). • NWLink. • TCP/IP. DLC: Supports network-attached printers. These protocols are integrated using two technologies: • The Network Driver Interface Specification (NDIS). • The Transport Driver Interface (TDI). The Microsoft Network Protocol Architecture: TCP/IP Applications
Windows API Applications
Application/Presentation Layer
NetBIOS
Session Layer
Data Link Layer Physical Layer
Windows Sockets
TDI Interface
Transport Layer Network Layer
NetBIOS over TCP/IP
NWLink
NetBEUI (NBF)
TCP/IP
NDIS Interface Network Adapter Drivers Network Adapters
Figure 127.shows the Microsoft Network Protocol Architecture. NDIS and TDI act as the unifying layers that enable Microsoft workstations to support multiple protocol stacks over a single network interface. At the lowest level of the protocol stack model are network interface adapters and the driver software that enables them to connect with upper layers. NDIS is a standard interface between the MAC layer protocols and the network layer. At the MAC layer, NDIS provides a well-defined interface that enables vendors to write drivers for their network interface products. NDIS also provides a standard protocol layer that upper-layer protocols can use, enabling multiple NDIS-compliant network layer protocols to interface with any NDIS-compliant network adapter. NDIS enables a computer to support multiple network adapters, which might be of the same or mixed type. These adapters communicate with the same upper-layer protocol stacks, mediated by the NDIS interface. The Transport Driver Interface (TDI) defines a protocol interface between session layer protocols and the transport layer. Transport protocols, therefore, can be written to standard interfaces both above (TDI) and below (NDIS) in the protocol stack. Above the TDI, Microsoft provides support for two Application Programming Interfaces (API’s). NetBIOS is the historic API for Microsoft network products. On the other hand, the standard API for TCP/IP applications is Berkeley sockets, which Microsoft has implemented as Windows Sockets. For environments that choose to implement TCP/IP without NetBEUI, and to support the non-routable NetBIOS protocols over internetworks, Microsoft has provides a NetBIOS over TCP/IP (NBT) feature that enables NetBIOS applications to access the TCP/IP transport.
Microsoft TCP/IP
97
4/4/2002
Alex Peeters
NetBEUI Frame Protocol (NBF): An efficient protocol that functions well in local networks, part of Windows NT. NBF is compatible with the earlier NetBEUI implementations found in LAN Manager and Windows 3.x. NBF provides two service modes: • Unreliable connectionless communication (datagram). • Reliable connection-oriented communication (virtual circuit). reliable connectionless mode is unavailable. Connection-oriented communication is used in many situations on peer-to-peer networks. NBF depends heavily on broadcast messages, however, to advertise network names. When a NetBIOS computer enters a network, it broadcasts a message announcing its name to ensure that no other computer on the network already has the same name. This essential NetBIOS mechanism fails in internetworks because broadcasts do not cross routers. Ordinarily, therefore, NBF is restricted to nonrouted networks. NWLink: Is a Microsoft implementation of the two protocols (IPX and SPX) that are the standard transport on NetWare networks. • Internetwork Packet eXchange (IPX): Is a datagram network layer protocol that services as the primary workhorse on NetWare LAN’s. The majority of NetWare services operate over IPX. • Sequenced Packet eXchange (SPX): Is an optional transport-layer protocol that provides connection-oriented, reliable message delivery. IPX is a routable protocol, and NWLink can be used to construct routed networks using Microsoft products. The network/hardware address mechanism differs significantly from the mechanism used for IP. IPX uses sockets to direct messages to and from the correct upper-layer processes. In most cases, upper-layer functions are performed by the NetWare Core Protocols (NCP), which provides network services at the session, presentation, and application layers. NCP is not part of NWLink, although Microsoft has implemented a NetWare client requester that implements the client side of NCP. The IPX/SPX protocols offer high performance, because node ID’s need not be maintained manually. Use of IPX/SPX, however, has been confined primarily to the NetWare environment. TCP/IP: Microsoft has been including TCP/IP support in network products since LAN Manager. TCP/IP was Microsoft' s choice as a notable protocol for use when the non-routable NetBEUI was not functional. DHCP Concept and Operation: DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses are assigned. A single DHCP server can supply addresses for more than one network. To support DHCP on an internetwork, routers must be configured with BOOTP forwarding. The DHCP servers maintains pools of IP addresses, called scopes. When a DHCP client enters a network, it request and is granted a lease to use an address from an appropriate scope. The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This approach ensures that unused addresses become available for use by other clients.
Microsoft TCP/IP
98
4/4/2002
Alex Peeters
DHCP can be configured to assign specific addresses to specific hosts, which enables administrators to use DHCP to set host protocol options while retaining fixed address assignments. Several types of hosts must be assigned fixed, manual addresses so that other hosts can enter the addresses into their configuration, including, among others, the following examples: Routers (Gateways), WINS servers, and DNS servers. Client options override scope and global options
Global
Scope
Client
Scope options override global options
Global options apply unless overridden by scope or client options
Figure 128 shows priority of DHCP options. Managing WINS: The primary naming system for Microsoft networks is based on NetBIOS names. Each computer on the network is configured with a name that it broadcasts to the network make its presence known to all other computers on the local network. This system is easy to maintain because whenever a computer inserts itself into the network, the global name database is updated. This system works well on local networks on which all protocols are supported by Microsoft network products. Microsoft operating systems configured using only TCP/IP protocols can use NetBIOS names within the context of a local, non-routed network. A significant limitation of NetBIOS naming in a TCP/IP environment is that the names do not propagate across routers. NetBIOS names are disseminated using broadcast datagrams, which IP routers do not forward. The NetBIOS names on one network, therefore, are invisible to computers on networks connected via routers. The Microsoft LAN Manager products supported internetwork name resolution using static naming tables stored in files named LMHOSTS. An LMHOSTS file is a text file that contains mappings between NetBIOS names and IP addresses. To enable computers on the internetwork to resolve names, a network administrator had to manually update the LMHOSTS file and distribute it to all computers on the Internet. This was a distinctly labour-intensive method of maintaining NetBIOS naming. Like LMHOSTS, Windows Internet Name Service (WINS) maintains a NetBIOS global naming service for TCP/IP internets. Unlike LMHOSTS, WINS is dynamic, extending the automatic configuration of the NetBIOS name directory from local networks to internets. The WINS database is updated automatically as NetBIOS computers insert and remove themselves from the network. Using WINS in conjunction with DNS is possible, which would enable WINS to provide DNS with host names for Microsoft-based hosts within your network.
Microsoft TCP/IP
99
4/4/2002
Alex Peeters
Resolving Names on Microsoft Networks: Resolution is the process of associating host names with addresses. Resolution of NetBIOS names on TCP/IP environments is the responsibility of the NetBIOS over TCP/IP (NBT) service. NBT name resolution has evolved from a basic, broadcast-based approach to the current name-service approach. Before discussing WINS, it is necessary to examine the name resolution modes supported by NBT. • B-node: Is the oldest method employed on Microsoft networks, name resolution using broadcast messages. When Host A needs to communicate with Host B, it sends a broadcast message to interrogates the network for the presence of Host B. If Host B receives the broadcast, it sends a response to Host A that includes its address. If Host A does not receive a response within a preset period of time, it times out and the attempt fails. Hey, everybody! What' s the address of HOST B? It' s 134.67.32.2
A
B
C
D
Figure 129 shows B-node name resolution. It works well in small, local networks, but poses two disadvantages that become critical as networks grow: • As the number of hosts on the network increases, the amount of broadcast traffic can consume significant network bandwidth. • IP routers do not forward broadcasts, and this technique cannot propagate names through an internetwork. B-node is the default name resolution mode for Microsoft hosts not configured to use WINS for name resolution. In pure B-node environments, hosts can be configured to use LMHOSTS files to resolve names on the networks. • P-node: Is used for name resolution. P-node computers register themselves with a WINS server, which functions as a NetBIOS name server. The WINS server maintains a database of NetBIOS names, ensures that duplicate names do not exist, and makes the database available to WINS clients. Hey, everybody! What' s the address of HOST B?
A
B
C
WINS Server
It' s 134.67.32.2
Figure 130 shows P-node name resolution. Each WINS client is configured with the address of a WINS server, which may reside on the local network or on a remote network. WINS clients and servers communicate via directed messages that can be routed. No broadcast messages are required to P-node name resolution.
Microsoft TCP/IP
100
4/4/2002
Alex Peeters Two liabilities of P-node name resolution are that: • All computers must be configured using the address of a WINS server, even when communicating hosts reside on the same network. • If a WINS server is unavailable, name resolution fails for P-node clients.
• M-node: computers first attempt to use B-node name resolution, which succeeds if the desired host resides on the local network. If B-node resolution fails, M-node hosts then to use P-node to resolve the name. M-node enables name resolution to continue on the local network when WINS servers are down. B-node resolution is attempted first on the assumption that in most environments, hosts communicate most often with hosts on their local networks. When this assumption holds, performance of B-node resolution is superior to P-node. Recall, however, that B-node can result in high levels of broadcast traffic. Microsoft warns that M-node can cause problems when network logons are attempted in a routed environment. • H-node: Is the default for Microsoft TCP/IP clients configured using the addresses of WINS servers. As a fallback, Windows TCP/IP clients can be configured to use LMHOSTS fields for name resolution. Nodes configured with H-node, however, first attempt to resolve addresses using WINS. Only after an attempt to resolve the name using a name server fails does an Hnode computer an attempt to use B-node. H-Node computers, therefore, can continue to resolve local addresses when WINS is unavailable. When operating in B-node, H-node computers continue to poll the WINS server and revert to H-node when WINS services are restored. Architecture of the Windows Internet Name Service (WINS): WINS uses one ore more WINS servers to maintain a database that provides name-to-address mappings in response to queries from WINS clients. WINS is a particularly got fit when IP addresses are assigned by DHCP. Although the DHCP lease renewal process results in a certain stability of IP address assignments. IP addresses can change if hosts are moved to different networks or if a hosts is inactive for a time sufficient to cause its address to be reassigned. WINS automatically updates its database to respond to such changes. Because WINS clients communicate with WINS servers via directed messages, no problems are encountered when operating in a routed environment. Non-WINS Client
WINS Proxy
B-node broadcast query
WINS Server 1
IP Address Non-WINS Client
P-node directed query
IP Address
WINS Proxy
Router Router with BOOTP
Router Router with BOOTP
WINS Server 2
Database Replication WINS-Enabled Client P-node query IP Address
Figure 131 shows the architecture of a WINS name service.
Microsoft TCP/IP
101
4/4/2002
Alex Peeters
WINS proxies enable non-WINS clients to resolve names on the internetwork. When a WINS proxy receives a B-node broadcast attempting to resolve a name on a remote network, the WINS proxy directs a name query to a WINS server and returns the response to the non-WINS client. WINS makes maintaining unique NetBIOS names throughout the Internet possible. When a computer attempts to register a NetBIOS name with WINS, it is permitted to do so only if the name is not currently reserved in the WINS database. Without WINS, unique names are enforced only through the broadcast B-node mechanism on local networks. • When a WINS client is shut down in an orderly manner, it releases its name reservation in the WINS database and the name is marked as released. After a certain time, a released name is marked as extinct. Extinct names are maintained for a period of time sufficient to propagate the information to all WINS servers, after which the extinct name is removed from the WINS database. • If a computer has released its name through an orderly shutdown, WINS knows that the name is available and the clients can immediately reobtain the name when it reenters the network. If the client has changed network addresses, by moving to a different network segment, a released name can also be reassigned. • If a computer is not shut down in an orderly fashion, its name reservation remains active in the WINS database. When the computer attempt to reregister the name, the WINS server challenges the registration attempt. If the computer has changed IP addresses, the challenge fails and the client is permitted to reregister the name with its new address. If no other computer as actively using the name, the client is also permitted to reregister with the name. • All names in the WINS database bear a timestamp that indicates when the reservation will expire. If a client fails to reregister the name when the reservation expires, the name is released. WINS supports definition of static assignments that do not expire. Any Windows NT server computer can be configured as a WINS server, except WINS servers cannot receive their IP address assignment from DHCP. WINS clients communicate with WINS servers via directed datagrams, and you do not have to locate a WINS server on each network segment. However, non-WINS clients are supported only if at least one WINS proxy is installed on each network or subnetmask. Multihomed computers should not be configured as WINS server. A WINS server may register its name with only one network. The name of a multihomed WINS server, therefore, cannot be registered with all attached networks. Also, some client connection attempts fail with multihomed WINS servers. WINS recognises a variety of special names, identified by the value of the 16th byte of LAN Managercompatible names. Special names are encountered when setting up static mappings and when examining entries in the WINS database. • Multihomed Names: A multihomed name is a single computer name that stores multiple IP addresses, which are associated with multiple network adapters on a multihomed computer. Each multihomed name can be associated with up to 25 IP addresses. This information is established when TCP/IP configuration is used to specify IP addresses for the computer. When the WINS server service is running on a multihomed computer, the WINS service is always associated with the first adapter in the computer configuration. All WINS messages on the computer, therefore, originate from the same adapter. Multihomed computers with connections to two or more networks should not be configured as WINS servers. If a client attempts a connection with a multihomed WINS server, the server might supply an IP address on the wrong network, causing the connection attempt to fail.
Microsoft TCP/IP
102
4/4/2002
Alex Peeters
• Normal Group Names: Are tagged with the value 0x1E in the 16th byte. Browsers broadcast to this name and respond to it when electing a master browser. In response to queries to this name, WINS always returns the broadcast address FF.FF.FF.FF. • Internet Group Names: An internet group is used to register Windows NT server computers in internet groups, principally Windows NT server domains. If the Internet group is not configured statically, member computers are registered dynamically as the enter and leave the group. Internet group names are identified by the value 0x1C in the 16th byte of the NetBIOS name. An internet group can contain up to 25 members, preference being given to the nearest Windows NT server computers. On a large internetwork, the Internet group register the 24 nearest Windows NT server computers plus the primary domain controller. • Other Special Names: 0x0 identifies the redirector name of a computer. 0x3 identifies the messenger service name, used to send messages. 0x1B identifies the domain master browser, which WINS assumes is the primary domain controller. If it is not. the domain master browser should be statically configured in WINS. 0x1 identifies _MSBROWSE_, the name to which master browsers broadcast to announce their domains to other master browsers on the local subnet. Having two or more WINS servers on any network is desirable. A second server can be used to maintain a replica of the WINS database that can be used if the primary server fails. On large internetworks, multiple WINS servers result in less routed traffic and spread the name resolution workload across several computers. Pairs of WINS servers can be configured as replication partners. WINS servers can perform two types of replication actions: Pushing and pulling. And a member of a replication pair functions as either a push partner or a full partner. All database replication takes place by transferring data from a push partner to a pull partner. But a push partner cannot unilaterally push data. Data transfers may be initiated in two ways. • A pull partner can initiate replication by requesting replication from a push partner. All records in a WINS database are stamped with a version number. When a pull partner sends a pull request, it specifies the highest version number that is associated with data received from the push partner. The push partner then sends any new data in its database that has a higher version number than was specified in the pull. • A push partner can initiate replication by notifying a pull partner that the push partner has data to send. The pull partner indicates its readlines to receive the data by sending a pull replication request that enables the push partner to push the data. Pulls generally are scheduled events that occur at regular intervals. Pushes generally are triggered when the number of changes to be replicated exceeds a specified threshold. An administrator, however, can manually trigger both pushes and pulls. WINS performs a complete backup of its database every 24 hours. If users cannot connect to a server running the WINS server service, the WINS database probably has become corrupt. In that case, you might need to restore the database from a backup copy.
Microsoft TCP/IP
103
4/4/2002
Alex Peeters
Push Pull
Pull
Push
Push
Pull
Push
Pull Push
Push
Push
Pull
Pull
Pull
Pull
Push
Figure 132 shows a network with several WINS replication partnerships. Naming versus Browsing: Browsers, however, maintain databases only of host names. Addresses must still be derived from a name resolution process. Browsing works somewhat differently on TCP/IP networks than on networks running NetBIOS and NWLink, although the difference becomes apparent only when routing is involved. Windows browsing is based on browse lists, which catalogue all available domains and servers. Browse lists are maintained by browsers. By default all Windows NT server computer are browsers. Windows NT workstations computers are potential browsers, and can become browsers if required. Each domain has one master browser that serves as the primary point for collecting the browse database for the domain. Servers, any computer that offers shared resources, that enter the network transmit server announcements to the master browser to announce their presence. The master browser uses these server announcements to maintain its browse list. Backup browsers receive copies of the browse list from the master browser at periodic intervals. She introduce redundancy to the browsing mechanism and distribute browsing queries across several computers. An election process among the various browsers determines the master browser. In domains, the election is biased in favour of making the Primary Domain Controller (PDC) the master browser, which always is the master browser if it is operational. All Windows NT server computers function as master or backup browser. Windows NT workstations can function as browsers. In the presence of sufficient Windows NT server computers, no Windows NT workstation will be configured as browsers. When no Windows NT server computers are available, at least two Windows NT workstations computers will be activated as browsers. An additional browser will be activated for every 32 Windows NT workstation computers in the domain.
Microsoft TCP/IP
104
4/4/2002
Alex Peeters
Severs must announce their presence to the master browser at periodic intervals, starting at one minute intervals and increasing to 12 minutes. If a server fails to announce itself for three announcement periods, it is removed from the browse list. Therefore, up to 36 minutes may be required before a failed server is removed from the browse list. Domains are also maintained in the browse list. Every fifteen minutes, a master browser broadcast a message announcing its presence to master browsers in other domains. If a master browser is not heard for three 15-minutes periodes, other master browsers remove the domain from their browse list. Thus, 45 minutes may be required to remove information about another domain from a browse list. Internetworks based on NetBIOS and NWLink protocols can route broadcast name queries across routers. Maintaining a single master for each domain, therefore, is necessary. Internetworks based on TCP/IP cannot forward broadcast queries between networks. Therefore, Microsoft TCP/IP networks maintain a master browser for each network or subnetmask. If a domain spans more than one network or subnetwork, the domain master browser running on the PDC has a special responsibility of collecting browse lists from the master browser on each network and subnetwork. The domain master browser periodically rebroadcasts the complete domain browse list to the master browser, which in turn update backup browsers on their networks. Therefore, significant time might be required to disseminate browsing data through a domain on a large TCP/IP internetwork. The browsing service is a convenience but is not required to enable clients to access servers on the internetwork. Clients processes still can use shared resources by connecting directly with the Universal Naming Convention (UNC) name of the resource. On a TCP/IP internetwork, that makes WINS a near necessity. Browsing, on the other hand, is very convenient but is not essential. Multihomed hosts often present an ambiguous face to the network community. Different hosts can use different IP addresses to access services running on the host, with unpredictable results. One case in which this unpredictability seems to appear is browsing when the PDC for a domain is multihomed. Clients are not hard-wired with the address of browsers, and a multihomed browser appears to confuse things, causing various clients to see different browse lists. More consistent results seem to be obtained when the PDC has a single IP address. In any case, the PDC cannot serve as master browser for more than one network or subnetmask. Sometimes dynamic name-address mappings are not desirable. At such times, creating static mappings in the WINS database proves useful. A static mapping is a permanent mapping of a computer name to an IP address. Static mappings cannot be challenged and are removed only when they are explicitly deleted. Reserved IP addresses assigned to DHCP clients override any static mappings assigned by WINS. Static mappings for unique and special group names can be imported from files that conform to the format of LMHOSTS files. Managing LMHOST Files: Although a complete name resolution system can be based on LMHOSTS files, static naming files can be a nightmare to administrator, particularly when they must be distributed to several hosts on the network. Nevertheless, LMHOSTS files may be necessary if WINS will no be run on a network or if having a backup is desirable in case the WINS service fails. Although LAN manager host files supported little more than mappings of NetBIOS names to IP addresses, Windows NT offers several options that make LMHOSTS considerably more versatile.
Microsoft TCP/IP
105
4/4/2002
Alex Peeters
The basic format of an LMHOSTS file is as follow: IP-address
Name
134.67.32.0 134.67.32.1 134.67.32.2 134.67.40.0 134.67.32.3 134.268.67.0 134.268.67.3 134.268.67.5
Logon-Server-Network-A Host-1-Network-A Host-2-Network-A Logon-Server-Network-B Host-3-Network-B Logon-Server-Network-C Host-3-Network-C Host-5-Network-C
Managing DNS: Domain Name Service (DNS) is the standard naming service used on the Internet and on most TCP/IP networks. If your Windows TCP/IP network is not connected to non-Microsoft TCP/IP networks, you do not need DNS. WINS can provide all the naming services required on a Microsoft Windows Network. You need DNS if you want to connect your TCP/IP hosts to the Internet or to a UNIX based TCP/IP network, but only if you want to enable users outside the Windows network to access your TCP/IP hosts by name. Name Resolution with HOSTS Files: Before DNS, name resolution was accomplished using files named HOSTS. Supporting a naming service is a simple matter of editing a master HOSTS file and distributing it to all computers, which could be accomplished by copying the file when a user logs on to a domain, or it could be done using a software distribution system.
Microsoft TCP/IP
106
4/4/2002
Alex Peeters
Transmission Line Theory: The electrical characteristics of the media used to send network datagrams partly define the physical layer: The determine the maximum transmission rate, the longest straight run of cable, and other constrains of the network. This are all products of the transmission line theory, a study how signals behave when they are transmitted over long distances. While the extremely lower-level theory doesn’t have any direct implications for higher-level protocols, violating the constraints imposed by transmission line theory can lead to intermittent and puzzling network failures that appear to the higher-level protocol breakdowns. A transmission line is any signal path that is long compared to the wavelength of the signal travelling the path. Signals of higher frequencies have shorter wavelengths, so higher frequencies signals require transmission line analysis over much shorter path lengths. For example, low-speed AC line voltage going from a power company generator to a substation or transformer is affected by transmission line problems over a distance of several miles. On the other end of the spectrum, high-speed integrated circuits that produce pulses in the nanosecond range require transmission line treatment for signals that are a few centimetres long. Signals on the Ethernet have wavelengths of about one meter, so transmission line theory applies to every network with at least two stations on it, assuming the machines aren’t located on top of each other. Every signal conductor has some inherent capacitance and inductance. The inductance comes from the fact that any conductor must have a real non-zero thickness, the capacitance is due to coupling with the ground plane and other nearby wires. Ethernet backbones are limited in length partly because of these capacitive loading effects: The longer the cable, the greater its capacitance. As the capacitance increases, each signal must charge up the line for a longer time, and after some critical value, the time required to charge the line’s capacitance is significant compared to the time required to send the packet’s preamble. At low frequencies, the non-ideal characteristics of the wire may be ignored, but at the Ethernet data transmission frequency of 10 MHz, the become important.
L1
L2 C1
Ln C2
Cn
Figure 133 shows a drawing how a real-world Ethernet cable looks. In figure 133, the series of inductors/capacitor pairs define an AC impedance for the cable. Impedance is usually a function of the frequency of the signal encountering the L/C pairs. Ethernet packets are sent with a constant frequency (not the frequency of the packets themselves, but the frequency of the modulated signal representing the packet), fixing the AC impedance of the cable. The fixed impedance is why you can put a fixed-value resistor on the Ethernet as a terminator, the rest of this discussion explores the transmission line theory underpinnings that determine the value of that terminator. On a non-ideal wire, the voltage at an endpoint can’t change instantaneously, due to the capacitive and inductive effects described earlier. When a signal is impressed on a line (when a host sends a packet on the Ethernet), the voltage at the end of the wire must go from 0 to -2.5 volts. A packet rolling down the Ethernet cable is represented as a series of voltage changes, each with a corresponding change in current as defined by Ohm’s law. The endpoint of the wire appears to be a signal load, for this discussion assume that the load has an arbitrary value.
Transmission Line Theory
107
4/4/2002
Alex Peeters
IR
IO = IL - IR
VO
ZO
IL
ZL
VL
load
Figure 134 shows the signal on an Ethernet. The endpoint of the wire, represented as the load above, is initially at 0 volts. In order to satisfy Ohm’s and Kirkhoff’s laws, a reflected signal must be created. • Kirkhoff’s law dictates that the current flowing into a node must equal the current leaving it. The incident, load, and reflected currents obey the following equation:
IO = IL − IR • Kirkhoff’s law states that the loop voltage around a circuit must add up to zero. We can use this form of Kirkhoff’s law to express the relationship of the voltages in the circuit:
VL = VO + VR • Ohm’s law is used to describe the relationship of the line impedance, Z, and the current:
VL = IL. ZL Substituting for VL and IL, we get:
VO + VR = ZL[IO - IR ] Apply Ohm’s law again, with VR = IR . ZO, since the reflected signal sees the same impedance as the incident signal:
VO + VR =
ZL [ VO − VR ] ZO
Rearranging terms, we can express the amplitude of the reflected signal as a function of the original signal:
VR ZL − ZO = VO ZL + ZO
Now let’s revisit our assumption that the load impedance, ZL, is some arbitrary value. An unterminated cable endpoint has an infinite load impedance, so with ZL infinite, the fraction’s value is approximately unity and VO = VR. The reflected current becomes a signal that looks electrically similar to the incident packet, travelling in the opposite direction. Again, the non-ideal physical characteristics of the wire prevent the reflected signal from being a mirror image of the incident signal. At the same time, the end point of the line starts to charge to -2.5 volts, so the voltage V at the endpoint of the wire isn’t precisely 0 volts. The combination of these two effects makes the reflected signal a slightly attenuated version of the original. After several trips down the
Transmission Line Theory
108
4/4/2002
Alex Peeters
length of the cable, the reflected signal is damped out completely. During the voltage rise time, however, reflected signals are making the line ring. The fairly obvious solution is to make the reflection coefficient (the numerator in the fraction above) equal to zero, so that there is no signal reflection. By placing a terminating resistor between the cable and ground, the incident signal is caught and any reflection is suppressed. Ethernet cabling has a characteristic impedance of 50 ohms, which is precisely the value used for termination. Note that the line impedance is seen by AC signals only, and that DC testing of the line itself, without the terminators, should show a DC resistance of a fraction of an ohm. However, this fact can be exploited to perform a simple cable test: With a multimeter set on ohms, measure the DC resistance between the centre conductor of the Ethernet and the ground shield on a network with no traffic. Do not measure resistance on a live network. The network activity will cause the ohmmeter to give an inexact reading. You may inadvertently create a short on the network, possibly damaging some transceivers equipment. The multimeter should read 25 ohms, half of the terminating resistor value, for a properly terminated Ethernet. The resistance of the entire cable is 25 ohms because it is the effective resistance of the two 50 ohm terminators wired in parallel, joined by two conductors of the Ethernet cable:
Re ffective =
R1. R2 R = R1 + R2 2
Ehternet Conductor
R1
R1 = R2 = 50 ohms
R2
Figure 135 shows the terminators on an Ethernet cable. Sometimes the most perplexing network problems stem from a failure in the physical layer. This theoretical discussion may not help you debug open circuits or locate bad transceivers by watching waveforms, but it should help you build a mental checklist of potential problems to be used when examining network cabling.
Transmission Line Theory
109
4/4/2002
Alex Peeters
Troubleshooting TCP/IP: Introduction: • Resolving most problems requires a methodical approach and the application of your knowledge of TCP/IP and of your network. • TCP/IP is a four-layer hierarchy. Problems seen by the user in the Application Layer may be caused by problems in the lower layers. • IP requires that each system have a globally unique, software-defined address. IP uses the address to move data through networks and through the layers of software in a host. Unlike networks that use hardware addresses, IP relies on the system administrator to define the correct address. Problems are frequently caused by configuration errors. • Routing is required to deliver data between any two systems that are not directly connected by the same physical network. Subnetting divides a network into separate physical networks so that routing may even be required within a single enterprise network. Tree steps in tracking down the real problem are: • Gather information when the problem is reported, ask the user several questions. What application failed! What is the address and hostname of the remote computer? What is the address and the hostname of the user' s computer? What error message was displayed? If possible, have the user verify the problem by running the application while you talk trough it. If possible, duplicate the problem yourself. • Run preliminary tests using another application, such as PING. Check if the problem occurs in other applications on the user' s host. Check if the user' s problem occurs with only one remote host, with all remote hosts, or only with hosts off the user' s subnet. Check if the problem occurs on other local systems or just on the user' s system. Does it fail from your system? How about from other systems on the user' s subnet? • Visualise each protocol and device that handles the user' s data. If the problem occurs on some systems and not others, think about difference in the path that data takes from those systems. Think about where and how things could go wrong, to avoids oversimplifying the problem. It also highlights the areas that are most likely cause the user' s problem. The problem can be anywhere in the path you visualise. Some hints on analysing the test results are: • If only one application is having a problem, the application may misconfigured. If the same application fails on different local hosts, but only when connecting to a specific remote host, the application may not be available on the remote host. If the application that fails is from a different source than the TCP/IP protocol stack, e.g., a commercial protocol stack and a freeware application, the application and the stack may not be compatible. The last condition is particularly prevalent in Windows 3.1 and 3.11 when the application is designed for a specific WINSOCK.DLL and a different one is used by the stacks. • If problems occur on all local PC’s, regardless of the application or the remote host they are connecting to, the problem is in one of the devices that connects the network to the outside world. If the problem only occurs on systems on a single subnet, the problem is in the device that connects the subnet to the rest of your network. If the problem only occurs on one PC, that PC is probably misconfigured. Check its configuration. If it appears okay, take your laptop and check the network link.
Troubleshooting TCP/IP
110
4/4/2002
Alex Peeters
• Pay attention to the error messages. Error messages are often vague, but they contain valuable pointers to the underlying problem. • The error Unknown host indicates a name server problem. If other computers resolve the name correctly, the user' s PC is probably misconfigured. If no system resolves the name correctly, the name the user has may be wrong or the name server may be misconfigured. Have the user try to connect with the numeric address. • The error Network unreachable indicates a routing problem. It means that there is no route to the remote host. If no system can reach it, the remote site might be down. If only the user' s PC has the problem, check the PC' s routing configuration. • The error Cannot connect or No answer or Connection timed out means that the remote system is not responding. Either the remote system is down or a link between the user' s PC and the remote system is down. If the user is trying to connect using a numeric address, it could mean that the user has the wrong address. Ask him/her to use the remote system' s hostname. Troubleshooting TCP/IP: Deals with the unexpected. Network problems are usually unique and sometimes difficult to resolve. Troubleshooting is an important part of maintaining a stable, reliable network service. Effective troubleshooting requires a methodical approach to the problem, and a basic understanding of how the network works. The key to solving a problem is understanding what the problem is. This is not as easy as it may seem. The surface problem is sometimes misleading, and the real problem is frequently obscured by many layers of software. When the true nature of the problem is understood, the solution of the problem is often obvious. Approaching a Problem: • Gather detailed information about exactly what' s happening. When the first problem is reported, talk to the user. Find out which application failed. What is the remote host' s name and IP address? What is the user' s hostname and address? What error message was displayed? If possible, verify the problem by having the user run the application while you talk him/her through it. If possible, duplicate the problem on your own system. • Does the problem occur in other applications on the user' s host, or is only one application having trouble? If only one application is involved, the application may be misconfigured or disabled on the remote host. Because of rising security concerns, more and more systems are disabling some services. • Does the problem occur with only one remote host, all remote hosts, or only certain groups of remote hosts? If only one remote host is involved, the problem could easily be with that host. If all remote hosts are involved, the problem is probably with the user' s system. If only hosts on certain subnets or external networks are involved, the problem may be related to routing. • Does the problem occur on other local systems? Make sure you check other systems on the same subnet. If the problem only occurs on the user' s host, concentrate testing on that system. If the problem affects every system on a subnet, concentrate on the router for that subnet. Once you know the symptoms of the problem, visualise each protocol and device that handles the data. Visualising the problem will help you avoid oversimplification, and keep you from assuming that you know the cause even before you start testing.
Troubleshooting TCP/IP
111
4/4/2002
Alex Peeters
Troubleshooting Hints: • Approach problems methodically, don' t jump into another test scenario based on a hunch, without ensuring that you can pick up your original test scenario where you left off. • Keep a historical record of the problems in case it reappears. • Don' t assume a problem seen at the application level is not caused by a problem at a lower level. • Test each possibility and base your actions on the evidence of the tests. • Pay attention to error messages. • Duplicate the reported problem yourself. • Most problems are caused by human errors. • Keep your users informed, users want solutions to their problems, they' re not interested in speculative techno-babble. • Don' t speculate about the cause of the problem while talking to the users. • Stick to a few simple troubleshooting tools. • Don' t neglect the obvious, a loose Ethernet cable is a very common network problem. Check plugs, connectors, cables, and switches. • Small things can cause big problems. Diagnostic tools: Most network problems can be solved using the free diagnostic software. Large networks probably need a network analyser, or at least a hardware tester such as a Time Domain Reflectometer (TDR). ifcongif
: Provides information about the basic configuration of the interface. It is useful for detecting bad IP addresses, incorrect subnet masks, and improper broadcast addresses.
arp
: Provides information about Ethernet/IP address translation. It can be used to detect systems on the local network that are configured with the wrong IP address.
netstat
: Provides a variety of information. It is commonly used to display detailed statistics about each network interface, network sockets, and the network routing table.
ping
: Indicates whether a remote host can be reached.
nslookup
: Provides information about the DNS name service.
dig
: Provides information about name service.
ripquery
: Provides information about the contents of the RIP update packet being sent or received by your system.
traceroute
: Tells you which route packets take going from your system to a remote system. Information about each hop is printed.
etherfind
: Analyses the individual packets exchanged between hosts on the network. It is most useful for analysing protocol problems.
Testing Basic Connectivity: The ping command tests whether a remote host can be reached from your computer. This simple function is extremely useful for testing the network connection, independent of the application in which the original problem was detected. Ping allow you to determine whether further testing should be directed toward the network connection (the lower layers) or the application (the upper layers). If ping shows that packets can travel to the remote system and back, the user' s problem is probably in the upper layers. If packets can' t make the round-trip, lower protocol layers are probably at fault.
Troubleshooting TCP/IP
112
4/4/2002
Alex Peeters
Abbreviations: AC ACK ADS AFS API ARP AS ASN.1 BIOS BNC BOOTP CD CRC CSMA CSMA/CA CSMA/CD CSU DA DDS DFS DHCP DLP DNS DSAP DSU ED EFS EGP ETR FC FCS FS FTP GGP ICMP IGP IP IPX IPX/SPX ISDN ISN ISO LAN LLC LSAP LSL MAC MAU MIME MLID MTU NBF NBT NCP NDIS NetBEUI
Abbreviations
Access Control Acknowledgement Acknowledged Datagram Service Andrew File System Application Programming Interface Address Resolution Protocol Autonomous Systems Abstract Syntax Notation One Basic Input Output System Bus Network Connector BOOT Protocol Collision Detection Cyclic Redundancy Checksum Carrier Sence Multiple Access Carrier Sence Multiple Access/Collision Avoid Carrier Sence Multiple Access/Collision Detection Channel Service Unit Destination Address Digital Data Service Distributed File System Dynamic Host Configuration Protocol Data Link Protocol Domain Name Service Destination Service Access Point Digital Service Unit Ending Delimiter End-of-Frame Sequence Exterior Gateway Protocol Early Token Release Frame Control Frame Check Sequence Frame Status File Transfer Protocol Gateway to Gateway Protocol Internet Control Message Protocol Interior Gateway Protocol Internet Protocol Internetwork Packet eXchange Internetwork Packet eXchange/Sequenced Packet eXchange Integrated Services Digital Network Initial Sequence Number International Standards Organisation Local Area Network Logical Link Control Link Service Access Point Link Support Layer Media Access Control Media Access Unit Multipurpose Internet Mail Extensions Multiple Link Interface Drivers Maximum Transmission Unit NetBIOS Frame Protocol NetBIOS over TCP/IP NetWare Core Protocols Network Driver Interface Specification NetBIOS Extended User Interface
113
4/4/2002 NETBIOS NFS NIC NIS NOS NSAP NTP ODI OSI OSPF PAD PING PAR PDC PDU POP PPP RARP RFC RFS RIP RPC SA SAP SD SFD SFS SGMP SMB SMI SMTP SNA SNMP SPX SSAP STP SYN TCB TCP TCP/IP TDI TDM TDR TELNET TFTP TLI TSAP UDP UDS ULP UNC UTP VCS WAN WINS WWW XDR
Abbreviations
Alex Peeters Network Basic Input Output System Network File System Network Interface Card Network Information System Network Operating System Network Service Access Point Network Time Protocol Open Datalink Interface Open Systems Interconnect Open Shortest Path Protocol Packet Assembly/Disassembly Packet Internet Groper Positive Acknowledgement with Retransmission Primary Domain Controller Protocol Data Unit Post Office Protocol Point-to-Point Protocol Reverse Address Resolution Protocol Request For Comments Remote File System Routing Information Protocol Remote Procedure Call Source Address Service Access Point Starting Delimiter Start Frame Delimiter Start-of-Frame Sequence Simple Gateway Management Protocol Service Message Block Structure of Management Information Simple Mail Transfer Protocol System Network Architecture Simple Network Management Protocol Sequenced Packet eXchange Source Service Access Point Shielded Twisted-Pair Synchronising Segment Transmission Control Block Transmission Control Protocol Transmission Control Protocol/Internet Protocol Transport Driver Interface Time-Division Multiplexing Time Domain Reflectometer Terminal Networking Trivial File Transfer Protocol Transport Layer Interface Transport Service Access Point User Datagram Protocol Unacknowledged Datagram Service Upper Layer Protocol Universal Naming Convention Unshielded Twisted-Pair Virtual Circuit Service Wide Area Network Windows Internet Name Service World Wide Web eXternal Data Representation
114
4/4/2002
Alex Peeters
Table of Figures: Figure 1 shows different possibilities for communication of great distance............................................................ 1 Figure 2 shows the symbol used for a Twisted-Pair line tag................................................................................... 2 Figure 3 shows the symbol used for a Coaxial line tag. ......................................................................................... 2 Figure 4 shows the symbol used for a Fibre-optic line tag. .................................................................................... 3 Figure 5 shows the symbol used for a Network Interface Card. ............................................................................. 4 Figure 6 shows the symbol used for a Client.......................................................................................................... 4 Figure 7 shows the symbol used for a Server. ....................................................................................................... 4 Figure 8 shows a Client-Server model.................................................................................................................... 5 Figure 9 shows Local Resources............................................................................................................................ 5 Figure 10 shows Remote Resources...................................................................................................................... 5 Figure 11 shows a Node......................................................................................................................................... 6 Figure 12 shows the symbols used for a Concentrator. ......................................................................................... 6 Figure 13 shows the symbol used for a Hub. ......................................................................................................... 6 Figure 14 shows the symbol used for a Repeater. ................................................................................................. 6 Figure 15 shows the symbol used for a Bridge....................................................................................................... 6 Figure 16 shows the symbol used for a Router. ..................................................................................................... 7 Figure 17 shows the symbol used for a Gateway. .................................................................................................. 7 Figure 18 shows the symbol used for a Backbone. ................................................................................................ 7 Figure 19 shows a schematic of a bus network...................................................................................................... 8 Figure 20 shows a schematic of a machine-to-machine bus network. ................................................................... 8 Figure 21 shows a schematic of a Token Ring network. ........................................................................................ 9 Figure 22 shows the token access method in a Token Ring network..................................................................... 9 Figure 23 shows a schematic of a star network.................................................................................................... 10 Figure 24 shows a schematic of a hub network.................................................................................................... 10 Figure 25 shows fragmentation and reassemble of a message on a circuit switching network. ......................... 11 Figure 26 shows fragmentation and reassemble of a message on a packet switching network. ......................... 11 Figure 27 shows a schematic of a Backbone Network. ........................................................................................ 12 Figure 28 shows a schematic of a Thinnet Network. ............................................................................................ 12 Figure 29 shows a schematic of a 10BASET Network. ........................................................................................ 12 Figure 30 shows the seven-layer Open Systems Interconnection Reference Model. .......................................... 14 Figure 31 shows an example of a data frame....................................................................................................... 16 Figure 32 shows how simple delivering of a frame on a local network can be. .................................................... 16 Figure 33 shows the schematic of a single, local network.................................................................................... 18 Figure 34 shows the schematic of a bridged network........................................................................................... 18 Figure 35 shows the schematic of a subnetted network....................................................................................... 18 Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network..................................... 19 Figure 37 shows Headers and the OSI protocol layers. ....................................................................................... 22 Figure 38 shows the Protocol Data Unit layout..................................................................................................... 22 Figure 39 shows the receiving computer risks losing data whenever its communication buffers become full. .... 25 Figure 40 shows the format of the LLC protocol data unit. ................................................................................... 26 Figure 41 shows the format of an IEEE 802 MAC address. ................................................................................. 26 Figure 42 shows IEEE 802 standards related to the OSI reference model. ......................................................... 26 Figure 43 shows the schematic of an Ethernet network. ...................................................................................... 27 Figure 44 shows collisions on an Ethernet. .......................................................................................................... 28 Figure 45 shows the structure of an Ethernet II frame.......................................................................................... 29 Figure 46 shows the structure of an Ethernet II Node Address. ........................................................................... 29 Figure 47 shows the format of a IEEE 802.3 Frame............................................................................................. 30 Figure 48 shows the format of the SNAP data format. ......................................................................................... 31 Figure 49 shows the token access method in a ring network. .............................................................................. 32 Figure 50 shows how Token Rings are wired in a star. ........................................................................................ 33 Figure 51 shows the format of a Token Ring frame.............................................................................................. 33 Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the OSI model. ........................................................................................................................................................... 35 Figure 53 provides a generic illustration of a data packet moving through the different protocol layers of the OSI model. ........................................................................................................................................................... 35 Figure 54 shows a more specific example of an application packet moving through a TCP/IP network. ............. 36 Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program. ............... 37 Figure 56 shows an internetwork consisting of several networks. ........................................................................ 39 Figure 57 illustrates one method of time-division multiplexing of digital signals................................................... 39 Figure 58 depict a more advanced technique, statistical time-division multiplexing............................................. 39 Figure 59 illustrates circuit switching. ................................................................................................................... 40 Figure 60 illustrates packet switching. .................................................................................................................. 40 Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model. ....................... 41 Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.......................... 42
Table of Figures
115
4/4/2002
Alex Peeters
Figure 63 illustrates Hop-count routing................................................................................................................. 42 Figure 64 shows connecting remote sites with a Digital Leased Circuit. .............................................................. 44 Figure 65 shows the Layers in the TCP/IP Protocol Architecture. ........................................................................ 44 Figure 66 shows TCP/IP Data Encapsulation....................................................................................................... 44 Figure 67 shows Data Structures. ........................................................................................................................ 44 Figure 68 shows the processing of data during the transmission and the receiving for TCP. .............................. 44 Figure 69 shows processes/applications and protocols that rely on the Network Access Layer for the delivery of data to their counterparts across the network............................................................................................... 44 Figure 70 shows the IP Datagram Format............................................................................................................ 44 Figure 71 shows Routing Through Gateways....................................................................................................... 44 Figure 72 shows the ICMP Header Format. ......................................................................................................... 44 Figure 73 shows processes/applications and protocols rely on the Internet Layer for the delivery of data to their counterparts across the network................................................................................................................... 44 Figure 74 shows the UDP Datagram Format........................................................................................................ 44 Figure 75 shows the relationship between UDP and IP headers.......................................................................... 44 Figure 76 shows the data segment format of the TCP Protocol. .......................................................................... 44 Figure 77 shows the format of the TCP pseudoheader. ....................................................................................... 44 Figure 78 shows TCP establishes virtual circuits over which applications exchange data................................... 44 Figure 79 shows a Three-Way Handshake. ......................................................................................................... 44 Figure 80 shows the positive acknowledgement with retransmission technique.................................................. 44 Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments. ......................... 44 Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0....................................... 44 Figure 83 shows how data are processed as the travel down the protocol stack, through the network, and up the protocol stack of the receiver........................................................................................................................ 44 Figure 84 shows processes/applications and protocols rely on the Transport Layer for the delivery of data to their counterparts across the network................................................................................................................... 44 Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway. ...................................................................... 44 Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of data to their counterparts across the network........................................................................................................... 44 Figure 87 shows the IP address classes. ............................................................................................................. 44 Figure 88 shows host communication on a local network. ................................................................................... 44 Figure 89 shows IP addresses with and without subnetting. ................................................................................ 44 Figure 90 shows host communication with subnetting. ........................................................................................ 44 Figure 91 shows a view of routing. ....................................................................................................................... 44 Figure 92 shows the Internet Routing Architecture............................................................................................... 44 Figure 93 shows a flowchart depiction of the IP routing algorithm. ...................................................................... 44 Figure 94 show the operation of ARP................................................................................................................... 44 Figure 95 shows the layout of an ARP request or ARP reply. .............................................................................. 44 Figure 96 shows Routing Domains....................................................................................................................... 44 Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the Ethernet data frame............................................................................................................................................................. 44 Figure 98 shows Protocol and Port Numbers. ...................................................................................................... 44 Figure 99 shows the protocol interdependency between Application level protocols and Transport level protocols. .............................................................................................................................................................. 44 Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the targeted TCP/IP applications. ..................................................................................................................................... 44 Figure 101 shows the exchange of port numbers during the TCP handshake. .................................................... 44 Figure 102 shows the format of the Host.txt records. ........................................................................................... 44 Figure 103 shows resolution of a DNS query. ...................................................................................................... 44 Figure 104 shows Domain Hierarchy.................................................................................................................... 44 Figure 105 shows organisation of the DNS name space...................................................................................... 44 Figure 106 shows NIS masters, slaves, and clients. ............................................................................................ 44 Figure 107 shows Remote Procedure Call Execution. ......................................................................................... 44 Figure 108 shows the TCP/IP family tree. ............................................................................................................ 44 Figure 109 shows Multiple Protocol Stacks. ......................................................................................................... 44 Figure 110 shows the BOOTP message format. .................................................................................................. 44 Figure 111 illustrates an example of a network running DHCP. ........................................................................... 44 Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a DHCP client obtains a lease from a DHCP server. ........................................................................................................... 44 Figure 113 shows the life cycle of a DHCP address lease. .................................................................................. 44 Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-layer model.44 Figure 115 illustrates how a single workstation can be utilise to access both network environments.................. 44 Figure 116 outlines a sample configuration of a NOS server as a gateway. ........................................................ 44 Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use any standard WinSock application. ............................................................................................................................ 44 Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT. ............. 44 Figure 119 shows an Internet server isolated from the local network................................................................... 44 Figure 120 shows an Internet server that connect to the Internet using TCP/IP. ................................................. 44
Table of Figures
116
4/4/2002
Alex Peeters
Figure 121 shows an insecure Internet connection. ............................................................................................. 44 Figure 122 shows a comparison between a firewall and an IP router. ................................................................. 44 Figure 123 shows a basic firewall/Internet server combination. ........................................................................... 44 Figure 124 shows a firewall configuration that poses potential problems............................................................. 44 Figure 125 shows a more secure firewall configuration........................................................................................ 44 Figure 126 illsutrates networks using both Internal and External Firewalls. ......................................................... 44 Figure 127.shows the Microsoft Network Protocol Architecture. .......................................................................... 44 Figure 128 shows priority of DHCP options. ......................................................................................................... 44 Figure 129 shows B-node name resolution. ......................................................................................................... 44 Figure 130 shows P-node name resolution. ......................................................................................................... 44 Figure 131 shows the architecture of a WINS name service................................................................................ 44 Figure 132 shows a network with several WINS replication partnerships. ........................................................... 44 Figure 133 shows a drawing how a real-world Ethernet cable looks. ................................................................... 44 Figure 134 shows the signal on an Ethernet. ....................................................................................................... 44 Figure 135 shows the terminators on an Ethernet cable. ..................................................................................... 44
Table of Figures
117
4/4/2002
Alex Peeters
Index: —1—
Bus ..................................................................................8 Bus Network Connector ..................................................8 Bus Networks ..................................................................8
10BASE2 ........................................................................2 10BASE5 ........................................................................2 10BASET Network .......................................................12
—C—
—8— 802 LAN Physical Address ...........................................26
—A— Abbreviations.............................................................113 Abstract Syntax Notation One.......................................96 AC.................................................................................34 Access Control ..............................................................34 Access method’s ...........................................................24 Accident-proof network ..................................................1 Acknowledged Datagram Service .................................25 Activity Management....................................................21 Address Resolution .......................................................63 Address Resolution Protocol...........48, 58, 63, 74, 75, 79 Addressing, Routing, and Multiplexing.....................58 ADS ..............................................................................25 AFS ...............................................................................86 An Internet ....................................................................17 An Internetwork ............................................................17 An overview of TCP/IP components ..........................72 Andrew File System......................................................86 API....................................................................78, 87, 97 Application layer...........................................................21 Application Programming Interface ..................78, 87, 97 Approaching a Problem ..............................................111 Architecture of the IEEE 802 Standards .......................24 Architecture of the Windows Internet Name Service..101 ARP.................................................48, 58, 63, 74, 75, 79 AS .................................................................................61 ASN.1 ...........................................................................96 Asynchronically ..............................................................1 Automatic allocation .....................................................81 Autonomous Systems....................................................61
—B— Backbone ....................................................................7, 8 Backbone Network........................................................12 Backplane......................................................................10 Basic Input Output System............................................78 BIOS .............................................................................78 BNC connectors ..............................................................2 B-node.........................................................................100 Boot Protocol ..........................................................74, 76 BOOTP ...................................................................74, 76 BOOTREPLY packet....................................................80 BOOTREQUEST packet...............................................80 Bootstrap Protocol ........................................................80 Bridge .......................................................................6, 41 Bridges, Routers, and Switches.....................................41 Broadband.....................................................................39 Building an Internet Server........................................91
Index
Canonical form..............................................................70 Carrier Sence.................................................................27 Carrier Sence Multiple Access ......................................27 Carrier Sence Multiple Access/Collision Avoid............27 Carrier Sence Multiple Access/Collision Detection ......27 CD.................................................................................28 Channel Service Unit ....................................................44 Characteristics of Layered Architectures.......................13 Characteristics of Layered Protocols.............................22 Cheapernet ......................................................................2 Checking remote hosts ..................................................51 Circuit ...........................................................................40 Circuit Switching ..........................................................40 Circuit-Switched networks ............................................11 Client...............................................................................4 Client-Server model ........................................................5 Coaxial cable...................................................................2 Collision........................................................................28 Collision Detection .......................................................28 Communication Protocols.............................................13 Concentrator..............................................................6, 10 Connectionless Protocols ..............................................41 Connection-oriented......................................................41 Contention.....................................................................24 CRC ........................................................................29, 31 Creating Domains and Subdomains ..............................68 CSMA ...........................................................................27 CSMA/CA.....................................................................27 CSMA/CD.....................................................................27 CSU...............................................................................44 Cyclic Redundancy Checksum................................29, 31
—D— DA.................................................................................34 Data Field......................................................................29 Data Frame ..............................................................15, 16 Data Link Layer ............................................................15 Data Section ..................................................................33 Data Stream Maintenance .............................................55 Data-communication .......................................................1 Datagram.....................................................20, 41, 48, 72 Datagram Delivery ........................................................20 Data-processing...............................................................1 Data-transmission............................................................1 DDS ..............................................................................44 Decapsulation................................................................23 Dedicated Leased Lines.................................................44 Delivering Data Through Internetworks ...................39 Demultiplexer................................................................39 Demultiplexing..............................................................20 Demux...........................................................................39 Destination Address ......................................................34 Destination and Source address...............................29, 31 Destination Service Access Point..................................26 Detecting unreachable destinations ...............................50
118
4/4/2002
Alex Peeters
Device ...........................................................................16 DFS ...............................................................................86 DHCP......................................................................80, 81 DHCP Concept and Operation......................................98 Diagnostic tools ..........................................................112 Digital Data Service.....................................................44 Digital Service Unit ......................................................44 Distributed File System.................................................86 DLC ..............................................................................97 DNS ..........................................................66, 73, 75, 106 DNS Windows Name Resolution..................................79 Domain Name Service ....................................66, 67, 106 Domain Name System.............................................73, 75 Domain Names..............................................................68 DSAP ............................................................................26 DSU ..............................................................................44 Dynamic allocation .......................................................81 Dynamic Host Configuration Protocol....................80, 81 Dynamically Allocated Port ..........................................66
—E— Early Token Release .....................................................32 ED .................................................................................34 EFS ...............................................................................33 EGP.........................................................................76, 96 Encapsulation................................................................46 End Systems..................................................................19 Ending Delimiter...........................................................34 End-of-Frame Sequence................................................33 Ethernet Address...........................................................17 Ethernet PVC coax..........................................................2 Exporting a directory ....................................................84 Exterior Gateway Protocol ......................................76, 96 eXternal Data Representation .................................57, 70
—F— FC .................................................................................34 FCS ...................................................................29, 31, 34 Fibre-optic cable .............................................................3 Fields.............................................................................16 File Sharing...................................................................86 File Transfer Protocol .............................................73, 76 Flow Control .................................................................50 Fragmentation .........................................................48, 50 Fragmenting Datagrams ................................................50 Frame Check Sequence .....................................29, 31, 34 Frame Control ...............................................................34 Frame Status..................................................................34 Frames...........................................................................16 Frames and Network Interfaces.....................................17 FS..................................................................................34 FTP .........................................................................73, 76
—G— Gateway ..............................................................7, 19, 48 Gateway Protocols ........................................................76 Gateway-to-Gateway Protocol ................................61, 76 GGP ........................................................................61, 76
—H— Handshake.....................................................................54
Index
Header ...........................................................................46 Heterogeneous Network................................................13 H-node ........................................................................101 Host address ..................................................................58 Host name .....................................................................66 Host table ......................................................................66 Hosts .............................................................................19 Host-to-Host Transport Layer .......................................51 How Ethernet Works.....................................................27 How Token Ring Works................................................31 Hub..................................................................................6 Hub Network.................................................................10
—I— ICMP.................................................................50, 72, 75 IEEE 802.3 Frames .......................................................30 IEEE 802.3 Media.........................................................30 IEEE 802.3 Networks....................................................27 IEEE 802.5 Frames .......................................................33 IEEE 802.5 Networks....................................................31 IEEE LAN’s.................................................................24 IGP ................................................................................76 Implementing TCP/IP .................................................77 Implementing TCP/IP over IEEE 802.3........................31 Index ...........................................................................118 Informatics ......................................................................1 Information Field ..........................................................34 Initial Sequence Number...............................................53 Integrated Services Digital Network .............................45 Interaction of TCP/IP and Other Protocols...............87 Interior Gateway Protocol .............................................76 Intermediate Systems ....................................................19 International Standards Organisation ............................13 Internet ..........................................................................44 Internet Control Message Protocol....................50, 72, 75 Internet Group Names .................................................103 Internet Protocol..........................................17, 48, 72, 75 Internet Routing Architecture........................................61 Internetwork Layer ........................................................48 Internetwork Packet eXchange......................................98 Introduction ...................................................................1 IP 17, 48, 72, 75 IP Address...............................................................48, 58 IP Address Classes ........................................................59 IP Datagram Format ......................................................49 IP Host Address ............................................................58 IPX ................................................................................98 ISDN .............................................................................45 ISN ................................................................................53 ISO ................................................................................13 Isolating the Server .......................................................91
—L— LAN ..............................................................................10 Layer .............................................................................13 Layered Architecture.....................................................13 Leased line ....................................................................44 Length Field ..................................................................31 Limited Broadcast Address ...........................................80 Link Service Access Point.............................................24 Link Support Layer .......................................................37 Links .............................................................................10 LLC ...............................................................................24
119
4/4/2002
Alex Peeters
LLC Data Field .............................................................31 LMHOSTS....................................................................99 LMHOSTS File Lookup ...............................................79 Local Area Networks ....................................................10 Local Device ...................................................................5 Local Resource................................................................5 Logical Link Control.....................................................24 LSAP.............................................................................24 LSL ...............................................................................37
—M— MAC .................................................................17, 26, 36 Machine-to-Machine network.........................................8 Managed Network Entity ..............................................95 Managing Connections .................................................56 Managing DNS ...........................................................106 Managing LMHOST Files ..........................................105 Managing WINS ...........................................................99 Manual allocation .........................................................81 Maps .............................................................................69 MAU ...............................................................................9 Maximum Transmission Unit..................................17, 50 Media Access Control.............................................17, 36 Media Access Unit ..........................................................9 Medium Access Control................................................26 Microsoft Network Protocol Architecture.....................97 Microsoft Network Protocols........................................97 Microsoft TCP/IP........................................................97 MIME ...........................................................................85 MLID ............................................................................37 M-node........................................................................101 Mounting a directory.....................................................84 MTU .......................................................................17, 50 Multihomed Names.....................................................102 Multiple Link Interface Drivers ....................................37 Multiple Protocol Stacks...............................................77 Multiplexer....................................................................39 Multiplexing......................................................20, 39, 64 Multipurpose Internet Mail Extensions.........................85 Mux...............................................................................39
—N— Name Resolution with HOSTS Files...........................106 Names and Addresses ...................................................66 Naming versus Browsing ............................................104 NBF...................................................................78, 97, 98 NBT ................................................................78, 97, 100 NCP ..............................................................................98 NDIS .......................................................................36, 97 NetBEUI .......................................................................77 NetBEUI Frame Protocol..............................................98 NETBIND .....................................................................37 NetBIOS........................................................................77 NetBIOS Frame.............................................................78 NetBIOS Frame protocol ..............................................97 NetBIOS over TCP/IP.....................................78, 97, 100 NetWare Core Protocol.................................................98 Network Access Layer ..................................................47 Network Address.....................................................18, 75 Network Components....................................................4 Network Driver Interface Specification ........................97 Network Driver Interface Standard ...............................36 Network File Server ......................................................73
Index
Network File System .........................................76, 84, 86 Network Information Service ..................................68, 76 Network Interface Card ...................................................4 Network Layer...............................................................17 Network Media ..............................................................2 Network Medium ............................................................2 Network Operating System .............................................4 Network Time Protocol...........................................74, 76 Network Topology ..........................................................8 Networks ........................................................................8 Next Hop.......................................................................62 NFS .............................................................73, 76, 84, 86 NIC..................................................................................4 NIS ..........................................................................68, 76 NIS maps.......................................................................68 Node....................................................................6, 10, 16 Normal Group Names .................................................103 NOS ................................................................................4 NOS Gateways and Servers...........................................88 NOS Support for Native IP ...........................................89 NTP .........................................................................74, 76 NWLink ..................................................................97, 98
—O— Object Identifier ............................................................96 Object Identifier Hierarchy ...........................................96 ODI ...............................................................................37 ODINSUP.COM ...........................................................38 Open Datalink Interface ................................................37 Open Shortest Path First ...............................................75 Open Systems Interconnect ...........................................13 Operating Dual Protocol Stacks ....................................36 OSI ................................................................................13 OSPF.............................................................................75 Other Special Names...................................................103
—P— Packet....................................................11, 16, 17, 18, 41 Packet Switching...........................................................40 Packet-Switched networks ............................................11 PAR...............................................................................52 Passing Datagrams to the Transport Layer ....................50 PDC.............................................................................104 PDU ............................................................22, 29, 31, 95 Peer-to-Peer Communication ........................................23 Peer-to-Peer network.......................................................8 Physical Layer ...............................................................14 P-node .........................................................................100 Polling.....................................................................24, 95 POP ...............................................................................85 Port Numbers ................................................................65 Positive Acknowledgement with Retransmission..........52 Post Office Protocol ......................................................85 Preamble .................................................................29, 31 Presentation Layer.........................................................21 Primary Domain Controller.........................................104 Probabilistic Access Method.........................................31 Process/Application Layer ............................................57 PROTMAN.DOS ..........................................................36 PROTMAN.OS2 ...........................................................36 Protocol Data Unit ......................................22, 29, 31, 95 Protocol Manager Program ...........................................36 Protocol Numbers .........................................................65
120
4/4/2002
Alex Peeters
Protocol Stack.........................................................13, 14 PROTOCOL.INI ...........................................................37 Protocols and Protocol Stacks ....................................35 Protocols, Ports, and Sockets ........................................64 Providing Full Internet Connectivity ............................91
—R— RARP ..........................................................64, 74, 75, 79 Redirecting routes .........................................................51 Redirectors and File Sharing.........................................87 Reliability and Acknowledgement ................................54 Reliable Delivery Protocol............................................72 Remote File System ......................................................86 Remote Procedure Call .....................................70, 73, 76 Remote Procedure Call Execution ................................70 Remote Resource ............................................................5 Repeater ..........................................................................6 Request For Comments .................................................46 Resolving Names on Microsoft Networks...................100 Reverse Address Resolution Protocol .........64, 74, 75, 79 RFC...............................................................................46 RFS ...............................................................................86 RG-58 .............................................................................2 Ring Network..................................................................9 RIP ..........................................................................61, 75 RJ-11...............................................................................2 RJ-45...........................................................................2, 8 Root server....................................................................67 Router .....................................................7, 17, 18, 41, 42 Routing .......................................................18, 48, 60, 75 Routing Datagram .........................................................50 Routing Information Protocol .................................61, 75 RPC...................................................................70, 73, 76
—S— SA .................................................................................34 SAP ...............................................................................19 Scopes .....................................................................82, 98 SD .................................................................................34 Segment ........................................................................52 Sequenced Packet eXchange.........................................98 Server ..............................................................................4 Service Access Point.....................................................19 Service Message Block .................................................78 Session Layer ................................................................20 SFD ...............................................................................31 SFS................................................................................33 SGMP ...........................................................................96 Shielded Twisted-Pair .....................................................2 Simple Gateway Management Protocol ........................96 Simple Mail Transfer Protocol..........................73, 76, 84 Simple Network Management Protocol ......28, 73, 76, 95 SMB..............................................................................78 SMI ...............................................................................96 SMTP......................................................................73, 76 SNMP ...................................................28, 73, 76, 84, 95 Socket .....................................................................55, 66 Some examples of common used networks...................12 Source Address .............................................................34 Source Routing .............................................................42 Source Service Access Point.........................................26 Spanning-tree algorithm................................................42 SPX...............................................................................98
Index
SSAP .............................................................................26 Star Network .................................................................10 Start Frame Delimiter....................................................31 Start-of-Frame Sequence...............................................33 Station ...........................................................................16 Stat-MUX......................................................................39 STP..................................................................................2 Structure of Management Information ..........................96 Subdomains...................................................................68 Subnet ...........................................................................59 Switche....................................................................41, 43 Switched Digital Lines ..................................................45 Switching Data ..............................................................40 Synchronically.................................................................1
—T— Table of Figures ..........................................................115 T-connector .....................................................................8 TCP .................................................19, 51, 52, 72, 75, 84 TCP Segment Format ....................................................53 TCP/IP ..............................................................17, 97, 98 TCP/IP Applications .....................................................79 TCP/IP Protocols Inside a Sample Gateway .................57 TDI..........................................................................90, 97 TDR.............................................................................112 Telecommunication.........................................................1 Telematics .......................................................................1 Telnet ......................................................................73, 76 Terminology..................................................................24 Testing Basic Connectivity .........................................112 TFTP .......................................................................74, 76 The Domain Hierarchy..................................................67 The Host Table..............................................................66 The Internet ...................................................................17 The Internet Model .....................................................46 The Network Information Centre Host Table................67 The Routing Table.........................................................61 The seven-layer OSI Reference Model.......................13 The Starting Delimiter...................................................34 The TCP/IP Family of Protocols ................................75 The way data are delivered through internetworks........39 Thick coax.......................................................................2 Thin coax ........................................................................2 Thin Ethernet ..................................................................2 Thinnet Network ...........................................................12 Three-Way Handshake ..................................................54 Time Domain Reflectometer .......................................112 Time-Division Multiplexing..........................................39 TMD..............................................................................39 Token Passing ...............................................................24 Token Ring......................................................................9 Transmission Control Protocol .............19, 51, 52, 72, 84 Transmission Line Theory ........................................107 Transport .......................................................................75 Transport Control Protocol ...........................................75 Transport Driver Interface.......................................90, 97 Transport Layer .............................................................19 Trap-directed polling.....................................................95 Trivial File Transfer Protocol..................................74, 76 Troubleshooting Hints.................................................112 Troubleshooting TCP/IP...................................110, 111 T-shaped connector .........................................................8 Twisted-pair cable ...........................................................2 Type field ......................................................................29
121
4/4/2002
Alex Peeters
—U—
—V—
UDP ............................................................19, 51, 72, 75 UDS ..............................................................................25 ULP...............................................................................24 Unacknowledged Datagram Service .............................25 UNC............................................................................105 Universal Naming Convention....................................105 Unreliable......................................................................41 Unshielded Twisted-Pair.................................................2 Upper-Layer Protocols..................................................24 Upper-Level Protocol driver ...................................36, 37 User Datagram Protocol..............................19, 51, 72, 75 User services .................................................................76 UTP.................................................................................2
VCS...............................................................................25 Virtual Circuit Service ..................................................25
—W— WAN .............................................................................12 What TCP/IP provides ..................................................46 Wide Area Networks .....................................................12 Windows Internet Name Service.............................78, 99 WINS ..............................................................78, 99, 101
—X— XDR ........................................................................57, 70
Index
122