Networking Fundamentals

Networking Fundamentals
July 2018
Copyright © 2017 Tata Elxsi | Confidential | 1

Agenda

(A) The Internet (B) OSI Model Vs TCP/IP Suite
1. Brief History about Internet 1. Why Protocol Layers?
2. Protocols and Standards 2. The OSI Model
3. TCP/IP Protocol Suite
4. Addressing(IP, MAC, Port)
(C) Layer 2 and 3

1. Data Link Layer
2. Network(IP) Layer
(D) Layer 4 and 5

1. Transport Layer
2. Application Layer

The Internet

Brief History
what is network?
• A network is a group of connected, communicating devices such as computers and printers.
what is internet?
• two or more networks that can communicate with each other.
what is Internet?
• composed of hundreds of thousands of interconnected networks.
who uses?
• individuals, various organizations such as government agencies, schools, research facilities, corporations, and libraries
existing since 1969

• ARPANET: Advanced Research Projects Agency (ARPA)
• host to host communication
• network to network communication
• Issues with different types of packet sizes, different interfaces, different speeds, reliability
• Need for protocols
• TCP/IP: Transmission Control Protocol/Internet Protocol
Internet Today
• ISP’s: Internet service Providers – Local, Regional, Backbone ISPs
• WWW – World Wide Web(since 1990s) – Explosion of Internet with WWW – Tim Berners – Lee
• Grown from simple host to host sharing way to millions of hosts communicating with audio and video multimedia

Protocol and Standards
Protocol
• Communication between two people or two devices needs to follow some protocol.
• Ex: face-to-face communication, telephone conversation
• Communication of two devices. It cannot just send some bytes of data and expect partner to understand
• Protocol defines
• What is communicated? – Syntax
• Format of the data – Order in which they are presented
• First 8 bits has to be some address, second 8 bits some other..
• How it is communicated? – Semantics
• Meaning of each section of bits
• When it is communicated? – Timing
• When and how fast data to be sent
Internet Standards
• Standards are written to guarantee national and international interoperability of data and telecommunications technology and
processes
• RFC – Request for comments – Before it can be standardized
• IETF –Internet Engineering Task Force – identifying operational problems and proposing solutions to those problems. These problems
been categorized into areas like Applications, Internet Protocols, Transport, Security
• IANA – Internet Assigned Numbers Authority – responsible for managing domains and IP addresses

OSI Model Vs TCP/IP Suite

Why Protocol Layers???
A protocol is required when two entities need to communicate
When communication is not simple, we may divide the complex task
of communication into several layers.
Two Examples: one layer Vs multi layer
Sender and Receiver – Each layer at Sender side uses the services of
below layer. Other way for Receiver

The OSI Model– (Open Systems Interconnections)
 Seven ordered layers
 Each layer defines a family of functions distinct from other layers
 Allows interoperability between different systems

The OSI Model– (Open Systems Interconnections) contd…
 In the same system, sender side above layer communicates with just underneath layer(layer 7 to layer 1)
 Between different systems, same layer-to-layer logically communicate through defined protocols of
corresponding layer
 Interfaces between layers - Each interface defines what information and services a layer must provide for the
layer above it.

Organization of the layers
• Network Support Layers – Layers 1, 2, 3(Physical, Data, Network) – deal with physical aspects of moving the data from one device to
other device
• User Support Layers – Layers 5, 6, 7(Session, Presentation, Application) – They allow interoperability between two unrelated
software systems
• Transport Layer – Layer 4 – Links two groups, ensures the lower layers have transmitted all the data has given by upper group layers
Encapsulation
• Each layered data is encapsulated in lower layer packet
• A packet at level 7 is encapsulated in the packet at level 6. The whole packet at level 6 is encapsulated in a packet at level 5, and so
on.

Physical Layer – Layer 1
• Responsible for moving individual bits from one node to the next.
• The physical layer data consists of a stream of bits (sequence of 0s or 1s).
• defines the type of encoding (how 0s and 1s are changed to electrical or optical signals).
Data Link Layer – Layer 2

• transforms the physical layer, a raw transmission facility, to a reliable link between two systems of the same network
• makes the physical layer appear error-free to the upper layer(network layer)
• Frames – data units – stream received from network layer is split into manageable data unit called ‘frame’
• Physical addressing – MAC address
• Flow, Error, Access Controls
Network Layer – Layer 3

• responsible for the source-to-destination delivery of a packet, possibly across multiple networks (links).
• ensures that each packet gets from its point of origin to its final destination.
• Logical addressing to distinguish between source and destination using IP address
• Routing – Takes cares of routing the packet to destination in best possible way

Transport Layer – Layer 4
• responsible for process-to-process delivery of the entire message.
• A process/service is an application program running on the host.
• Port – Service-point address: Computers run several programs at a time. Some processes require network to transmit the
data to another process running on another computer.
• Segmentation and Reassembly – A message from application is divided into transmittable segment. Reassembled at
destination before delivering it to the application.
• Connection, Flow, Error Controls
Session Layer – Layer 5

• the network dialog controller – establishes, maintains, synchronizes communication between the communicating systems
Presentation Layer – Layer 6

• concerned with the syntax and semantics of the information exchanged between two systems.
• Translation, Encryption, Compression
Application Layer – Layer 7

• enables the user, whether human or software, to access the network.
• Ex: File Transfer, Remote logins/desktop, email, directory services


TCP/IP Protocol Suite
 Developed prior to OSI model. Continued to be 5 layers even after publication of OSI model

TCP/IP Protocol Suite contd…

Addressing
 Four Levels of addresses

Addressing
contd….
Physical Address(MAC Address)
• Also called as linked address
• Physical address represent the address of a node in the network/link(LAN or WAN)
• Size and Format of the physical address depends on the network
• Ethernet: A 6-byte (12 hexadecimal digits) physical address
• Unicast(one single recipient) Ex- 07:0C:04:12:01:02
• Multicast (Group of recipients) Ex: 01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF
• Broadcast(All systems in the network) – FF:FF:FF:FF:FF:FF

Addressing
contd….
Logical Addresses(IP Address)
• Logical addresses are necessary for universal communications that are independent of underlying physical
networks.
• A logical address in the Internet is a 32-bit address that can uniquely define a host connected to the Internet.
• No two publicly addressed and visible hosts on the Internet can have the same IP address.
• The physical addresses will change from hop to hop, but the logical addresses remain the same.

Addressing
contd….
Port Addresses(Port Number)
• IP and physical addresses takes care of delivering the packet to destination system, but to be
received by corresponding application in the system, requires Port number of the application
• The physical addresses change from hop to hop, but the logical and port addresses usually
remain the same.
• A port address in TCP/IP is 16 bits in length.
Application-Specific Addresses
• Some applications have user-friendly addresses that are designed for that specific application.
• Example:
• e-mail address - govardhan@tataelxsi.co.in
• URL(Universal Resource Locator) - www.tataelxsi.com

Addressing
contd….

Activities -1

Activities
 How to find an IP address?
 How to check the MAC address?
 How to check Connectivity?
 Wireshark – Traffic Capture
 Understand the headers at each layer
 Addresses

Data Link Layer

LAN - Local Area Network
Introduction
• A local area network (LAN) is a computer network that is designed for a limited geographic area such as a building or a campus.
• Also, local network broadcasting domain
• LAN technologies: Ethernet, token ring, token bus, and ATM LAN
Project 802
• IEEE started a project called “Project 802” – Specifies the functions of Physical and Data link layer of LAN protocols
• The IEEE has subdivided the data link layer into two sublayers:
• logical link control (LLC)
• media access control (MAC)

LAN - Local Area Network contd…
Ethernet Frame
• The packet sent in an Ethernet LAN is called a frame.
• The Ethernet frame contains seven fields
• 1. Preamble – 56 bits(7 bytes) of alternate 0’s and 1’s – Enables to sync input timing
• 2. SFD(Start Frame Delimiter) – 1 byte: 10101011 – Signals the beginning of frame
• 3. Destination Address
• 4. Source Address
• 5. Length or Type of data unit
• 6. Upper-layer data
• 7. CRC(Cyclic Redundancy Check) – Error detecting code

Frame Length
• The minimum length restriction is required for the correct operation of CSMA/CD, as we
will see shortly.
• Minimum length of 512 bits or 64 bytes - In this 18 bytes are of Frame header and 46
bytes are upper layer data, if it is less padding is added
• Maximum length of a frame (without preamble and SFD field) as 1518 bytes. Subtract
the 18 bytes of header and trailer, the maximum length of the payload is 1500 bytes.

MAC Address
• NIC: Each station on an Ethernet network (such as a PC, workstation, or printer) has its own
network interface card (NIC).
• The NIC provides the station with a 6-byte physical address. Also called as MAC/Link address.
Unicast, Multicast, and Broadcast Addresses

• Source address - A source address is always a unicast address as frame comes from one station
• Destination address - A destination address can be unicast, multicast or broad cast
• 1. Unicast - Only one destination - one-to-one, LSB of first byte is 0
• 2. Multicast - Group of destinations - one-to-many, LSB of first byte is 1
• 3. Broadcast - All destinations - All 1's - ff:ff:ff:ff:ff:ff

CSMA/CD
• The IEEE 802.3 standard defines Carrier Sense
Multiple Access with Collision Detection (CSMA/CD)
as the access method for traditional Ethernet
• the medium (channel) is shared between stations
and only one station at a time can use it
• all stations receive a frame sent by a station
(broadcasting). Real destination keeps the frame
while the rest drop it
• Collision happens when two stations are using the
medium at the same time
• CSMA – Carrier Sense Multiple Access
• Station senses the medium before trying to use it
• Principle - "Listen Before Talk“
• CD – Collision Detection
• Collision can still happen after sensing the
medium is free to use

Connecting Devices
 repeaters (or hubs)
 bridges (or two-layer switches)
 routers (or three-layer switches)

Connecting Devices contd…
Repeater or Hub
• A repeater forwards every bit; it has no filtering capability
• A repeater is a device that operates only in the physical layer
• A repeater receives a signal and, before it becomes too weak or corrupted, regenerates
and retimes the original bit pattern
• a repeater was used to connect two segments of a LAN to overcome the length
restriction

Bridges
• A bridge operates in both the physical and the data link layers. Also known as two-layer switch
• As a physical-layer device, it regenerates the signal it receives.
• As a data link layer device, the bridge can check the MAC addresses (source and destination)
contained in the frame.
• A bridge has a table used in filtering decisions.
• Switching table is learned over the time and forwards later to corresponding port.

Routers
• A router is a three-layer device; it operates in
the physical, data link, and network layers
• As a network layer device, a router checks
the network layer addresses (addresses in
the IP layer).
• a router is an internetworking device; it
connects independent networks together to
form an internetwork.
• A router acts only on those packets in which
the physical destination address matches the
address of the interface at which the packet
arrives
• A router changes the physical address of the
packet (both source and destination) when it
forwards the packet

Activities -2

Activities
 Understand Routes
 Understand trace route
 DNS info
 ARP info

Network Layer

Network Layer Services
Services Provided at the Source Computer
• Packetizing: encapsulate the data coming from
the upper layer in a datagram with header to
include DA, SA and other info.
• Finding Logical Address of Next Hop: needs to
consult a routing table to find the logical address
of the next hop.
• Finding MAC Address of Next Hop: Using ARP
services find MAC of next hop
• Fragmentation:
• Transmitting medium have a limit on the size of
the data to be carried in a frame (MTU).
• datagram needs to be fragmented to smaller
units
• Fragmentation needs to preserve the
information at the header of the datagram and
some more info to help in reassemble of these
fragments.

Network Layer Services contd…
Services Provided at Each Router

• Finding Logical Address of Next Hop
• Finding MAC Address of Next Hop
• Fragmentation

Network Layer Services contd…
Services Provided at the Destination Computer

IPv4 Addresses
Introduction
• An IPv4 address is 32 bits long.
• The IPv4 addresses are unique and universal.
• Address Space: The address space of IPv4 is 4,294,967,296(i.e 2 power 32).
• Dotted-Decimal Notation: Ex: 128.11.3.31
Classful Addressing

IPv4 Addresses contd
Network Address
• The network address is the identifier of a network

• each network is identified by its network address
Network Mask
• A network mask or a default mask is a 32-bit number with n leftmost bits all set to 1s and (32 − n) rightmost bits all set to 0s. Ex: 255.0.0.0, 255.255.0.0
• To extract the network address from the destination address of a packet, destination address (or any address in the block) is ANDed with the default mask
Subnetwork
• In subnetting, a network is divided into several smaller subnetworks (subnets) with each subnetwork having its own
subnetwork address

Classless Addressing
• the class privilege was removed from the distribution to compensate for the address depletion
• In classless addressing, variable-length blocks are used. Ex: a block of 1 address, 2 addresses, 4 addresses, 128 addresses, and so on.
• the prefix defines the network and the suffix defines the host. The prefix length in classless addressing can be 1 to 32
• Slash notation: byte . byte . byte . byte / n
• The slash notation is formally referred to as Classless Inter-Domain Routing or CIDR (pronounced cider) notation

Special Addresses
• All-Zeros Address: 0.0.0.0, used when system doesn’t know its IP address. Ex: DHCP client first time booting up.
• All-Ones Address: Broadcast Address- 255.255.255.255. A host that wants to send a message to every other host can use this address as a destination address in an IPv4 packet
• Loopback Addresses: The block 127.0.0.0/8 is used for the loopback address. When this address is used, a packet never leaves the machine; it simply returns to the same machine
software. It can be used to test software
• Multicast Addresses: The block 224.0.0.0/4 is reserved for multicast communication.
• Private Addresses: A number of blocks are assigned for private use. They are not recognized globally.

NAT – Network Address Translation
• To avoid IPv4 addresses depletion, NAT and Private Addresses concept is used.

Internet Protocol v4 – IPv4
Introduction
• The Internet Protocol (IP) is the transmission mechanism used by the TCP/IP protocols at the network layer.
• IP is an unreliable and connectionless datagram protocol—a best-effort delivery service.
• Each datagram is handled
• independently
• follow a different route to the destination
• datagrams sent by the same source to the same destination could arrive out of order
• some could be lost or corrupted during transmission
• If reliability is important, IP must be paired with a reliable protocol such as TCP.
• Ex: Post Office delivering a letter
• Datagram: Packets in the network (internet) layer are called datagrams

Internet Protocol v4 – IPv4 contd…

IP Datagram
• Version (VER): This 4-bit field defines the version of the IP protocol. IPv4 - 4 & IPv6 - 6.
• Header length (HLEN): This 4-bit field defines the total length of the datagram header in 4-byte words. Length of the header is variable between 20 and 60 bytes. 20bytes
= 4x5, so HLEN = 5
• Service type: Part of the field was used to define the precedence(priority) of the datagram; the rest defined the type of service-TOS(low delay, high throughput, and so
on). This is 8 bit field.
• Total length: This is a 16-bit field that defines the total length (header plus data) of the IP datagram in bytes. The total length of the IP datagram is limited to 65,535
• Identification: This field is used in fragmentation
• Flags: This field is used in fragmentation
• Fragmentation offset: This field is used in fragmentation

IP Datagram contd…
• Time to live:
• A datagram has a limited lifetime in its travel through an internet.
• This field is mostly used to control the maximum number of hops (routers) visited
by the datagram.
• This field is needed because routing tables in the Internet can become corrupted
• Protocol: This 8-bit field defines the higher-level protocol that uses the services of
the IP layer. TCP, UDP, ICMP, and IGMP
• Checksum: The checksum
• Source address
• Destination address
• IP Options: variable part of the header, can be a maximum of 40 bytes. Used for
network testing and debugging

Fragmentation
• Maximum Transfer Unit (MTU): The value of the MTU differs from one physical network protocol to another. Ex: Ethernet LAN is
1500 bytes, PPP is 296 bytes
• Fragmentation means divide the datagram to make it possible to pass through these networks.
• The source usually does not fragment the IP packet. The transport layer will instead segment the data into a MTU size.
• Datagram may itself be fragmented if it encounters a network with an even smaller MTU
• The reassembly of the datagram is done only by the destination host because each fragment becomes an independent datagram
• Only data in a datagram is fragmented

Fragmentation Fields
• Identification: 16 bit field

• identifies a datagram originating from the source host
• The combination of the identification and source IP address must make unique
• When a datagram is fragmented, the value in the identification field is copied into all fragments
• Flags: 3 bit field
• first bit is reserved (not used)
• second bit is do not fragment
• third bit is more fragment: If its value is 1, it means the datagram is not the last fragment; there are more fragments after this one
• Fragmentation offset: 13-bit field
• the relative position of this fragment with respect to the whole datagram


Options
Security Issues and IPSec(IP Security)

 Packet Sniffing
 Packet Modification
 IP Spoofing


Address Resolution Protocol - ARP
 Before the IP protocol can deliver a packet from a source host to the destination host, it needs to know how
to deliver it to the next hop first.
 since IP uses the services of the data link layer, it needs to know the physical address of the next hop
 Address Resolution Protocol (ARP) helps you to find physical address(MAC) for given IP address
 RARP(Reverse) maps a physical address to a logical address
 ARP request is sent to all(Broadcast) but reply is Unicast.

Address Resolution Protocol – ARP contd…
ARP Packet
• Hardware type: 16-bit field defining the type of the network on which ARP
is running. Ethernet is given the type 1.
• Protocol type: 16-bit field defining the protocol. IPv4 protocol is 080016.
• Hardware length: 8-bit field defining the length of the physical address in
bytes. Ethernet MAC value is 6.
• Protocol length: 8-bit field defining the length of the logical address in
bytes. IPv4 protocol the value is 4.
• Operation: This is a 16-bit field defining the type of packet. ARP request (1),
ARP reply (2).
• Sender hardware address: This is a variable-length field defining the
physical address of the sender. Ethernet this field is 6 bytes long.
• Sender protocol address: This is a variable-length field defining the logical
(for example, IP) address of the sender. IP protocol, this field is 4 bytes long.
• Target hardware address: This is a variable-length field defining the physical
address of the target. For an ARP request message, this field is all 0s.
• Target protocol address: This is a variable-length field defining the logical
(for example, IP) address of the target. For the IPv4 protocol, this field is 4
bytes long.

ARP Use Cases
 Proxy ARP: A proxy ARP is an ARP
that acts on behalf of a set of hosts.


Routing Protocols
 Cost or Metric: assign a cost for passing through a network
 Static versus Dynamic Routing Tables:
 A static table is one with manual entries
 A dynamic table is updated automatically when there is a change somewhere in the internet
 Dynamic table is updated:
 when a link is down
 whenever a better route has been found
 Autonomous system (AS): group of networks and routers under the authority of a single administration
 Routing Protocol:
 interior protocol - intradomain routing – routing inside AS.
 Routing Information Protocol – RIP - distance vector protocol
 Open Shortest Path First – OSPF - link state protocol
 exterior protocol - inter-domain routing – routing between AS’s
 Border Gateway Protocol (BGP) - path vector protocol

Routing Protocols contd…
A graph for Bellman-Ford algorithm

The fact behind Bellman-Ford algorithm

Updating Routing Table
• If the next-node entry is different
• The receiving node chooses the row with the smaller cost
• If there is a tie, the old one is kept
• If the next-node entry is the same
• i.e. the sender of the new row is the provider of the old entry
• The receiving node chooses the new row, even though the new value
is infinity.

When to Share
• Periodic Update
• A node sends its routing table, normally 30 seconds, in a periodic
update
• Triggered Update
• A node sends its routing table to its neighbors any time when there is
a change in its routing table
• 1. After updating its routing table, or
• 2. Detects some failure in the neighboring links


4 3 2
Net5 , 1Net4 , 1
Net2 , 1
TCP/IP Protocol Suite 64

Final Routing Table

RIP timers

Note
RIP uses the services of UDP on well-known port 520.

Transport Layer

User Datagram Protocol(UDP)
UDP packets, called user datagrams, have a fixed-size header of 8 bytes
 UDP is a connectionless protocol. Each UDP packet is independent from other packets sent by the same application
program. Unreliable service.
 No Flow Control

User Datagram Protocol(UDP) contd
Pseudoheader for checksum calculation

Encapsulation and decapsulation


Queuing

Multiplexing and Demultiplexing

UDP Design

Summary
• UDP is a transport protocol that creates a process-to-process communication.
• UDP is a (mostly) unreliable and connectionless protocol that requires little overhead and
offers fast delivery.
• The UDP packet is called a user datagram.
• UDP’s only attempt at error control is the checksum. Inclusion of a pseudoheader in the
checksum calculation allows source and destination IP address errors to be detected.
• UDP has no flow-control mechanism.
• A user datagram is encapsulated in the data field of an IP datagram. Incoming and
outgoing queues hold messages going to and from UDP.
• UDP uses multiplexing to handle outgoing user datagrams from multiple processes on one
host. UDP uses demultiplexing to handle incoming user datagrams that go to different
processes on the same host.

Transmission Control Protocol(TCP)
TCP Services
• Provides Process-to-Process Communication
• stream-oriented protocol: allows the sending process to deliver data as a stream of bytes and allows
the receiving process to obtain data as a stream of bytes
• Flow Control: Maintains Sending and Receiving Buffers. Handles the disparity between the speed of
the producing and consuming processes
• Segments: Groups a number of bytes together into a packet called a segment. Adds a header to each
segment.
• Full-Duplex Communication: data can flow in both directions at the same time
• Multiplexing and Demultiplexing: performs multiplexing at the sender and demultiplexing at the
receiver
• Connection-oriented protocol:
• 1. The two TCPs establish a virtual connection between them.
• 2. Data are exchanged in both directions.
• 3. The connection is terminated
• Reliable transport protocol: uses an acknowledgment mechanism to check the safe and sound arrival
of data
Transmission Control Protocol(TCP) contd
Numbering System
• Byte Number:
• numbers all data bytes (octets) that are transmitted in a connection
• The numbering starts with an arbitrarily generated number
• Sequence Number:
• Assigns a sequence number to each segment that is being sent
• The sequence number for each segment is the number of the first byte of data
carried in that segment
• Acknowledgment Number:
• uses an acknowledgment number to confirm the bytes it has received
• defines the number of the next byte that the party expects to receive
• acknowledgment number is cumulative - adds 1 to number of the last byte

Flow Control
• The sending TCP controls how much data can be accepted from the sending process
• the receiving TCP controls how much data can to be sent by the sending TCP
• to prevent the receiver from being overwhelmed with data
Error Control
• To provide reliable service, TCP implements an error control mechanism
• Loss of segment and discarded segments
• Corrupted Segment
• Recognize duplicate packets and discard them
• Buffer out-of-order segments until the missing segments arrive
Congestion Control
• Controls congestion in the network
• the number of packets sent to the network—is greater than the capacity of network
• Congestion in a network or internetwork occurs because routers and switches have queues—buffers that
hold the packets before and after processing

Segment Header
• Window size:
• This field defines the window size of the sending TCP in bytes
• 16 bits field – Max value 65,535 bytes
• determined by the receiver
• Checksum:
• The calculation of the checksum for TCP follows the same procedure as the one described for
UDP
• Checksum in the TCP segment is mandatory
• Urgent pointer
• 16-bit field
• valid only if the urgent flag is set
• used when the segment contains urgent data

TCP Connection
• TCP is connection-oriented: requires three phases
• 1. connection establishment
• transmits data in full-duplex mode
• each party must initialize communication and get approval from the other party
• three-way handshaking
• 2. data transfer
• After connection is established, bidirectional data transfer can take place
• 3. connection termination
• three-way handshaking and four-way handshaking with a half-close option
• Connection Reset

Connection establishment using three-way handshake
Passive
Active open
open
Connection
opened
Means “no data” !

seq: 8001 if piggybacking
Data Transfer
Send
request
Receive
Send
request
Receive
Send
request
Connection Termination

Connection termination using three-way handshake

Send window in TCP

Receive window in TCP

Flow Control
Messages 1 Flow control Messages

are pushed 5 3
feedback are pulled
2
Segements are pushed
4
Flow control feedback

An example of flow control

Silly Window Syndrome

• Sending data in very small segments
• 1. Syndrome created by the Sender
• Sending application program creates data slowly (e.g. 1 byte at a
time)
• Wait and collect data to send in a larger block
• How long should the sending TCP wait?
• Solution: Nagle’s algorithm
• Nagle’s algorithm takes into account
• (1) the speed of the application program that creates the data, and
• (2) the speed of the network that transports the data
Silly Window Syndrome

• 2. Syndrome created by the Receiver
• Receiving application program consumes data slowly
(e.g. 1 byte at a time)
• The receiving TCP announces a window size of 1 byte.
The sending TCP sends only 1 byte…
• Solution 1: Clark’s solution
• Sending an ACK but announcing a window size of zero
until there is enough space to accommodate a segment
of max. size or until half of the buffer is empty
Transmission Control Protocol(TCP) - Error Control
contd
Rules for Generating ACK
• 1. When one end sends a data segment to the other end, it must include an ACK. That
gives the next sequence number it expects to receive. (Piggyback)
• 2. The receiver needs to delay sending (until another segment arrives or 500ms) an
ACK segment if there is only one outstanding in-order segment. It prevents ACK
segments from creating extra traffic.
• 3. There should not be more than 2 in-order unacknowledged segments at any time. It
prevent the unnecessary retransmission
• 4. When a segment arrives with an out-of-order sequence number that is higher than
expected, the receiver immediately sends an ACK segment announcing the sequence
number of the next expected segment. (for fast retransmission)
• 5. When a missing segment arrives, the receiver sends an ACK segment to announce
the next sequence number expected.
• 6. If a duplicate segment arrives, the receiver immediately sends an ACK.

contdoperation
Normal

contd
Lost segment

contd
Fast retransmission

contd
Lost acknowledgment

contd
Lost acknowledgment corrected by resending a segment

Transmission Control Protocol(TCP) - Congestion Control
Slow start, exponential increase
• In the slow start algorithm, the size of the congestion window increases exponentially until it reaches a
threshold.
1
cwnd
RTT
2
cwnd
RTT
4
cwnd
RTT
8
cwnd

Congestion avoidance, additive increase
• In the congestion avoidance algorithm the size of the congestion window increases additively until
congestion is detected.

contdpolicy summary
TCP Congestion

TCP Timers
TCP Options

Transmission Control Protocol(TCP) contd…

TCB – Transmission Control Block
• ❑ State. This field defines the state of the connection according to the state transition diagram.
• ❑ Process. This field defines the process using this connection at this machine as a client or a server.
• ❑ Local IP address. This field defines the IP address of the local machine used by this connection.
• ❑ Local port number. This field defines the local port number used by this connection.
• ❑ Remote IP address. This field defines the IP address of the remote machine used by this connection.
• ❑ Remote port number. This field defines the remote port number used by this connection.
• ❑ Interface. This field defines the local interface.
• ❑ Local window. This field, which can comprise several subfields, holds information about the window at the local TCP.
• ❑ Remote window. This field, which can comprise several subfields, holds information about the window at the remote TCP.
• ❑ Sending sequence number. This field holds the sending sequence number.
• ❑ Receiving sequence number. This field holds the receiving sequence number.
• ❑ Sending ACK number. This field holds the value of the ACK number sent.
• ❑ Round-trip time. Several fields may be used to hold information about the RTT.
• ❑ Time-out values. Several fields can be used to hold the different time-out values such as the retransmission time-out,
persistence time-out, keepalive time-out, and so on.
• ❑ Buffer size. This field defines the size of the buffer at the local TCP.
• ❑ Buffer pointer. This field is a pointer to the buffer where the received data are kept until they are read by the application.

Application Layer

Dynamic Host Configuration
Protocol(DHCP)

INTRODUCTION
Each computer that uses the TCP/IP protocol suite needs to know its IP
address. If the computer uses classless addressing or is a member of a subnet,
it also needs to know its subnet mask. Most computers today need two other
pieces of information: the address of a default router to be able to
communicate with other networks and the address of a name server to be able
to use names instead of addresses as we will see in the next chapter. In other
words, four pieces of information are normally needed.

DHCP OPERATION
The DHCP client and server can either be on the same network or on different
networks. Let us discuss each situation separately.

Client and server on the same network

Client and server on two different networks

Use of UDP ports

DHCP packet format

Flag format

Option format

CONFIGURATION
The DHCP has been devised to provide static and dynamic address allocation.

Option with tag 53

DHCP client transition diagram

Exchanging messages

Domain Name System (DNS)

NEED FOR DNS
To identify an entity, TCP/IP protocols use the IP address, which uniquely

identifies the connection of a host to the Internet. However, people prefer to
use names instead of numeric addresses. Therefore, we need a system that can
map a name to an address or an address to a name.

Purpose of DNS
User
1
Host
name
Host
name
2
5
IP address
6 3 Query
IP address
Response 4
Transport layer

NAME SPACE
To be unambiguous, the names assigned to machines must be carefully

selected from a name space with complete control over the binding between
the names and IP addresses. In other words, the names must be unique
because the addresses are unique. A name space that maps each address to a
unique name can be organized in two ways: flat or hierarchical.

Domain name space

Domain names and labels

FQDN and PQDN

Domains

Hierarchy of name servers

Zones and domains

Note
A primary server loads all information from the disk file; the
secondary server loads all information from the primary
server.
When the secondary downloads information from the

primary, it is
called zone transfer.

DNS IN THE INTERNET
DNS is a protocol that can be used in different platforms. In the Internet, the
domain name space (tree) is divided into three different sections: generic
domains, country domains, and the inverse domain

DNS used in the Internet

Generic domains

Country domains

Inverse domain

RESOLUTION
Mapping a name to an address or an address to a name is called name-address

resolution.

Recursive resolution
3
4
8 7
2 5
9
6
10

Iterative resolution
5
6
3
4
1
2
7
8
9
10

DNS MESSAGES
DNS has two types of messages: query and response. Both types have the
same format. The query message consists of a header and question records;
the response message consists of a header, question records, answer records,
authoritative records, and additional records

Query and response messages

Header format

Flags field

TYPES OF RECORDS
As we saw in the previous section, two types of records are used in DNS. The
question records are used in the question section of the query and response
messages. The resource records are used in the answer, authoritative, and
additional information sections of the response message.

Question record format

Query name format

Resource record format

SECURITY OF DNS
DNS is one of the most important systems in the Internet infrastructure; it provides
crucial services to the Internet users. Applications such as Web access or e-mail are
heavily dependent on the proper operation of DNS. DNS can be attacked in several
Ways.
To protect DNS, IETF has devised a technology named DNS Security
(DNSSEC) that provides the message origin authentication and message integrity
using a security service called digital signature.

DNS Attacks
DNS can be attacked

• 1. The attacker may read the response of a DNS server to find the
nature or names of sites the user mostly accesses. This type of
information can be used to find the user’s profile. To prevent this attack,
DNS message needs to be confidential
• 2. The attacker may intercept the response of a DNS server and change
it or create a totally new bogus response to direct the user to the site or
domain the attacker wishes the user to access. This type of attack can
be protected using message origin authentication and message integrity
• 3. The attacker may flood the DNS server to overwhelm it or eventually
crash it. This type of attack can be protected using the provision against
denial-of-service attack.

Firewalls

FIREWALLS
All security measures cannot prevent Eve from sending a harmful

message to a system. To control access to a system we need firewalls. A
firewall is a device (usually a router or a computer) installed between the
internal network of an organization and the rest of the Internet. It is
designed to forward some packets and filter (not forward) others.

Firewall

Packet-filter firewall

Note
In PGP, there can be multiple paths from fully or

partially trusted authorities
to any subject.

Proxy firewall
Errors
All HTTP
packets
Accepted
packets

Note
A proxy firewall filters at the

application layer.

Network Management: SNMP

CONCEPT
SNMP uses the concept of manager and agent. That is, a manager, usually a
host, controls and monitors a set of agents, usually routers or servers.

Figure: SNMP concept

MANAGEMENT COMPONENTS
To do management tasks, SNMP uses two other protocols: Structure of

Management Information (SMI) and Management Information Base (MIB). In
other words, management on the Internet is done through the cooperation of
three protocols: SNMP, SMI, and MIB.

Figure: Companion of network management on the Internet
• SNMP defines the format of packets exchanged between a

manager and an agent. It reads and changes the status of
objects (values of variables) in SNMP packets.
• SMI defines the general rules for naming objects, defining object
types (including range and length), and showing how to encode
objects and values.
• MIB creates a collection of named objects, their types, and their
relationships to each other in an entity to be managed.
Figure: Comparing computer programming and network management

Figure: Management overview
6
1
3
SNMP packet
4 Get Request
SNMP packet
Response 5

SMI
The Structure of Management Information is a component for network

management. Its functions are:
1. To name objects.
2. To define the type of data that can be stored in an object.
3. To show how to encode data for transmission over the network.
SMI is a guideline for SNMP. It emphasizes three attributes to handle an

object: name, data type, and encoding method.

Figure Object identifier
All objects managed by SNMP are given an object identifier.

MIB
The Management Information Base, version 2 (MIB2) is the second

component used in network management. Each agent has its own MIB2,
which is a collection of all the objects that the manager can manage. The
objects in MIB2 are categorized under 10 different groups: system, interface,
address translation, ip, icmp, tcp, udp, egp, transmission, and snmp. These
groups are under the mib-2 object in the object identifier tree. Each group has
defined variables and/or tables.

Figure mib-2

SNMP
SNMP uses both SMI and MIB in Internet network management. It is an

application program that allows:
1. A manager to retrieve the value of an object defined in an agent.

2. A manager to store a value in an object defined in an agent.
3. An agent to send an alarm message about an abnormal situation to the
manager.

Figure: SNMP PDUs

UDP PORTS
SNMP uses the services of UDP on two well-known ports, 161 and 162. The
well-known port 161 is used by the server (agent), and the well-known port
162 is used by the client (manager).

SECURITY
• SNMPv3 has added two new features to the previous version: security and
remote administration. SNMPv3 allows a manager to choose one or more
levels of security when accessing an agent. Different aspects of security
can be configured by the manager to allow message authentication,
confidentiality, and integrity.
• SNMPv3 also allows remote configuration of security aspects without

requiring the administrator to actually be at the place where the device is
located.

References
Book: TCP/IP Protocol Suite 4th Ed. by Forouzan
http://erdos.csie.ncnu.edu.tw/~ccyang/TCPIP/TCPIPSlide.html

Thank You

Networking Fundamentals - Govardhan - July 2018

Uploaded by

Copyright:

Available Formats

Networking Fundamentals - Govardhan - July 2018

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Networking Fundamentals - Govardhan - July 2018

Uploaded by

Copyright:

Available Formats

Copyright © 2017 Tata Elxsi | Confidential | 1

Copyright © 2017 Tata Elxsi | Confidential | 2

(C) Layer 2 and 3

(D) Layer 4 and 5

Copyright © 2017 Tata Elxsi | Confidential | 3

Copyright © 2017 Tata Elxsi | Confidential | 4

existing since 1969

Copyright © 2017 Tata Elxsi | Confidential | 5

Copyright © 2017 Tata Elxsi | Confidential | 6

Copyright © 2017 Tata Elxsi | Confidential | 7

Copyright © 2017 Tata Elxsi | Confidential | 8

Copyright © 2017 Tata Elxsi | Confidential | 9

Copyright © 2017 Tata Elxsi | Confidential | 10

Copyright © 2017 Tata Elxsi | Confidential | 11

Data Link Layer – Layer 2

Network Layer – Layer 3

Copyright © 2017 Tata Elxsi | Confidential | 12

Session Layer – Layer 5

Presentation Layer – Layer 6

Application Layer – Layer 7

Copyright © 2017 Tata Elxsi | Confidential | 13

Copyright © 2017 Tata Elxsi | Confidential | 14

Copyright © 2017 Tata Elxsi | Confidential | 15

Copyright © 2017 Tata Elxsi | Confidential | 16

Copyright © 2017 Tata Elxsi | Confidential | 17

Copyright © 2017 Tata Elxsi | Confidential | 18

Copyright © 2017 Tata Elxsi | Confidential | 19

Copyright © 2017 Tata Elxsi | Confidential | 20

Copyright © 2017 Tata Elxsi | Confidential | 21

Copyright © 2017 Tata Elxsi | Confidential | 22

Copyright © 2017 Tata Elxsi | Confidential | 23

Copyright © 2017 Tata Elxsi | Confidential | 24

Copyright © 2017 Tata Elxsi | Confidential | 25

Copyright © 2017 Tata Elxsi | Confidential | 26

Copyright © 2017 Tata Elxsi | Confidential | 27

Unicast, Multicast, and Broadcast Addresses

Copyright © 2017 Tata Elxsi | Confidential | 28

Copyright © 2017 Tata Elxsi | Confidential | 29

Copyright © 2017 Tata Elxsi | Confidential | 30

Copyright © 2017 Tata Elxsi | Confidential | 31

Copyright © 2017 Tata Elxsi | Confidential | 32

Copyright © 2017 Tata Elxsi | Confidential | 33

Copyright © 2017 Tata Elxsi | Confidential | 34

Copyright © 2017 Tata Elxsi | Confidential | 35

Copyright © 2017 Tata Elxsi | Confidential | 36

Copyright © 2017 Tata Elxsi | Confidential | 37

Services Provided at Each Router

Copyright © 2017 Tata Elxsi | Confidential | 38

Copyright © 2017 Tata Elxsi | Confidential | 39

Copyright © 2017 Tata Elxsi | Confidential | 40

• The network address is the identifier of a network

Copyright © 2017 Tata Elxsi | Confidential | 41

Copyright © 2017 Tata Elxsi | Confidential | 42

Copyright © 2017 Tata Elxsi | Confidential | 43

Copyright © 2017 Tata Elxsi | Confidential | 44

Copyright © 2017 Tata Elxsi | Confidential | 45

Copyright © 2017 Tata Elxsi | Confidential | 46

Copyright © 2017 Tata Elxsi | Confidential | 47

Copyright © 2017 Tata Elxsi | Confidential | 48