The
Internet protocols are the world's most popular open-system
(nonproprietary) protocol suite because they can be used to communicate
across any set of interconnected networks and are equally well suited
for LAN and WAN communications. The Internet protocols consist of a
suite of communication protocols, of which the two best known are the Transmission
Control Protocol (TCP) and the Internet Protocol (IP). The Internet
protocol suite not only includes lower-layer protocols (such as TCP and
IP), but it also specifies common applications such as electronic mail,
terminal emulation, and file transfer. This chapter provides a broad
introduction to specifications that comprise the Internet protocols.
Discussions include IP addressing and key upper-layer protocols used in
the Internet. Specific routing protocols are addressed individually in
Part 6, Routing Protocols.
Internet protocols were first developed
in the mid-1970s, when the Defense
Advanced Research Projects Agency (DARPA) became interested in
establishing a packet-switched network that would facilitate
communication between dissimilar computer systems at research
institutions. With the goal of heterogeneous connectivity in mind, DARPA
funded research by Stanford University and Bolt, Beranek, and Newman (BBN).
The result of this development effort was the Internet protocol suite,
completed in the late 1970s.
TCP/IP later was included with
Berkeley Software Distribution (BSD) UNIX and has since become the
foundation on which the Internet and the World Wide Web (WWW) are based.
Documentation of the Internet protocols
(including new or revised protocols) and policies are specified in
technical reports called Request For Comments (RFCs),
which are published and then reviewed and analyzed by the Internet
community. Protocol refinements are published in the new RFCs. To
illustrate the scope of the Internet protocols, Figure 30-1 maps
many of the protocols of the Internet protocol suite and their
corresponding OSI layers. This chapter addresses the basic elements and
operations of these and other
key Internet protocols.
Figure 30-1: Internet
protocols span the complete range of OSI model layers.
The Internet Protocol (IP) is
a network-layer (Layer 3) protocol that contains addressing information
and some control information that enables packets to be routed. IP is
documented in RFC 791 and is the primary network-layer protocol in the
Internet protocol suite. Along with the Transmission Control Protocol
(TCP), IP represents the heart of the Internet protocols. IP has two
primary responsibilities: providing connectionless, best-effort delivery
of datagrams through an internetwork; and providing fragmentation and
reassembly of datagrams to support data links with different
maximum-transmission unit (MTU) sizes.
An IP packet contains several
types of information, as illustrated in Figure 30-2.
Figure 30-2: Fourteen fields
comprise an IP packet.
The following discussion describes the IP
packet fields illustrated in Figure
30-2:
As with any other network-layer protocol,
the IP addressing scheme is integral to the process of routing IP
datagrams through an internetwork. Each IP address has specific
components and follows a basic format. These IP addresses can be
subdivided and used to create addresses for subnetworks, as discussed in
more detail later in this chapter.
Each host on a TCP/IP network is assigned
a unique 32-bit logical address that is divided into two main parts: the
network number and the host number. The network number identifies a
network and must be assigned by the Internet Network Information Center
(InterNIC) if the network is to be part of the Internet. An Internet
Service Provider (ISP) can obtain blocks of network addresses from the
InterNIC and can itself assign address space as necessary. The host
number identifies a host on a network and is assigned by the local
network administrator.
The 32-bit IP address is grouped eight
bits at a time, separated by dots, and represented in decimal format
(known as dotted decimal notation). Each bit in the octet has a
binary weight (128, 64, 32, 16, 8, 4, 2, 1). The minimum value for an
octet is 0, and the maximum value for an octet is 255. Figure 30-3
illustrates the basic format of an IP address.
Figure 30-3: An IP address
consists of 32 bits, grouped into four octets.
IP
addressing supports five different address classes:
A, B,C, D, and E. Only classes A, B, and C are available for commercial
use. The left-most (high-order) bits indicate the network class. Table
30-1 provides reference information about the five IP address classes.
Table 30-1: Reference
Information About the Five IP Address Classes
| IP Address Class |
Format |
Purpose |
High-Order Bit(s) |
Address Range |
No. Bits
Network/Host |
Max. Hosts |
|
A
|
N.H.H.H1
|
Few large organizations
|
0
|
1.0.0.0 to 126.0.0.0
|
7/24
|
16,777, 2142
(224 - 2)
|
|
B
|
N.N.H.H
|
Medium-size organizations
|
1, 0
|
128.1.0.0 to 191.254.0.0
|
14/16
|
65, 543 (216 - 2)
|
|
C
|
N.N.N.H
|
Relatively small organizations
|
1, 1, 0
|
192.0.1.0 to 223.255.254.0
|
22/8
|
245 (28 - 2)
|
|
D
|
N/A
|
Multicast groups (RFC 1112)
|
1, 1, 1, 0
|
224.0.0.0 to 239.255.255.255
|
N/A (not for commercial use)
|
N/A
|
|
E
|
N/A
|
Experimental
|
1, 1, 1, 1
|
240.0.0.0 to 254.255.255.255
|
N/A
|
N/A
|
1N =
Network number, H = Host number.
2One address is reserved for the
broadcast address, and one address is reserved for the network.
|
Figure 30-4 illustrates the format of the
commercial IP address classes. (Note the high-order bits in each class.)
Figure 30-4: IP address
formats A, B, and C are available for commercial use.
The class of address can be determined
easily by examining the first octet of the address and mapping that
value to a class range in the following table. In an IP address of
172.31.1.2, for example, the first octet is 172. Because 172 falls
between 128 and 191, 172.31.1.2 is a Class B address. Figure
30-5 summarizes the range of possible values for the first octet of each
address class.
Figure 30-5: A range of
possible values exists for the first octet of each address class.
IP
networks can be divided into smaller
networks called subnetworks (or subnets). Subnetting provides the
network administrator with several benefits, including extra
flexibility, more efficient use of network addresses, and the capability
to contain broadcast traffic (a broadcast will not cross a router).
Subnets are under local administration.
As such, the outside world sees an organization as a single network and
has no detailed knowledge of the organization's internal structure.
A given network address can be broken up
into many subnetworks. For example, 172.16.1.0, 172.16.2.0, 172.16.3.0,
and 172.16.4.0 are all subnets within network 171.16.0.0. (All 0s in the
host portion of an address specifies the entire network.)
A subnet address is created by
"borrowing" bits from the host field and designating them as
the subnet field. The number of borrowed bits varies and is specified by
the subnet mask. Figure 30-6 shows how bits are borrowed from the host
address field to create the subnet address field.
Figure 30-6: Bits are
borrowed from the host address field to create the subnet address field.
Subnet masks use the same format and
representation technique as IP addresses. The subnet
mask, however, has binary 1s in all bits specifying the network and
subnetwork fields, and binary 0s in all bits specifying the host field. Figure
30-7 illustrates a sample subnet mask.
Figure 30-7: A sample subnet
mask consists of all binary 1s and 0s.
Subnet mask bits should come from the
high-order (left-most) bits of the host field, as Figure
30-8 illustrates. Details of Class B and C subnet mask types follow.
Class A addresses are not discussed in this chapter because they
generally are subnetted on an 8-bit boundary.
Figure 30-8: Subnet mask bits
come from the high-order bits of the host field.
Various types of subnet masks exist for
Class B and C subnets.
The default subnet mask for a Class B
address that has no subnetting is 255.255.0.0, while the subnet
mask for a Class B address 171.16.0.0 that specifies eight bits of
subnetting is 255.255.255.0. The reason for this is that eight bits of
subnetting or 28 - 2 (1 for the network address and 1 for the
broadcast address) = 254 subnets possible, with 28 - 2 = 254
hosts per subnet.
The subnet mask for a Class C address
192.168.2.0 that specifies five bits of subnetting is
255.255.255.248.With five bits available for subnetting, 25 -
2 = 30 subnets possible, with
23 - 2 = 6 hosts per subnet.
The reference charts shown
in table 30-2 and table 30-3 can be used when planning Class B and C
networks to determine the required number of subnets and hosts, and the
appropriate subnet mask.
Table 30-2: Class
B Subnetting Reference Chart
| Number of Bits |
Subnet Mask |
Number of Subnets |
Number of Hosts |
|
2
|
255.255.192.0
|
2
|
16382
|
|
3
|
255.255.224.0
|
6
|
8190
|
|
4
|
255.255.240.0
|
14
|
4094
|
|
5
|
255.255.248.0
|
30
|
2046
|
|
6
|
255.255.252.0
|
62
|
1022
|
|
7
|
255.255.254.0
|
126
|
510
|
|
8
|
255.255.255.0
|
254
|
254
|
|
9
|
255.255.255.128
|
510
|
126
|
|
10
|
255.255.255.192
|
1022
|
62
|
|
11
|
255.255.255.224
|
2046
|
30
|
|
12
|
255.255.255.240
|
4094
|
14
|
|
13
|
255.255.255.248
|
8190
|
6
|
|
14
|
255.255.255.252
|
16382
|
2
|
Table 30-3: Class
C Subnetting Reference Chart
| Number of Bits |
Subnet Mask |
Number of Subnets |
Number of Hosts |
|
2
|
255.255.255.192
|
2
|
62
|
|
3
|
255.255.255.224
|
6
|
30
|
|
4
|
255.255.255.240
|
14
|
14
|
|
5
|
255.255.255.248
|
30
|
6
|
|
6
|
255.255.255.252
|
62
|
2
|
The router performs a set process to
determine the network (or more specifically, the
subnetwork) address. First, the router extracts the IP destination
address from the incoming packet and retrieves the internal subnet mask.
It then performs a logical AND operation to obtain the network
number. This causes the host portion of the IP destination address to be
removed, while the destination network number remains. The router then
looks up the destination network number and matches it with an outgoing
interface. Finally, it forwards the frame to the destination IP address.
Specifics regarding the logical AND operation are discussed in the following
section.
Three basic rules govern logically "ANDing"
two binary numbers. First, 1 "ANDed" with 1 yields 1. Second,
1 "ANDed" with 0 yields 0. Finally, 0 "ANDed" with 0
yields 0. The truth table provided in table 30-4 illustrates the rules
for logical AND operations.
Table 30-4: Rules
for Logical AND Operations
| Input |
Input |
Output |
|
1
|
1
|
1
|
|
1
|
0
|
0
|
|
0
|
1
|
0
|
|
0
|
0
|
0
|
Two simple guidelines exist for
remembering logical AND operations: Logically "ANDing" a 1
with a 1 yields the original value, and logically "ANDing" a 0
with any number yields 0.
Figure 30-9 illustrates that when a
logical AND of the destination IP address and the subnet mask is
performed, the subnetwork number remains, which the router uses to
forward the packet.
Figure 30-9: Applying a
logical AND the destination IP address and the subnet mask produces the
subnetwork number.
For two machines on a given network to
communicate, they must know the other machine's physical (or MAC)
addresses. By broadcasting Address Resolution Protocols (ARPs),
a host can dynamically discover the MAC-layer
address corresponding to a particular IP network-layer address.
After receiving a MAC-layer address, IP
devices create an ARP cache to store the recently acquired IP-to-MAC
address mapping, thus avoiding having to broadcast ARPS when they want
to recontact a device. If the device does not respond within a specified
time frame, the cache entry is flushed.
In addition to the Reverse
Address Resolution Protocol (RARP) is used to map MAC-layer addresses to
IP addresses. RARP, which is the logical inverse of ARP, might be used
by diskless workstations that do not know their IP addresses when they
boot. RARP relies on the presence of a RARP server with table entries of
MAC-layer-to-IP address mappings.
Internet routing devices
traditionally have been called gateways. In today's terminology,
however, the term gateway refers specifically to a device that performs
application-layer protocol translation between devices. Interior
gateways refer to devices that perform these protocol functions between
machines or networks under the same administrative control or authority,
such as a corporation's internal network. These are known as autonomous
systems. Exterior gateways perform protocol functions between
independent networks.
Routers within the Internet are organized
hierarchically. Routers used for information exchange within autonomous
systems are called interior routers, which use a variety of Interior
Gateway Protocols (IGPs) to accomplish this purpose. The Routing
Information Protocol (RIP) is an example of an IGP.
Routers that move information between
autonomous systems are called exterior routers. These routers use an
exterior gateway protocol to exchange information between autonomous
systems. The Border Gateway Protocol (BGP) is an example of an exterior
gateway protocol.
Note Specific routing protocols,
including BGP and RIP, are addressed in individual chapters presented in
Part 6 later in this book.
IP routing protocols are
dynamic. Dynamic routing calls for routes to be calculated automatically
at regular intervals by software in routing devices. This contrasts with
static routing, where routers are established by the network
administrator and do not change until the network administrator changes
them.
An IP routing table, which consists of
destination address/next hop pairs, is used to enable dynamic routing.
An entry in this table, for example, would be interpreted as follows: to
get to network 172.31.0.0, send the packet out Ethernet interface 0
(E0).
IP routing specifies that IP datagrams
travel through internetworks one hop at a time. The entire route is not
known at the onset of the journey, however. Instead, at each stop, the
next destination is calculated by matching the destination address
within the datagram with an entry in the current node's routing table.
Each node's involvement in the routing
process is limited to forwarding packets based on internal information.
The nodes do not monitor whether the packets get to their final
destination, nor does IP provide for error reporting back to the source
when routing anomalies occur. This task is left to another Internet
protocol, the Internet Control-Message Protocol (ICMP), which is
discussed in the following section.
The Internet Control Message Protocol
(ICMP) is a network-layer Internet protocol that provides message packets
to report errors and other information regarding IP packet processing
back to the source. ICMP is documented in RFC 792.
ICMPs generate several kinds of useful messages,
including Destination Unreachable, Echo Request and Reply, Redirect,
Time Exceeded, and Router Advertisement and Router Solicitation. If an
ICMP message cannot be delivered, no second one is generated. This is to
avoid an endless flood of ICMP messages.
When an
ICMP destination-unreachable message is sent by a router, it means that
the router is unable to send the package to its final destination. The
router then discards the original packet. Two reasons exist for why a
destination might be unreachable. Most commonly, the source host has
specified a nonexistent address. Less frequently, the router does not
have a route to the destination.
Destination-unreachable messages include
four basic types: network unreachable, host unreachable, protocol
unreachable, and port unreachable. Network-unreachable
messages usually mean that a failure has occurred in the routing or
addressing of a packet. Host-unreachable messages usually
indicates delivery failure, such as a wrong subnet mask. Protocol-unreachable
messages generally mean that the destination does not support the
upper-layer protocol specified in the packet. Port-unreachable
messages imply that the TCP socket or port is not available.
An ICMP echo-request
message, which is generated by the ping command, is sent by any host to
test node reachability across an internetwork. The ICMP echo-reply
message indicates that the node can be successfully reached.
An
ICMP Redirect
message is sent by the router to the source host to stimulate more
efficient routing. The router still forwards the original packet to the
destination. ICMP redirects allow host routing tables to remain small
because it is necessary to know the address of only one router, even if
that router does not provide the best path. Even after receiving an ICMP
Redirect message, some devices might continue using the less-efficient
route.
An
ICMP Time-exceeded message is sent by the router if
an IP packet's Time-to-Live field (expressed in hops or seconds) reaches
zero. The Time-to-Live field prevents packets from
continuously circulating the internetwork if the internetwork contains a
routing loop. The router then discards the original packet.
IDRP uses
Router-Advertisement and Router-Solicitation messages to discover the
addresses of routers on directly attached subnets. Each router
periodically multicasts Router-Advertisement messages from each of its
interfaces. Hosts then discover addresses of routers on directly
attached subnets by listening for these messages. Hosts can use
Router-Solicitation messages to request immediate advertisements rather
than waiting for unsolicited messages.
IRDP offers several advantages over other
methods of discovering addresses of neighboring routers. Primarily, it
does not require hosts to recognize routing protocols, nor does it
require manual configuration by an administrator.
Router-Advertisement messages
enable hosts to discover the existence of neighboring routers, but not
which router is best to reach a particular destination. If a host uses a
poor first-hop router to reach a particular destination, it receives a
Redirect message identifying a better choice.
The TCP provides reliable
transmission of data in an IP environment. TCP corresponds to the
transport layer (Layer 4) of the OSI reference model. Among the services
TCP provides are stream data transfer, reliability, efficient flow
control, full-duplex operation, and multiplexing.
With stream
data transfer,
TCP delivers an unstructured stream of bytes identified by sequence
numbers. This service benefits applications because they do not have to
chop data into blocks before handing it off to TCP. Instead, TCP groups
bytes into segments and passes them to IP for delivery.
TCP offers reliability by providing
connection-oriented, end-to-end reliable packet delivery through an
internetwork. It does this by sequencing bytes with a forwarding
acknowledgment number that indicates to the destination the next byte
the source expects to receive. Bytes not acknowledged within a specified
time period are retransmitted. The reliability mechanism of TCP allows
devices to deal with lost, delayed, duplicate, or misread packets. A
time-out mechanism allows devices to detect lost packets and request
retransmission.
TCP offers efficient flow control, which
means that, when sending acknowledgments back to the source, the
receiving TCP process indicates the highest sequence number it can
receive without overflowing its internal buffers.
Full-duplex operation means that TCP
processes can both send and receive at the same time.
Finally, TCP's multiplexing means that
numerous simultaneous upper-layer conversations can be multiplexed over
a single connection.
To use reliable transport services, TCP
hosts must establish a connection-oriented session with one another.
Connection establishment is performed by using a "three-way
handshake" mechanism.
A three-way handshake synchronizes both
ends of a connection by allowing both sides to agree upon initial
sequence numbers. This mechanism also guarantees that both sides are
ready to transmit data and know that the other side is ready to transmit
as well. This is necessary so that packets are not transmitted or
retransmitted during session establishment or after session termination.
Each host randomly chooses a sequence
number used to track bytes within the stream it is sending and
receiving. Then, the three-way handshake proceeds in the following
manner:
The first host (Host A) initiates a
connection by sending a packet with the initial sequence number (X) and
SYN bit set to indicate a connection request. The second host
(Host B) receives the SYN, records the sequence number X, and
replies by acknowledging the SYN (with an ACK = X + 1). Host B
includes its own initial sequence number (SEQ = Y). An ACK = 20 means
the host has received bytes 0 through 19 and expects byte 20 next. This
technique is called forward
acknowledgment. Host A then acknowledges all bytes Host B sent with
a forward acknowledgment indicating the next byte Host A expects to
receive (ACK = Y + 1). Data transfer then can begin.
A simple transport protocol might
implement a reliability-and-flow-control technique where the source
sends one packet, starts a timer, and waits for an acknowledgment before
sending a new packet. If the acknowledgment is not received before the
timer expires, the source retransmits the packet. Such a technique is
called positive acknowledgment and retransmission
(PAR).
By assigning each packet a sequence
number, PAR enables hosts to track lost or duplicate packets caused by
network delays that result in premature retransmission. The sequence
numbers are sent back in the acknowledgments so that the acknowledgments
can be tracked.
PAR is an inefficient use of bandwidth,
however, because a host must wait for an acknowledgment before sending a
new packet, and only one packet can be sent at a time.
A TCP sliding window
provides more efficient use of network bandwidth than PAR because it
enables hosts to send multiple bytes or packets before waiting for an
acknowledgment.
In TCP, the receiver specifies the
current window size in every packet. Because TCP provides a byte-stream
connection, window
sizes are expressed in bytes. This means that a window is the number of
data bytes that the sender is allowed to send before waiting for an
acknowledgment. Initial window sizes are indicated at connection setup,
but might vary throughout the data transfer to provide flow control. A
window size of zero, for instance, means "Send no data."
In a TCP sliding-window operation, for
example, the sender might have a sequence of bytes to send (numbered 1
to 10) to a receiver who has a window size of five. The sender then
would place a window around the first five bytes and transmit them
together. It would then wait for an acknowledgment.
The receiver would respond with an ACK =
6, indicating that it has received bytes 1 to 5 and is expecting byte 6
next. In the same packet, the receiver would indicate that its window
size is 5. The sender then would move the sliding window five bytes to
the right and transmit bytes 6 to 10. The receiver would respond with an
ACK = 11, indicating that it is expecting sequenced byte 11 next. In
this packet, the receiver might indicate that its window size is 0
(because, for example, its internal buffers are full). At this point,
the sender cannot send any more bytes until the receiver sends another
packet with a window size greater than 0.
Figure 30-10 illustrates the fields and
overall format of a TCP packet.
Figure 30-10: Twelve
fields comprise a TCP packet.
The following descriptions summarize the
TCP packet fields illustrated in Figure 30-10:
User
Datagram Protocol (UDP)
The User
Datagram Protocol (UDP) is a connectionless transport-layer protocol
(Layer 4) that belongs to the Internet protocol family. UDP is basically
an interface between IP and upper-layer processes. UDP protocol ports
distinguish multiple applications running on a single device from one
another.
Unlike the TCP, UDP adds no reliability,
flow-control, or error-recovery functions to IP. Because of UDP's
simplicity, UDP headers contain fewer bytes and consume less network
overhead than TCP.
UDP is useful in situations where the
reliability mechanisms of TCP are not necessary, such as in cases where
a higher-layer protocol might provide error and flow control.
UDP is the transport protocol for several
well-known application-layer protocols, including Network File System
(NFS), Simple Network Management Protocol (SNMP), Domain Name System
(DNS), and Trivial File Transfer Protocol (TFTP).
The UDP packet format contains four
fields, as shown in Figure 30-11.
These include source and destination ports, length, and checksum fields.
Figure 30-11: A UDP packet
consists of four fields.
Source and destination ports contain the
16-bit UDP protocol port numbers used to demultiplex datagrams for
receiving application-layer processes. A length field specifies
the length of the UDP header and data. Checksum provides an (optional)
integrity check on the UDP
header and data.
Internet
Protocols Application-Layer Protocols
The Internet protocol
suite includes
many application-layer protocols that represent a wide variety of
applications, including the following:
Table 30-5 lists these higher-layer
protocols and the
applications that they support.
Table 30-5: Higher-Layer
Protocols and Their Applications
| Application |
Protocols |
|
File transfer
|
FTP
|
|
Terminal emulation
|
Telnet
|
|
Electronic mail
|
SMTP
|
|
Network management
|
SNMP
|
|
Distributed file services
|
NFS, XDR, RPC, X Windows
|
Get
this document in PDF form
|
