internet administration internet society (isoc) internet architecture board (iab) internet...

Internet Administration Internet Society (ISOC) Internet Architecture Board (IAB) Internet Engineering Task Force (IETF) Internet Research Task Force (IRTF) Internet Assigned Numbers Authority (IANA) Internet corporation for Names and Numbers (ICANN) Network Information Center (NIC)

Internet administration

Internet Society International non profit organization formed in 1992 to provide support for the internet standards process Internet Architecture Board Technical Advisor to ISOC Oversee the continuing development of the TCP/IP

Internet Engineering Task Force(IETF) Forum of working groups managed by IESG responsible for identifying operational problems and proposing solutions to these problems develop and review internet standards Areas Application Internet ProtocolsRouting Operations and management User ServicesNetwork management TransportSecurity

Internet Research Task Force(IRTF) Working groups managed by IRSG Focus on long term research to Internet protocols Applications Architecture Technology

Internet Assigned Numbers Authority(IANA) Internet Corporation for Assigned Names and Numbers(ICANN) Responsible for the management of Internet domain names and addresses

Network Information Center(NIC) Responsible for collecting and distributing information about TCP/IP protocols

Internet Standards Is a thoroughly tested specification that is useful to and adhered to by those who work with the Internet Specification begins as an internet draft After approval from authorities a draft may be published as Request for Comments(RFC)

Request For Comments(RFC) Documentation of work on the internet, proposals for new or revised protocols, and TCP/IP protocols standards all appear in a series of technical reports called Internet Request For Comments,RFCs

RFC Maturity Levels 1) Proposed Standard -- specification is usually tested and implemented by several different groups 2) Draft Standard 3) Internet Standard 4) Historic 5) Experimental does not affect the operational of the internet 6) Informational general, historic, tutorial

RFC Requirement Levels 1) Required Must be implemented 2) Recommended not required for minimum conformance but is useful 3) Elective Note required and not recommended but can use for local benefit 4) Limited use should be used only in limited situations, eg. experimental 1) Not Recommended eg. historic

IP Address The identifier used in the IP layer of the TCP/IP protocol to identify each device connected to the internet is called Internet Address or IP Address IP addresses are unique

Address space Total number of addresses used by the protocol IPv4- 32 bits 2 32 = 4,294,967,296

Notation 3 Types Binary Notation Dotted Decimal Notation Hexadecimal Notation

Binary Notation IP address is displayed as 32 bits. To make readable, one or more space is inserted between each octet. e.g 01110101 10010101 00011101 11101010

Dotted Decimal Number Internet addresses are usually written in decimal form with a decimal point(dot) separating the bytes. Each number in the dotted decimal notation is between 0-255 E.g. 128.11.13.31

Change the following IP addresses from binary notation to dotted-decimal notation. a. 10000001 00001011 00001011 11101111 b. 11000001 10000011 00011011 11111111 c. 11100111 11011011 10001011 01101111 d. 11111001 10011011 11111011 00001111 Solution We replace each group of 8 bits with its equivalent decimal number and add dots for separation: a. 129.11.11.239 b. 193.131.27.255 c. 231.219.139.111 d. 249.155.251.15

Hexadecimal Notation Each hexadecimal digit is equivalent to four bits. Often used in network programming Replace each group of 4 bits with its hexadecimal equivalent. 0X or 0x is added at the beginning or the subscript 16 at the end to show that the number is in hexadecimal E.g. 0X810B0BEF 810B0BEF 16

Classful Addressing In classful addressing the IP address space is divided into five classes: A B C D E Each class occupies some part of the whole address space.

Occupation of the address space

Addresses per class

Finding the class in binary notation

Figure 4.4 Finding the address class

Finding the class in decimal notation

Netid and hostid

Blocks in class A

Blocks in class B

Blocks in class C

Network Address Network address is the first address in the block Given the network address we can find the class of the address, the block, and the range of addresses in the block

Mask A Mask is a 32 bit number that gives the first address in the block, the network address, when bitwise ANDed with an address in the block.

Given the address 23.56.7.91, find the beginning address (network address). Solution The default mask is 255.0.0.0, which means that only the first byte is preserved and the other 3 bytes are set to 0s. The network address is 23.0.0.0.

Given the address 132.6.17.85, find the beginning address (network address). Solution The default mask is 255.255.0.0, which means that the first 2 bytes are preserved and the other 2 bytes are set to 0s. The network address is 132.6.0.0.

Given the address 201.180.56.5, find the beginning address (network address). Solution The default mask is 255.255.255.0, which means that the first 3 bytes are preserved and the last byte is set to 0. The network address is 201.180.56.0.

Multihomed Devices A computer that is connected to different networks is called a multihomed computer and will have ore than one address, each possibly belonging to a different class.

Location, Not name An Internet address defines the network location of a device, not its identity. An internet address is made of two parts, netid and hostid, it can only define the connection of a device to a specific network.

Network address

Direct Broadcast Address In classes A,B,C, if the host id is all 1s, the address is called a direct broadcast address. It is used by a router to send packet to all hosts in a specific network. All host will accept a packet having this type of destination address

Limited Broadcast Address In classes A,B,C, an address with all 1s for the netid and hostid defines a broadcast address in the current network. A host that wants to send a message to every other host can use this address as a destination address in an IP packet.

Limited broadcast address

This host on this network If an IP address is composed of all zeros, it means this host on this network. The host sends an IP packet to a bootstrap server using this address as the source address and a limited broadcast address as the destination address to find its own address

this host on this network

Specific Host on this network An IP address with a netid of all zeros means a specific host on this network. It is used by a host to send a message to another host on the same network

specific host on this network

Loopback address The IP address with first byte equal to 127 is used fro the loopback address, which is an address used to test the software on a machine. When this address is used, a packet never leaves the machine; it simply returns to the protocol software. It can be used for testing.

Example of loopback address

Private Addresses A number of blocks in each class are assigned for private use. They are not recognized globally.

Unicast, Multicast and Broadcast addresses 1) Unicast Address Unicast communication is one to one. A packet is sent from an individual source to an individual destination 2)Mutlicast Communication is one to many.A packet is sent from an individual source to a group of destinations. 3)Broadcast Communication is one to all

Category addresses

Addresses for conferencing

Sample internet

Subnetting A network is divided into several subnet works with each subnetwork having its own subnetwork address Two levels of hierarchy Three levels of hierarchy

A network with two levels of hierarchy (not subnetted)

A network with three levels of hierarchy (subnetted)

Addresses in a network with and without subnetting

Hierarchy concept in a telephone number

What is the subnetwork address if the destination address is 200.45.34.56 and the subnet mask is 255.255.240.0? Solution We apply the AND operation on the address and the subnet mask. Address 11001000 00101101 00100010 00111000 Subnet Mask 11111111 11111111 11110000 00000000 Subnetwork Address 11001000 00101101 00100000 00000000.

Comparison of a default mask and a subnet mask

A supernetwork

In subnetting, we need the first address of the subnet and the subnet mask to define the range of addresses. In supernetting, we need the first address of the supernet and the supernet mask to define the range of addresses.

Comparison of subnet, default, and supernet masks

Classless Addressing In classless addressing variable-length blocks are assigned that belong to no class. In this architecture, the entire address space (2 32 addresses) is divided into blocks of different sizes.

Variable-length blocks

Restrictions 1)Number of addresses in a block The number of addresses in block must be a power of two 1)First address The first address must be evenly divisible by the number of addresses

Which of the following can be the beginning address of a block that contains 16 addresses? a. 205.16.37.32b.190.16.42.44 c. 17.17.33.80d.123.45.24.52 Example Solution Only two are eligible (a and c). The address 205.16.37.32 is eligible because 32 is divisible by 16. The address 17.17.33.80 is eligible because 80 is divisible by 16.

72 Which of the following can be the beginning address of a block that contains 256 addresses? a.205.16.37.32b.190.16.42.0 c.17.17.32.0d.123.45.24.52 Example 2 Solution In this case, the right-most byte must be 0. As we mentioned in Chapter 4, the IP addresses use base 256 arithmetic. When the right-most byte is 0, the total address is divisible by 256. Only two addresses are eligible (b and c).

73 Which of the following can be the beginning address of a block that contains 1024 addresses? a. 205.16.37.32b.190.16.42.0 c. 17.17.32.0d.123.45.24.52 Example 3 Solution In this case, we need to check two bytes because 1024 = 4 256. The right-most byte must be divisible by 256. The second byte (from the right) must be divisible by 4. Only one address is eligible (c).

CIDR Notation (Classless inter domain routing) The number of 1s in the mask is added after a slash at the end of the address. e.g. 18.46.74.10 written as 18.46.74.10/8 for default mask

The mask of class A block is 255.0.0.0/8 Class B 255.0.0.0/16 Class C 255.0.0.0/24

In classless addressing when an address in given, the block the address belongs to can not be found unless we have the mask. In classless addressing the address must be accompanied by the mask. The mask is given in CIDR notation with the number of 1s in the mask.

Format of classless addressing address

Prefix lengths

What is the first address in the block if one of the addresses is 167.199.170.82/27? Address in binary: 10100111 11000111 10101010 01010010 Keep the left 27 bits: 10100111 11000111 10101010 01000000 Result in CIDR notation: 167.199.170.64/27 Solution The prefix length is 27, which means that we must keep the first 27 bits as is and change the remaining bits (5) to 0s. The following shows the process:

What is the first address in the block if one of the addresses is 140.120.84.24/20? Solution Figure 5.3 shows the solution. The first, second, and fourth bytes are easy; for the third byte we keep the bits corresponding to the number of 1s in that group. The first address is 140.120.80.0/20.

TCP/IP Protocol Suite 81 Figure 5.3 Example 5

Find the number of addresses in the block if one of the addresses is 140.120.84.24/20. Solution The prefix length is 20. The number of addresses in the block is 2 3220 or 2 12 or 4096. Note that this is a large block with 4096 addresses.

Using the first method, find the last address in the block if one of the addresses is 140.120.84.24/20. Solution We found in the previous examples that the first address is 140.120.80.0/20 and the number of addresses is 4096. To find the last address, we need to add 4095 (4096 1) to the first address.

Find the block if one of the addresses is 190.87.140.202/29. Example 10 Solution We follow the procedure in the previous examples to find the first address, the number of addresses, and the last address. To find the first address, we notice that the mask (/29) has five 1s in the last byte. So we write the last byte as powers of 2 and retain only the leftmost five as shown below:

An organization is granted the block 130.34.12.64/26. The organization needs 4 subnets. What is the subnet prefix length? Solution We need 4 subnets, which means we need to add two more 1s (log 2 4 = 2) to the site prefix. The subnet prefix is then /28.

The site has 2 3226 = 64 addresses. Each subnet has 2 3228 = 16 addresses. Now let us find the first and last address in each subnet. 1. The first address in the first subnet is 130.34.12.64/28, using the procedure we showed in the previous examples. Note that the first address of the first subnet is the first address of the block. The last address of the subnet can be found by adding 15 (16 1) to the first address. The last address is 130.34.12.79/28.

2.The first address in the second subnet is 130.34.12.80/28; it is found by adding 1 to the last address of the previous subnet. Again adding 15 to the first address, we obtain the last address, 130.34.12.95/28. 3. Similarly, we find the first address of the third subnet to be 130.34.12.96/28 and the last to be 130.34.12.111/28. 4. Similarly, we find the first address of the fourth subnet to be 130.34.12.112/28 and the last to be 130.34.12.127/28.

An organization is granted a block of addresses with the beginning address 14.24.74.0/24. There are 2 3224 = 256 addresses in this block. The organization needs to have 11 subnets as shown below: a. two subnets, each with 64 addresses. b. two subnets, each with 32 addresses. c. three subnets, each with 16 addresses. d. four subnets, each with 4 addresses. Design the subnets.

As another example, assume a company has three offices: Central, East, and West. The Central office is connected to the East and West offices via private, point-to-point WAN lines. The company is granted a block of 64 addresses with the beginning address 70.12.100.128/26. The management has decided to allocate 32 addresses for the Central office and divides the rest of addresses between the two offices. Figure 5.8 shows the configuration designed by the management.

Figure 5.8 Example 15

Delivery, Forwarding, and Routing of IP Packets

DELIVERY The network layer supervises delivery, the handling of the packets by the underlying physical networks. Two important concepts are the type of connection and direct versus indirect delivery

IP is a connectionless protocol.

Direct delivery The final destination of the packet is host connected to the same physical network * Mapping the IP address to the physical address.

Indirect delivery

In direct delivery the address mapping is between the IP address of the final destination and the physical address of the final destination In indirect delivery the address mapping is between the IP address of the next router and the physical address of the next router.

FORWARDING Forwarding means to place the packet in its route to its destination. Forwarding requires a host or a router to have a routing table..

Next-hop method

Network-specific method & Host-specific routing

Default routing

Simplified forwarding module in classful address without subnetting

Figure 6.8 shows an imaginary part of the Internet. Show the routing tables for router R1. Example 1

Figure 6.8 Configuration for routing, Example 1

TCP/IP Protocol Suite 107 Solution Figure 6.9 shows the three tables used by router R1. Note that some entries in the next-hop address column are empty because in these cases, the destination is in the same network to which the router is connected (direct delivery). In these cases, the next-hop address used by ARP is simply the destination address of the packet Example 1 (Continued)

TCP/IP Protocol Suite 108 Figure 6.9 Tables for Example 1

Router R1 in Figure 6.8 receives a packet with destination address 192.16.7.14. Show how the packet is forwarded. Example 2 Solution The destination address in binary is 11000000 00010000 00000111 00001110. A copy of the address is shifted 28 bits to the right. The result is 00000000 00000000 00000000 00001100 or 12. The destination network is class C. The network address is extracted by masking off the leftmost 24 bits of the destination address; the result is 192.16.7.0. The table for Class C is searched. The network address is found in the first row. The next-hop address 111.15.17.32. and the interface m0 are passed to ARP.

Router R1 in Figure 6.8 receives a packet with destination address 167.24.160.5. Show how the packet is forwarded. Example 3 Solution The destination address in binary is 10100111 00011000 10100000 00000101. A copy of the address is shifted 28 bits to the right. The result is 00000000 00000000 00000000 00001010 or 10. The class is B. The network address can be found by masking off 16 bits of the destination address, the result is 167.24.0.0. The table for Class B is searched. No matching network address is found. The packet needs to be forwarded to the default router (the network is somewhere else in the Internet). The next-hop address 111.30.31.18 and the interface number m0 are passed to ARP.

111 Figure 6.10 Simplified forwarding module in classful address with subnetting

112 Figure 6.11 shows a router connected to four subnets. Example 4

TCP/IP Protocol Suite 113 Figure 6.11 Configuration for Example 4

Example 4 (Continued) Note several points. First, the site address is 145.14.0.0/16 (a class B address). Every packet with destination address in the range 145.14.0.0 to 145.14.255.255 is delivered to the interface m4 and distributed to the final destination subnet by the router. Second, we have used the address x.y.z.t/n for the interface m4 because we do not know to which network this router is connected. Third, the table has a default entry for packets that are to be sent out of the site. The router is configured to apply the mask /18 to any destination address.

TCP/IP Protocol Suite 115 The router in Figure 6.11 receives a packet with destination address 145.14.32.78. Show how the packet is forwarded. Example 5 Solution The mask is /18. After applying the mask, the subnet address is 145.14.0.0. The packet is delivered to ARP with the next-hop address 145.14.32.78 and the outgoing interface m0.

A host in network 145.14.0.0 in Figure 6.11 has a packet to send to the host with address 7.22.67.91. Show how the packet is routed. Example 6 Solution The router receives the packet and applies the mask (/18). The network address is 7.22.64.0. The table is searched and the address is not found. The router uses the address of the default router (not shown in figure) and sends the packet to that router.

In classful addressing we can have a routing table with three columns; in classless addressing, we need at least four columns. Note:

Figure 6.12 Simplified forwarding module in classless address

TCP/IP Protocol Suite 119 Make a routing table for router R1 using the configuration in Figure 6.13. Example 7 Solution Table 6.1 shows the corresponding table.

TCP/IP Protocol Suite 120 Figure 6.13 Configuration for Example 7

TCP/IP Protocol Suite 121 Table 6.1 Routing table for router R1 in Figure 6.13

Show the forwarding process if a packet arrives at R1 in Figure 6.13 with the destination address 180.70.65.140. Example 8 Solution The router performs the following steps: 1. The first mask (/26) is applied to the destination address. The result is 180.70.65.128, which does not match the corresponding network address.

Example 8 (Continued) 2. The second mask (/25) is applied to the destination address. The result is 180.70.65.128, which matches the corresponding network address. The next-hop address (the destination address of the packet in this case) and the interface number m0 are passed to ARP for further processing.

Show the forwarding process if a packet arrives at R1 in Figure 6.13 with the destination address 201.4.22.35. Example 9 Solution The router performs the following steps:

1. The first mask (/26) is applied to the destination address. The result is 201.4.22.0, which does not match the corresponding network address (row 1). 2. The second mask (/25) is applied to the destination address. The result is 201.4.22.0, which does not match the corresponding network address (row 2). 3. The third mask (/24) is applied to the destination address. The result is 201.4.22.0, which matches the corresponding network address. The destination address of the package and the interface number m3 are passed to ARP. Example 9 (Continued)

Show the forwarding process if a packet arrives at R1 in Figure 6.13 with the destination address 18.24.32.78. Example 10 Solution This time all masks are applied to the destination address, but no matching network address is found. When it reaches the end of the table, the module gives the next-hop address 180.70.65.200 and interface number m2 to ARP. This is probably an outgoing package that needs to be sent, via the default router, to some place else in the Internet.

TCP/IP Protocol Suite 127 Figure 6.17 Hierarchical routing with ISPs

ROUTING Routing deals with the issues of creating and maintaining routing tables. Static Versus Dynamic Routing Tables Routing Table

Common fields in a routing table Flags 1)U (Up) 2)G (Gateway) 3)H(Host Specific) 4)D(added by redirection) 5)M(modified by redirection)

TCP/IP Protocol Suite 130 6.4 STRUCTURE OF A ROUTER We represent a router as a black box that accepts incoming packets from one of the input ports (interfaces), uses a routing table to find the departing output port, and sends the packet from this output port. Components

Router components

TCP/IP Protocol Suite 132 Figure 6.21 Input port

TCP/IP Protocol Suite 133 Figure 6.22 Output port

TCP/IP Protocol Suite 134 Figure 6.23 Crossbar switch

TCP/IP Protocol Suite 135 Figure 6.24 A banyan switch

TCP/IP Protocol Suite 136 Figure 6.25 Examples of routing in a banyan switch

ARP and RARP The hosts and routers recognized at the network level by their logical addresses. A logical address is an internetwork address A logic address is unique universally The logical addresses in the TCP/IP protocol suite are called IP addresses Implemented in software

At the physical level, the hosts and routers are recognized by their physical address. A physical address is a local address It should be unique locally Usually it is implemented in hardware

ARP and RARP

ARP ARP associates an IP address with its physical address. On a typical physical network, such as a LAN, each device on a link is identified by a physical or station address that is usually imprinted on the NIC.

ARP operation

TCP/IP Protocol Suite 142 A host with IP address 130.23.43.20 and physical address B2:34:55:10:22:10 has a packet to send to another host with IP address 130.23.43.25 and physical address A4:6E:F4:59:83:AB (which is unknown to the first host). The two hosts are on the same Ethernet network. Show the ARP request and reply packets encapsulated in Ethernet frames. Example 1 See Next Slide

TCP/IP Protocol Suite 143 Solution Figure 7.7 shows the ARP request and reply packets. Note that the ARP data field in this case is 28 bytes, and that the individual addresses do not fit in the 4-byte boundary. That is why we do not show the regular 4- byte boundaries for these addresses. Also note that the IP addresses are shown in hexadecimal. For information on binary or hexadecimal notation see Appendix B. Example 1 (Continued)

TCP/IP Protocol Suite 144 Figure 7.7 Example 1

ARP packet

1)Hardware type : Type of the network on which ARP is running 2)Protocol Type: 16 bit defining the protocol 3)Hardware Length: 8 bit field, For Ethernet, value is 6 4)Protocol Length: 8 bit field, for IPv4 value is 4 5)Operation: 16 bit field, ARP requet(1) ARP Reply (2) 6)Sender Hardware Address: Variable length field, physical address of the sender 7)Sender protocol address: logical address 8)Target Hardware address: physical address of targer 9)Target protocol address: logical address of target

Encapsulation of ARP packet

Four cases using ARP

An ARP request is broadcast; an ARP reply is unicast.

ARP PACKAGE ARP package involves five modules: a cache table, queues, an output module, an input module, and a cache-control module. Cache Table Queues Output Module Input Module Cache-Control Module

ARP components

Cache table

RARP RARP finds the logical address for a machine that only knows its physical address.

RARP operation

Internet Protocol

TCP/IP Protocol Suite 156 Position of IP in TCP/IP protocol suite

TCP/IP Protocol Suite 157 8.1 DATAGRAM A packet in the IP layer is called a datagram, a variable-length packet consisting of two parts: header and data. The header is 20 to 60 bytes in length and contains information essential to routing and delivery.

TCP/IP Protocol Suite 158 Figure 8.2 IP datagram

TCP/IP Protocol Suite 159 Figure 8.3 Service type or differentiated services

TCP/IP Protocol Suite 160 Table 8.1 Types of service

TCP/IP Protocol Suite 161 Table 8.3 Values for codepoints

TCP/IP Protocol Suite 162 Table 8.4 Protocols

TCP/IP Protocol Suite 163 An IP packet has arrived with the first 8 bits as shown: Example 1 01000010 The receiver discards the packet. Why? Solution There is an error in this packet. The 4 left-most bits (0100) show the version, which is correct. The next 4 bits (0010) show the header length; which means (2 4 = 8), which is wrong. The minimum number of bytes in the header must be 20. The packet has been corrupted in transmission.

TCP/IP Protocol Suite 164 In an IP packet, the value of HLEN is 1000 in binary. How many bytes of options are being carried by this packet? Example 2 Solution The HLEN value is 8, which means the total number of bytes in the header is 8 4 or 32 bytes. The first 20 bytes are the base header, the next 12 bytes are the options.

TCP/IP Protocol Suite 165 In an IP packet, the value of HLEN is 5 16 and the value of the total length field is 0028 16. How many bytes of data are being carried by this packet? Example 3 Solution The HLEN value is 5, which means the total number of bytes in the header is 5 4 or 20 bytes (no options). The total length is 40 bytes, which means the packet is carrying 20 bytes of data (40 20).

TCP/IP Protocol Suite 166 A packet has arrived with an M bit value of 0. Is this the first fragment, the last fragment, or a middle fragment? Do we know if the packet was fragmented? Example 5 Solution If the M bit is 0, it means that there are no more fragments; the fragment is the last one. However, we cannot say if the original packet was fragmented or not. A nonfragmented packet is considered the last fragment.

TCP/IP Protocol Suite 167 A packet has arrived with an M bit value of 1. Is this the first fragment, the last fragment, or a middle fragment? Do we know if the packet was fragmented? Example 6 Solution If the M bit is 1, it means that there is at least one more fragment. This fragment can be the first one or a middle one, but not the last one. We dont know if it is the first one or a middle one; we need more information (the value of the fragmentation offset).

TCP/IP Protocol Suite 168 A packet has arrived with an M bit value of 1 and a fragmentation offset value of zero. Is this the first fragment, the last fragment, or a middle fragment?. Example 7 Solution Because the M bit is 1, it is either the first fragment or a middle one. Because the offset value is 0, it is the first fragment.

TCP/IP Protocol Suite 169 8.2 FRAGMENTATION The format and size of a frame depend on the protocol used by the physical network. A datagram may have to be fragmented to fit the protocol regulations. Maximum Transfer Unit (MTU)

TCP/IP Protocol Suite 170 Table 8.5 MTUs for some networks

TCP/IP Protocol Suite 171 Figure 8.7 Flags field

TCP/IP Protocol Suite 172 Figure 8.8 Fragmentation example

Internet Control Message Protocol (ICMP) One of the core protocols in the Internet Primarily used to communicate errors among routers and hosts IP datagram errors Communicate routing information/errors Communicate diagnostics

ICMP The IP protocol has no error-reporting facility 1. A router discarded a IP packet because it cannot find the route 2. A packet was discarded because all fragments didn't arrive The IP protocol lacks a mechanism for host and management queries. 1. How to check if router/host is alive The Internet Control Message Protocol (ICMP) has been designed to compensate for the above two deficiencies. It is a companion to the IP protocol

ICMP messages are divided into error- reporting messages and query messages. The error-reporting messages report problems that a router or a host (destination) may encounter. The query messages get specific information from a router or another host.

TCP/IP Protocol Suite 176 Figure 9.3 ICMP messages

NEED FOR ICMP Used to communicate IP status and error messages between hosts and routers Uses IP to route its messages between hosts Must be implemented with IP IP is just a packet delivery system transmits and routes datagrams from sources to destinations through a series of interconnected networks it has a checksum in the IP header to detect lost bits no error detection on the datagram payload though but has no native mechanism for source host notification This is where ICMP comes in its used to report IP errors to the source host ICMP data is carried as the payload of an IP datagram specifies additional message formats within this area

General Format of ICMP Types of ICMP messages 1.Error-Reporting messages 2.Query messages Message Format 8 byte header Variable Data Section Type: Type of ICMP message Code : Specifies the reason for this particular message Rest of header: message specific Data Section : contains Information for finding the original packet or data related to query message type

ICMP messages ICMP messages

Code for type 3 Code 1 : The host is unreachable Code 2 : The protocol is unreachable Code 3 : The port is unreachable Code 5 : Source routing can not be accomplished Code 7 : The Destination host is unknown

TCP/IP Protocol Suite 181 Destination-unreachable format

No ICMP error message will be generated in response to a datagram carrying an ICMP error message. No ICMP error message will be generated for a datagram having a multicast address. No ICMP error message will be generated for a datagram having a special address such as 127.0.0.0 or 0.0.0.0. No ICMP error message will be generated for a fragmented datagram that is not the first fragment

Contents of data field for the error messages ICMP data = IP header + first 8 bytes of that IP Packets Data This first 8 bytes of data will provide information about TCP/UDP headers

Error Reporting ICMP doesnt correct errors ; but reports them ICMP always reports error to original source ICMP uses the source IP address in IP packet to send error report back to sender Five types of errors are handles by ICMP

Destination Unreachable A Router or Destination System which could not process the packet will send this ICMP message back to the sender This will notify the Sender that the packet was dropped because either Router could not find an appropriate route or Host couldnt deliver it Source Quench To overcome the flow control deficiency of IP When packets are discarded by Routers/Host due to congestion source-quench messages are send. This will inform that the packet has been dropped and also ask the sender to slow down sending packet Time Exceed When a packet is dropped due to TTL=0 then this message is sent When all fragments didn't arrive and the packet is dropped then also this message is sent

Parameter Problem If some of the IP header parameters are wrong ; then the packet is dropped and error message is send Redirection If the host send the IP Packet to wrong router R1 Then R1 will forward the packet to correct router and it informs Host that the packet should have been sent through R2- this message is called Redirection Host routing table is updated accordingly

Query Messages Query message works in Pairs An ICMP message is sent and a ICMP reply is obtained Echo Request and Reply Used for diagnostic purpose With this message we can check if two systems are communicating properly at IP level It also ensures all the intermediate routers are functioning Time Stamp To find out the round trip time of network Also used to synchronize clock of systems Address Mask When a host doesnt know its mask it send this message to router Router responds with the mask If IP of Router is not known the Host broadcast the message Router Solicitation Used for Router discovery by Sender; Router replies with its routing table info which is called as router advertisement

Router-solicitation message format

Router-advertisement message format

Transmission Control Protocol (TCP) TCP lies between the application layer and the network layer and serves as the intermediary between application programs and the network operations

TCP/IP

TCP Services TCP is process to process protocol TCP provides process to process communication using port numbers

Table 12.1 Well-known ports used by TCP

Stream Delivery Service TCP is stream oriented protocol TCP allows the sending process to deliver data as a stream of bytes and allows the receiving process to obtain data as a stream of bytes

Stream delivery

Sending and receiving buffers

Segments TCP groups number of bytes together into a packet called a segment TCP adds a header to each segment and delivers the segment to the IP layer for transmission TCP offers full duplex communication TCP is connection oriented service

TCP segments

TCP Features 1)Numbering System 2)Flow control 3)Error Control 4)Congestion Control

Numbering System Byte Number The bytes of data being transferred in each connection are numbered by TCP. The numbering starts with a randomly generated number Sequence Number The sequence number for each segment is the number of the first byte carried in that segment

Suppose a TCP connection is transferring a file of 5000 bytes. The first byte is numbered 10001. What are the sequence numbers for each segment if data is sent in five segments, each carrying 1000 bytes? Segment 1 Sequence Number: 10,001 (range: 10,001 to 11,000) Segment 2 Sequence Number: 11,001 (range: 11,001 to 12,000) Segment 3 Sequence Number: 12,001 (range: 12,001 to 13,000) Segment 4 Sequence Number: 13,001 (range: 13,001 to 14,000) Segment 5 Sequence Number: 14,001 (range: 14,001 to 15,000)

The value of the acknowledgment field in a segment defines the number of the next byte a party expects to receive. The acknowledgment number is cumulative.

SEGMENT A packet in TCP is called a segment A packet in TCP is called a segment

TCP segment format

Control field

I Description of flags in the control field

Encapsulation A TCP segment is encapsulated in an IP datagram, which in turn is encapsulated in a frame at the data link layer.

A TCP CONNECTION TCP is connection-oriented. A connection-oriented transport protocol establishes a virtual path between the source and destination. All of the segments belonging to a message are then sent over this virtual path. A connection-oriented transmission requires three phases: connection establishment, data transfer, and connection termination.

Three way handshaking The connection establishment in TCP is called Three way handshaking. Passive open: ready to accept connection Active open: needs to be connected to server

Connection establishment using three-way handshaking

Three way handshaking 1) The client sends first segment, a SYN segment, in which only SYN flag is set. This segment is for synchronization of sequence numbers. This randomly generated sequence number is called initial sequence number. No window size No Acknowledge number

Three way handshaking 2) The server sends the second segment, SYN+ACK. two flag bit set SYN and ACK Defines the receiver window size

Three way handshaking 3) The client sends the third segment ACK segment with ACK flag set client define server window size

SYN Flooding Attack This happens when a malicious attacker sends a larger number of SYN segments to a server pretending that each of them is coming from a different client by faking the source IP address in the datagrams. server will allocate resources

Denial of Service attack This SYS flooding attack belongs to a group of security attacks known as denial of service attack, in which an attacker monopolizes a system with so many service requests that the system collapses and denies service to every request.

Solutions Limit the connection requests during a specified period of time Filter out datagrams coming from unwanted source address Postpone resource allocation until the entire connection is set up.

Data Transfer After connection is established bidirectional data transfer will take place. The client and server can send data and acknowledgement in both the directions The acknowledgement is piggybacked with the data

Data transfer

Pushing Data Application program at the sending site request a push operation. Means that the sending TCP must not wait for the window to be filled. It must create a segment and send it immediately Set PSH flag Receiving TCP must deliver the segment to the process without waiting more data to come.

Urgent Data Sending application program wants a piece of data to be read out of order by the receiving application program. The sending TCP creates a segment and insert the urgent data at the beginning of the segment. Rest of the segment contain normal data Set the URG flag

Receiving TCP extracts the urgent data from the segment using the value of the urgent pointer. Delivers it to the receiving application program in out of order.

Connection termination Three way handshaking Four way handshaking with half close option

Three way handshaking 1) client TCP, after receiving a close command from the client process, sends the first segment, a FIN segment in which the FIN flag is set. It can contain last data or only control segment

Three way handshaking 2)The server TCP after receiving the FIN segment, informs the process and sends the second segment, a FIN+ACK segment to confirm the receipt. 3) The client TCP sends the last segment, an ACK segment to confirm the receipt of the FIN segment from the server.

Connection termination using three-way handshaking

Half-close

Connection Reset RST(Reset) flag is used to deny a connection request, abort a connection or to terminate an idle connection

Flow control Flow control regulates the amount of data a source can send before receiving an acknowledgment from the destination. TCP defines a window that is imposed on the buffer of data delivered from the application program.

Extreme Cases 1) One Byte wait for acknowledgement 2) All data without waiting for acknowledgement TCP sends an amount of data defined by the sliding window protocol

Sliding Window Protocol In sliding window protocol, a host uses a window for outbound communication. The window spans a portion of the buffer containing bytes received from the process. The bytes inside the window are the bytes that can be in transit; they can be sent without worrying about acknowledgement

Sliding window

A sliding window is used to make transmission more efficient as well as to control the flow of data so that the destination does not become overwhelmed with data. TCPs sliding windows are byte oriented

What is the value of the receiver window (rwnd) for host A if the receiver, host B, has a buffer size of 5,000 bytes and 1,000 bytes of received and unprocessed data? Solution The value of rwnd = 5,000 1,000 = 4,000. Host B can receive only 4,000 bytes of data before overflowing its buffer. Host B advertises this value in its next segment to A.

What is the size of the window for host A if the value of rwnd is 3,000 bytes and the value of cwnd is 3,500 bytes? Solution The size of the window is the smaller of rwnd and cwnd, which is 3,000 bytes.

In the above figure the host receives a packet with an acknowledgment value of 210 and an rwnd of 5. The host has sent bytes 206, 207, 208, and 209. The value of cwnd is still 20. Show the new window. Solution The value of rwnd is less than cwnd, so the size of the window is 5. The next figure shows the situation. Note that this is a case not allowed by most implementations. Although the sender has not sent bytes 215 to 217, the receiver does not know this.

How can the receiver avoid shrinking the window in the previous example? Solution The receiver needs to keep track of the last acknowledgment number and the last rwnd. If we add the acknowledgment number to rwnd we get the byte number following the right wall. If we want to prevent the right wall from moving to the left (shrinking), we must always have the following relationship. new ack + new rwnd last ack + last rwnd or new rwnd (last ack + last rwnd) new ack

Silly Window Syndrome A problem in the sliding window operation when either the sending window application program creates data slowly or the receiving application program consumes data slowly or both.

Syndrome created by the sender E.g. one byte at a time Creates a segment and send Total size of datagram = 20+20+1= 41 Wait for more bytes--- how long?

Nagles Algorithm Step 1: The sending TCP sends the first piece of data it receives from the sending application program even if it is only one byte Step 2: After sending the first segment, the sending TCP accumulates data in the output buffer and waits until either the receiving TCP sends an acknowledgement or until enough data has accumulated to fill a maximum size segment. Step 3: step 2 is repeated for rest of the transmission

Syndrome created by the Receiver Application program consumes one byte at a time Solutions 1) Clarks Solutions send an acknowledgement as soon as the data arrives, but announce a window size of zero until either there is enough space to accommodate a segment of maximum size or until half of the buffer is empty.

Delayed Acknowledgement Delay sending the acknowledgement. When segment arrives, it is not acknowledged immediately, the receiver waits until there is a decent amount of space in its incoming buffer before acknowledging the arrived segments.

ERROR CONTROL TCP provides reliability using error control, which detects corrupted, lost, out-of-order, and duplicated segments. Error control in TCP is achieved through the use of the checksum, acknowledgment, and time-out.

Checksum Each segment includes a checksum field which is used to check for a corrupted segment. If the segment is corrupted, it is discarded by the destination TCP and is considered as lost.

Acknowledgement TCP uses acknowledgements to confirm the receipt of data segments ACK segments do not consume sequence numbers and are not acknowledged Control segments that carry no data, but consume a sequence number are also acknowledged

Generating Acknowledgements Rules Piggyback Delayed wait500 ms There should not be more than two in-order unacknowledged segments. When a segment arrives with an out of order sequence number that is higher than expected, send acknowledgement immediately with sequence number of expected segment. When a missing segment arrives, the receiver immediately sends an acknowledgement.

Acknowledgement types Accumulative Acknowledgement The receiver advertises the next byte it expects to receive, ignoring all segments received out of order. Selective Acknowledgement ACK+ additional information Block of data that is out of order, block of segments that are duplicated Implemented as an option at the end of the TCP header.

Retransmission A segment is retransmitted When a retransmission timer expires When the sender receives three duplicate ACKs

Retransmission after RTO The source TCP starts one retransmission time out(RTO) for each segment sent. When the timer matures, the corresponding segment is considered to be either corrupted or lost and the segment is retransmitted. RTO is based on round trip time(RTT)

Out of order Discard (original TCP) Store them temporarily and flag them as out of order until the missing segment arrives. Out of order segments are not delivered to the process.

Normal operation

Lost segment

Fast retransmission

Lost acknowledgment

Lost acknowledgment corrected by resending a segment

Delayed Segment Duplicate Segment Deadlock

CONGESTION CONTROL Congestion control refers to the mechanisms and techniques to keep the load below the capacity.

Router queues

Packet delay and network load

Throughput versus network load

Congestion control Mechanisms Open Loop Retransmission policy Acknowledgement policy Discard Policy Closed loop Back pressure Choke point Implicit signaling Explicit Signaling

Congestion Control in TCP Congestion Window Three phases Slow start Congestion Avoidance Congestion Detection

Slow start, exponential increase

Congestion avoidance, additive increase

Most implementations react differently to congestion detection: If detection is by time-out, a new slow start phase starts. If detection is by three ACKs, a new congestion avoidance phase starts. Note:

Time out 1) Sets the value of the threshold to half of the current window size 2) Sets the cwnd to the size of one segment 3) Starts the slow start phase

Three acks received 1) Sets the value of the threshold to half of the current window size 2) Sets the cwnd to the value of the threshold 3) Starts the congestion avoidance phase

TCP timers

Retransmission When TCP sends a segment it creates a retransmission timer for that particular segment Retransmission is based on Round Trip Time(RTT) Retransmission time out RTO= RTTs+ 4 * RTTd

Round Trip Time(RTT) 1) Measured RTT Measured RTT for a segment is the time required for the segment to reach the destination and be acknowledged. 2) Smoothed RTT 1) Initially RTTs=RTTm 2) RTTs= (1- ) RTTs + * RTTm 3) = 1/8

RTT Deviation RTTd = RTTm /2 RTTd= (1- ) RTTd + * | RTTs-RTTm | = Retransmission time out RTO= RTTs+ 4 * RTTd

Karns Algorithm Do not consider the round trip time of a retransmitted segment in the calculation of the new RTT. Do not update the value of the RTT until you send a segment and receive an acknowledgement without the need for retransmission.

Exponential Backoff The value of RTO is doubled for each retransmission If the segment is retransmitted once,the value is two times RTO, if it is retransmitted twice, the value is four times the RTO and so on.

Persistence Timer Persistence Timers are used to correct deadlock When it receives window size is zero, it starts persistence timer. When timer goes off it sends a segment called probe Initial value of the persistence timer is the value of the retransmission time. Persistence time is doubled and reset.

Keepalive Timer To prevent a long idle connection between two TCPs Will be reset whenever server gets any communication from client When timer goes off a probe segment will send After 10 probe segment it terminate the connection

Time-wait Time-waited timer is used during connection termination. When TCP closes the connection, it must first wait enough time to receive all segments and acknowledgements that are possibly in flight. Once received these are discarded and TCP can finally close. The value of this timer is typically twice the expected lifetime of a segment. Typical value of the maximum segment lifetime (MSL) is 16 seconds

TCP package

TCBs Transmission control block holds information about each connection

Transmission Control Block(TCB) State: state of the connection Process: defines the process Local IP address Local Port number Remote IP address Remote port number Interface: defines the local interface

Local window Remote window Sending sequence number Receiving sequence number Sending ACK number Round trip time Time out values- retransmission time out, keepalive time out, persistence time out Buffer size Buffer pointer.

User Datagram Protocol(UDP) Process to process communication Host to host communication

UDP versus IP

Port Number In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system A port is identified for each address and protocol by a 16-bit number, commonly known as the port number.

ICANN ICANN has divided the port numbers into three ranges Well Known Assigned and controlled by ICANN Registered Not assigned and or controlled by ICANN but are registered with ICANN to prevent duplication Dynamic(Private) Neither controlled or nor registered

ICANN ranges

Ephemeral Port Number The client program defines itself with a port number called Ephemeral Port number

Well-known ports used with UDP

Socket Address The combination of IP address and a port number is called a socket address.

User Datagram UDP packets are called user datagrams and have a fixed-size header of 8 bytes.

User datagram format

Checksum the checksum includes three sections: A pseudoheader, The UDP header, and The data coming from the application layer.

Pseudoheader for checksum calculation

Checksum calculation at sender 1) Add the pseudoheader to the UDP datagram 2) Fill the checksum field with zeros 3) Divide the total bits into 16 bit words 4) If the total number of bytes is not even, add 1 byte of padding(all zeros). 5) Add all 16 bit sections using ones complement arithmetic 6) Complement the result 7) Drop the psuedoheader and any added padding 8) Deliver the UDP user datagram to the IP software for encapsulation

Checksum calculation at receiver 1) Add the psuedoheader to the UDP user datagram 2) Add padding if needed 3) Divide the total bits into 16 bit sections 4) Add all 16 bit sections using ones complement arithmetic 5) Complement the result 6) If the result is all 0s drop the psuedoheader and any added padding and accept the user datagram else discard the user datagram

Checksum calculation of a simple UDP user datagram

UDP Operations Connectionless Services Flow and Error Control Encapsulation and Decapsulation Queuing Multiplexing and Demultiplexing

Encapsulation Process send message to UDP with pair of socket address and length of data UDP receives and adds UDP header UDP then pass the user datagram to IP with the socket address IP adds its own header using the value 17 in the protocol field Then to datalink layer

Encapsulation and decapsulation

Queues in UDP

Multiplexing and demultiplexing

Use of UDP UDP is suitable for a process that requires simple request response communication with little concern for flow and error control UDP is suitable for a process with internal flow and error control mechanisms(Trivial File Transfer Protocol) UDP is suitable transport protocol for multicasting UDP is used for management process such as SNMP UDP is used for some route updating protocols such as Routing Information Protocol(RIP)

UDP Package Five components Control Block Table Input Queues A control block module An input module An output module

UDP design

Control block table To keep track of the open ports

Control block Module Responsible for management of Control block table When a process starts it ask for a port number from OS. The process pass the process ID, Port number to the control block module to create a entry in the control block table for the process.

Input Module Input module receives a user datagram from the IP. It searches the control block table to find an entry having the same port number as this user datagram. If found enqueue the data If not found generate ICMP message

Output Module Responsible for creating and sending user datagrams

internet administration internet society (isoc) internet architecture board (iab) internet...

Documents

internet administration

internet request

internet draft

internet specification

addresses slide

tcpip slide

historic slide

internet society international