Add Book to My BookshelfPurchase This Book Online

Chapter 2 - TCP/IP Communications

Cisco TCP/IP Routing Professional Reference
Chris Lewis
  Copyright © 1999 The McGraw-Hill Companies, Inc.

What Is TCP/IP?
TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of network protocols. TCP and IP are only two of the protocols within this suite; they are, however, two of the most important. A protocol specification is comparable to a language. As with any spoken language, there are rules regarding the meaning of certain sounds, and which words signal the beginning or ending of a conversation.
TCP/IP is a set of rules that can be considered computer language, equivalent in human terms to English or French. Just as a human who speaks only English and a human who speaks only French will find it difficult to have a meaningful conversation, so a computer that speaks only TCP/IP will have difficulty exchanging information with a computer that speaks only Novell's IPX.
With TCP/IP enabled, computers using dissimilar operating systems are able to exchange data in an orderly fashion.
The most commonly quoted model for describing data communications is the Open Systems Interconnection (OSI) model. This seven-layer model was defined for the OSI set of protocols and gives us a framework for examining the roles and responsibilities of each protocol within the TCP/IP suite. Throughout the remainder of this book, protocols will be referred to as belonging to a specific OSI model layer, such as layer 2 or layer 3. The following gives a brief definition of the OSI model and then compares it to the Department of Defense four-layer data communications model that originally was used to classify protocols within the TCP/IP protocol suite. In order for you to communicate effectively with network engineers, you need at least a basic understanding of this OSI model.
The OSI Data Communications Model
The OSI Reference Model provides a model for computer networking. The OSI Reference Model was defined by the International Standards Organization (ISO) and consists of seven layers. Each layer has a task to perform. The layers are: Application, Presentation, Session, Transport, Network, Data Link, and Physical. The layers from Application through Network generally are implemented in software. The Data Link and Physical layers are implemented with both hardware and software. Table 2.1 outlines the responsibilities of these seven layers.
Table 2.1: OSI Reference Model Layer Definitions
Layer
Description
Layer 7: Application layer
The Application layer consists of application programs and the user interface. It is through features in this layer that all exchange of meaningful information occurs between users.
Layer 6: Presentation layer
The Presentation layer defines the representation of data, so that data is exchanged in an understandable format.
Layer 5: Session layer
The Session layer sets up and terminates communications on the network. It also manages the dialogue between users and systems. It is at this level that user and machine names are interpreted.
Layer 4: Transport layer
The Transport layer controls the quality and reliability of the data transmission. Packets are sequenced and acknowledged at this layer. An example of a layer 4 protocol is TCP.
Layer 3: Network layer
The Network layer routes data through the network. It allowsany properly configured pair of nodes on an internetwork to communicate. The Network layer calculates routes and controls congestion. An example of a layer 3 protocol is NetWare's IPX.
Layer 2: Data Link layer
The Data Link layer packages and unpackages data for transmission across a single link. It deals with data corruption (through checksumming) and coordination of shared media. An example of a layer 2 protocol is Ethernet.
Layer 1: Physical layer
The Physical layer establishes the physical connection betweena computer and the network. It also controls the transmission of information and specifies the mechanical and electrical characteristics of the protocol in terms of connector size, pin assignments, and voltage levels. An example of a layer 1 protocol is RS-232.
The concept behind this model of network computer communication is that, at the Application layer, an application will want to send some data to another application residing on another machine on the network. An example may be a workstation mail program wishing to send mail to another user via a mail server. The workstation mail application has to take the text of the message to be sent and package it in some way with an address of its destination. This information must somehow be encoded into electrical signals representing binary 1s and  0s that can be transmitted over a network cable.
In this example, the application at layer 7 will define what text has to be sent. To reach its destination on another machine, the message must descend through the layers of this model, through software layers, through the network card and cable hardware, across a network cable of some kind, and ascend through the corresponding layers on the destination machine to the destination application.
As the message descends through the layers, it looks less like human language and more like the 1s and 0s that a computer understands.
The terminology used by the ISO to describe this process is as precise and as abstract as one would expect of a large international committee. It will be used in this example for the sake of clarification.
The two key ideas to absorb from the following discussion are that each layer will only "talk" to its corresponding layer on another machine, and each layer encapsulates information from the layer above as the message descends through the layers for transmission.
The message that each layer on the sending machine will send to its corresponding layer on the receiving machine is termed a Protocol Data Unit (PDU). The message that passes between layers on the same machine is called a Service Data Unit (SDU). To make it clear about which type of data unit we are talking, each PDU and SDU has a prefix attached. For example, referring to Fig. 2-1, consider the Transport layer sending a Transport PDU from the sending to the receiving machine. To get the TPDU from the sending to the receiving machine, the sending machine's Transport layer sends a Network SDU to its Network layer. The Network layer passes an LSDU to the Data Link layer, which passes a PhSDU to the Physical layer for transmission on to the network cable.
At the receiving machine, the process is reversed, until the Network layer sends a Network SDU to the Transport layer, at which point we can say that the receiving machine's Transport layer has received a TPDU from the sending machine.
An important concept about this layered model is that as the information passes down through the layers, the software responsible for each layer will add its own header information. This concept is referred to as encapsulation; each layer is said to encapsulate the information from a higher layer.
Figure 2-1: Units of communication described in the OSI data communications model
Consider Fig. 2-2. Using the example of a mail message, "Hello Fred," that is sent from the sending machine to the receiving machine, we can describe the communications process as follows:
Figure 2-2: Encapsulation through the layers of the OSI model
The "Hello Fred" message, along with other Application data, will be delivered to the layer 6 protocol as a PSDU. The layer 6 protocol adds its header information and passes an SSDU down to the layer 5 protocol. The layer 5 protocol cannot interpret the layer 6 header or anything else in the SSDU, and treats all of the SSDU as user data. To pass a TSDU to the layer 4 protocol (the Transport layer), the layer 5 protocol adds a layer 5 header in front of the SSDU, and this process continues until a PhSDU is given to the Physical layer, where binary 1s and 0s are converted into electrical signals for transmission over the network media.
At the receiving machine, the electrical signals are translated into 1s and 0s by the Physical layer, and the layer 2 (Data Link) protocol interprets these 1s and 0s as frames, removes the layer 2 header generated by the sending machine's layer 2 protocol, and passes an LSDU up to its Network layer. Again, this process of each layer removing its own header and passing the information upwards continues until "Hello Fred" and the other Application data are delivered to the receiving machine's Application layer.
The ISO designed protocols for all layers in this model. These protocols, however, have not become as widely quoted or used as the model that defines their operation. The main reason for this is that the TCP/IP protocol suite was already defined, in widespread use, and proven to work well in many environments.
Next we look at how the Department of Defense in the United States defined a model for computer communications and implemented this model with the TCP/IP protocol suite.
Department of Defense Model
The Department of Defense (DoD) has defined a four-layer networking model. Each layer of this model consists of a number of protocols that are collectively referred to as the TCP/IP protocol suite.
The specifications for each protocol within the TCP/IP suite are defined within one or more Requests for Comments (RFC). The RFCs are submitted by various Internet users who are proposing new protocols, suggesting improvements of existing protocols, or even offering comments on the state of the network. These documents are online on various systems on the Internet, and are available to anyone.
Table 2.2 shows the DoD's four-layer model. You can see that the layers of the DoD model do not precisely match those of the OSI model. For example, in DoD terms IP is a layer 2 protocol, whereas in OSI terms it is a layer 3 protocol. Throughout the rest of this book, when a protocol function is referred to as belonging to a particular layer, it is the OSI layer definition that is used.
Table 2.2 : The DoD Data Communications Model
Layer
Description
Layer 4: Application layer
The Application layer consists of application programs and serves as the window, or network interface. It is through this window that all exchange of meaningful information occurs between communication users. Examples includes Telnet and SMTP.
Layer 3: Host-to-Host Transport layer
Provides end-to-end data delivery services. The
protocols at this layer are TCP and UDP.
Layer 2: Internet layer
Defines the datagram or frame format and handles
routing data through an internetwork. Examples
include IP and ICMP.
Layer 1: Network Access layer
Defines how to access a specific network topology such as Ethernet or Token-Ring.
Application Layer.     Several protocols make up the Application layer of the TCP/IP suite. This layer of the TCP/IP protocol suite corresponds roughly to the Application, Presentation, and Session layers of OSI Reference Model. The protocols implemented at the Application layer are:
  Telnet  This a terminal emulation service that provides remote login over the network.
  FTP  File Transfer Protocol is used for interactive file transfer.
  NFS  The Network File System allows directories on a host computer to be shared by other machines on the network.
Each application normally requires two separate programs: a client program and a server program (often referred to as a daemon).
The daemon program runs in the background on the host server and may start when the system starts. More often, daemon programs are started by the INETD process, which starts and stops these programs as required by the system. A user, on the other hand, executes the client program to gain access to the server.
As we shall see, some Application layer protocols use different Transport layer protocols; for example, Telnet and SMTP rely on TCP, whereas RIP and DNS rely on UDP.
Host-to-Host Transport Layer.     The Host-to-Host Transport layer is often referred to simply as the Transport layer; for convenience, I will do this also. This layer is responsible for delivering packets between the Internet layer and an application. An important concept in the world of TCP/IP communications is that of port numbers (sometimes referred to as socket numbers). Each application running in the computer will be given a unique port number at the Transport layer.
This can be thought of as the application's address within the host machine. The most common port numbers assigned can be viewed on any Unix machine in the /etc/services file. This file lists common applications, and which Transport layer protocol and port number each application uses.
  The network guarantees that all packets sent will be delivered in the correct order, without loss or duplication. If this is not possible, the network will terminate the call.
  If a network becomes overly busy, future call requests are refused in order to preserve the integrity of existing calls.
Thus it is not possible to send a broadcast packet using a connection-oriented protocol. By definition, a broadcast packet is sent to multiple hosts on the same network. The first thing a connection-oriented protocol tries to do is contact the intended destination machine and see if it will accept new calls. In a properly designed network addressing scheme, no computer will claim to own a broadcast address.
The second type of protocol at the Transport layer is a connectionless protocol, which in the case of TCP/IP is the User Datagram Protocol (UDP). A connectionless protocol transmits its data onto the network with a destination address, and assumes that it will get there. This is similar to using the postal service. The network does its best to deliver the data intact and in the correct order, but if multiple paths exist between sender and receiver, out-of-sequence packet delivery is likely. Connectionless protocols assume that the application running in the Application layer takes care of these things.
The choice of using a connection-oriented or a connectionless protocol is not always as straightforward as it might seem. A connection-oriented protocol may seem attractive because of the guarantees it gives, but often the overhead (particularly in terms of packet acknowledgment) can make certain system implementations impossible. It is generally an application developer issue and will not be discussed further here.
Transmission Control Protocol (TCP).     The Transmission Control Protocol is the DoD's connection-oriented Transport layer protocol and provides a reliable connection for data exchange between different hosts. With this protocol, all packets are sequenced and acknowledged, and a virtual circuit is established for communications. Upper-level applications using TCP include the following:
  Virtual Terminal Protocol (Telnet)
  File Transfer Protocol (FTP)
  Simple Mail Transfer Protocol (SMTP)
TCP provides reliability through the use of acknowledgments with retransmission. The idea of an acknowledgment is that the receiving machine has to reply to the sending machine that the message sent was received intact. If an acknowledgment is not received, the sending machine will assume that the message was not received and will retransmit it.
If the receiving machine had to reply to every packet, the result would be a lot of overhead on the network (assuming that most packets get through in a well-designed network). To reduce overhead, TCP employs a concept called windowing.
The window size advertised by a receiving machine tells the sending machine how many bytes it can accept—essentially how much space is available in its receive buffer. The sending machine uses the window size to determine how much data can be sent before it must receive another acknowledgment. If an acknowledgment is not received within the specified window size, retransmission occurs beginning with the last acknowledged data. Typically, if the receiving machine's receive buffer is getting full, it will advertise a decreasing window size to slow the rate of incoming traffic. If a window size of zero is advertised, the sender will not send any further data until it receives an acknowledgment with a nonzero window value.
The window size normally is determined by an algorithm coded into the TCP protocol stack, and varies according to the characteristics of the host machines and network in use.
To establish a TCP connection, a three-step handshake is exchanged between sender and receiver to establish a dialogue before data is transmitted. This process is illustrated in Fig. 2-3.
Figure 2-3: The TCP three-way handshake to initiate a connection
To initiate communications, the sending machine transmits a Synchronize Sequence Numbers (SYN) packet to the receiving machine, to inform the receiving machine that a new connection is requested and to state which number will be used as the starting point for numbering the messages sent. These sequence numbers are used to ensure that packets received are processed in the order sent. For the process to continue, the receiving machine must acknowledge this SYN packet and tell the sender the sequence number at which it will start sending data. This is achieved by the receiving machine returning a SYN ACK packet to the sending machine. Finally, the sending machine sends an acknowledgment of the information sent by the receiving machine and sends the first data.
This process provides proof positive, before any message transmission occurs, that the receiving machine is alive and ready to receive data. To close the connection, a similar three-step handshake is exchanged, using the FIN packet.
TCP views the data sent as a continuous stream of information. Fragmenting information into discrete packets to be sent over a network is the responsibility of the DoD Internet layer.
User Datagram Protocol (UDP).     The User Datagram Protocol provides unreliable, connectionless delivery service. It lets the upper-level applications send sections of messages, or datagrams, without the overhead involved in acknowledging packets and maintaining a virtual connection. The one similarity between TCP and UDP is that UDP also uses port numbers to identify applications running in the sending and receiving machines.
With UDP you have no way of knowing whether or when the message arrives at its destination, or the order in which messages sent are received. Because there are no acknowledgments or three-step handshakes to begin data transmission with UDP, it is possible to use this protocol for broadcast messages that are sent to all hosts on a network.
Upper-level applications using UDP include the following:
  Trivial File Transfer Protocol (TFTP)
  Network File System (NFS)
  Broadcasts
Internet Layer.     The Internet Protocol (IP) is the most important protocol of the Internet layer. All traffic, incoming and outgoing, goes through IP. The primary purpose of the Internet layer is to route packets between different hosts, which is accomplished by the addressing scheme of IP. The Internet layer consists of four protocols, as shown in Table 2.3.
Internet Protocol (IP).     IP is a connectionless protocol and does not guarantee delivery of packets across a network. IP relies on higher-layer protocols either in the Transport or Application layers to provide connection-oriented service if necessary. (In some older implementations, the Data Link layer is used; see the section on X.25 and LAPB in Chap. 6.) The IP header contains many fields, the most important of which are the Source Address, Destination Address, and Time To Live. The format of IP addresses is explained later in this chapter.
Table 2.3 : DoD Model Internet Layer Protocols
Protocol
Description
Internet Protocol
The Internet Protocol (IP) provides datagram service between hosts. It is responsible for addressing packets, packet routing, fragmentation, and reassembly, and moving data between the Transport and Network Access layers.
Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) lets routers and hosts send error or control messages to other routers or hosts.
Address Resolution Protocol
The Address Resolution Protocol (ARP) translates a host's software address to a hardware address.
Reverse Address Resolution Protocol
The Reverse Address Resolution Protocol (RARP) determines a software address from a hardware address. Diskless workstations often use this proto-col when booting up, to find out what their IP address will be. DHCP, which is a superset of BOOTP, is more commonly deployed than RARP for this functionality these days.
Delivering a packet from one machine on the internetwork to another is handled by IP. Based on the network depicted in Fig. 2-4, we can examine the difference in IP operation when an application on PC1 needs to send data first to PC2, and then to PC3.
Figure 2-4: Delivering packets on the same segment and across routers
In the first instance, where PC1 needs to send to PC2, examination of the destination address tells IP that the destination is on the same network number. In this case, the packet is sent directly to PC2. In the case in which  PC1 needs to send a packet to PC3, examination of the destination address tells IP on PC1 that PC3 is on a different network. In this case, PC1 will examine its configuration and send the packet to its default gateway for routing to the final destination. The terms gateway and router are interchangeable in most TCP/IP documentation. A gateway or router (however one refers to it) is responsible for routing packets between different physical networks.
The Time To Live field is used to ensure that a packet caught in a routing loop (i.e., a packet circulating between routers and never reaching a destination) does not stay in the internetwork forever. Each time a packet travels through a router, its Time To Live field is reduced by one. If this value reaches zero, a router will discard the packet. Different routing protocols have different initial values for the Time To Live field. The initial value for the TTL field is usually 255. However, some IP stacks implement a value of 64. We will revisit this issue in Chapter 4.
ICMP.     The Internet Control Message Protocol performs four main functions, which are:
  Flow control  When a receiving machine is too busy to accept the incoming stream of data from a sending machine, it sends a Source Quench Message to temporarily stop the stream of data.
  Unreachable destination alerts  If a machine on the network detects that a destination is unreachable, either because the destination address does not match an operating machine on the network, or due to a link failure, it will send a Destination Unreachable message to the sending machine.
  Redirecting routes  A gateway sends an ICMP redirect message to tell a sending machine to use another gateway. Consider an example in which a gateway receives from a sending machine a packet that is destined for a given network. If the gateway knows that the destination network can be reached more efficiently by the sending machine using a different gateway, it will tell the sending machine so, by issuing an ICMP redirect.
  Checking remote hosts  ICMP echo messages are used to check the physical connectivity of machines on an internetwork. The ICMP echo packet is more commonly known as a ping packet.
ARP and RARP.     Spanning the Internet and Network Access layers are two protocols, the Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP). ARP is an Internet protocol used to associate an IP address to a physical address, typically Ethernet or Token-Ring 802.2 MAC addresses. (MAC addresses are discussed more fully in Chap. 3.) Each IP device on the network maintains an address resolution table. This table maps MAC addresses to IP addresses. When a computer that uses IP for network communication wants to deliver a message to another computer on the same network segment, the MAC address is responsible for getting the packet to the correct workstation.
RARP is used to supply an IP address to a diskless workstation at boot time. A diskless workstation will know its MAC address, and will request an IP address at boot time from a RARP server via a broadcast.
Network Access Layer.     The Network Access layer relates the Internet software layer to the hardware that carries the data, and it is the lowest layer in the DoD data communications model. The key point to understand is that network numbers are not understood at this layer; the addresses used at the Network Access layer have significance only for the network segment on which the packet is transmitted. The addresses at the Network Access layer do not traverse a router.
Unlike the other layers in the DoD model, the Network Access layer must know the details of the underlying network so that packets can be formed correctly and sent across the physical network in place.
The functions performed at this layer include forming network packets and using MAC addresses to deliver packets on a network segment. It is here that the protocols define those electrical and mechanical specifications of communication that allow a packet to be transported on a given network.
By means of a Frame Check Sequence (FCS), this layer ensures that packets that have been subjected to interference during transmission are not accepted at their layer 2 destination. The FCS is calculated by the sending machine and attached to the message sent. The receiving machine performs the same calculation and assumes that, if its FCS matches that received with the packet, that packet is okay. If the FCS values do not match, the packet is discarded. Typically, at this layer protocols do not re-request the transmission of damaged and discarded frames. (An exception is X.25's LAPB protocol, discussed in Chap. 6.)
The Network Access layer specifies the physical (hardware) medium for data transmission. The Institute of Electrical and Electronics Engineers (IEEE) Project 802 established standards that define interface and protocol specifications for various network topologies.
The people on Project 802 split the OSI Data Link layer in two. Project 802 created the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer. The LLC sublayer defines how a receiving machine discards damaged packets. The MAC sublayer handles issues of supplying globally unique hardware addresses to device interfaces.The following sections list MAC specifications defined by the 802 committees. Each of these MAC standards defines a unique packet (or frame) format.
802.3 (Ethernet).     The following Ethernet protocols use a bus topology and the media types listed:
  10Base5Thick Ethernet, 50-? coaxial, 10 Mbps
  10Base2Thin Ethernet, 50-? coaxial, 10 Mbps
  1Base5Twisted-pair, 1 Mbps
  10Base-TTwisted-pair, 10 Mbps
802.4 (Token Bus).     Common token bus protocols include the following:
  Carrierband 1 Mbps, phase continuous, FSK, 75-? coaxial
  Carrierband 5-10 Mbps, phase coherent, FSK, 75-? coaxial
  Broadband 1, 5, 10 Mbps, multilevel, duobinary, AM/PSK, 75-? coaxial
802.5 (Token Ring).     Token ring networks (such as IBM's Token-Ring) use the following protocols:
  1 Mbps, shielded twisted-pair (IEEE)
  4 Mbps, shielded twisted-pair (IEEE)
  16 Mbps, shielded twisted-pair (IBM)
  16 Mbps, early token release (IBM)

 


 
Books24x7.com, Inc © 2000 –  Feedback