TCP/IP Tutorial and Technical Overview

Core TCP/IP protocols

The Transmission Control Protocol/Internet Protocol (TCP/IP) suite has become the industry-standard method of interconnecting hosts, networks, and the  Internet. As such, it is seen as the engine behind the Internet and networks  worldwide. Although TCP/IP supports a host of applications, both standard and  nonstandard, these applications could not exist without the foundation of a set of  core protocols. Additionally, in order to understand the capability of TCP/IP  applications, an understanding of these core protocols must be realized. With this in mind, Part I begins with providing a background of TCP/IP, the current architecture, standards, and most recent trends. Next, the section  explores the two aspects vital to the IP stack itself. This portion begins with a discussion of the network interfaces most commonly used to allow the protocol suite to interface with the physical network media. This is followed by the protocols that must be implemented in any stack, including protocols belonging  to the IP and transport layers.Part 12 TCP/IP Tutorial and Technical Overview Finally, other standard protocols exist that might not necessarily be required in  every implementation of the TCP/IP protocol suite. However, there are those that can be very useful given certain operational needs of the implementation. Such protocols include IP version 6, quality of service protocols, and wireless IP

Architecture, history, standards, and trends

Today, the Internet and World Wide Web (WWW) are familiar terms to millions of people all over the world. Many people depend on applications enabled by the Internet, such as electronic mail and Web access. In addition, the increase in popularity of business applications places additional emphasis on the Internet.The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is the engine for the Internet and networks worldwide. Its simplicity and power has led to its becoming the single network protocol of choice in the world today. In this chapter, we give an overview of the TCP/IP protocol suite. We discuss how the Internet was formed, how it developed, and how it is likely to develop in the future.

TCP/IP architectural mode

The TCP/IP protocol suite is so named for two of its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP). A less used name for it is the Internet Protocol Suite, which is the phrase used in official Internet standards documents. In this book, we use the more common, shorter term, TCP/IP, to refer to the entire protocol suite

Internetworking

The main design goal of TCP/IP was to build an interconnection of networks, referred to as an internetwork, or internet, that provided universal communication services over heterogeneous physical networks. The clear

benefit of such an internetwork is the enabling of communication between hosts on different networks, perhaps separated by a large geographical area. The words internetwork and internet are simply a contraction of the phrase interconnected network. However, when written with a capital “I”, the Internet refers to the worldwide set of interconnected networks. Therefore, the Internet is an internet, but the reverse does not apply. The Internet is sometimes called the connected Internet. The Internet consists of the following groups of networks: Backbones: Large networks that exist primarily to interconnect other networks. Also known as network access points (NAPs) or Internet Exchange Points (IXPs). Currently, the backbones consist of commercial entities. Regional networks connecting, for example, universities and colleges. Commercial networks providing access to the backbones to subscribers, and networks owned by commercial  rganizations for internal use that also have connections to the Internet. Local networks, such as campus-wide university networks. In most cases, networks are limited in size by the number of users that can belong to the network, by the maximum geographical distance that the network can span, or by the applicability of the network to certain environments. For example, an Ethernet network is inherently limited in terms of geographical size. Therefore, the ability to interconnect a large number of networks in some hierarchical and organized fashion enables the communication of any two hosts belonging to this inter network Figure 1-1 shows two examples of internets. Each consists of two or more   physical networks. Another important aspect of TCP/IP internetworking is the creation of a standardized abstraction of the communication mechanisms provided by each type of network. Each physical network has its own technology-dependent communication interface, in the form of a programming interface that provides basic communication functions (primitives). TCP/IP provides communication services that run between the programming interface of a physical network and user applications. It enables a common interface for these applications, independent of the underlying physical network. The architecture of the physical network is therefore hidden from the user and from the developer of the application. The application need only code to the standardized communication abstraction to be able to function under any type of physical network and operating platform. As is evident in Figure 1-1, to be able to interconnect two networks, we need a computer that is attached to both networks and can forward data packets from one network to the other; such a machine is called a router. The term IP router is also used because the routing function is part of the Internet Protocol portion of the TCP/IP protocol suite (see 1.1.2, “The TCP/IP protocol layersTo be able to identify a host within the internetwork, each host is assigned an address, called the IP address. When a host has multiple network adapters (interfaces), such as with a router, each interface has a unique IP address. The IP address consists of two parts: IP address = <network number><host number> The network number part of the IP address identifies the network within the internet and is assigned by a central authority and is unique throughout the internet. The authority for assigning the host number part of the IP address resides with the organization that controls the network identified by the network number. We describe the addressing scheme in detail in 3.1.1, “IP addressing” on page 68.

1.1.2  The TCP/IP protocol layers

Like most networking software, TCP/IP is modeled in layers. This layered representation leads to the term protocol stack, which refers to the stack of layers in the protocol suite. It can be used for positioning (but not for functionally comparing) the TCP/IP protocol suite against others, such as Systems Network Architecture (SNA) and the Open System Interconnection (OSI) model. Functional comparisons cannot easily be  extracted from this, because there are basic differences in the layered models used by the different protocol suites. By dividing the communication software into layers, the protocol stack allows for division of labor, ease of implementation and code testing, and the ability to develop alternative layer implementations. Layers communicate with those above and below via concise interfaces. In this regard, a layer provides a service for the layer directly above it and makes use of services provided by the layer directly below it. For example, the IP layer provides the ability to transfer data from one host to another without any guarantee to reliable delivery or duplicate suppression. Transport protocols such as TCP make use of this service to provide applications with reliable, in-order, data stream delivery. 

shows how the TCP/IP protocols are modeled in four layers Application layer The application layer is provided by the program that  uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host (there is also a benefit to application communication within a single host). Examples of applications include Telnet and the File Transfer  Protocol (FTP). The interface between the application  and transport layers is defined by port numbers and  sockets, which we describe in more detail in 4.1, “Ports  and sockets” on page 144. Transport layer The transport layer provides the end-to-end data  transfer by delivering data from an application to its  remote peer. Multiple applications can be supported simultaneously. The most-used transport layer  protocol is the Transmission Control Protocol (TCP), which provides connection-oriented reliable data  delivery, duplicate data suppression, congestion control, and flow control. We discuss this in more detail in 4.3, “Transmission Control Protocol (TCP)” on page 149. Another transport layer protocol is the User Datagram Protocol (see 4.2, “User Datagram Protocol (UDP)” on page 146). It provides connectionless, unreliable, Applications Transport Internetwork Network Interface and Hardware Applications TCP/UDP ICMP IP ARP /RARP Network Interface and Hardware ....... 8 TCP/IP Tutorial and Technical Overview best-effort service. As a result, applications using UDP as the transport protocol have to provide their own end-to-end integrity, flow control, and congestion control, if desired. Usually, UDP is used by applications that need a fast transport mechanism and can tolerate the loss of some data. Internetwork layer The internetwork layer, also called the internet layeror the network layer, provides the “virtual network” image of an internet (this layer shields the higher levels from the physical network architecture below it). Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that does not assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level. IP provides a routing function that attempts to deliver  transmitted messages to their destination. We discuss IP in detail in Chapter 3, “Internetworking protocols” on  page 67. A message unit in an IP network is called an IP datagram. This is the basic unit of information  transmitted across TCP/IP networks. Other internetwork-layer protocols are IP, ICMP, IGMP, ARP, and  RARP. Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware. This interface may or may not  provide reliable delivery, and may be packet or stream  oriented. In fact, TCP/IP does not specify any protocol  here, but can use almost any network interface available, which illustrates the flexibility of the IP layer. Examples are IEEE 802.2, X.25 (which is reliable in itself), ATM, FDDI, and even SNA. We discuss some physical networks and interfaces in Chapter 2, “Network interfaces” on page 29. TCP/IP specifications do not describe or standardize standardize ways of accessing those protocols from the internetwork layer.  any network-layer protocols per se; they only A more detailed layering model is included in Figure  Detailed architectural model

TCP/IP applications

The highest-level protocols within the TCP/IP protocol stack are application protocols. They communicate with applications on other internet hosts and are the user-visible interface to the TCP/IP protocol suite. All application protocols have some characteristics in common: They can be user-written applications or  applications standardized and shipped with the TCP/IP product. Indeed, the TCP/IP protocol suite includes

application protocols such as: – Telnet for interactive terminal access to remote internet hosts – File Transfer Protocol (FTP) for high-speed disk-to-disk file transfers – Simple Mail Transfer Protocol (SMTP) as an internet mailing system These are some of the most widely implemented application protocols, but many others exist. Each particular TCP/IP implementation will include a lesser or greater set of application rotocols.

They use either UDP or TCP as a transport mechanism. Remember that UDP is unreliable and offers no   flow-control, so in this case, the application has to provide its own error recovery, flow control, and congestion control functionality. It is often easier to build applications on top of TCP because it is a reliable stream, connection-oriented, congestion-friendly, flow control-enabled protocol. As a result, most application protocols will use TCP, but there are applications built on UDP to achieve better performance through increased protocol efficiencies. Most applications use the client/server model of interaction.

The client/server model

TCP is a peer-to-peer, connection-oriented protocol. There are no master/subordinate relationships. The applications, however, typically use a client/server model for communications, as demonstrated in Figure 1-4.

A server is an application that offers a service to internet users. A client is a requester of a service. An application consists of both a server and a client part, which can run on the same or on different systems. Users usually invoke the client part of the application, which builds a request for a particular service and 

sends it to the server part of the application using TCP/IP as a transport vehicle. The server is a program that receives a request, performs the required service, and sends back the results in a reply. A server can usually deal with multiple requests and multiple requesting clients at the same time. 

The client/server model of applications Most servers wait for requests at a well-known port so that their clients know to which port (and in turn, which application) they must direct their requests. The client typically uses an arbitrary port called an ephemeral port for its communication. Clients that want to communicate with a server that does not use a well-known port must have another mechanism for learning to which port they must address their requests. This mechanism might employ a registration service such as portmap, which does use a well-known port. For detailed information about TCP/IP application protocols, refer to Part 2, “TCP/IP application protocols” on page ...

Bridges, routers, and gateways

There are many ways to provide access to other networks. In an internetwork, this done with routers. In this section, we distinguish between a router, a bridge, and a gateway for allowing remote network access:

Bridge Interconnects LAN segments at the network interface layer level and forwards frames between them. A bridge performs the function of a MAC relay, and is independent of any higher layer protocol (including the logical link protocol). It provides MAC layer protocol conversion, if required. A bridge is said to be transparent to IP. That is, when an IP host sends an IP datagram to another host on a network connected by a bridge, it sends the datagram directly to the host and the datagram “crosses” the bridge without the sending IP host being aware of it. Router Interconnects networks at the internetwork layer level and routes packets between them. The router must understand the addressing structure associated with the networking protocols it supports and take decisions on whether, or how, to forward packets. Routers are able to select the best transmission paths and optimal packet sizes. The basic routing function is implemented in the IP layer of the TCP/IP protocol stack, so any host or workstation running TCP/IP over more than one interface could, in theory and also with most of today's TCP/IP implementations, forward IP datagrams. However, dedicated routers provide much more sophisticated routing than the minimum functions implemented by IP. Because IP provides this basic routing function, the term “IP router,” is often used. Other, older terms for router are “IP gateway,” “Internet gateway,” and “gateway.” The term gateway is now normally used for connections at a higher layer than the internetwork layer. A router is said to be visible to IP. That is, when a host sends an IP datagram to another host on a network connected by a router, it sends the datagram to the router so that it can forward it to the target host.12 TCP/IP Tutorial and Technical Overview Gateway Interconnects networks at higher layers than bridges and  routers. A gateway usually supports address mapping from one network to another, and might also provide transformation of the data between the environments to support end-to-end application connectivity. Gateways typically limit the interconnectivity of two networks to a subset of the application protocols supported on either one. For example, a VM host running TCP/IP can be used

as an SMTP/RSCS mail gateway. A gateway is said to be opaque to IP. That is, a host cannot send an IP datagram through a gateway; it can only send it to a gateway. The higher-level protocol information carried by the datagrams is then passed on by the gateway using whatever networking architecture is used on the other side of the gateway. Closely related to routers and gateways is the concept of a firewall, or firewall gateway, which is used to restrict access from the Internet or some untrusted network to a network or group of networks controlled by an organization for security reasons. See 22.3, “Firewalls” on page 794 for more information about  firewalls.

The roots of the Internet

Networks have become a fundamental, if not the most important, part of today's information systems. They form the backbone for information sharing in enterprises, governmental groups, and scientific groups. That information can take several forms. It can be notes and documents, data to be processed by another computer, files sent to colleagues, and multimedia data streams. A number of networks were installed in the late 1960s and 1970s, when network design was the “state of the art” topic of computer research and sophisticated implementers. It resulted in multiple networking models such as packet-switching technology, collision-detection local area networks, hierarchical networks, and many other excellent communications technologies. The result of all this great know-how was that any group of users could find a physical network and an architectural model suitable for their specific needs. This ranges from inexpensive asynchronous lines with no other error recovery  Note: The term “gateway,” when used in this sense, is not synonymous with “IP gateway.” Chapter 1. Architecture, history, standards, and trends  13 than a bit-per-bit parity function, through full-function wide area networks (public or private) with reliable protocols such as public packet-switching networks or private SNA networks, to high-speed but limited-distance local area networks. The down side of the development of such heterogeneous protocol suites is the rather painful situation where one group of users wants to extend its information system to another group of users who have implemented a different network technology and different networking protocols. As a result, even if they could agree on some network technology to physically interconnect the two environments, their applications (such as mailing systems) would still not be able to communicate with each other because of different application protocols and interfaces. This situation was recognized in the early 1970s by a group of U.S. researchers funded by the Defense Advanced Research Projects Agency (DARPA). Their work addressed internetworking, or the interconnection of networks. Other official organizations became involved in this area, such as ITU-T (formerly CCITT) and ISO. The main goal was to define a set of protocols, detailed in a well-defined suite, so that applications would be able to communicate with other applications, regardless of the underlying network technology or the operating systems where those applications run. The official organization of these researchers was the ARPANET Network Working Group, which had its last general meeting in October 1971. DARPA continued its research for an internetworking protocol suite, from the early Network Control Program (NCP) host-to-host protocol to the TCP/IP protocol suite, which took its current form around 1978. At that time, DARPA was well known for its pioneering of packet-switching over radio networks and satellite channels. The first real implementations of the Internet were found around 1980 when DARPA started converting the machines of its research network (ARPANET) to use the new TCP/IP protocols. In 1983, the transition was completed and DARPA demanded that all computers willing to connect to its ARPANET use TCP/IP. DARPA also contracted Bolt, Beranek, and Newman (BBN) to develop an implementation of the TCP/IP protocols for Berkeley UNIX® on the VAX and funded the University of California at Berkeley to distribute the code free of charge with their UNIX operating system. The first release of the Berkeley Software Distribution (BSD) to include the TCP/IP protocol set was made available in 1983
(4.2BSD). From that point on, TCP/IP spread rapidly among universities and research centers and has become the standard communications subsystem for all UNIX connectivity. The second release (4.3BSD) was distributed in 1986, with updates in 1988 (4.3BSD Tahoe) and 1990 (4.3BSD Reno). 4.4BSD was released in 1993. Due to funding constraints, 4.4BSD was 14 TCP/IP Tutorial and Technical Overview the last release of the BSD by the Computer Systems Research Group of the University of California at Berkeley. As TCP/IP internetworking spread rapidly, new wide area networks were created in the U.S. and connected to ARPANET. In turn, other networks in the rest of the world, not necessarily based on the TCP/IP protocols, were added to the set of interconnected networks. The result is what is described as the Internet. We describe some examples of the different networks that have played key roles in this development in the next sections

1.2.1  ARPANET

Sometimes referred to as the “grand-daddy of packet networks,” the ARPANET was built by DARPA (which was called ARPA at that time) in the late 1960s to  accommodate research equipment on packet-switching technology and to allow  resource sharing for the Department of Defense's contractors. The network  interconnected research centers, some military bases, and government locations. It soon became popular with researchers for collaboration through  electronic mail and other services. It was developed into a research utility run by the Defense Communications Agency (DCA) by the end of 1975 and split in 1983 into MILNET for interconnection of military sites and ARPANET for interconnection of research sites. This formed the beginning of the “capital I” Internet.In 1974, the ARPANET was based on 56 Kbps leased lines that interconnected packet-switching nodes (PSN) scattered across the continental U.S. and western Europe. These were minicomputers running a protocol known as 1822 (after the number of a report describing it) and dedicated to the packet-switching task. Each PSN had at least two connections to other PSNs (to allow alternate routing in case of circuit failure) and up to 22 ports for user computer (host) connections. These 1822 systems offered reliable, flow-controlled delivery of a packet to a destination node. This is the reason why the original NCP protocol was a rather simple protocol. It was replaced by the TCP/IP protocols, which do not assume the reliability of the underlying network hardware and can be used on other-than-1822 networks. This 1822 protocol did not become an industry standard, so DARPA decided later to replace the 1822 packet switching technology with the CCITT X.25 standard.Data traffic rapidly exceeded the capacity of the 56 Kbps lines that made up the network, which were no longer able to support the necessary throughput. Today the ARPANET has been replaced by new technologies in its role of backbone on the research side of the connected Internet (see NSFNET later in this chapter), while MILNET continues to form the backbone of the military side.

1.2.2  NSFNET

NSFNET, the National Science Foundation (NSF) Network, is a three-level internetwork in the United States consisting of:  The backbone: A network that connects separately administered and  operated mid-level networks and NSF-funded supercomputer centers. The backbone also has transcontinental links to other networks such as EBONE, the European IP backbone network. Mid-level networks: Three kinds of networks (regional, discipline-based, and supercomputer consortium networks). Campus networks: Whether academic or commercial, connected to the mid-level networks.Over the years, the NSF upgraded its backbone to meet the increasing demands of its clients: First backbone: Originally established by the NSF as a communications network for researchers and scientists to access the NSF supercomputers, the first NSFNET backbone used six DEC LSI/11 microcomputers as packet switches, interconnected by 56 Kbps leased lines. A primary interconnection between the NSFNET backbone and the ARPANET existed at Carnegie Mellon, which allowed routing of datagrams between users connected to each of those networks.

Second backbone: The need for a new backbone appeared in 1987, when the first one became overloaded within a few months (estimated growth at that time was 100% per year). The NSF and MERIT, Inc., a computer network consortium of eight state-supported universities in Michigan, agreed to develop and manage a new, higher-speed backbone with greater transmission and switching capacities. To manage it, they defined the Information Services (IS), which is comprised of an Information Center and a Technical Support Group. The Information Center is responsible for information dissemination, information resource anagement, and electronic communication. The Technical Support Group provides support directly to the field. The purpose of this is to provide an integrated information system with easy-to-use-and-manage interfaces accessible from any point in the network supported by a full set of training services.Merit and NSF conducted this project in partnership with IBM and MCI. IBM provided the software, packet-switching, and network-management equipment, while MCI provided the long-distance transport facilities. Installed in 1988, the new network initially used 448 Kbps leased circuits to interconnect 13 nodal switching systems (NSSs), supplied by IBM. Each NSS was composed of nine IBM RISC systems (running an IBM version of 4.3BSD UNIX) loosely coupled by two IBM token-ring networks (for redundancy). One 16 TCP/IP Tutorial and Technical Overview Integrated Digital Network Exchange (IDNX) supplied by IBM was installed at each of the 13 locations, to provide:– Dynamic alternate routing – Dynamic bandwidth allocation  Third backbone: In 1989, the NSFNET backbone circuits topology was  reconfigured after traffic measurements and the speed of the leased lines increased to T1 (1.544 Mbps) using primarily fiber optics.Due to the constantly increasing need for improved packet switching and  transmission capacities, three NSSs were added to the backbone and the link  speed was upgraded. The migration of the NSFNET backbone from T1 to T3 (45 Mbps) was ompleted in late 1992. The subsequent migration to gigabit levels has already started and is continuing today.In April 1995, the U.S. government discontinued its funding of NSFNET. This was, in part, a reaction to growing commercial use of the network. About the same time, NSFNET gradually migrated the main backbone traffic in the U.S. to commercial network service providers, and NSFNET reverted to being a network for the research community. The main backbone network is now run in  cooperation with MCI and is known as the vBNS (very high speed Backbone  Network Service). NSFNET has played a key role in the development of the Internet. However, any other networks have also played their part and also make up a part of the Internet today.