Read an Excerpt
Day 3: The TCP/IP Layer Model and the Core Protocols of the TCP/IP Suite
Today's material can be split into two separate sections: the TCP/IP layer model and the core protocols of the TCP/IP protocol suite. First you will compare the TCP/IP layer model to the OSI model so you can determine how TCP/IP varies from the OSI layer model. You then will examine the protocols used at each IP layer. The following protocols are discussed:
- Address Resolution Protocol (ARP)
- Internet Protocol (IP)
- Internet Control Message Protocol (ICMP)
- Internet Gateway Message Protocol (IGMP)
- Transmission Control Protocol (TCP)
- Universal Datagram Protocol (UDP)
The TCP/IP Layer Model
The TCP/IP layer model is based on a four-layered network (see Figure 3.1).
FIGURE 3.1. The TCP/IP four-layer model.
Within the four layers, specific boundaries are observed. In the Network Interface layer, only physical MAC addresses are used for address resolution. Even when an interface does not have a physical addressas is the case with a modema logical physical address is used. Modems are commonly used to connect to networks, yet they do not have a physical MAC address. When a modem connects to the network, a logical address is assigned to the modem so communication can take place.
In the Internet layer, logical IP addresses are mapped to the physical MAC addresses. Each host in a TCP/IPinternetwork is assigned a unique IP address. This address identifies hosts and identifies the subnetwork on which a host resides.
All protocols used in the transport and Internet layers are provided by the operating system. Applications do not have to provide their own transport or internetworking protocols. This makes it easier for applications to be deployed on different operating systems. The application only has to interface with either TCP or UDP as a transport protocol.
All protocols and software used in the application layer are application dependent. You can switch the underlying protocols, and many of the applications will continue to operate. You can, for example, use the Microsoft TCP/IP stack on your Windows 95 client and use an FTP client. You can just as easily replace the TCP/IP stack with the Net Chameleon IP stack. Your application will still operate in this environment because the FTP software functions beyond the operating system. It interfaces with whatever TCP/IP protocol stack is used. This concept is known as boundary layers. A new protocol at any of the four layers of the TCP/IP model only needs to interact with the layer immediately above or below the level in which it functions.
The following sections go into more detail about the processes completed in each layer of the TCP/IP layer model.
The Network Interface Layer
The network layer merges outgoing frames on the wire and pulls incoming frames off the wire. The format used by these frames depends on the network topology implemented. P The network layer adds a preamble at the beginning of the frame and adds a cyclical redundancy check (CRC) to ensure that the data is not corrupted in transit. When the frame arrives at the destination, the CRC value is recalculated to determine whether the data has been corrupted in transit. If the frame arrives intact, it is passed up the network layer model. If the frame is corrupted, it is discarded at this point.
ISSUES WITH FRAME TYPES
On a single network segment, all hosts must use the same frame type for communication to occur. Multiple frame types can be run on a single network segment, but only hosts with same frame types can actually communicate.
The Internet Layer
The Internet layer provides three primary functions: addressing, packaging, and routing. The Internet Protocol (IP) resides in this layer of the TCP/IP protocol layer suite. IP provides connectionless, non-guaranteed delivery of information. This means the IP protocol does not perform any checks or measures to make sure the information has been received successfully by the destination host. Packets could be lost or could arrive out of order.
When information arrives from the transport layer, the IP protocol adds a header to the information. The header includes the following information:
- Source IP address. This is the IP address assigned to the sending host.
- Destination IP address. This is the IP address assigned to the target host.
- Transport protocol. The protocol used by the transport layer is stored within the IP header. This way, when the datagram arrives at the host system, the Internet layer knows whether to transfer the datagram using the TCP or UDP protocols.
- Checksum. This ensures that the data arriving at this layer has not been corrupted in transit.
- Time-to-live (TTL). Each time the datagram crosses a router, the TTL is decreased by a value of at least one. When the TTL reaches a value of zero, the datagram is dropped from the network.
The Internet Layer also determines how to route a datagram to a destination host. If it is determined that the destination IP host is on the same network segment, the datagram is sent directly to the target host. If IP determines that the destination host is located on a remote network segment, IP uses the source host's routing table to determine the best route to reach the network on which the remote host is located. If there is not an explicit route in the routing table, the source host uses its default gateway to send the datagram to the remote host.
The default gateway is the preferred router a host uses to route traffic to remote network segments.
Other processes that occur in the Internet layer are fragmentation and reassembly. Sometimes, when information is transferred between network segments, the network segments might not use the same network topology. The recipient's network topology cannot work with the same datagram size as the sending host's network. In this case, IP breaks data into smaller pieces. When the data is received at the destination host, the smaller pieces are re-assembled into the original data packet. When the data is broken up, the following information is appended in each separate packet:
- Flag. The fragment flag bit in the IP header of each packet fragment is set to designate that the data has been fragmented. On the last packet fragment, the flag bit is not set because no more fragments follow.
- Fragment ID. When a datagram is broken into smaller pieces, the fragment ID identifies all the pieces of the original datagram. This information is used by the client to reassemble the datagram.
- Fragment offset. When the smaller pieces are reassembled into a single datagram, the fragment offset determines the order in which the fragments should be reassembled.
The Transport Layer
The transport layer provides end-to-end communication between hosts using ports. The following two protocols are provided in the TCP/IP layer model to transport data:
Transmission Control Protocol (TCP)
Universal Datagram Protocol (UDP)
TCP provides connection-oriented communication on a TCP/IP network. When two hosts communicate using the TCP protocol, a session must be established between the two hosts. This is so each host can determine the next sequence number the other host will be using. A TCP connection provides a level of reliability. Transmissions use sequence numbers and acknowledgments to make sure the destination host successfully receives the data. If a destination host does not receive a specific segment, it can request that the source host resend the packet (see Figure 3.2).
FIGURE 3.2. TCP uses sequence numbers to ensure delivery.
In Figure 3.2, the host on the left has segmented a data package into five segments. It sends segments 1 and 2 to the host on the right. When the host on the right receives the fragments, it acknowledges their receipt. The host on the left then sends the next two fragments (fragments 3 and 4). For whatever reason, the host on the right receives only the third fragment. When it sends the acknowledgment, it only acknowledges the receipt of fragment 3. The host on the left resends fragment 4 and also sends fragment 5. Upon receipt, the receiving host acknowledges both fragments. Now it can reassemble the data into its original format. The TCP protocol is covered in depth on Day 5. Topics discussed include the TCP three-way handshake and the use of sliding windows in TCP data transmissions.
A UDP protocol provides connection-less service. It is not guaranteed that the destination host will receive the information. Applications that use UDP are on their own to make sure data is successfully delivered to the recipient host. The only protection you have in a UDP packet is that there is a checksum value within its header. The checksum makes sure the data was not corrupted in transit.
A common analogy used when comparing the TCP and UDP protocols is the post office versus a courier service. The post office is much like the UDP protocol. When you place a letter to your friend in the mailbox, it is not guaranteed that the mail will get to them. Most of the time it reaches them successfully. When you must make sure that a business associate receives a package, however, you are not going to use a typical mail service. Instead, you use a courier service to make sure the business associate receives the package in a predetermined amount of time. Along the way, you can check the progress of the package. When the business associate receives the package, he acknowledges its receipt by signing for the package.
Just as it costs more to use a courier service rather than the post office, there is additional cost on the network when using the TCP protocol. Periodically, the recipient host must send an acknowledgment that it has received the last transmissions successfully. The sending host often waits for an acknowledgment before it continues to send data.
You, as a network administrator, do not have a choice which transport protocol to implement. This is determined by the higher-level application using the transport protocol. Many applications use TCP so they do not have to provide reliable data transport. The TCP protocol can handle reliable transmission of data using sequence numbers and acknowledgments. An application that uses UDP has to ensure reliability on its own.
The Application Layer
Network-based applications function on the application layer in the TCP/IP layer model. Network-based applications refers to applications that connect to or communicate with remote network hosts. Network applications that run on a TCP/IP network generally fit into one of two categories: ... FIGURE 3.7. The ICMP packet structure....