Tcpip

Ethernet Token Ring EthernetRouterRouter

Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation

RouterRouter

Wor

ds

123456

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Control Bits

Source Port Destination PortSequence Number

Acknowledgement Number

Options

Offset ReservedUrgent Pointer

Padding

WindowChecksum

Data begins here ...

Wor

ds

123456

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Version Total LengthIdentification

Time-to-live

Options

Flag

Destination AddressPadding

Source AddressHeader Checksum


IHL Type of ServiceFragment Offset

Protocol

4/4/2002 [email protected]

Table of Contents I

Table of Contents:

Introduction.............................................................................................1

Telematics ...............................................................................................................1 Data-communication................................................................................................1 Data-transmission....................................................................................................1 Accident-proof network ............................................................................................1

Network Media........................................................................................2 Network Medium......................................................................................................2 Twisted-pair cable....................................................................................................2

Unshielded Twisted-Pair ..................................................................................................................2 Shielded Twisted-Pair.......................................................................................................................2

Coaxial cable ...........................................................................................................2 Thick coax ........................................................................................................................................2 Thin coax..........................................................................................................................................2

Fibre-optic cable ......................................................................................................3 Network Components .............................................................................4

Network Operating System......................................................................................4 Network Interface Card............................................................................................4 Client........................................................................................................................4 Server ......................................................................................................................4 Client-Server model .................................................................................................5 Local Resource........................................................................................................5 Remote Resource....................................................................................................5 Node ........................................................................................................................6 Concentrator ............................................................................................................6 Hub ..........................................................................................................................6 Repeater ..................................................................................................................6 Bridge ......................................................................................................................6 Router ......................................................................................................................7 Gateway...................................................................................................................7 Backbone.................................................................................................................7

Networks.................................................................................................8 Network Topology....................................................................................................8

Bus Networks ...................................................................................................................................8 Ring Network ....................................................................................................................................9 Star Network.....................................................................................................................................9 Hub Network...................................................................................................................................10

Local Area Networks..............................................................................................10 Circuit-Switched networks ..............................................................................................................11 Packet-Switched networks .............................................................................................................11 Backbone Network .........................................................................................................................12 Thinnet Network .............................................................................................................................12 10BASET Network .........................................................................................................................12

Wide Area Networks ..............................................................................................12 The seven-layer Open Systems Interconnection Reference Model ......13

Communication Protocols......................................................................................13 Characteristics of Layered Architectures:.......................................................................................13

Description of each of these layers........................................................................14 Layer 1, the Physical Layer ............................................................................................................14


Table of Contents II

Layer 2, the Data Link Layer ..........................................................................................................15 Layer 3, the Network Layer ............................................................................................................17 Layer 4, the Transport Layer ..........................................................................................................19 Layer 5, the Session Layer.............................................................................................................20 Layer 6, the Presentation Layer .....................................................................................................21 Layer 7, the Application layer .........................................................................................................21

Characteristics of Layered Protocols .....................................................................22 IEEE LAN’s...........................................................................................24

Terminology ...........................................................................................................24 Access method’s ............................................................................................................................24

Architecture of the IEEE 802 Standards ................................................................24 Logical Link Control........................................................................................................................24 Medium Access Control .................................................................................................................26

802 LAN Physical Address ....................................................................................26 IEEE 802.3 Networks.............................................................................................27

How Ethernet Works ......................................................................................................................27 IEEE 802.3 Media...........................................................................................................................30 IEEE 802.3 Frames ........................................................................................................................30 Implementing TCP/IP over IEEE 802.3 ..........................................................................................31

IEEE 802.5 Networks.............................................................................................31 How Token Ring Works .................................................................................................................31 Several reasons can be cited for Token Ring's lower popularity....................................................33 IEEE 802.5 Frames ........................................................................................................................33

Protocols and Protocol Stacks..............................................................35 Operating Dual Protocol Stacks.............................................................................36 Network Driver Interface Standard.........................................................................36 Open Datalink Interface .........................................................................................37

Delivering Data Through Internetworks.................................................39 The way data are delivered through internetworks ................................................39 Multiplexing............................................................................................................39 Switching Data.......................................................................................................40

Circuit Switching .............................................................................................................................40 Packet Switching ............................................................................................................................40

Bridges, Routers, and Switches.............................................................................41 Bridges ...........................................................................................................................................41 Routers...........................................................................................................................................42 Switches .........................................................................................................................................43

Digital Data Services ............................................................................44 Leased line ............................................................................................................44

Dedicated Leased Lines.................................................................................................................44 Switched Digital Lines ....................................................................................................................44

The Internet Model................................................................................44 What TCP/IP provides ...........................................................................................44 Description of each of these layers........................................................................44

Network Access Layer....................................................................................................................44 Internetwork Layer..........................................................................................................................44 Host-to-Host Transport Layer.........................................................................................................44 Process/Application Layer ..............................................................................................................44

Addressing, Routing, and Multiplexing..................................................44 IP Host Address.....................................................................................................44 IP Address Classes ...............................................................................................44 Subnets..................................................................................................................44 Routing ..................................................................................................................44

The Routing Table..........................................................................................................................44


Table of Contents III

Internet Routing Architecture .................................................................................44 The Routing Table..........................................................................................................................44

Address Resolution................................................................................................44 RARP..............................................................................................................................................44

Protocols, Ports, and Sockets................................................................................44 Protocol Numbers...........................................................................................................................44 Port Numbers .................................................................................................................................44 Sockets...........................................................................................................................................44

Names and Addresses ..........................................................................................44 The Host Table...............................................................................................................................44 The Network Information Centre Host Table..................................................................................44 Domain Name Service ...................................................................................................................44 The Domain Hierarchy ...................................................................................................................44 Creating Domains and Subdomains...............................................................................................44 Domain Names...............................................................................................................................44 Network Information Service ..........................................................................................................44

Remote Procedure Call .........................................................................................44 Remote Procedure Call Execution .................................................................................................44

External Data Representation................................................................................44 An overview of TCP/IP components .....................................................44

Internet Protocol ....................................................................................................44 Internet Control Message Protocol ........................................................................44 Transmission Control Protocol...............................................................................44 User Datagram Protocol ........................................................................................44 Telnet.....................................................................................................................44 File Transfer Protocol ............................................................................................44 Simple Mail Transfer Protocol................................................................................44 Domain Name System...........................................................................................44 Simple Network Management Protocol..................................................................44 Network File Server ...............................................................................................44 Remote Procedure Calls........................................................................................44 Trivial File Transfer Protocol ..................................................................................44 Boot Protocol .........................................................................................................44 Address Resolution Protocol .................................................................................44 Reverse Address Resolution Protocol ...................................................................44 Network Time Protocol ..........................................................................................44

The TCP/IP Family of Protocols............................................................44 Transport ...............................................................................................................44 Routing ..................................................................................................................44 Network Address ...................................................................................................44 User services .........................................................................................................44 Gateway Protocols.................................................................................................44 Others ....................................................................................................................44

Implementing TCP/IP............................................................................44 Multiple Protocol Stacks ........................................................................................44 NetBIOS and NetBEUI...........................................................................................44 Basic Input Output System ....................................................................................44 NetBIOS over TCP/IP ............................................................................................44 Windows Internet Name Service ...........................................................................44 DNS Windows Name Resolution ...........................................................................44 LMHOSTS File Lookup..........................................................................................44 TCP/IP Applications...............................................................................................44


Table of Contents IV

Reverse Address Resolution Protocol ...................................................................44 Bootstrap Protocol .................................................................................................44 Dynamic Host Configuration Protocol ....................................................................44 Network File System..............................................................................................44 Simple Mail Transfer Protocol................................................................................44 Post Office Protocol ...............................................................................................44 Multipurpose Internet Mail Extensions ...................................................................44 File Sharing............................................................................................................44

Interaction of TCP/IP and Other Protocols............................................44 Application Programming Interface........................................................................44 Redirectors and File Sharing .................................................................................44 NOS Gateways and Servers..................................................................................44 NOS Support for Native IP.....................................................................................44

Building an Internet Server ...................................................................44 Isolating the Server................................................................................................44 Providing Full Internet Connectivity .......................................................................44

A basic rule of TCP/IP security is as follows ..................................................................................44 Traffic can be filtered in various ways ............................................................................................44

Simple Network Management Protocol .................................................44 Object Identifier Hierarchy .....................................................................................44

Microsoft TCP/IP...................................................................................44 Microsoft Network Protocols ..................................................................................44 Microsoft Network Protocol Architecture................................................................44 NetBEUI Frame Protocol .......................................................................................44 NWLink ..................................................................................................................44 TCP/IP ...................................................................................................................44

DHCP Concept and Operation .......................................................................................................44 Managing WINS .............................................................................................................................44 Resolving Names on Microsoft Networks ......................................................................................44 Architecture of the Windows Internet Name Service......................................................................44 Naming versus Browsing................................................................................................................44

Managing LMHOST Files.......................................................................................44 Managing DNS ......................................................................................................44 Name Resolution with HOSTS Files ......................................................................44

Transmission Line Theory.....................................................................44 Troubleshooting TCP/IP........................................................................44

Introduction ............................................................................................................44 Tree steps in tracking down the real problem are ..........................................................................44 Some hints on analysing the test results are..................................................................................44

Troubleshooting TCP/IP ........................................................................................44 Approaching a problem ..................................................................................................................44 Troubleshooting Hints ....................................................................................................................44 Diagnostic tools ..............................................................................................................................44 Testing Basic Connectivity .............................................................................................................44

Abbreviations........................................................................................44 Table of Figures....................................................................................44 Index.....................................................................................................44

4/4/2002 Alex Peeters

Introduction 1

Introduction:

Telematics: Telematics is the combination of informatics and telecommunication. It includes a total of services connected with the usage of informatics. The are accessible for the transmission of data by middle from networks.

Data-communication: Data-communication is the combination of data-processing and telecommunication. It includes the processing of data of program's running on computer-systems, and the communication over great dis-tance where the information is transported by using of electrical-conductivity, radio-ways, light-signals, etc.. With data-communication is it possible to communicate over great distances from terminals con-nected on the communication network.

Figure 1 shows different possibilities for communication of great distance.

Data-transmission: Character-sets (ASCII & EBCDIC), parallel/serial, method's of transmission (Asynchronically: all char-acters are directly and independently from eachother transmitted. It begins with a start-, and ends with a stop-bit. & Synchronically: The information-packet is transmitted in block.), simplex/half-duplex/full-duplex, and the speed from the data-transmission.

Accident-proof network: Is designed so that the actions of one user do not affect the network access of another user. No net-work is really accident-proof. Therefore, we must reduce the impact of a user's mistake on the other users, while knowing well that some accidents cannot be planned for. Design a network that a user cannot bring down by merely disconnecting his PC, or even by accidentally cutting a wire in his office.


Network Media 2

Network Media:

A Network Medium is the type of cabling used in a network. There are many types of cables used in networks today, although only a few are commonly used. The type of cabling can have an influence on the speed of the network.

A Twisted-pair cable has a pair of wires twisted around eachother to reduce the interference. There can be two, four, or even more sets of twisted pairs in a network cable. Twisted-pair cables are usually attached to the network devices with a jack that looks like a telephone modular jack, but a little wider, supporting up to eight wires. The most commonly used jacks are called RJ-11 (6 wires) and RJ-45 (8 wires), depending on the size of the connector and the number of wires inside.

Figure 2 shows the symbol used for a Twisted-Pair line tag.

There are two types of Twisted-Pair cable in use:

• A Unshielded Twisted-Pair (UTP) cable is one of the most commonly used network me-dia because it is cheap and easy to work with.

• A Shielded Twisted-Pair (STP) cable has the same basic construction as its unshielded cousin, but the entire cable is wrapped in a layer of insulation for protection from interfer-ence.

The same type of connectors are used with both forms of twisted-pair cables.

A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insula-tion, and the second a mesh or foil conductor surrounded the insulation. Outside the mesh is a layer of outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission than twisted-pair cable. Coax is also broadband, supporting several network channels on the same cable.

Figure 3 shows the symbol used for a Coaxial line tag.

There are two types of coaxial cable in use:

• Thick coax is a heavy cable that is used as a network backbone for the bus network. This cable is formally known as Ethernet PVC coax, but is usually called 10BASE5. Because thick coax is so heavy and stiff, it is difficult to work with and is quit expensive.

• Thin coax is the most common type used in Ethernet networks. It goes by several names, including Thin Ethernet, 10BASE2, and cheapernet. Formally, thin coax is called RG-58. Thin coax is the same as your television cable. The inner connector can be made of a sin-gle solid copper wire or fashioned out of thin strands of wire braided together. Thin coax is quite flexible and has a low impedance, so it is capable of fast throughput rates. It is not difficult to lay out, as it is quite flexible, and it is easy to construct cables with the proper connectors, usually BNC connectors, at each end. Thin coax is broadband, although most local area networks use only a single channel of the cable.


Network Media 3

A Fibre-optic cable is becoming popular for very high-speed networks (500 Mbits). It is very expen-sive but capable of supporting many channels at tremendous speed. Fibre-optic cable is almost never used in local area networks, although some large corporations do use it to connect many LAN’s to-gether into a wide area network. The supporting hardware to handle fibre-optic backbones is quite ex-pensive and specialised.

Figure 4 shows the symbol used for a Fibre-optic line tag.


Network Components 4

Network Components:

A Network Operating System (NOS) controls the interaction between all the machines on the net-work. The network operating system is responsible for controlling the way information is sent over the network medium and handles the way data from one machine is packaged and send to another. The NOS also has to handle what happens when two or more machines try to send at the same time.

• Local area networks that have a single server with many clients connected to it who put the NOS on the server. The main part of the NOS sits on the server, while the smaller client soft-ware packages are loaded onto each client.

• With larger networks that don't use a single server, such as a network running TCP/IP, the NOS may be part of each machine's software.

A Network Interface Card (NIC) is an adapter that usually sits in a slot inside the PC. Some NIC’s can plug into parallel or SCSI ports. The network interface card handles the connection to the network itself through one or more connectors on the backplane of the card. You must make sure that the net-work interface card you are using in your machine works with the network operating system.

NIC

Figure 5 shows the symbol used for a Network Interface Card.

A Client is any machine that request something from a server. The server supplies files and some-times processing power to the smaller machines connected to it. Each machine is a client in this type of network.

Figure 6 shows the symbol used for a Client.

A Server is any machine that can provide files, resources, or services to another machine. Any ma-chine that you request a file from is a server. This is the essence of client-server networks: One ma-chine, the client, request something from another machine, the server. A single machine may be both client and server. The more commonly used definition for a server is related to local area networks, where the server is a powerful machine that holds main files and large applications. Other machines on the network connect to the server to access those files and applications. In this type of network, a single machine usually acts as the server and all the other machines are clients. Simply put, the server is any machine on the network that your machine request something from.

Figure 7 shows the symbol used for a Server.



In the Client-Server model, a client is the machine that initiates a request to a server. This type of terminology is common with TCP/IP networks, where no single machine is a central repository.

initiates a request

the response

Figure 8 shows a Client-Server model.

A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so on) that is at-tached to your machine. Since the machine doesn't have to go on the network to get to the device, it is called a local device or a local resource.

Modem

Local Resources

your machine

Figure 9 shows Local Resources.

A Remote Resource is any device that must be reached through the network. Any devices attached to a server, are remote resources.

Remote Resources

your machine

Modem

Server Network

Figure 10 shows Remote Resources.



A Node is any device on a network (server, workstation, printer, scanner, or any other kind of periph-eral) that is accessed directly by the network. A node has a unique name or IP address so the rest of the network can identify it.

Modem

Node

Network

Node Node Node

Figure 11 shows a Node.

A Concentrator is a device that concentrates several network connections at a single point. It is a electronic unit that converts signals coming from different slower devices to a signal that can be transmitted over faster communication-channels with a bigger bandwidth.

Concentrator

Figure 12 shows the symbols used for a Concentrator.

A Hub is a multipurpose network device that lies at the centre of a star-topology network. Most hubs do the same job as concentrators. Hubs support a variety of different interface cards, from concentra-tor cards to router cards. Hubs are also expandable within a single chassis. Despite these differences, the term hub and concentrator are often used interchangeably. There are active and passive hubs.

Hub

Figure 13 shows the symbol used for a Hub.

A Repeater is a network device that boosts the power of incoming signals to allow the length of a net-work to be extended.

Figure 14 shows the symbol used for a Repeater.

A Bridge is a network device capable of connecting networks that use similar protocols. It connects two local area networks running the same network operating system.

RouterBridge

Figure 15 shows the symbol used for a Bridge.



A Router is a network device that connects LAN’s, that may be running on different operating sys-tems, into an internetwork and routes traffic between them. The router can have software that con-verts on NOS's packets to the other's. A router is more complicated than a bridge in that it can make decisions about where and how to send packets of information.

RouterRouter

Figure 16 shows the symbol used for a Router.

A Gateway forwards data between IP networks. It is a machine that acts as an interface between a small network and a much larger one, such as a local area network connecting to the internet. Gate-ways are also used in large corporations to connect small office-based LAN’s into the larger corporate mainframe networks. Usually, the gateway connects to a high-speed network cable or medium called the backbone.

RouterGateway

Figure 17 shows the symbol used for a Gateway.

A Backbone is a set of nodes and links connected together comprising a network, or the upper layer protocols used in a network. A star network has no backbone.

Backbone

Ethernet Backbone Cable

Vampire-Tap Tranceiver

Figure 18 shows the symbol used for a Backbone.


Networks 8

Networks:

A Network Topology describes the way network cabling is laid out. This doesn't mean the physical layout (how it loops through walls and floors), but how the logical layout looks when viewed in a simpli-fied diagram.

• A Bus Networks is one of the most widely used network topologies. A bus network uses a cable to which all the network devices are attached, either directly or through a junction box. The method of attachment depends on the type of bus network, the network protocol, and the speed of the network. The main cable that is used to connect all the devices is called the backbone.

Workstation

File

Ser

ver

Workstation Workstation Workstation

Connector

Bus TerminatorBus Backbone

Figure 19 shows a schematic of a bus network.

In figure 19, the backbone has a number of junction boxes (transceivers) attached. This al-lows for a high-speed backbone that is usually also immune to problems with any network card within a device. The junction box allows traffic through the backbone whether or not a device is attached to the junction box. Each end of the backbone, called the bus, is terminated with a block of resistors or a similar electrical device.

A popular variation of the bus network topology is found in many small LAN’s. This consists of a length of cable that snakes from machine to machine. There are no transceivers along the network. Instead, each device is connected into the bus directly using a T-shaped connector (Bus Network Connector) on the network interface card. The connector connects the machine to the two neighbours through two cables, one to each neighbour. At the ends of the network, a simple resistor is added to one side of the T-connector to terminate the network electrically.

NIC

NIC

NICNIC

NIC

T-Connector

Terminator

Coaxial Cable

Figure 20 shows a schematic of a machine-to-machine bus network.

In figure 20, each network device has a T-connector attached to the network interface card, leading to the two neighbours. The two ends of the bus are terminated with resistors. Some devices on this type of network use a telephone jack connector, called RJ-45, instead of a T-connector and BNC jacks. In this case, a special adapter must be coupled into the network backbone to accept the telephone jacks. This connector acts much like a transceiver in the true bus network.

This machine-to-machine network, also called a peer-to-peer network, is not capable of sus-taining the high speeds possible with a backbone-based bus network. A machine-to-machine network is usually built using coaxial cable. Until recently, these networks were limited to a throughput of about 10 Mbps. Recent improvements allow 100 Mbps on this type of network.


Networks 9

The problem with this type of machine-to-machine network is that if one machine is taken off the network cable or the network interface card malfunctions, the backbone is broken and must be tied together again with a jumper of some sort.

• A Ring Network is a closed network structure in the form of a circle, to which all nodes are

connected. Despite misconceptions, there is no physical loop made of the network cable, at least not in the case of the most common form of ring network called Token Ring. The ring name comes from the design of the central network device, which has a loop inside it to which are attached cables for all the devices on the network. With a Token Ring network, a central control unit called a Media Access Unit (MAU) has a cable ring inside it to which all devices are attached.

MAU

Figure 21 shows a schematic of a Token Ring network.

In figure 21, with the MAU at the centre of the network containing the bus ring. Attached to the ring through junction boxes are all the network devices.

There are some true ring networks that have a physically closed loop of the network cable. The ring network has some advantages from a design point of view in that network problems with traffic collisions are handled more easily than on a bus network. A problem is that as with the bus-based machine-to-machine network, any problem with one machine's connection to the network cable can crash the entire network.

Token F

rame

Figure 22 shows the token access method in a Token Ring network.

In figure 22, a Token Frame is transported in only one direction, until it reaches it’s destination. Thereafter it’s back transported by the Token Ring network until the sending node recognise it and remove it from the ring.

• A Star Network is arranged in a central structure with branches radiating from it. The central point of the star-structure is called a concentrator, into which plug all the cables from individu-als machines. On machine on the network usually acts as the central controller or network server. A star network has one major advantage over the machine-to-machine bus and ring networks: When a machine is disconnected from the concentrator, the rest of the network continues functioning unaffected.


Networks 10

Concentrator

Figure 23 shows a schematic of a star network.

In figure 23, each cable from the concentrator to the device comes out of one of a row of slots or connectors, each identified by a number. Network traffic on a star network proceeds from your machine to the concentrator, then out to the target machine. A star network needs a lot of cable because each machine has to have a cable straight to the concentrator.

• A Hub Network is similar to the bus network in that it uses a backbone cable that has a set of

connectors on it. The cable is called a backplane in a hub network. Each connector leads to the hub device, which leads off to network devices. This allows a very high-speed backplane to be used, which can be as long and complex as needed. Hub networks are commonly found in large organisations that must support many network devices and need high speed.

The hubs that lead off the backplane can support many devices, depending on the type of connector. They can support hundreds of PC each, so a hub network can be used for very large networks. The cost of a hub network is usually very high because of the high-speed backbone and the fast hub devices.

High-Speed Backplane

Hub or Port Hub or Port Hub or Port Hub or PortHub or Port

Figure 24 shows a schematic of a hub network.

A Local Area Networks (LAN) is a number of devices (computers, printers, and other special periph-erals) that are connected to eachother by some form of wiring, all of which are treated as a single en-tity for TCP/IP configuration. This usually means they share a subnet IP address in common. A LAN enables independent devices to communicate directly with each other through peer-to-peer communi-cations. A LAN does not exceed a span of about 10 kilometre’s and is usually limited to a single build-ing or group of close buildings. LAN’s use a moderate data rate, which means they are slower than mainframe-to-mainframe links. A LAN is a physical and logical accumulation of machines, called nodes, and cables or other communications method's between the machines, called links. Usually the links are simple coaxial or twisted-pair cables. In larger LAN’s, there may have to be amplifiers or re-peaters positioned along the cables to ensure the signal is not lost due to lack of strength.


Networks 11

There are three characteristics of LAN’s that must always be considered:

• The transmission medium (the type of cabling used as the link).

• The transmission technique (the technique used to handle transmission on the medium).

• The access control method (which decides how a machine accesses the medium).

The medium is straightforward:

• It's a choice between one type of cable or another, dependent primarily on the speed of the network and the adapter cards, as well as the type of network topology.

The transmission technique is usually one of two:

• Circuit-Switched networks, this networks uses dedicated connections between any two machines (or more properly, between any two nodes). As long as the circuit exists, the sending machine can always talk directly to the destination machine. The connection be-tween the two machines is left in place until no longer needed. This doesn't mean that a cable has to be strung between the two devices, the connection may be made inside a switching box of some sort, which can connect and disconnect between any two machines running into it quickly and flexibly. The connection between two machines is exclusively used by those two machines only, and no other transmission is allowed on the connection.

E D B A

E D C B A E D C B A

E D B A

Original Message

Message Fragments Message Fragments

Reassembled Message

CircuitSwitchingNetwork

C

C

Figure 25 shows fragmentation and reassemble of a message on a circuit switching network.

• Packet-Switched networks, this networks divides all messages on the local area network

into small chunks called packets and attaches information to the front of the packet that identifies the recipient. The packets from all the machines on the local area network are placed on a high-bandwidth cable running through all the machines on the network. As a packet moves around the network, each machine analyses the header to see if the packet is for it. If not, it is sent further on.

E D B A

E D C B A E D C B A

E D B A

Original Message

Message Fragments Message Fragments

Reassembled Message

PacketSwitchingNetwork

C

C

Figure 26 shows fragmentation and reassemble of a message on a packet switching network.

While packet switching is a more flexible approach than circuit switching, it does have a few problems. The primary problem is network traffic. As the number of nodes on the network in-creases, the network traffic increases too, sometimes reaching the network limit's. Another problem with packet switching is that there is no guarantee of packets getting from source to destination, which is one of the strong points of circuit switching.


Networks 12

Some examples of common used networks:

• A Backbone Network:

Local Area Network

RouterRouter

Local Area Network

RouterRouter

Local Area Network

RouterRouter

Local Area Network

RouterRouter

Backbone Network

Ethernet Backbone Cable

Vampire-Tap Tranceiver

Figure 27 shows a schematic of a Backbone Network.

• A Thinnet Network:

Internal tranceiver

External tranceiver

Terminator

AUI cable

Thinnet cable

Figure 28 shows a schematic of a Thinnet Network.

• A 10BASET Network:

10BASET

Concentrator

Figure 29 shows a schematic of a 10BASET Network.

A Wide Area Networks (WAN) is a number of local area networks that are connected to form a large, logical entity. The LAN’s are connected through a gateway or bridge, cabled to each other with a high-speed network cable. WAN’s can be close together physically or separated by a large distance. For example, the design of the WAN is such that machines-to-machines connections are simpler than go-ing out over the internet, and usually much faster. WAN’s can share a subnet IP address, or they can have different subnets. The design of the WAN is more a choice of logical configuration and can be tailored to meet traffic, security, and speed consid-erations. WAN’s are used by most corporations that maintain multiple offices.


The seven-layer OSI Reference Model 13

The seven-layer Open Systems Interconnection (OSI) Reference Model:

A heterogeneous network (predict the users in freedom of choice) exist out products from different suppliers of computers, hardware, software, periphery and/or network-products. An architectural model developed by the International Standards Organisation (ISO) is frequently used to describe the structure and function of data communication protocols. This architectural model, called the Open Systems Interconnect (OSI) Reference Model, contains seven layers that define the functions of data communications protocols. Each layer represents a function performed when data is transferred between co-operating applications across an intervening network. A layer does not define a single protocol, it defines a data communications function that may be performed by any number of protocols. Therefore, each layer may contain multiple protocols, each providing a service suitable to the function of that layer. Every protocol communicates with its peer. A peer is an implementation of the same protocol in the equivalent layer on a remote system. Each protocol is only concerned with communicating to its peer, it does not care about the layer above or below it. However, there must also be agreement on how to pass data between the layers on a single computer, because every layer is involved in sending data from a local application to an equivalent remote application. The individual layers do not need to know how the layers above and below them function, they only need to know how to pass data to them. Isolating network communications functions in different layers minimises the impact of technological change on the entire protocol suite. New applications can be added without changing the physical network, and new network hardware can be installed without rewriting the appli-cation software. Although the OSI model is useful, the TCP/IP protocols don't match its structure ex-actly.

• Communication Protocols:

The approach used to designing a communication system is known as a layered architecture. Each layer has specific responsibilities and specific rules for carrying out those responsibili-ties, and knows nothing about the procedures the other layers follow. The layer carries out its task and delivers the message to the next layer in the process, and that is enough.

Characteristics of Layered Architectures:

• They break the communication process into manageable chunks. Designing a small part of a process is much easier than designing the entire process, and simplifies engineering.

• A change at one layer does not affect the other layers. New delivery technology's can be introduced without affecting other layers.

• When a layer receives a message from an upper layer, the lower layer frequently encloses the message in a distinct package.

• The protocols at the various layers have the appearance of a stack, and a complete model of a data communication architecture is often called a protocol stack.

• Layers can be mixed and matched to achieve different requirements.

• Layers follow specific procedures for communicating with adjacent layers. The interfaces between layers must be clearly defined.

• An address mechanism is the common element that allows packets to be routed through the various layers until it reaches its destination. Sometimes, layers add their own address information.

• Essentially, each layer at the sender's end communicates with the corresponding layer at the receiver's end.

• Errors can occur at any of the layers. For critical messages, error-detecting mechanisms should be in place to either correct errors or notify the sender when they occur.



Network protocols are typically described with a layered model, in which the protocols are stacked on top of each other. Data coming into a machine is passed from the lowest-level protocol up to the high-est, and data sent to other hosts moves down the protocol stack. The layered model is a useful de-scription because it allows network services to be defined with their functions, rather than their specific implementation. New protocols can be substituted at lower levels without affecting the higher-level pro-tocols, as long as these new protocols behave in the same manner as those that were replaced. Each layer has certain functions. Communication in a heterogeneous network can take place if the functions in each layer successfully are executed conform with the standards.

Application Layerconsists of application programs thatuse the network

Presentation Layerstandardises data presentation to theapplications

Session Layerm a n a g e s s e s s i o n s b e t w e e napplications

Transport Layerprovides end-to-end error detection andcorrection

Network Layermanages connections across thenetwork for the upper layers

Data Link Layerprovides reliable data delivery acrossthe physical link

Physical Layerdefines the physical characteristics ofthe network interface

7

6

5

4

3

2

1

Hig

her

Laye

rs

Net

wor

k In

terf

ace

Low

er L

ayer

s

Net

wor

k P

roto

col S

tack

Figure 30 shows the seven-layer Open Systems Interconnection Reference Model.

In figure 30, each layer provides a specific type of network service. It illustrates why groups of related protocols are frequently called protocol stacks.

• The connection between the different applications the are running on these processors are carried by the higher layers (5-7).

• The connection between the different processors are carried by the lower layers (1-4).

• The physical and the data link layers, the lower layers 1 & 2, of the network protocol stack together define a machine's network interface.

From a software perspective, the network interface defines how the Ethernet device driver gets pack-ets from or to the network. Ethernet is the best known implementation of the physical- and data link layers. The Ethernet specification describes how bits are encoded on the cable and also how stations on the network detect the beginning and end of a transmission. Ethernet can be run over a variety of media, including thinnet, thicknet, and unshielded twisted-pair cables. All Ethernet media are function-ally equivalent, they differ only with their convenience, cost of installation, and maintenance. Convert-ers from one media to another operate at the physical layer, making a clean electrical connection be-tween two different kinds of cable.

Description of each of these layers:

• Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carry the data transmission signal. Things such as voltage levels, and the number and locations of inter-face pins, are defined in this layer (RS232C, V.35, IEEE 802.3, ...). TCP/IP does not define physical standards, it makes use of existing standards. Describes the way data is actually transmitted on the network medium.

The Physical Layer communicates directly with the communication medium, and has two re-sponsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit of informa-tion in data communication. A bit can have only two values, 0 or 1, represented by different states on the communication medium. Other communication layers are responsible for collect-ing these bits into groups that represent message data.



Bits are represented by changes in signals on the network medium. Some wire media repre-sent 0’s and 1’s with different voltages, some use distinct audio tones, and yet others use more sophisticated methods, such as state transitions.

A wide variety of media are used for data communication, including electric cable, fibre optics, light waves, radio, and microwaves. The medium used can vary, a different medium simply necessitates a different set of physical layer protocols. Thus, the upper layers are completely independent from the particular process used to deliver bits through the network medium.

The physical layer describes the bit patters to be used, but does not define the medium, it de-scribes how data are encoded into media signals and the characteristics of the media attach-ment interface.

• Layer 2, the Data Link Layer is responsible for delivering the data without errors to the next

layer. It formats the packets for transmitting after delivery. Defines the network-frames. This layer synchronises the transmission and is responsible for error-control on frame-level (a frame is a block of data within network-specific addressing information), also error-correction so that information can be transmitted from the physical layer. It formats the message into a data frame, and the CRC-verification (this checks on errors into the frame) is in this layer es-tablished. This layer carries the access-method's for Ethernet and Token Ring. This layer also provide the address information for the physical layer on top of the transmitted frame.

Data Frame Format:

As data is exchanged between computers, communication processes need to make decisions about the various aspects of the exchange process:

• As the receiving computer listens to the wire to recover messages send to it, it re-quires a mechanism by which it can tell whether to treat signals it detects as data-carrying signals or to discard them as mere noise.

• If it is determined by the detection mechanism that what is on the wire is indeed data-carrying signals, the second decision the receiving end must be able to make is whether the data was intended for itself, some other computer on the network, or a broadcast.

• If the receiving end engages in the process of recovering data from the wire, it needs to be able to tell where the data train intended for the receiver ends. After this determination is made, the receiver should discard subsequent signals unless it can determine that they belong to a new, impeding transmission.

• When data reception is complete, another concern arises, and that is of establish-ing that the recovered data withstood corruption from noise and electromagnetic interference. In the event of detecting corruption, the receiver must have the capa-bility of dealing with the corruption.

As can be concluded from the points made earlier, in addition to user data, computers must be able to exchange additional information about the progress of the physical communication process. To accommodate these decision-making requirements, net-work designers decided to deliver data on the wire is well defined packages called data frames.

It is important to realise that the primary concern of the receive process is the reliable recovery of the information embedded in the information field, with no attention paid to the nature of the actual contents of that field. Instead, processing the data in the in-formation field is delegated to another process as the receive process reverse to lis-tening mode to take care of future transmissions.



The reliable delivery of data across the underlying physical network is handled by the Data Link Layer. TCP/IP rarely creates protocols in this layer. Most RFC's that relate to this layer talk about how IP can make use of existing data link protocols. Defines how these streams of bits are put together into manageable chunks of data.

Devices that can communicate on a network frequently are called nodes, station or device. The data link layer is responsible for providing node-to-node communication on a single, local network. To provide this service, the data link layer must perform two functions. It must pro-vide an address mechanism that enable messages to be delivered to the correct nodes. Also, it must translate messages from upper layers into bits that the physical layer can transmit. When the data link layer receives a message to transmit, it formats the message into a data frame (packets). The sections of a frame are called fields.

Start Indicator Source Address Destination Address Control Data Error Control

Figure 31 shows an example of a data frame.

The fields in figure 31 are as follows:

• Start Indicator : A specific bit pattern indicates the start of a data frame.

• Source Address : The address of the sending node so that replies to messages can be addressed properly.

• Destination Address : The address of the receiving node to identifies messages that it should receive.

• Control : Additional control information.

• Data : All data that were forwarded to the data link layer from upper protocol layers.

• Error Control : Contains information that enables the receiving node to determinate whether an error occurred during transmission.

Frame delivery on a local network is extremely simple. A sending node simply transmits the frame. Each node on the network sees every frame, and examines the destination address. When the destination address of a frame matches the node's address, the data link layer at the node receives the frame and sends it up the protocol stack. Data units at the data link layer are most commonly called frames, although the term packet is used with some proto-cols.

MAC Address = 3 MAC Address = 5 MAC Address = 7

DA = 7 DA = 7

DA matches Hardware Address,Frame is received.

DA is not Hardware Address,Frame is discarded.DA = Destination Address

Figure 32 shows how simple delivering of a frame on a local network can be.

In figure 32, the source node simply builds a frame that includes the recipient’s destination address. The sender’s responsibility ends when the addressed frame is placed on the net-work. On LAN’s, each node examines each frame that is sent on the network, looking for frames with a destination address that matches its own MAC address. Frames that matches are received. Frames the don’t match are discarded by Ethernet networks or forwarded to the next node by Token Ring networks.



Frames and Network Interfaces:

The data link layer defines the format of data on the network. A series of bits with a definite beginning and, constitutes a network frame, commonly called a packet. A proper data link layer packet has checksum and network-specific addressing information in it so that each host on the network can recognise it as a valid or invalid frame and determine if the packet is ad-dressed to it. The largest packet that can be sent through the data link layer defines the Maximum Transmission Unit (MTU), of the network. All hosts have at least one network inter-face, although any host connected to an Ethernet has at least two: The Ethernet interface and the loopback interface. The Ethernet interface handles the physical and logical connection to the outside world, while the loopback interface allows a host to send packets to itself. If a packet's destination is the local hosts, the data link layer chooses to send it via the loopback, rather than Ethernet, interface. The loopback device simply turns the packet around and en-queues it at the bottom of the protocol stack as if it were just received from the Ethernet.

Ethernet Addresses:

Associated with the data link layer is it a method for addressing hosts on the network. Every machine on the Ethernet has a unique, 48-bit address called its Ethernet address or Media Access Control (MAC) address. Vendors making network ready equipment ensure that every machine in the world has unique MAC address. 24-bit prefixes for MAC addresses are as-signed to hardware vendors, and each vendor is responsible for the uniqueness of the lower 24-bits. MAC addresses are usually represented as colon-separated pairs of hex digits. Note that MAC addresses identify a host, and a host with multiple network interfaces may (or should) use the same MAC address on each. Part of the data link layer's protocol-specific header are the packet's source and destination MAC address. Each protocol layer supports the notation of a broadcast, which is a packet or set of packets that must be sent to all hosts on the network. The broadcast MAC address is: ff:ff:ff:ff:ff:ff. All network interfaces recog-nise this wildcard MAC address as a broadcast address, and pass the packet up to a higher-level protocol handler.

• Layer 3, the Network Layer transmit the data and decide which route the data must follow

through the internetwork. The network layer receives data-packets from the upper layer from the transmitter, and transmit these by so many connections and subsystems as needed to reach it destination. Defines the network packets. Controls the routing and the switching from the data through the network. This layer controls the transmitting from packets between sta-tions. On basics from certain information will this layer transmit the data sequential from one station to one other by the most economic route, and both logical as physical. This layer per-mits that data units can be transmit to other networks if the are using special equipment, called routers. Routers are defined in this layer.

The Network Layer manages connections across the network and isolates the upper layer protocols from the details of the underlying network. The Internet Protocol (IP), which isolates the upper layers from the underlying network and handles the addressing and delivery of data, is usually described as TCP/IP's Network layer.

The most known protocol in this layer is IP. The network-layer is the limit from the communi-cation subnet: Above this layer increases the level off abstraction dramatically. For layer 3 and lower is there mostly an upper-limit for the size of these packets. In broadcast-networks is the routing very simply, so that the network-layer is thin or event existing. This is the reason why the transport layer-protocol TCP so many times is combined with IP, called TCP/IP.

Only the smallest networks consist of a single, local network. The majority of networks must be subdivided. A network that consists of several network segments is frequently called an in-ternetwork, or an internet, not to be confused with the Internet. These subdivisions may be planned to reduce traffic on network segments or to isolate remote networks connected by slower communication media. When networks are subdivided, it can no longer be assumed that messages will be delivered on the local network. A mechanism must be put in place to route messages from one network to another.



Network

Workstation Workstation Workstation Workstation

Nam

e S

erve

r

RouterRouter

Internet

Workstation

Figure 33 shows the schematic of a single, local network.

Network Network


Nam

e S

erve

r

RouterRouter

Internet

Bridge

Figure 34 shows the schematic of a bridged network.

Network Network


Nam

e S

erve

r

RouterRouter

Internet

Figure 35 shows the schematic of a subnetted network.

To deliver messages on an internetwork, each network must be uniquely identified by a net-work address. When it receives a message from the upper layers, the network layer adds a header to the message that includes the source and destination network address. This com-bination of data plus the network layer is called a packet. The network address information is used to deliver a message to the correct network. After the message arrives on the correct network, the data link layer can use the node address to deliver the message to a specific node.

Forwarding packets to the correct network is called routing, and the devices that route packets are called routers.



An internetwork has two types of nodes:

• End nodes: Provides user services. End nodes do use a network layer to add network ad-dress information to packets, but they do not perform routing. End nodes are sometimes called end systems or hosts.

• Routers: Incorporate special mechanisms that perform routing. Because routing is a com-plex task, routers usually are dedicated devices that do not provide services to end users. Routers are sometimes called intermediate systems or gateways.

The network layer operates independently of the physical medium, which is a concern of the physical layer. Since routers are network layers devices, they can be used to forward packets between physically different networks. For example, a router can join an Ethernet to a Token Ring network. Routers also are often used to connect a local area network, such as Ethernet, to a wide area network, such as the Internet.

Ethernet Token RingRouterRouter

Workstation Workstation Workstation Workstation Workstation Workstation

Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network.

• Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was

sent. In TCP/IP this function is performed by the Transmission Control Protocol (TCP), How-ever, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP) that does not perform the end-to-end reliability checks.

All network technologies set a maximum size for frames that can be sent on the network. Ethernet limits the size of the data field to 1500 bytes.

This limit is necessary for two reasons:

• Small frames improve network efficiency when many devices must share the network. If devices could transmit frames of unlimited size, the might monopolise the network for an excessive period of time. With small frames, devices take turns at shorter intervals, and devices are more likely to have ready access to the network.

• With small frames, less data must be retranslated to correct an error.

One responsibility of the transport layer is to divide messages into fragments that fit within the size limitations established by the network. At the receiving end, the transport layer reassem-bles the fragments to recover the original message.

When messages are divided into multiple fragments, the possibility that segments might not be received in the order sent increases. When the packets are received, the transport layer must reassemble the message fragments in the correct order. To enable packets to be reas-sembled in their original order, the transport layer includes a message sequence number in its header.

The transport layer is responsible for delivering messages from a specific process on one computer to the corresponding process on the destination computer. The transport layer as-signs a Service Access Point (SAP) ID to each packet. The SAP ID is an address that identi-fies the process that originated the message. The SAP ID enables the transport layer of the receiving node to route the message to the appropriate process.



Identifying messages from several processes so that the message can be transmitted through the same network medium is called multiplexing. The procedure of recovering messages and directing them to the correct process is called demultiplexing. Multiplexing is a common occur-rence on networks, which are designed to enable many dialogues to share the same network medium. Because multiple protocols may be supported for any given layer, multiplexing and demultiplexing can occur at many layers.

Although the data link and network layers can be assigned responsibility for detecting errors in transmitting data, that responsibility generally is dedicated to the transport layer.

Two general categories of error detection can be performed by the transport layer:

• Reliable delivery: Does not mean that errors cannot occur, only that errors are detected if the do occur. Recovery from a detected error can take the form of simply notifying upper layer processes that the error occurred. Often, however, the transport layer can request the retransmission of a packet for which an error was detected.

• Unreliable delivery: Does not mean that errors are likely to occur, but rather, indicates that the transport layer does not check for errors. Because error checking takes time and re-duces network performance, unreliable delivery often is preferred when a network is known to be highly reliable, which is the case with majority of local area networks. Unreliable de-livery generally is used when each packet contains a completes message, whereas reliable delivery is preferred when messages consist of large number of packets. Unreliable deliv-ery is often called datagram delivery, and independent packets transmitted in this way fre-quently are called datagrams.

Assuming that reliable delivery is always preferable is a common mistake. Unreliable delivery actually is preferable in at least two cases: When the network is fairly reliable and perform-ance must be optimised, and when entire messages are contained in individual packets and loss of a packet is not a critical problem.

• Layer 5, the Session Layer manages the sessions (connection) between co-operating appli-

cations. In TCP/IP, this function largely occurs in the transport layer, and the term session is not used. For TCP/IP, the term socket and port are used to describe the path over which co-operating applications communicate. This layer is not identifiable as a separate layer in the TCP/IP protocol hierarchy.

The Session Layer is responsible for dialogue control between nodes. A dialogue is a formal conversation in which two nodes agree to exchange data.

Communication can take place in three dialogue modes:

• Simplex: One node transmit exclusively, while another exclusively receives.

• Half-duplex: Only one node may send at a given time, and nodes take turns transmitting.

• Full-duplex: Nodes may transmit and receive simultaneously.

Sessions enable nodes to communicate in an organised manner.

Each session has three phases:

• Connection establishment: The nodes establish contact. They negotiate the rules of com-munication, including the protocol to be used and communication parameters.

• Data transfer: The nodes engage in a dialogue to exchange data.

• Connection release: When the nodes no longer need to communicate, they engage in an orderly release of the session.



Connection establishment and Connection release represent extra overhead for the commu-nication process. When devices are managed on a network, they send out periodic status re-ports that generally consist of single frame messages. If all such messages were sent as part of a formal session, the connection establishment and release phases would transfer far more data than the message itself. In such situation, communicating using a connection-less ap-proach is common. The sending node simply transmits its data and assumes availability of the desired receiver. A connection-oriented session approach is desirable for complex communi-cation. Consider transmitting a large amount of data to another node. Without formal controls, a single error anytime during the transfer would require resending of the entire file. After es-tablishing a session, the sending and receiving nodes can agree on a checkpoint procedure. If an error occurs, the sending node must retransmit only the data sent since the previous checkpoint, The process of managing a complex activity is called activity management.

• Layer 6, the Presentation Layer is for co-operating applications to exchange data, they must

agree about how data is represented. This layer is handled within the applications in TCP/IP.

The Presentation Layer is responsible for presenting data to the application layer. In some cases, the presentation layer directly translates data from one format to another, whereas vir-tually all other computers use the ASCII encoding scheme. For example, if data is being transmitted from an EBCDIC computer to an ASCII computer, the presentation layer might be responsible for translating between the different character sets. Numeric data is also repre-sented quite differently on different computer architecture and must be converted when trans-ferred between different machines times.

A common technique used to improve data transfer is to convert all data to a standard format before transmitting data. This standard format probably is not the native data format of any computer. All computers can be configured to retrieve standard format data, however, and convert it into their native data forms.

Other functions that may correspond to the presentation layer are data encryption/decryption and compression/decompression.

• Layer 7, the Application layer is the level of the protocol hierarchy where user-accessed net-

work processes reside. An TCP/IP application is any network process that occurs above the transport layer. This include all the processes that the users directly interact with, as well as other processes at this level that users are not necessarily aware of.

The Application Layer provides the services user applications needed to communicate through the network.

Here are several examples of user application layer services:

• Electronic mail transport.

• Remote file access.

• Remote job execution.

• Directories.

• Network management.



Characteristics of Layered Protocols:

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

H Network PDU Error

H

H

H

H

Data Link PDU

Transport PDU

Application Data

Application PDU

Presentation PDU

Session PDU

Figure 37 shows Headers and the OSI protocol layers.

When a device transmits data to the network, each protocol layer processes the data in turn. Consider the network layer for the sending device. Data to be transmitted is received from the transport layer. The network layer is responsible for routing and must add its routing information to the data. The net-work layer information is added in the form of a header, which is appended to the beginning of the data. The term Protocol Data Unit (PDU) is used to describe the combination of the control information for a layer with the data from the next higher layer. Each layer appends a header to the PDU that the next higher layer receives. The data field for each layer consists of the PDU for the next higher layer. The physical layer does not encapsulate in this manner because the physical layer manages data in bit form.

Wor

ds

123456

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Control Bits



Options & Padding


WindowChecksum


Figure 38 shows the Protocol Data Unit layout.


• Source port (16 bits): Identifies the local TCP user.

• Destination port (16 bits): Identifies the remote user.

• Sequence number (32 bits): A number indicating the position of the current’s position in the overall message.

• Acknowledgement number (32 bits): A number indicating the next sequence number to be excepted.

• Data offset (4 bits): The number in the TCP header used to enable calculation of the start of the data.

• Reserved (6 bits): All bits are set to 0.

• Control bits (6 bits):

The six control bits are as follow:

• URG: A value of 1 indicates urgent. A value of 0 implies not urgent.

• ACK : A value of 1 indicates an acknowledgement. A value of o indicates this is not an acknowledgement.

• PSH : A value of 1 indicates a push operation. A value of o indicates this is not a push function.

• RST : A value of 1 indicates that the connection is to be reset. A value of 0 indi-cates no reset.



• SYN : A value of 1 indicates that the sequence numbers are to be synchronised. A value of 0 means no synchronisation.

• FIN : A value of 1 indicates that the sender has no more data to send, equivalent to an end-of-transmission marker. A value of 0 indicates more data is to follow.

• Window (16 bits): A number indicating how many blocks of data the receiving machine can accept.

• Checksum (16 bits): A value for the data and header together, which enables a receiving machine to verify the contents have not been corrupted.

• Urgent Pointer (16 bits): Used if the URG flag was set. It indicates the portion of the data message that is urgent by specifying the offset from the sequence number in the header.

• Options (variable): Similar to the IP header options fields, it is used for specifying TCP op-tions.

• Padding (variable): Filled with bits to ensure that the size of the header is 32-bit multiple. As received data passes up the protocol stack, each layer strips its corresponding header from the data unit. The process of removing headers from data is called decapsulation. This mechanism en-ables each layer in the transmitting device to communicate with the corresponding layer in the re-ceiver. Each layer in the transmitting device communicates with its peer layer in the receiving device, in a process called peer-to-peer communication.


IEEE LAN’s 24

IEEE LAN’s:

Terminology:

Access method’s (polling, token passing of contention):

This method decides the presentation and possibilities from the network

• Polling:

Making periodic requests is called polling. Polling also reduces the burden on the network because the polls originate from a single system are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a managed device, the manager does not find out until the agent polled. Mostly used in a star network topology.

• Token passing:

Token passing that every device on the network receives a periodic opportunity to transmit. The token consists of a special frame that circulates from device to device around the ring. Only the device that possesses the token is permitted to transmit. Af-ter transmitting, the device restarts the token, enabling other devices the opportunity to transmit.

• Contention (CSMA/CA of CSMA/CD):

A condition occuring in some LAN’s wherin the Media Access Control sublayer allows more than one node to transmit at the same time, risking collisions. Mostly used in a bus network topology.

Architecture of the IEEE 802 Standards:

Network type IEEE 802.2: Defines the LLC sublayer protocol.

Network type IEEE 802.3: Network with a bus-topology and the access method CSMA/ CD, 10 Mbps. Defines the MAC and physical layer for CSMA/CD.

Network type IEEE 802.4: Network with a bus-topology and the access method token pass-ing, 2.5 Mbps.

Network type IEEE 802.5: Network with a ring-topology and the access method token pass-ing, 4 Mbps. Defines the MAC and physical layer for a Token Ring network.

• Logical Link Control (LLC):

This sublayer provides a network interface to Upper-Layer Protocols (ULP) and is concerned with transmitting data between two stations on the same network segment.

An interface between the LLC sublayer and upper-layer protocols is a Link Service Access Point (LSAP). It is a logical address that identifies the upper-layer protocol from which the data originated or to which the data should be delivered.

LLC Delivery Service:

Was designed to provide a variety of delivery services, which determine the level of communi-cation integrity established between devices.


IEEE LAN’s 25

LCC support the following three types of delivery service:

• Type 1 service, Unacknowledged Datagram Service (UDS), supports point-to-point, multi-point, and broadcast transmission. Does not perform error detection and recovery or flow control.

• Type 2 service, Virtual Circuit Service (VCS), provides frame sequencing, flow control, and error detection and recovery.

• Type 3 service, Acknowledged Datagram Service (ADS), implements point-to-point data-gram service with message acknowledgements, and functions somewhere between type 1 and type 2 service.

Devices have a limited number of receive buffers, used to store frames that have been re-ceived but not processed. If the sending device continues to transmit while the destination re-ceive buffers are full, frames not received are lost. Flow control ensures that frames are not sent at a rate faster than the receiving device can accept them.

... ...

Sending Computer

Discarded Data

Transmitted DataReceived Data

FullCommunication

buffers

Communicationbuffers

...

Figure 39 shows the receiving computer risks losing data whenever its communication buffers become full.

A variety of mechanisms can be used to provide flow control:

The simple stop-and-wait method requires the receiver to acknowledge received frames, sig-nalling a readiness to accept more data. This mechanism is suitable to a connectionless, datagram service.

If the sender must wait for an acknowledgement of each frame, multiframe transmissions are handled inefficiently. The more sophisticated sliding-window technique enables the sender to transmit multiple frames without waiting for an acknowledgement. The receiver can acknowl-edge several datagrams at one time. A window determines the number of frames that can be outstanding at a given time, ensuring that the receiver's buffer do not overflow. The complexity of sliding-windows flow control requires a connection-oriented LLC service.

Error detection is performed at the MAC layer, but error recovery, when performed at the data link layer, is a function of LLC.

Data Flow Control:

Data-communication processes allocate memory, commonly known as communica-tion buffers, for the sake of transmission and reception of data. Communication buff-ers serve as holding areas where inbound data traffic is temporarily kept for subse-quent handling by the CPU. Depending on the rate at which incoming data is handled by other components of the communication process, the communications buffers of-ten become full. A computer whose communications buffers become full while still in the process of receiving data runs the risks of discarding extra transmissions and los-ing data unless a data flow control mechanism is employed. A proper data flow control technique calls on the receiving process to send a stop sending signal to the sending computer whenever it cannot cope with the rate at which data is being transmitted. The receiving process later sends a resume sending signal when data communica-tions buffers become available.


IEEE LAN’s 26

LLC Data Format:

The LLC layer constructs a PDU by appending LLC-specific fields to the data received from upper layers.

1 0 -1497 octets1 1

LLC Header Data

DSAP ControlSSAP Data

Figure 40 shows the format of the LLC protocol data unit.


• The Destination Service Access Point (DSAP) address that identifies the required protocol stack on the destination computer.

• The Source Service Access Point (SSAP) address associated with the protocol stack that originated the data on the source computer.

• The Control Information that varies with the function of the PDU.

• The Data received from upper-layer protocols in the form of the network layer PDU.

• Medium Access Control (MAC):

This sublayer provides the method by which devices access the shared network transmission medium.

802 LAN Physical Address: Physical device addresses are defined at the MAC protocol sublevel. Physical addresses, therefore, frequently are referred to as MAC addresses.

I/G bit: '0' = individual address & '1' = group addressU/L bit: '0' = universally administered address & '1' = locally administered address

31

30

29

28

27

26

25

24

23

22

21

20

19

18

17

16

Bits47

46

45

44

43

42

41

40

39

38

37

36

35

34

33

32

15

14

13

12

11

10

09

08

07

06

05

04

03

02

01

00

Organisation Administered Address (24 bits)Organisation Unique Identification (22 bits)

Figure 41 shows the format of an IEEE 802 MAC address.

The bit’s 46 and 47 in figure 41 are as follows:

• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address of one device on the network. If the bit is 1, it specifies a multicast address that identifies a group of de-vices.

• Bit 46 is the U/L bit and indicates whether the address is universally or locally administrated. If the bit is 0, universally administrated address. If the bit is 1, locally administrated address.

IEEE 802.2 LLC

IEEE 802.3CSMA/CD

IEEE 802.5Token RingPhysical Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Application Layer

Presentation Layer

Figure 42 shows IEEE 802 standards related to the OSI reference model.


IEEE LAN’s 27

IEEE 802.3 Networks: Utilise the same CSMA/CD access control mechanism that was developed for Ethernet II. The same media-signalling techniques are employed and 802.3 and Ethernet II network hardware are inter-changeable. 802.3 and Ethernet II frames may be multiplexed on the same media. The primary differ-ence between the 802.3 and Ethernet II standards has to do with frame formats.

• How Ethernet Works:

Ethernet

Figure 43 shows the schematic of an Ethernet network.

Typically, local area networks permit a single node to transmit at a given time. Access control methods are systems that enable many nodes to have access to a shared network medium by granting access to the medium in an organised manner. Ethernet uses an elegant access control method, called carrier sence. When a node has data to transmit, it senses the me-dium, essentially listening to see if any other node is transmitting. If the medium is busy, the node waits a few microseconds and tries again. If the medium is quiet, the node begins to transmit. The full name for this approach is Carrier Sence Multiple Access (CSMA), permitting multiple nodes to access the medium through a carrier sence method.

Carrier Sence Multiple Access/Collision Avoid (CSMA/CA):

The listen to the wire to check if there is someone that wants to communicates, the pronounce that the are ready to start with a communication (burst). When two termi-nals on the same moment are ready to start with a communication then the communi-cation will be delayed for a random time by both terminals.

Carrier Sence Multiple Access/Collision Detection (CSMA/CD):

The start with there communication when the think that the are the only ones that wants to communicate. When after a searten time seams that the don't where the only ones that wants to communicate, both terminals stops there communication for a random time before the trey again. With a much better rendement then a token that needs to pass all the different terminals offers the CSMA/CD method the disadvan-tage that it is not possible to now exactly which response time they need to use with a danger for saturation if there is much intensive traffic.

Before the stations can send the need to do next 5 steps on a CSMA/CD-network:

1 - listen to the wire before the can send,

2 - wait if the cable isn't free,

3 - send and listen to the wire to check if there are collisions,

4 - if there is a collisions, wait again before you can send it again,

5 - send it again or cancel it.


IEEE LAN’s 28

Before the stations can recieve the need to do next 4 steps on a CSMA/CD-network:

1 - inspectation of the incoming packets and checking on fragmentation,

2 - read and check the destination address,

3 - when the packet is for the local station, check the packet to sea if it's intact,

4 - process the packet.

A brief period of time must expire before a transmitted electrical signal reaches the furthest extents of the medium on which it is sent. As the two signals flow through the medium, even-tually they overlap in an event called a collision. Collisions always damage data, and having a mechanism for dealing with collisions when they occur is of paramount importance.

Ethernet nodes detect collisions by continuing to listen as they transmit. If a collision takes place, the nodes measure a signal voltage that is twice as high as expected. After detecting a collision, the nodes transmit a jamming signal that notifies all nodes on the network that a col-lision has occurred and the current frame should be disregarded. Then the nodes wait random amount of time before attempting to retransmit. Because each node delays for a different time, the likelihood of a new collision is reduced. This technique of managing collisions is called Collision Detection (CD), making the complete abbreviation for the Ethernet access control method CSMA/CD.

Collisions are part of the normal operation of an Ethernet. Because CSMA/CD is an excep-tionally efficient access control method, normal collision activity does not seriously affect net-work performance. They occur when two or more systems transmit at the same time contend-ing for the right to control the network. If a system transmit 64 bytes, it is considered to be in control, and the other systems are supposed to be quiet until the controlling system has fin-ished. It is possible, if the total length of an Ethernet exceeds the specifications, for a system not to know that another system has control of the network and to transmit right over the con-trolling system's packet. This creates a packet greater than 64 bytes long with a CRC error. The busier the network, the more this problem becomes.

Ethernet

Figure 44 shows collisions on an Ethernet.

Sometimes when an installation doesn't work because the cable is to long or otherwise out of specification, people use a transceiver or network card that functions even over an out-of-specification link to solve the problem. Don't do it. You are not solving the problem. You're just hiding the problem that may came back to haunt you in the future.

In a large 10BASET installation, hubs that can be remotely managed are almost indispensa-ble.

Simple Network Management Protocol (SNMP) is the standard management software for TCP/IP networks. The agent is the software that reports information about a device back to the management station. SNMP may help you manage the PC’s on your network.

Late collisions are undetected collisions caused by a cable segment that is too long and are one example of why you'll regret violating the Ethernet specifications.


IEEE LAN’s 29

Ethernet II Frames:

CRC calculationframe length

8 octets 6 octets 6 octets 2 46 -1500 octets 4 octets

PreambleDestination

AddressSourceAddress Type FCSData

Figure 45 shows the structure of an Ethernet II frame.

• The minimum length of an Ethernet frame is 6+6+2+46+4=64 octets

• The maximum length of an Ethernet frame is 6+6+2+1500+4=1518 octets


• The preamble consists of a series of 8 bits in a specific pattern that notifies receiving nodes that a frame is beginning. The preamble begins with seven octets (8-bit groups, fre-quently referred to as byte) of the pattern 10101010. The final octet of the preamble has the bit pattern 10101011. The purpose of the preamble is to signal the beginning of a frame, and the preamble is not formally part of the frame. Therefore, the octets in the pre-amble are not counted as part of the length of the frame.

• The destination and source address each consist of 48 bits (6 octets). Each node on the network is assigned a unique 48-bit address. This information enables receiving nodes to identify frames that are addressed to them, and also enables the receiver of a message to reply to the sender.

• The type field (EtherType) is a 16-bit (2 octets) field that designates the data type of the data field. The EtherType enables the network drivers to demultiplex the packets and direct data to the proper protocol stack. The type mechanism enables Ethernet networks to sup-port multiple protocol stacks.

• The data field contains the Protocol Data Unit (PDU) received from upper-layer protocols. For TCP/IP its constructed of three components: The IP header, the TCP header, and the application data. The length of the data field can bee from 46 to 1500 octets, inclusive. If the data field is less than 46 octets in length, upper-layer protocols must pad the data to the minimum length.

• The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to de-termine if transmission errors have altered the frame. This code is derived through a Cyclic Redundancy Checksum (CRC) calculation which processes all fields except the preamble and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC calculation by the receiver matches the value in the FCS, it is assumed that transmission errors didn’t occur.

Ethernet II Node Address:

Consist of 48 bits, organised in three fields, commonly organised in sec octets, six groups of 8 bits.

I/G bit: '0' = individual address & '1' = group address

31

30

29

28

27

26

25

24

23

22

21

20

19

18

17

16

Bits47

46

45

44

43

42

41

40

39

38

37

36

35

34

33

32

15

14

13

12

11

10

09

08

07

06

05

04

03

02

01

00

Globally Administered Address (24 bits)Vendor Code (23 bits)

Figure 46 shows the structure of an Ethernet II Node Address. \

• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address of one device on the network. If the bit is 1, it specifies a multicast address that identifies a group of devices.


IEEE LAN’s 30

Vendors are assigned unique vendor codes that are used to identify their adapters. This regis-tration system ensures that each Ethernet device that is manufactured has a physical address that is unique in the entire world. The Globally Administrated Address is designated by the manufacturer of the Ethernet equipment. Because each manufacturer is assigned a unique vendor ID, and the manufactures assign a different identification number to each equipment produced, the complete Ethernet ID for each Ethernet device is unique.

Ethernet wiring comes in three forms:

• Thicknet : IEEE 10BASE5 standard, coax cable .5" diameter, used for backbone Ethernet to interconnect other networks

• Thinnet : IEEE 10BASE2 standard, coax cable .2" diameter, used to directly connect PC’s

• UTP : IEEE 10BASET standard, used to directly connect PC’s, these systems requires a concentrator or hub to operate.

Ethernet wiring limits:

Max. 10BASE5 10BASE2 10BASET

Segment length 500 m 185 m 500 m

Repeaters or concentrators 4 4 4

Total length 2500 m 925 m 2500 m

Nodes per segment 100 30 512

Workstation cable N/A N/A 100 m

• IEEE 802.3 Media:

Each of the cable standards has a three-part name. The first number indicates the data rate in megabits per second. BASE specifies baseband operation, and BROAD indicates a broad-band network. The final designation suggest the cable type.

• 10BASE5 : Thick, 50-ohm coaxial cable.

• 10BASE2 : Thinner coaxial cable.

• 10BASE-T : UTP cable.

• 10BROAD36: A broadband cable system that enables multiple 10 Mbps channels to be carried by the same coaxial medium.

• 100BASE-TX: Utilises two pairs of high-grade UTP cable, 100 Mbps.

• 100BASE-T4: Utilises four pairs of standard grade UTP cable, 100 Mbps

• 100BASE-TF: Utilises optical fibre, 100 Mbps.

• IEEE 802.3 Frames:

CRC calculationframe length

Start Frame Delimiter

7 octets 6 octets 6 octets 2 46 -1500 octets 4 octets1

Preamble DestinationAddress

SourceAddress

Length FCSData

Figure 47 shows the format of a IEEE 802.3 Frame.

• The minimum length of an IEEE 802.3 frame is 6+6+2+46+4=64 octets.

• The maximum length of an IEEE 802.3 frame is 6+6+2+1500+4=1548 octets.


IEEE LAN’s 31


• The preamble consists of a series of 8 bits in a specific pattern 10101010.

• The Start Frame Delimiter (SFD) is a one octet with the bit pattern 10101011.

• The destination and source address each consist of 48 bits (6 octets). Each node on the network is assigned a unique 48-bit address. This information enables receiving nodes to identify frames that are addressed to them, and also enables the receiver of a message to reply to the sender.

• The length field consists of 2 octets that specify the number of octets in the LLC data field. This value must be in the range 46 through 1500, inclusive.

• The LLC data field contains the Protocol Data Unit (PDU) received from the LLC sublayer, consisting of the LLC header and data. The size of this field can be from 46 to 1500 octets, inclusive. If the data field is less than 46 octets in length, upper-layer protocols must pad the data to the minimum length.

• The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to de-termine if transmission errors have altered the frame. This code is derived through a Cyclic Redundancy Checksum (CRC) calculation which processes all fields except the preamble and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC calculation by the receiver matches the value in the FCS, it is assumed that transmission errors didn’t occur.

• Implementing TCP/IP over IEEE 802.3:

1 3 octets 2 octets 0 -1492 octets1 1

LLC Header SNAP Header Data

DSAP(= 170)

Control(= 3)

Organisation Code(= 0) Ethertype DataSSAP

(= 170)

Figure 48 shows the format of the SNAP data format.

IEEE 802.5 Networks: IEEE 802.5 Token Ring is the second most commonly employed LAN physical layer, trailing signifi-cantly behind Ethernet.

• How Token Ring Works:

Each time a device needs to transmit, some probability exists that the network will be busy. And, even when the device successfully begins to transmit, some probability exists that an-other device will also transmit and cause a collision, forcing both devices to back off and try again. These probabilities increase as the network becomes busier, until a point is reached at which a device needing to transmit data becomes extremely unlikely to receive the opportunity to do so. Because network access on a CSMA/CD network is uncertain, CSMA/CD is called a probabilistic access method.

The mere probability of access is unacceptable in certain critical situations such as industrial control. Suppose that an overheat urgently needs to send a warning to the factory operators. If even a possibility exists that the sensor cannot access the network, the factory designers will not take the situation lightly.

Token access guarantees that every device on the network receives a periodic opportunity to transmit.


IEEE LAN’s 32

Listen to the wire

Detected apreamble

Read destinationaddress

Broadcastaddress

Myaddress

Yes

No

Ignoretransmission

No

Read dataframe contents

Performintegrity check

End offrame

CheckpassedDiscard data

Deliver data todesignated process

Yes

Yes

Yes

No

No

Yes

No

Figure 49 shows the token access method in a ring network.

The token consists of a special frame that circulates from device to device around the ring. Only the device that possesses the token is permitted to transmit. After transmitting, the de-vice restarts the token, enabling other devices the opportunity to transmit.

The initial 4 Mbps implementation of Token Ring permitted a single token to circulate on the network. Before releasing a token on the network that enabled other devices to transmit, a de-vice that transmitted a frame waited for the frame to return after circulating the ring. A new feature, called Early Token Release (ETR), introduced with the newer 16 Mbps Token Ring, enables a sending device to release a token immediately after it completes transmission of a frame. Thus a token can circulate at the same time as a data frame.

Although token access control appears simple, numerous problems lie beneath the surface. The point of introducing them is to illustrate that the control mechanisms Token Ring uses are significantly more complicated than those required for CSMA/CD. These control mechanisms take up network bandwidth, reducing the efficiently of Token Ring.

To compensate for this added complexity, Token Ring offers significant benefits. Data throughput of a Token Ring can never reach zero, as is possible with an Ethernet experienc-ing excessive collisions. Although network performance slows as demand increases, every device on the network receives a periodic opportunity to transmit.

Token Ring possesses a capability to set network access priorities, which is unavailable in Ethernet. High-priority devices can request preferred network access. This capability enables a critical device to gain greater access to the network.


IEEE LAN’s 33

Token Ring was also designed to provide a higher level of diagnostic and management capa-bility than is available with Ethernet. The mechanisms that compensate for Token Ring errors provide a capability for diagnosing other network problems, as well. For example, detecting devices causing network errors and forcing those devices to disconnect from the network, is possible. Also, in the cabling system IBM designed, the network is services by two rings of ca-ble. In the event of a cable break, using the media ring to reconfigure the network and keep it operating is possible.

Nevertheless, Ethernet remains the most popular network physical layer. Ethernet works well in the majority of networks and costs considerably less than Token Ring. Equipment for Token Ring costs two-to-three times as much as corresponding Ethernet components.

Wiring Hub

Figure 50 shows how Token Rings are wired in a star.

• Several reasons can be cited for Token Ring's lower popularity:

• It was developed as an IBM technology. Although Token Ring technology is now offered by great many vendors, many in the user community perceive it as proprietary.

• Ethernet is simple, reliable, and effective for the majority of networks, and at the same time, cost significantly less than Token Ring.

• TCP/IP has traditionally been wed to Ethernet II. Growing industry demand for TCP/IP has accompanied a recent surge in the Ethernet popularity.

Nevertheless, Token Ring is an effective physical layer technology with features that make it preferable under some circumstances.

• IEEE 802.5 Frames:

1 2 or 6 octets1 1 2 or 6 octets 0 or more octets 114 octets

start-of-frame data section (FCS coverage) end-of-frame

SD FC SA FSAC DA EDFCSInformation

Figure 51 shows the format of a Token Ring frame.

Three major sections can be specified, as follow:

• Start-of-Frame Sequence (SFS): This section signals the network devices that a frame is beginning.

• Data section: This section contains control information, upper-layer data, and that a frame is beginning.

• End-of-Frame Sequence (EFS): This section indicates the end of the frame and includes several control bits.


IEEE LAN’s 34


• The Starting Delimiter (SD) field is a single octet that consists of electrical signals that can-not appear elsewhere in the frame. The SD violates the rules for encoding data in the frame and contains nondata signals.

• The Access Control (AC) field includes priority and reservation bits used to set network pri-orities. It also includes a monitor bit, used for network management. A token bit indicates whether the frame is a token or a data frame.

• The Frame Control (FC) field indicates whether the frame contains LLC data or is a MAC control frame. Several types of MAC frame are used to control network functions.

• The Destination Address (DA) specifies the station or stations to which the frame is di-rected. Multicasts and broadcasts are possible in addition to transmission to a single de-vice. 16- and 48-bit addresses are supported.

• The Source Address (SA) specifies the device that originated the frame. The DA and SA address must utilise the same format.

• The Information field contains LLC data or control information if it appears in a MAC control frame.

• The Frame Check Sequence (FCS) is a 32-bit cyclic redundancy check that is applied to the FC, DA, SA, and information field.

• The Ending Delimiter (ED) violates the network data format and signals the end of the frame. This field includes two control bits. The intermediate bit indicates whether this is an intermediate or the final frame in a transmission. The error bit is set by any device that de-tects an error, such as in the FCS.

• The Frame Status (FS) field contains other control bits that indicate that a station has rec-ognised its address and that a frame has been copied by a receiving device.


Protocols and Protocol Stacks 35

Protocols and Protocol Stacks:

Physical Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Application Layer

Presentation Layer

OSI Model

Network Interface Card

ARP & RARP & NDIS

IP ICMP

TCP UDP

Socket Interface

Network Applications

TCP/IP UNIX


Server MessageBlock(SMB)

NetBIOS NamedPipes

NDIS

NetBEUI

MS NT LAN Manager


ARP & RARP VinesDrivers & NDIS

Vines IP ICP

SPP & JPC

Vines Redirector

NetRPC

DirectSocket

Banyan Vines


SPX

IPX

ODI / NDIS

NetWare CoreProtocols

(NCP)

Novell NetWare

Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the OSI model.

In figure 52, each NOS manufacturer has implemented its own networking protocols to provide the required networking functions. These protocols operate as distinct programs or processes that the NOS use to transport data between the network nodes. Each set of programs is commonly referred as a protocol stack. It is important to note that although the underlying functionality of each of these pro-tocol stacks is similar, the implementation within each NOS is unique. A client application sends data down its protocol stack, passing through each of the protocols and in-terfaces. Information necessary to forward the application data to its destination is added by the pro-grams operating at each level. At the receiving side, the data packets traverse a similar stack of proto-cols and programs, this time in reverse. Starting at the physical layer, the packet passed through each successive layer until it reaches the top of the stack at the relevant application process. At each layer, the information appended by the different protocols is examined so that the host can forward the packet to its final destination. For the host to accomplish this, both the client and the host need to run the same program at each level. If the server received a data packet that contained protocol informa-tion generated from a program not in its protocol stack, it would obviously not be able to understand the contained information.

Application LayerPresentation Layer

Session LayerTransport LayerNetwork Layer

Data Link LayerPhysical Layer

Application LayerPresentation Layer

Session LayerTransport LayerNetwork Layer


Server ApplicationClient Application

Client Host

Protocols operating at each layer need to be compatible

Figure 53 provides a generic illustration of a data packet moving through the different protocol layers of the OSI model.

Each subsequent layer, additional protocol information is appended to the original data packet. At the host side, the protocol information is stripped away layer by layer to finally leave the application data.



Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Network Client Network Host

ApplicationData

TCPInfo.

IPInfo.

NDIS & DataLink Info.

EthernetInfo.

ApplicationData

TCPInfo.

IPInfo.


EthernetInfo.

ApplicationData

TCPInfo.

IPInfo.

ApplicationData

TCPInfo.

IPInfo.

ApplicationData

ApplicationData

ApplicationData

TCPInfo.

IPInfo.


ApplicationData

TCPInfo.

IPInfo.

ApplicationData

TCPInfo.

ApplicationData

Transmission over the Network


Figure 54 shows a more specific example of an application packet moving through a TCP/IP network.

Operating Dual Protocol Stacks: The biggest problems in providing multiprotocol support to network clients relate to the operation of the interface at both the top and the bottom of the protocol stack. At the top of the stack, applications are generally written to function through the use of a specific net-work protocol. The application developer then needs to write different version of the application for it to operate using different network protocols. It is possible, however, for developers to overcome these issues by writing applications based on a common or standard interface such as NetBIOS, WinSock, or BSD sockets. It then becomes the problem of the implemented networking protocol to offer support for these interfaces. Similar interpretability problems are found at the protocol stack, the use of a standard interface offers a possible solution. Each distinct networking solution offers its own protocol drivers to communicate with the installed network interface card. For example, this means, that if you loaded a separate NIC driver for both your NetWare stack and your TCP/IP stack, each driver program would assume that it had complete control over the installed NIC. The result would be that as either driver attempted to ac-cess the NIC it could corrupt any communication being carried out by the other program. The solution to this problem requires that you load a single device driver to interface directly with the NIC and that this driver provides simultaneous support to all the installed protocol stacks. Two possi-ble solutions have been developed to provide this support. The first is known as the Network Driver Interface Specification, and the second is the Open Datalink Interface. The implementation of either of these standards enables you to effectively provide multiprotocol support, enabling you to load more than one network protocol on a single workstation.

Network Driver Interface Standard (NDIS): The NDIS specification was written to provide an NIC with the capability to simultaneously support multiple protocol stacks through the use of a single NIC device driver. The specification defines three main components:

• Media Access Control (MAC) driver: This is a device driver written by the vendors of the NIC that directly interfaces with the NIC hardware.

• Upper-Level Protocol driver: This is a device driver written by the NOS vendor that provides the required functionality and interface support for the upper-layer protocols.

• Protocol manager program: This is a manager or control program that co-ordinates the joining or binding of the preceding two programs to provide the completed protocol stack support. This pro-gram is called PROTMAN.DOS or PROTMAN.OS2, depending on the client operating system em-ployed.



The initialisation of the NDIS environment starts with the protocol manager, which reads a configura-tion file, called PROTOCOL.INI, and stores the contained configuration in a predefined structure in an area of memory known as configuration memory. As each of the other device drivers are loaded, they issue requests to the protocol manager for their specific configuration details. The protocol manager provides this information by indicating to each driver where it can find the configuration memory. The drivers then access this area of memory, which provides them with the details they need in order to initialise. After the MAC driver and all the required protocol drivers have been loaded, the protocol manager must connect all the drivers together. This process is known as binding and is initiated by a program called NETBIND. The principal function of NETBIND is to issue the BindAndStart directive to the pro-tocol manager. This indicates that all the drivers and protocols to form the necessary protocol stacks. The protocol manager should initiates communication with the MAC driver by issuing the IniatiateBind directive to each of the protocols that was loaded. Each of the protocols binds to the MAC driver with an indicated vector value. The MAC driver can then multiplexed between each of the loaded protocols based on this vector value.

Application Layer ApplicationsTCP/IP

TCP/IP NDISCompatible Driver

TCP/IPNetwork Protocols

NOS ProprietaryNetwork Protocols

ApplicationsNOS

NOS NDISCompatible Driver

Binding Interface

NIC NDIS Driver

Network Interface Card (NIC)

Network Layer

Data Link Layer(s)

Physical Layer

Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program.

Open Datalink Interface (ODI): The ODI specification is similar in structure and functionality to NDIS. The ODI specification was de-veloped as a means of providing client and server support for network protocols alongside its native networking protocol, IPX. The ODI specification references the following components:

• Multiple Link Interface Drivers (MLID): These drivers are similar in functionality to the MAC drivers specified by NDIS. They provide a device interface to the installed NIC within the client or the server.

• Link Support Layer (LSL) interface: This interface manages the interaction between the installed MLID and the various installed upper-layer protocols. References within the LSL are made to redi-rect traffic from the MLID to the specified upper-layer protocol.

• Upper-Level Protocol driver: This is a device driver that allows for the integration of other network protocols and their support within the NetWare environment.

Configuration and protocol loading within an ODI environment are controlled via the net.cfg file on the workstation. The first program to load is the LSL driver, which provides a basis for the binding of up-per-layer protocols and for the loading of the NIC drivers. The file net.cfg contains information relating to the installed NIC driver, or MLID, and the LAN frame type support that is required. After the MLID has been installed, the upper-layer protocol drivers can be loaded to interface individually onto the LSL.



Listing 1 shows an example ODI dual protocol stack configuration. It indicates the loading of both the IPXODI driver, for IPX support, and the TCP/IP driver to provide a TCP/IP protocol stack. AUTOEXEC.BAT ... REM Load LSL driver LSL

REM Load MLID driver, which reference NET.CFG for its configuration 3c509

REM Load IPX upper layer ODI compliant driver IPXODI

REM Load TCP/IP upper layer ODI compliant driver TCPIP

REM Load redirector program VLM

REM TCP/IP and IPX stacks loaded, continue with login routines ... NET.CFG ... link driver 3c509 frame ethernet_803.2 frame ethernet_snap frame ethernet_II frame ethernet_803.3 ... It is also possible to provide for NDIS-compatible environments within the ODI specification. This is provided through inclusion of a program called ODINSUP.COM. This program provides support for upper-layer protocol drivers written to the NDIS specification to interface directly with the installed ODI MLID. In other words, the NDIS protocols bind to the ODI MLID, via ODINSUP.COM, bypassing the installed LSL module. You might undertake this method if the TCP/IP stack you wanted to load sup-plied only an NDIS-compliant driver.


Delivering Data Through Internetworks 39

Delivering Data Through Internetworks:

Ethernet Token Ring EthernetRouterRouter

Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation

RouterRouter

Figure 56 shows an internetwork consisting of several networks.

The way data are delivered through internetworks involves several topics:

• Methods for carrying multiple data streams on common media.

• Methods for switching data through paths on the network.

• Methods for determining the path to be used. Multiplexing: LAN’s generally operate in baseband mode, which means that a given cable is carrying a single data signal at any one time. The various devices on the LAN must take turns using the medium. This gen-erally is a workable approach for LAN’s, because LAN media offer high performance at low cost. Long-distance data communication media are expensive to install and maintain, and it would be ineffi-cient if each media path could support only a single data stream. WAN’s, therefore, tend to use broad-band media, which can support two or more data streams. Increasingly, as LAN’s are expected to carry more and different kinds of data, broadband media are being considered for LAN as well. To enable many data streams to share a high-bandwidth medium, a technique called multiplexing is employed.

Data FlowD

B

A

D C B AC

D C B A D C B A D C B A

D

B

A

C

Mul

tiple

x

Dem

ultip

lex

Figure 57 illustrates one method of time-division multiplexing of digital signals.

In figure 57, the signals-carrying capacity of the medium is divided into time slots, with a time slot as-signed to each signal, a technique called Time-Division Multiplexing (TMD). Because the sending and receiving devices are synchronised to recognise the same time slots, the receiver can identify each data stream and re-create the original signals. The sending device, which places data into the time slots, is called a multiplexer or mux. The receiving device is called a demultiplexer or demux. TMD can be inefficient. If a data stream falls silent, its time slots are not used and the media bandwidth is under-utilised.

Data FlowD

B

A

A B A CC

A B A A A C A A B A B A

D

B

A

C

Mul

tiple

x

Dem

ultip

lex

Figure 58 depict a more advanced technique, statistical time-division multiplexing.

In figure 58, time slots are still used, but some data streams are allocated more time slots that others. An idle channel, D, is allocated no time slots at all. A device that performs statistical TMD often is called a stat-MUX.



Switching Data: On an internetwork, data units must be switched through the various intermediate devices until they are delivered to their destination. Two contrasting methods of switching data are commonly used: Cir-cuit switching and packet switching. Both are used in some form by protocols in common use. Circuit Switching:

E D C B A

E D B A

Message Fragments

Reassembled Message C

E D B A Original Message

Message Fragments

C

D C B A

ED

CB

A

E

D C B AE

Figure 59 illustrates circuit switching.

When two devices negotiate the start of a dialogue, they establish a path, called a circuit, through the network, along with a dedicated bandwidth through the circuit. After establishing the circuit, all data for the dialogue flow through that circuit. The chief disadvantage of circuit switching is that when commu-nication takes place at less than the assigned circuit capacity, bandwidth is wasted. Also, communicat-ing devices can’t take advantage of other, less busy paths through the network unless the circuit is reconfigured. Circuit switching does not necessarily mean that a continuous, physical pathway exists for the sole use of the circuit. The message stream may be multiplexed with other message streams in a broadband circuit. In fact, sharing of media is the more likely case with modern telecommunications. The appear-ance to the end devices, however, is that the network has configured a circuit dedicated to their use. End devices benefit greatly from circuit switching. Since the path is pre-established, data travel through the network with little processing in transit. And, because multipart messages travel sequen-tially through the same path, message segments arrive in an order and little effort is required to recon-struct the original message. Packet Switching:

E D C B A

E D B A

Message Fragments

Reassembled Message C

E D B A Original Message

Message Fragments

C

C

A

E

D C

B

A

E

D C B AE A

E D C B

D

Figure 60 illustrates packet switching.



Packet switching takes a different and generally more efficient approach to switching data through networks. Messages are broken into sections called packets, which are routed individually through the network. At the receiving device, the packets are reassembled to construct the complete message. Messages are divided into packets to ensure that large messages do not monopolise the network. Packets from several messages can be multiplexed through the same communication channel. Thus, packet switching enables devices to share the total network bandwidth efficiently.

Two variations of packet switching may be employed:

• Datagram services treat each packet as an independent message. The packets, also called datagrams, are routed through the network using the most efficient route currently available, enabling the switches to bypass busy segments and use under-utilised seg-ments. Datagrams frequently are employed on LAN’s and network layer protocols are re-sponsible for routing the datagrams to the appropriate destination. Datagram service is called unreliable, not because it is inherently flawed but because it does not guarantee de-livery of data. Recovery of errors is left to upper-layer protocols. Also, if several messages are required to construct a complete message, upper-layer protocols are responsible for reassembling the datagrams in order. Protocols that provide datagram service are called connectionless protocols.

• Virtual circuits establish a formal connection between two devices, giving the appearance of a dedicated circuit between the devices. When the connection is established, issues such as messages size, buffer capacities, and network paths are considered and mutually agreeable communication parameters are selected. A virtual circuit defines a connection, a communication path through the network, and remains in effect as the devices remain in communication. This path functions as a logical connection between the devices. When communication is over, a formal procedure releases the virtual circuit. Because virtual cir-cuit service guarantees delivery of data, it provides reliable delivery service. Upper-layer protocols need not be concerned with error detection and recovery. Protocols associated with virtual circuits are called connection-oriented.

Bridges, Routers, and Switches:

Data can be routed through an internetwork using the following three types of information:

• The physical address of the destination device, found at the data link layer. Devices that forward messages based on physical addresses generally are called bridges.

• The address of the destination network, found at the network layer. Devices that use net-work addresses to forward messages usually are called routers, although the original name, still commonly used in the TCP/IP world, is gateway.

• The circuit that has been established for a particular connection. Devices that route mes-sages based on assigned circuits are called switches.

Bridges:

Presenation LayerApplication Layer

End Node Bridge End Node

Network A Network B

Data Link LayerNetwork Layer

Transport LayerSession Layer




Data Link Layer Data Link LayerPhysical Layer Physical LayerPhysical Layer Physical Layer

Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model.

Bridges build and maintain a database that lists known addresses of devices and how to reach those devices. When it receives a frame, the switch consults its database to determine which of its connec-tions should be used to forward the frame.



A bridge must implement both the physical and data link layers of the protocol stack. Bridges are fairly simple devices. The receive frames from on connection and forward them to another connection known to be en route to the destination. When more than one route is possible, bridges ordinarily can’t determine which route is most efficient. In fact, when multiple routes are available, bridging can result in frames simply travelling in circles. Having multiple paths available on the network is desirable, how-ever, so that a failure of one path does not stop the network. With Ethernet, a technique called the spanning-tree algorithm enables bridged networks to contain redundant paths. Token Ring uses a different approach to bridging. When a device needs to send to another device, it goes through a discovery process to determine a route to the destination. The routing information is stored in each frame transmitted and is used by bridges to forward the frames to the appropriate net-works. Although this actually is a data link layer function, the technique Token Ring uses is called source routing. The bridge must implement two protocol stacks, one for each connection. Theoretically, these stacks could belong to different protocols, enabling a bridge to connect different types of networks. However, each type of network, such as Ethernet and Token Ring, has its own protocols at the data link layer. Translating data from the data link layer of an Ethernet to the data link layer of a Token Ring is diffi-cult, but not impossible. Bridges, which operate at the data link layer, therefore, generally can join only networks of the same type. You see bridges employed most often in networks that are all Ethernet or all Token Ring. A few bridges have been marketed that can bridges networks that have different data link layers. Routers:


End Node Router End Node

Network A Network B






Data Link Layer Data Link LayerPhysical Layer Physical LayerPhysical Layer Physical Layer

Network Layer Network Layer

Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.

A different method of path determination can be employed using data found at the network layer. At that layer, networks are identified by logical network identifiers. This information can be used to build a picture of the network. This picture can be used to improve the efficiency of the paths that are chosen. Devices that forward data units based on network addresses are called routers. With TCP/IP, routing is a function of the internet layer. By convention, the network on which the data unit originates counts as one hop. Each time a data unit crosses a router, the hop count increases by one.

RouterRouter RouterRouter RouterRouter

RouterRouter RouterRouter RouterRouter

A B C

D E F

Figure 63 illustrates Hop-count routing.



A wide variety of paths could be identified between A and F:

• A-E-F (4 hops) • A-E-D-F (5 hops) • A-E-C-F (5 hops) • A-B-C-F (5 hops)

By this method, A-E-F is the most efficient route. This assumes that all of the paths between the routers provide the same rate of service. A simple hop-count algorithm would be misleading if A-D and D-E were 1.5 Mbps lines while A-E was a 56 Kbps line. Apart from such extreme cases, however, hop-count routing is a definite improvement over no routing planning at all. Routing operates at the network layer. By the time data reach that layer, all evidence of the physical network has been shorn away. Both protocol stacks in the router can share a common network layer protocol. The network layer does not know or care if the network is Ethernet or Token Ring. Therefore, each stack can support different data link and physical layers. Consequently, routers posses a capabil-ity, fairly rare in bridges, to forward traffic between dissimilar types of networks. Owing to that capabil-ity, routers often are used to connect LAN’s to WAN’s. Building routers around the same protocol stack as are used on the end-nodes is possible. TCP/IP networks can use routers based on the same IP protocol employed at the workstation. However, it is not required that routers and end-nodes use the same routing protocol. Because network layers need not communicate with upper-layer protocols, different protocols may be used in routers than are used in the end-nodes. Commercial routers employ proprietary network layer protocols to perform routing. These custom protocols are among the keys to the improved routing performance provided by the bets routers. Switches: Circuit-based networks operate with high efficiency because the path is established once, when the circuit is established. Each switch maintains a table that records how data from different circuits should be switched. Switching is typically performed by lower-level protocols to enhance efficiency, and is associated most closely with the data link layer.


Digital Data Services 44

Digital Data Services:

When networks must span more than a few kilometre's, new categories of technology come into play. Before considering WAN standards, it is useful to take a look at options that might be used by an or-ganisation that wants to build a private WAN. Not all options are examined.

A Leased line is a dedicated communication line between two points. It’s usually used by organisa-tions to connect computers over a dedicated telephone line.

• Dedicated Leased Lines:

Communication providers offer dedicated, leased lines at a variety of capacities. A dedicated line is a communication channel between two points that is leased by an organisation for its exclusive use. The dedicated line almost certainly does not consist of a pair of wires that stretches continuously between the end-points, and a customer's signal can pass through any combination of copper and optical fibre cables as well as terrestrial and satellite microwaves. The appearance to the customer, however, is of a directly wired channel. Dedicated lines may be analogue or digital in nature.

T1 is an example of a digital leased-line technology. T1 supports full-duplex communication between two points. Originally intended for digital voice communication, T1 adapts as well to data communication, supporting data rates up to 1.544 Mbps. T1 circuits can utilise combina-tions of cables and microwave links. A T1 line supports 24 multiplexed 64 Kbps channels. Fractional T1 enables organisations to lease part of a T1 line in 64 Kbps increments. Other standards include T2 (6.312 Mbps), T3 (44.736 Mbps) and T4 (274.176 Mbps).

DDSRouterRouter CSU/DSU CSU/DSU RouterRouter

Figure 64 shows connecting remote sites with a Digital Leased Circuit.

The interface to the leased line consists of a bridge or router to forward frames to the leased circuit. A Channel Service Unit/Digital Service Unit (CSU/DSU) to translate between LAN and the Digital Data Service (DDS) signal formats. A network interface provided by the communi-cation service vendor.

Leased lines can be used to construct quite large networks. The Internet is a world wide net-work that consists of thousands of host. Most connected by leased lines. The participant in the Internet share the cost of operating the Internet by bearing the cost of one or more leased lines to connect to other host sites.

The downside of leased lines is that an organisation bears the full cost of the capacity they have leased. Some allowance must be made for peak traffic periods, and a portion of the channel capacity being paid for may be idle a great deal of the time. Dedicated lines ensure an organisation of a specified communication capacity, but come at a high cost.


Digital Data Services 45

• Switched Digital Lines:

Switched lines provide an alternative to dedicated lines. When remote hosts need to commu-nicate, one dials the other to establish a temporary connection. Switched connection can be configured using conventional modems and voice-grade lines, enabling organisations that have very limited bandwidth needs to avoid the cost of a digital service.

A technology of switched digital communication is the Integrated Services Digital Network (ISDN). A variety of ISDN services are possible, providing different amounts of bandwidth. A common basic rate service consists of two 64 Kbps digital channels. Although the potential bandwidth of this service is 128 Kbps, the 64 Kbps channels function separately. Equipment at the customer site must be capable of aggregating the separate 64 Kbps channels into a 128 Kbps logical channel. ISDN has the potential to make switched digital communication widely available at low cost.


The Internet model 46

The Internet Model:

The protocol architecture for TCP/IP currently is defined by the IETF, which is responsible for estab-lishing the protocols and architecture for the Internet.

What TCP/IP provides:

• Open protocol standards, freely available and developed independently from any specific operating system or computer hardware platform. Because TCP/IP is so widely supported, it is ideal for unit-ing different hardware and software, even if you don't communicate over the Internet.

• Independence from specific physical network hardware, it can be run over an Ethernet, a Token Ring, a dial-up line, an X.25 net, and virtually any other kind of physical transmission media.

• A globally unique addressing scheme that allows any TCP/IP device to address any other device in the entire network, even if the network is as large as the world-wide Internet.

• Support for internetworking and routing, standardised high-level protocols for consistent, widely available user services.

TCP/IP attempts to create a heterogeneous network with open protocols that are independent of op-erating system and architectural difference. TCP/IP protocols are available to everyone, and are de-veloped and changed by consensus, not by the fiat of one manufacturer. Everyone is free to develop products to meet these open protocol specifications. Most information about TCP/IP is published as Request For Comments (RFC), its contain the latest version of the specifications of all standard TCP/IP protocols.

Application Layerconsists of applications and processesthat use the network

Transport Layerprovides end-to-end data del iveryservices

Internet Layerdefines the datagram and handles therouting of data

4

3

2

1Network Access Layer

consists of routines for accessingphysical media

Figure 65 shows the Layers in the TCP/IP Protocol Architecture.

The four-layered structure of TCP/IP is seen in the way data handled as it passes down the protocol stack from the Application Layer to the underlying physical network. Each layer in the stack adds con-trol information to ensure proper delivery. This control information is called a header because it is placed in front of the data to be transmitted. Each layer treats all of the information it receives from the layer above as data and places its own header in front of that information. The addition of delivery in-formation at every layer is called encapsulation. When data is received, the opposite happens. Each layer strips off its header before passing the data on the layer above. As information flows back up the stack, information received from a lower layer is interpreted as both a header and data.

Application Layer

Transport Layer

Internet Layer

Network Access Layer Header Header Header Data

Header Data

Header Data

Data

Header

Figure 66 shows TCP/IP Data Encapsulation.



Each layer has its own independent data structures. Conceptually a layer is unaware of the data struc-ture used by the layers above and below it. In reality, the data structures of a layer are designed to be compatible with the structures used by the surrounding layers for the sake of more efficient data transmission. Still, each layer has its own data structure and its own terminology to describe that struc-ture.

Application Layer

Transport Layer

Internet Layer

Network Access Layer

datagram

message

packet

frame

datagram

stream

segment

frame

TCP UDP

Figure 67 shows Data Structures.

Figure 67 shows the terms used by different layers of TCP/IP to refer to the data being transmitted. Most networks refer to transmitted data as packets of frames.

Network AccessFragment datagram to bits

IPFragment segments if required,

prepare datagrams

TCPFragment data stream to segments

ApplicationSend continuous data streams

Network AccessReconstruct datagrams from bits

IPReconstruct segments

from datagrams

TCPDefragment segments,

reconstruct data stream

ApplicationReceive continuous data streams

Datagrams

Segments

Data Steam

Figure 68 shows the processing of data during the transmission and the receiving for TCP.

Description of each of these layers:

• The Network Access Layer it is the lowest layer of the TCP/IP protocol hierarchy. The proto-cols in this layer provide the means for the system to deliver data to the other device on a di-rectly attached network. It defines how to use the network to transmit an IP diagram. Unlike higher-level protocols, it must know the details of the underlying network to correctly format the data being transmitted to comply with the network constraints. The TCP/IP Network Access Layer can encompass the function of all three lower layers of the OSI reference model Net-work Layer, Data Link Layer, and Physical Layer.

Functions performed at this level include encapsulation of IP datagrams into the frames transmitted by the network, and mapping of IP addresses to the physical addresses used by the network.

The network access layer is responsible for exchanging data between a host and the network and for delivering data between two devices on the same network. Node physical addresses are used to accomplish delivery on the local network.



TCP/IP has been adapted to a wide variety of network types, including switching, such as X.21, packet switching, such as X.25, Ethernet, the IEEE 802.x protocols, frame relay, etc.. Data in the network access layer encode EtherType information that is used to demultiplex data associated with specific upper-layer protocol stacks.

MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

Application Layer

Transport Layer

Internet Layer


MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

DATA DATA DATA DATADATA DATA ... Actual Physical Connection

NIC NIC

Figure 69 shows processes/applications and protocols that rely on the Network Access Layer for the delivery of data to their counterparts across the network.

• The Internetwork Layer it is the heart of TCP/IP and the most important protocol. IP provides

the basic packet delivery service on which TCP/IP networks are built. All protocols, in the lay-ers above and below IP, use the Internet Protocol to deliver data. All TCP/IP data flows through IP, incoming and outgoing, regardless of its final destination.

The Internetwork Layer is responsible for routing messages through internetworks. Devices responsible for routing messages between networks are called gateways in TCP/IP terminol-ogy, although the term router is also used with increasing frequency. The TCP/IP protocol at this layer is the Internet Protocol (IP). In addition to the physical node addresses utilised at the network access layer, the IP protocol implements a system of logical host addresses called IP addresses. The IP addresses are used by the internet and higher layers to identify devices and to perform internetwork routing. The Address Resolution Protocol (ARP) enable IP to identify the physical address that matches a given IP address.

Internet Protocol (IP):

• Defining the datagram, which is the basic unit of transmission in the Internet.

• Defining the Internet addressing scheme, moving data between the Network Access Layer and the Host-to-Host Transport Layer.

• Routing datagrams to remote hosts.

• Performing fragmentation and reassembly of datagrams.

The Datagram:

Is the packet format defined by Internet Protocol. The internet protocol delivers the datagram by checking the Destination Address (DA). This is an IP address that identifies the destination network and the specific host on that network. If the destination address is the address of a host on the local network, the packet is delivered directly to the destination, otherwise the packet is passed to a gateway for delivery. Gateways are devices that switch packets between the different physical networks. Deciding which gateway to use is called routing. IP makes the routing decision for each individual packet. IP deals with data in chunks called datagrams. The terms packet and datagram are often used interchangeably, although a packet is a data link-layer object and a datagram is a network layer object. In many cases, particularly when using IP on Ethernet, a datagram and packet refer to the same chunk of data. There's no guarantee that the physical link layer can handle a packet of the network layer's size. If the media's MTU is smaller than the network's packet size, then the network layer has to break large datagrams down into packed-sized chunks that the data link layer and physical layer can digest. This process is called fragmentation. The host receiving a fragmented datagram reassembles the pieces in the correct order.



IP Datagram Format:

Wor

ds

123456

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der


Time-to-live

Options

Flag





Protocol

Figure 70 shows the IP Datagram Format.

The field in figure 70 are as follows:

Version:

IHL:

Type of Service: Data in this fields indicate the quality of service desired. The effects of values in the precedence fields depend on the network technology employed, and values must be configured accordingly.

Format of the Type of Service field:

• Bits 0-2: Precedence 111 = Normal Control 110 = Internetwork Control 101 = CRITIC/ECP 100 = Flash Override 011 = Flash 010 = Immediate 001 = Priority 000 = Routine

• Bit 3 : Delay 0 = normal delay 1 = low delay

• Bit 4 : Throughput 0 = normal throughput 1 = high throughput

• Bit 5 : Reliability 0 = normal reliability 1 = high reliability

• Bits 6-7: Reserved

Total Length: The length of the datagram in octets, including the IP header and data. This field enables datagrams to consist of up to 65.535 octets. The standard recommends that all hosts be prepared to receive datagrams of at least 576 octets in length.

Identification: An identification field used to aid reassemble of the fragments of a datagram.

Flag: If a datagram is fragmented, the MB bit is 1 in all fragments except the last.

This field contains three control bits.

• Bit 0: Reserved, must be 0.

• Bit 1 (DF): 1 = Do not fragment and 0 = May fragment

• Bit 2 (MF): 1 = More fragments and 0 = Last fragment

Fragment Offset: For fragmented datagrams, indicates the position in the datagram of this fragment.

Time-to-live: Indicates the maximum time the datagram may remain on the network.

Protocol: The upper layer protocol associated with the data portion of the datagram.

Header Checksum: A checksum for the header only. This value must be recalculated each time the header is modified.

Source Address: The IP address of the that originated the datagram.

Destination Address: The IP address of the host that is the final destination of the datagram.

Options: May contain 0 or more options.

Padding: Filled with bits to ensure that the size of the header is a 32-bit multiple.



Routing Datagrams:

Internet gateways are commonly referred to as IP routers because they use Internet Protocol to route packets between networks. Gateways forward packets between networks and hosts don't. However, if a host is connected to more than one network (a multihomed host), it can forward packets between the networks. When a multihomed host forwards packets, it acts just like any other gateway and is considered to be a gateway.

Systems can only deliver packets to other devices attached to the same physical network.

Internet LayerTransport Layer

Application Layer

Host A1

Internet Layer

Gateway AB1

Internet Layer

Gateway BC1

Internet LayerTransport Layer

Application Layer

Host C1

Network A Network B Network C

Network Access Layer Network Access Layer Network Access Layer Network Access Layer

Figure 71 shows Routing Through Gateways.

The hosts (end-systems) process packets through all four protocol layers, while the gateways (intermediate-systems) process the packets only up to the internet layer where the routing de-cisions are made.

Fragmenting Datagrams:

As a datagram is routed through different networks, it may be necessary for the IP module in the gateway to divide the datagram into smaller pieces. A datagram received from one net-work may be to large to be transmitted in a single packet on a different network. This condition only occurs when a gateway interconnects dissimilar physical networks. Each type of network has a Maximum Transmission Unit (MTU), which is the largest packet that it can transfer If the datagram received from one network is longer than the other network's MTU, it is necessary to divide the datagram into smaller fragments for transmission. This process is called frag-mentation.

Passing Datagrams to the Transport Layer:

When IP receives a datagram that is addressed to the local host, it must pass the data portion of the datagram to the correct transport layer protocol. This is done by using the protocol number of the datagram header. Each transport layer protocol has a unique protocol number that identifies it to IP.

Internet Control Message Protocol (ICMP):

Is part of the internet layer and uses the IP datagram delivery facility to sends its messages. ICMP sends messages that perform control, error reporting, and informational functions for TCP/IP.

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Wor

ds 12

Type Checksumunused

Header & 64 bits from original datagramPointer

Code

Figure 72 shows the ICMP Header Format.

• Flow control: When datagrams arrive to fast for processing, the destination host or inter-mediate gateway sends an ICMP Source Quench Message back to the sender. This tells the source to temporarily stop sending datagrams.

• Detecting unreachable destinations: When a destination is unreachable, the system detect-ing the problem sends an ICMP Destination Unreachable Message to the datagrams source. If the unreachable destination is a network or host, the message is sent by an in-termediate gateway. But if the destination is an unreachable port, the destination host sends the message.



• Redirecting routes: A gateway sends the ICMP Redirect Message to tell a host to use an-other gateway, presumably because the other gateway is a better choice. This message can only be used when the source host is on the same network as both gateways.

• Checking remote hosts: A host can send the ICMP Echo Message to see if a remote sys-tem's internet protocol is up and operational. When a system receives an echo message, it sends the same packet back to the source host (e.g. PING).

MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

Application Layer

Transport Layer

Internet Layer


MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP


NIC NIC

Figure 73 shows processes/applications and protocols rely on the Internet Layer for the deliv-ery of data to their counterparts across the network.

• The Host-to-Host Transport Layer has two major jobs: It must subdivide user-sized data

buffers into network layer sized datagrams, and it must enforce any desired transmission con-trol such as reliable delivery. The two most imported protocols in this layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP provides reliable data deliv-ery service with end-to-end error detection and correction. UDP provides low-overhead, con-nectionless datagram delivery service. Both protocols deliver data between the Application Layer and the Internet Layer. Applications programmers can choose whichever service is more appropriate for their specific applications.

The Host-to-Host Transport Layer is responsible for end-to-end data integrity. Two protocols are employed at this layer: Transmission control protocol and user datagram protocol. TCP precedes reliable, full-duplex connections and reliable service by ensuring that data is present when transmission result in an error. Also, TCP enables hosts to maintain multiple, simultane-ous connections. UDP provides unreliable service that enhances network throughput when er-ror correction is not required at the host-to-host-layer.

Protocols defined at this layer accept data from application protocols running at the Applica-tion layer, encapsulate it in the protocol header, and deliver the data segment thus formed to the lower IP layer for routing. Unlike the IP protocol, the transport layer is aware of the identity of the ultimate user representative process. As such, the Transport layer, in the TCP/IP suite, embodies what data communications are all about: The delivering of information from an ap-plication on one computer to an application on another computer.

User Datagram Protocol (UDP):

Gives application programs direct access to a datagram delivery service, like the delivery ser-vice that IP provides. This allows applications to exchange messages over the network with a minimum of protocol overhead. UDP is an unreliable (it doesn't care about the quality if deliv-eries it make), connectionless (doesn't establish a connection on behalf of user applications) datagram protocol. Within your computer, UDP will deliver data correctly. UDP is used as a data transport service when the amount of data being transmitted is small, the overhead of creating connections and ensuring reliable delivery may be greater than the work of retrans-mitting the entire data set. Broadcast-oriented services use UDP, as do those in which re-peated, out of sequence, or missed requests have no harmful side effects. Since no state is maintained for UDP transmission, it is ideal for repeated, short operations such as the Remote Procedure Call protocol. UDP packets can arrive in any order. If there is a network bottleneck that drops packets, UDP packets may not arrive at all. It's up to the application built on UDP to determine that a packet was lost, and to resend it if necessary.



NFS and NIS are build on top of UDP because of its speed and statelessness. While the per-formance advantages of a fast protocol are obvious, the stateless nature of UDP is equally important. Without state information in either the client or server, crash recovery is greatly simplified.

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Wor

ds 12

Source Port Destination PortChecksum

Data begins here ...Length

Figure 74 shows the UDP Datagram Format.


• Source Port (16 bits): This field is optional and specifies the port number of the application that is originating the user data.

• Destination Port (16 bits): This is the port number pertaining to the destination ap-plication.

• Length (16 bits): This field describes the total length of the UDP datagram, includ-ing both data and header information.

• UDP checksum (16 bits): Integrity checking is optional under UDP. If turned on, this field is used by both ends of the communication channel for data integrity checks.

IP Datagram

UDP Datagram


Time-to-live

Options

Flag



UDP Datagram


Protocol

Source Port Destination PortChecksum

Data begins here ...Length

Figure 75 shows the relationship between UDP and IP headers.

There are two points to make:

• What IP considers to be data field is in fact another piece of formatted information including both UDP header and user protocol data. To IP it should not matter what the data field is hiding.

• The details of the header information for each protocol should clearly convey to the reader purpose of the protocol.

Transmission Control Protocol (TCP):

Is a fully reliable, connection-oriented, acknowledged, byte stream protocol that provide reli-able data delivery across the network and in the proper sequence. TCP supports data frag-mentation and reassemble. It also support multiplexing/demultiplexing using source and desti-nation port numbers in much the same way they are used by UDP.

TCP provides reliability with a mechanism called Positive Acknowledgement with Retransmis-sion (PAR). Simply stated, a system using PAR sends the data again, unless it hears from the remote system that the data arrived okay. The unit of data exchanged between co-operating TCP modules is called a segment.



TCP Segment Format:

Wor

ds

123456

00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Control Bits



Options


Padding

WindowChecksum


Figure 76 shows the data segment format of the TCP Protocol.


• Source port (16 bits): Specifies the port on the sending TCP module.

• Destination port (16 bits): Specifies the port on the receiving TCP module.

• Sequence number (32 bits): Specifies the sequence position of the first data octet in the segment. When the segment opens a connection, the sequence number is the Initial Sequence Number (ISN) and the first octet in the data field is at se-quence ISN+1

• Acknowledgement number (32 bits): Specifies the next sequence number that is expected by the sender of the segment. TCP indicates that this field is active by setting the ACK bit, which is always set after a connection is established.

• Data offset (4 bits): Specifies the number of 32-bit word in the TCP header.

• Reserved (6 bits): Must be zero. Reserved for future use.

• Control bits (6 bits):

The six control bits are as follow:

• URG: When set, the Urgent Pointer field is significant

• ACK : When set, the acknowledgement Number field is significant

• PSH : Initiates a push function

• RST : Forces a reset of the connection

• SYN : Synchronises sequencing counters for the connection. This bit is set when a segment request opening of a connection.

• FIN : No more data. Closes the connection

• Window (16 bits): Specifies the number of octets, starting with the octet specified in the acknowledgement number field, which the sender of the segment can cur-rently accept.

• Checksum (16 bits): An error control checksum that covers the header and data fields. It does not cover any padding required to have the segment consists of an even number of octets. The checksum also covers a 96-pseudoheader, it includes source and destination addresses, the protocol, and the segment length. The in-formation is forwarded with the segment to IP to protect TCP from miss-routed segments. The value of the segment length fields include the TCP header and data, but doesn't include the length of the pseudoheader.

• Urgent Pointer (16 bits): Identifies the sequence number of the octet following ur-gent data. The urgent pointer is a positive offset from the sequence number of the segment.

• Options (variable): Options are available for a variety of functions.

• Padding (variable): 0-value octets are appended to the header to ensure that the header ends on a 32-bit word boundary.



00

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Bits

Hea

der

Wor

ds

123

Source AddressDestination Address

zero TCP lengthProtocol

Figure 77 shows the format of the TCP pseudoheader.

Each segment contains a checksum that the recipient uses to verify that the data is undam-aged. If the data segment is received undamaged, the receiver sends a positive acknowl-edgement back to the sender. If the data segment is damaged, the receiver discards it. After an appropriate time-out period, the sending TCP module retransmits any segment for which no positive acknowledgement has been received.

TCP is connection-oriented. It establishes a logical end-to-end connection between the two communication hosts. Control information, called a handshake, is exchanged between the two endpoints to establish a dialogue before data is transmitted. TCP indicates the control function of a segment by setting the appropriate bit in the flags field of the segment header.

Preceived Data

Preceived Connection

Actual DataIncluding Headers

MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

... Actual Physical Connection

DATA DATA

DATA DATA DATA DATA DATA DATA

NIC NIC

Figure 78 shows TCP establishes virtual circuits over which applications exchange data.

The type of handshake used by TCP is called a three-way handshake because three seg-ments are exchanged.

Three-Way Handshake:

ACK, data

SYN

SYN, ACK

data transfer has begun

Host A Host B

Figure 79 shows a Three-Way Handshake.

Reliability and Acknowledgement:

TCP employs the positive acknowledgement with retransmission technique for the purpose of archiving reliability in service.

DS1

DS2

ACK1

ACK2

Tim

e

Host A Host B

Figure 80 shows the positive acknowledgement with retransmission technique.



In figure 80, with a laddergram depicting the events taking place between two hosts. The ar-rows represent transmitted data and/or acknowledgements, and time is represented by the vertical distance down the ladder. When TCP send a data segment, it requires an acknowl-edgement from the receiving end. The acknowledgement is used to update the connection state table. An acknowledgement can be positive or negative. An positive acknowledgement implies that the receiving host recovered the data and that it passed the integrity check. A negative acknowledgement implies that the failed data segment needs to be retransmitted. It can be caused by failures such as data corruption or loss.

Countdown timer starts

Countdown timer starts

Countdown timer startsCountdown timer expires

Acknowledgment received

Acknowledgment received

DS1

DS2 (retr.)

ACK1

ACK2

Host A Host B

DS2 (lost)

Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments.

In figure 81, what illustrates what happens when a packet is lost on the network and fails to reach its ultimate destination. When a host sends data, it starts a countdown timer. If the timer expires without receiving an acknowledgement, this host assumes that the data segment was lost. Consequently, this host retransmits a duplicate of the failing segment. TCP keep a copy of all transmitted data with outstanding positive acknowledgement. Only after receiving the positive acknowledgement is this copy discarded to make room for other data in its buffer.

Data Stream Maintenance:

The interface between TCP and a local process is a port, which is a mechanism that enables the process to call TCP and in turn enables TCP to deliver data streams to the appropriate process.

Ports are identified by port numbers. To fully specify a connection, the host IP address is ap-pended to the port number. This combination of IP address and port number is called a socket. A given socket number is unique on the internetwork. A connection between two hosts is fully described by the sockets assigned to each end of the connection.

Data Received Current Segment

Window 6000

Initial Sequence Number 0 Acknowledgement Number 2000 Sequence Number 4001

1 1001 2001 3001 4001 5001 6001 7001

Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0.

In figure 82, the receiving system has received and acknowledged 2000 bytes. so the current Acknowledgement Number is 2000. The receiver also has enough buffer space for another 6000 bytes, so it has advertised a Window of 6000. The sender is currently sending a seg-ment of 1000 bytes starting with Sequence Number 4001. The sender has received no ac-knowledgement for the bytes from 2001 on, but continues sending data as long as it is within the window. If the sender fills the window and receives no acknowledgement of the data pre-viously sent, it will, after an appropriate time-out, send the data again starting from the first unacknowledged byte. Retransmission would start from byte 2001 if no further acknowledge-ments are received. This procedure ensures that data is reliably received at the far end of the network.



Managing Connections:

From the perspective of the process, communication with the network involves sending and receiving continuous streams of data. The process is not responsible for fragmenting the data to fit lower-layer protocols.

Network AccessFragment datagram to bits

IPFragment segments if required,

prepare datagrams

TCPFragment data stream to segments

ApplicationSend continuous data streams

Network AccessReconstruct datagrams from bits

IPReconstruct segments

from datagrams

TCPDefragment segments,

reconstruct data stream

ApplicationReceive continuous data streams

Datagrams

Segments

Data Steam

Figure 83 shows how data are processed as the travel down the protocol stack, through the network, and up the protocol stack of the receiver.

A short explanation of figure 83:

• TCP receives a stream of data from the upper-layer process

• TCP may fragment the data stream into segments that meet the maximum datagram size of IP

• IP may fragment segments as it prepares datagrams that are sized to conform to restric-tions of the network.

• Network protocols transmit the datagram in the form of bits.

• Network protocols at the receiving host reconstruct datagrams from the bits they receive.

• IP receives datagrams from the network. Where necessary datagram fragments are reas-sembled to reconstruct the original segment.

• TCP presents data in segments to upper-layer protocols in the form of data streams.

MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

Application Layer

Transport Layer

Internet Layer


MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP


NIC NIC

Figure 84 shows processes/applications and protocols rely on the Transport Layer for the de-livery of data to their counterparts across the network.



• The Process/Application Layer includes all processes that use the transport layer protocols to deliver data. There are many applications protocols. A good example of concerns handled by these process is the reconciliation of differences in the data syntax between the platforms on which the applications are running. It should be clear that unless this difference in data rep-resentation is handled properly, any exchange of data involving these processes id likely to yield erroneous interpretations of numerical data. To resolve this issue, and other similar is-sues, TCP/IP defines the eXternal Data Representation (XDR) protocol. Reflecting on the na-ture of this problem, you can easily see that the problem has nothing to do with the underlying network topology, wiring, or electrical interference.

Some applications that uses TCP:

• TELNET: The Network Terminal Protocol, provides remote login over the network.

• FTP: The File Transfer Protocol, is used for interactive file transfer between hosts.

• SMTP: The Simple Mail Transfer Protocol delivers electronic mail.

Some applications that uses UDP:

• SNMP: The Simple Network Management Protocol, is used to collect management infor-mation from network devices.

• DNS : Domain Name Service, maps IP addresses to the names assigned to network de-vices.

• RIP: Routing Information Protocol, routing is the central to the way TCP/IP networks. RIP is used by the network devices to exchange routing information.

• NFS : Network File System, this protocol allows files to be shared by various hosts on the network as if they were local drives.

TCP/IP Protocols Inside a Sample Gateway:

Transport LayerApplication Layer

Source Host Gateway

Transport LayerApplication Layer

Destination Host

Network A Network B

134.67.32.0 134.67.40.3Destination Gateway

default 134.67.40.1134.67.40.0 134.67.40.2


default 134.67.40.1134.67.40.0 134.67.40.3


default 134.67.32.5

134.67.40.0 134.67.32.0

Internet Layer Internet Layer Internet Layer

Network Access Layer134.67.40.2

Network Access Layer134.67.40.3 134.67.32.5

Network Access Layer134.67.32.2

Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway.

MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP

Application Layer

Transport Layer

Internet Layer


MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

ARP

ICMP

RARP


NIC NIC

Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of data to their counterparts across the network.


Addressing, Routing, and Multiplexing 58

Addressing, Routing, and Multiplexing:

To deliver data between two Internet hosts, it is necessary to move data across the network to the cor-rect host, and within that host to the correct user or process.

TCP/IP uses three schemes to accomplish these tasks:

• Addressing : IP addresses deliver data to the correct host.

• Routing : Gateway deliver data to the correct network.

• Multiplexing : Protocol and port numbers deliver data to the correct software module within the host.

Each of these functions is necessary to send data between two co-operating applications across the Internet.

IP Host Address: The Internetwork Protocol identifies hosts with a 32-bit number called IP address or a host address. To avoid confusion with MAC addresses, which are machine or station addresses, the term IP address will be used to designate this kind of address. IP addresses are written as four dot-separated decimal numbers between 0-255. IP addresses must be unique among all connected machines (are any hosts that you can get over a network or connected set of networks, including your local area network, remote offices joined by the company's wide-area network, or even the entire Internet community). The Internet Protocol moves data between the hosts in the form of datagrams. Each datagram is de-livered to the address contained in the destination address of the datagrams header. The Destination Address is a standard 32-bit IP address that contains sufficient information to uniquely identify a net-work and a specific host on that network. If your network is connected to the Internet, you have to get a range of IP addresses assigned to your machines through a central network administration authority. The IP address uniqueness requirement differs from the MAC addresses. IP addresses are unique only on connected networks, but machine MAC addresses are unique in the world, independent of any connectivity. Part of the reason for the difference in the uniqueness requirement is that IP addresses are 32-bits, while MAC addresses are 48-bits, so mapping every possible MAC address into an IP address requires some overlap. Of course, not every machine on a Ethernet is running IP protocols, so the many-to-one mapping isn't as bad as the numbers might indicate. There are a variety of reasons why the IP address is only 32 bits, while the MAC address is 48 bits, most of which are historical. Since the network and data link layer use different addressing schemes, some system is needed to convert or map the IP addresses to the MAC addresses. Transport-layer services and user processes use IP addresses to identify hosts, but packets that go out on the network need MAC addresses. The Address Resolution Protocol (ARP) is used to convert the 32-bit IP address of a host into its 48-bit MAC address. When a hosts wants to map an IP address to a MAC address, it broadcasts an ARP request on the network, asking for the host using the IP address to respond. The host that sees its own IP address in the request returns its MAC address to the sender. With a MAC address, the send-ing host can transmit a packet on the Ethernet and know that the receiving host will recognise it.



IP Address Classes: An IP address contains a network part and a host part, but the format of these parts in not the same in every IP address.

0

31 23 15 7 0

Class A

Class B

Class C

Class D

Class E

0 netid hostid

1 0 netid

1 1 0

1 1 1 Multicast

netid

1 1 1 1 0 Reserved

hostid

hostid

Figure 87 shows the IP address classes.

Not all network addresses or host addresses are available for use. The class A addresses, 0 and 127, that are reserved for special use. Network 0 designates the default route (is used to simplify the rout-ing information that IP must handle) and network 127 is the loopback address (simplifies network ap-plications by allowing the local host to be addressed in the same manner as a remote host). We use the special network addresses when configuring a host. There are also some host addresses reserved for special use. In all network classes, host number 0 and 255 are reserved. An IP address with all host bits set to zero identifies the network itself. Ad-dresses in this form are used in routing table listings to refer to entire networks. An IP address with all bits set to one is a broadcast address (is used to simultaneously address every host on a network). A datagram sent to this address is delivered to every individual host on that network. IP uses the network portion of the address to route the datagram between networks. The full address, including the host information, is used to make final delivery when the datagram reaches the destina-tion network.

134.67.32.1 134.67.32.2 135.68.32.3

Hosts with the samenetids can

communicate

Hosts with differentnetids cannotcommunicateA B C

Figure 88 shows host communication on a local network.

Subnets: The standard structure of an IP address can be locally modified by using host address bits as addi-tional network address bits. Essentially, the dividing line between network address bits and host bits is moved, creating additional networks, but reducing the maximum number of hosts that can belong to each network. These newly designed network bits define a network within the larger network, called a subnet. Subnetting allows decentralised management of host addressing. With the standard address-ing scheme, a single administrator is responsible for managing host addresses for the entire network. By subnetting, the administrator can delegate address assignment to smaller organisations within the overall organisation. Subnetting can also be used to overcome hardware differences and distance limitations. IP routers can link dissimilar physical networks together, but only if each physical network has its own unique network address. Subnetting divides a single network address into many unique subnet addresses, so that each physical network can have its own unique address.



01

1 0

netid subnetid hostid

31 23 15 7 0

Without Subnetting

Subnet on Octet Boudary

Subnet Not on Octet Boudary

01 netid hostid

netid hostidsubnetid

Figure 89 shows IP addresses with and without subnetting.

A subnet is defined by applying a bitmask, the subnetmask, to the IP address. If a bit is on the mask, that equivalent bit in the address is interpreted as a network bit. If the bit in the mask is off, the bit be-longs to the host part of the address. The subnet is only known locally. To the rest of the Internet, the address is still interpreted as a standard IP address.

134.67.32.1 134.67.32.2 135.67.33.3

Hosts with the samenetids and subnetids

can communicate

Hosts with differentnetids or subnetids

cannot communicateA B C

subnet mask 255.255.240.0

Figure 90 shows host communication with subnetting.

Routing: As networks grow in size, so does the traffic imposed on the wire, which in turn impacts the overall network performance, including responses. To alleviate such a degradation, network specialist resort to breaking the network into multiple networks that are interconnected by specialised devices, includ-ing routers, bridges, and switches. The routing approach calls on the implementation of various co-operative processes, in both routers and workstations, whose main concern is to allow for the intelligent delivery of data to its ultimate des-tination. Data exchange can take place between any workstation, whether or not both belong to the same network.

Token Ring RouterGateway

X.25

G1

G2B1

RouterGateway

Ethernet

A1

Figure 91 shows a view of routing.

Figure 91 emphasises that the underlying physical networks that a datagram travels through may be different and even incompatible. Host A1 on the Token Ring network routes the datagram through gateway G1, to reach host B1 on the Ethernet. Gateway G1 forwards the data through the X.25 net-work to gateway G2, for delivery to B1. The datagram traverses three physical different networks, but eventually arrives intact at B1.



A good place to start when discussing routers is with a through discussion of the addresses, including MAC addresses, network addresses, and the complete addresses. The Routing Table: To perform its function reliably, the routing process is equipped with the capability to maintain a road map depicting the entire internetwork of which it is part. This road map is commonly referred to as the routing table, and it includes routing information depicting every known network is, and how it can be reached. The routing process builds and maintains the routing table by employing a route discovery process known as the Routing Information Protocol (RIP). Routers should be capable of selecting the shortest path connecting two networks. Routers discover the road map of the internetwork by dynamically exchanging routing information among themselves or by being statically configured by network installers, or both. The dynamic exchange of routing informa-tion is handled by yet another process besides the routing process itself. In the case of TCP/IP, IP handles the routing process, whereas RIP handles the route discovery process.

Internet Routing Architecture: When a hierarchical structure is used, routing information about all of the networks in the internet is passed into the core gateway (a central delivery medium to carry long distance traffic). The core gate-way process this information, and then exchange it among themselves using the Gateway-to-Gateway Protocol (GGP). The processed routing information is then passed back out to the external gateways.

Internet Core

RouterGateway RouterGateway

AutonomousSystem

AutonomousSystem

External Gatway

Core Gatway

Figure 92 shows the Internet Routing Architecture.

Outside of the Internet Core are groups of independent networks called Autonomous Systems (AS), it is a collection of networks and gateways with its own internal mechanism for collection routing infor-mation and passing it to other network systems. The Routing Table:

Gateways route data between networks, but all network devices, hosts as well as gateways, must make routing decisions.

For most hosts, the routing decisions are simple:

• If the destination is on the local network, the data is delivered to the destination host.

• If the destination is on the remote network, the data is forwarded to a local gateway.



Because routing is network oriented, IP makes routing decisions based on the network portion of the address. The IP module determines the network part of the destination's IP address by checking the high-order bits of the address to determine the address class. The address class determines the por-tion of the address that IP uses to identify the network. If the destination network is the local network, the local subnet mask is applied to the destination address. After determining the destination network, the IP module looks up the network in the local routing ta-ble. Packets are routed toward their destination as directed by the routing table. The routing table may be built by the system administrator or by routing protocols, but the end result is the same, IP routing decisions are simple table look-ups.

Default RouteDefined

Deliver toNext Router

Yes

Declare Failure:ICMP Host Unreachable

Deliver Directlyto Designated Host

Route toNetwork Found in

RIT

No

Specific RouteFound in RIT

No

Destinationand Source Network

ID Match

No

Route Datagram

No

Yes

Yes

Figure 93 shows a flowchart depiction of the IP routing algorithm.

You can display the routing table's contents with the netstat -r command.

The netstat command displays a routing table containing the following fields:

• Destination : The destination network or host.

• Gateway : The gateway to use to reach the specified destination.

• Flags : The flags describe certain characteristics of this route.

U: Indicates that the route is up and operational.

H: Indicates this is a route to a specific host.

G: Means the route uses a gateway.

D: Means that this route was adds because of an ICMP redirect.

• Refcnt : Shows the number of times the route has been referenced to establish a connection.

• Use : Shows the number of packets transmitted via this route.

• Interface : The name of the network interface used by this route. All of the gateways that appear in a routing table are networks directly connected to the local system. A routing table does not contain end-to-end routes. A rout only points to the next gateway, called the next hop, along the path to the destination network. The host relies on the local gateway to deliver the data, and the gateways relies on the other gateways. As a datagram moves from one gateway to an-other, it should eventually reach one that is directly connected to its destination network, It is this last gateway that finally delivers the data to the destination host.



Address Resolution: The IP address and the routing table direct a datagram to a specific physical network, but when the data travels across a network, it must obey the physical layer protocol used by that network. The physical networks that underlay the TCP/IP network do not understand IP addressing. Physical net-works have their own addressing schemes. and there are as many different addressing schemes as there are different types of physical networks. One task of the network access protocols is to map IP addresses to physical network addresses.

ARP request frame (broadcast)

ARP repley frame to 134.67.32.1

134.67.32.1 134.67.32.2 134.67.32.3

Figure 94 show the operation of ARP.

The most common example of this network access layer function is the translation of IP addresses to Ethernet addresses. The protocol that performs this function is Address Resolution Protocol (ARP).

Recipient IP AddressRecipient Hardware Address

Sender IP AddressSender Hardware AddressOperation Code (16 bits)

Protocol AddressLength

Protocol Type (16 bits)Hardware Type (16 bits)

Hardware AddressLength

Figure 95 shows the layout of an ARP request or ARP reply.

In figure 95, when an ARP request is sent, all fields in the layout are used except the Recipient Hard-ware Address (which the request is trying to identify). In an ARP reply, all the fields are used. The fields in the ARP request and reply can have several values. The ARP software maintains a table of translations between IP addresses and Ethernet addresses. This table is built dynamically. When ARP receives a request to translate an IP address, it checks for the address in its table. If the address is found, it returns the Ethernet address in its table. If the ad-dress is not found in the table, ARP broadcast a packet to every host on the Ethernet. The packet con-tains the IP address for which an Ethernet address is sought. If a receiving host identifies the IP ad-dress as its own, it responds by sending its Ethernet address back to the requesting host. The re-sponse is then cached in the ARP table. The arp -a command display all the contents of the ARP table.

RoutingDomain

RoutingDomain

RoutingDomain

Figure 96 shows Routing Domains



RARP:

The Reverse Address Resolution Protocol (RARP), is a variant of the address resolution protocol. RARP also translates addresses, but in the opposite direction. It converts Ethernet addresses to IP addresses. The RARP protocol really has nothing to do with routing data from one system to another. RARP helps configure diskless systems by allowing diskless workstations to learn their IP address. The diskless workstations uses the Ethernet broadcast facility to ask which IP address maps to its Ethernet address. When a server on the network sees the request, it looks up the Ethernet address in the table. If it finds a match, the server replies with the workstation's IP address.

PreambleDest. Address

00003E2D1C0BSource Address0000B3C2D1E0 Type FCSData

Ethernet

00003E2D1C0B 0000B3C2D1E0


Time-to-live

Options

Flag

Destination Address (134.268.67.5)Padding

Source Address (134.268.67.3)Header Checksum



Protocol

SourceHost

134.268.67.3

DestinationHost

134.268.67.5

Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the Ethernet data frame.

In figure 97, Shaded fields correspondent to the destination and source address of host A, (the sender) and Host B (the receiver).

Protocols, Ports, and Sockets: Once data is routed through the network and delivered to a specific host, it must be delivered to the correct user or process. As the data moves up or down the layers of TCP/IP, a mechanism is needed to deliver data to the correct protocols in each layer. The system must be able to combine data from many applications into a few transport protocols, and from the transport protocols into the Internet Pro-tocol. Combining many sources of data into a single data stream is called multiplexing. Data arriving from the network must be demultiplexed, divided for delivery to multiple processes. To accomplish this, IP uses protocol numbers to identify transport protocols, and the transport protocols use port numbers to identify applications.

Internet Protocol

TCP

Telnet

port 23

protocol 6

destination address 134.67.32.3

Wor

ds

123456

Hea

der


Time-to-live

Options

Flag

Destination Address (134.67.32.3)Padding (23)




Protocol (6)

Figure 98 shows Protocol and Port Numbers.



MAC Driver

SMTP FTP Telnet

TCP

NFSSNMPTFTP

IP

UDP

RARPD

ICMP

RARP

Application Layer

Transport Layer

Internet Layer

Network Access LayerNIC

Figure 99 shows the protocol interdependency between Application level protocols and Transport level protocols.

Protocol Numbers:

Is a single byte in the header of the datagram. The value identifies the protocol in the layer above IP to which the data should be passed. Port Numbers:

A host may have many TCP and UDP connections at any time. Connections to a host are distin-guished by a port number, which serves as a sort of mailbox number for incoming datagrams. There may be many processes using TCP and UDP on a single machine, and the port numbers distinguish these processes for incoming packets. When a user program opens a TCP or UDP socket, it gets connected to a port on the local host. The application may specify the port, usually when trying to reach some service with a well-defined port number, or it may allow the operating system to fill in the port number with the next available free port number. After IP passes incoming data to the transport protocol, the transport protocol passes data to the cor-rect application process. Application processes are identified by port numbers, which are 16-bit values. The source port number, which identifies the process that sent the data, and the destination port num-ber, which identifies the process that is to receive the data are contained in the header of each TCP segment and UDP packet. Port numbers are not unique between transport layer protocols, the numbers are only unique within a specific transport protocol. It is the combination of protocol and port numbers that uniquely identifies the specific process the data should be delivered to.

Physical Layer

Session Layer

Transport Layer

Network Layer

Application Layer

Presentation Layer

Telnet SMTP FTP SNMP Echo

TCP UDP

23 25 21 161 7

176

Port Number

Protocol Number

Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the tar-geted TCP/IP applications.

In figure 100, if a data packet arrives specifying a transport protocol of 6, it is forwarded to the TCP implementation. If the packet specifies 17 as the required protocol, the IP layer would forward the packet to the programs implementing UDP.



3044,23

3044,23

23,3044

23,3044

Source Destination

134.67.32.1 134.268.67.1

Figure 101 shows the exchange of port numbers during the TCP handshake.

In figure 101, the source host randomly generates a source port, in this example 3044. It sends out a segment with a source port of 3044 and a destination port of 23. The destination host receives the segment, and responds back using 23 as it source port and 3044 as its destination port. Sockets:

Well-known ports are standardised port numbers that enables remote computers to know which port to connect to for a particular network service. This simplifies the connection process because both the sender and the receiver know in advance that data bound for a specific process will use a specific port. There is a second type of port number called a dynamically allocated port. As the name implies, this ports are not pre-assigned. They are assigned to processes when needed. The system ensures that it does not assign the same port number to two processes, and that the number assigned are above the range of standard port numbers. She provide the flexibility needed to support multiple users. The combination of an IP address and a port number is called a socket. A socket uniquely identifies a single network process within the entire internet. One pair of sockets, one socket for the receiving host and one for the sending host, define the connection for connection-oriented protocols such as TCP.

Names and Addresses: Every network interface attached to a TCP/IP network is defined by a unique 32-bit IP address. A name, called a host name, can be assigned to any device that has an IP address. Names are as-signed to devices because, compared to numeric Internet addresses, names are easier to remember and type correctly. The network software doesn't require names, but they do make it easier form hu-mans to use the network. In most cases, host names and numeric addresses can be used inter-changeably. Whether a command is entered with an address or a host name, the network connection always takes place based on the IP address. The system converts the host name to an address be-fore the network connection is made. The network administrator is responsible for assigning names and addresses and storing them in the database used for the conversion. There are two methods for translating names into addresses. The older method simply looks up the host name in a table called the host table. The newer technique uses a distributed database system called Domain Name Service (DNS) to translate names to addresses. The Host Table:

Is a simple text file that associates IP addresses with host names. Most systems have a small host table containing name and address information about the important hosts on the local network. This small table is used when DNS is not running, such as during the initial system start-up. Even if you use DNS, you should create a small host file containing entries for your host, for localhost, and for the gateway and servers on your local net. Sites that use NIS use the host table as input to the NIS host database. You can use NIS in conjunction with DNS, but even when they are used together, most NIS sites create host tables that have an entry for every host on the local network. Hosts connected to the Internet should use DNS.



The Network Information Centre (NIC) Host Table:

Maintain a large table of Internet hosts, which is stored on the host. The NIC places host names and addresses into the file for all sites on the Internet. The NIC table contains three types of entries: Net-work records, gateway records, and host records.

NET : 134 . 67 . 32 . 0 : NetworkName :

HOST : 134 . 67 . 32 . 1 : HostName : Computer : OS : Service

GATEWAY : 134 . 67 . 32 . 250 , 134 , 67 , 32 , 251 : GatewayName : Computer : OS : Service

Figure 102 shows the format of the Host.txt records.

In figure 102, each record begins with a keyword (NET, HOST or GATEWAY) that identifies the record type, followed by an IP address, and one or more names associated with the address. The IP ad-dresses and host names from the Host record are extracted to construct the /etc/hosts file. The net-work addresses and names from the NET records are used to create the etc/networks file. Domain Name Service (DNS):

It is a distributed database system that doesn't bog down as the database grows. It guarantees that new host information will be disseminated to the rest of the network as it is needed to those who are interested. If a DNS server receives a request for information about a host for which it has no informa-tion, it passes on the request to an authoritative server (is any server responsible for maintaining accu-rate information about the domain which is being queried). When the authoritative server answers, the local server saves (caches) the answer for future use. The next time the local server receives a re-quest for this information, it answers the request itself. The ability to control host information from an authoritative source and to automatically disseminate accurate information makes DNS superior to the host table, even for small networks not connected to the Internet.

Name Server

firm.beName Server

beName Server

rootName Server

query for address of alex.firm.bereferral to be domain name server

query for address of alex.firm.bereferral to be domain name server

query for address of alex.firm.beIP address of alex.firm.be

Que

ry

Res

pons

e

Application

Resolver

Hos

tN

ame

IPad

dres

s

Figure 103 shows resolution of a DNS query.

The Domain Hierarchy:

DNS is a distributed hierarchical system for resolving host names into IP addresses. Under DNS, there is no central database with all of the Internet host information. The information is distributed among thousands of name servers organised into a hierarchy. DNS has a root domain at the top of the domain hierarchy that is served by a group of name servers called the root server. Information about a domain is found by tracing pointers from the root domain, through subordinate domains, to the target domain. Directly under the root domain are the top level domains. There are two basic types of top-level domains, geographic and organisational.



edu com net

. (root)

int gov milorg

sales R&D

firm

... ...

...

Figure 104 shows Domain Hierarchy.

Creating Domains and Subdomains: The Network Information Centre has the authority to allocate domains. To obtain a domain, you apply to the NIC for authority to create a domain under one of the top-level domains. Once the authority to create a domain is granted, you can create additional domains, called subdomains, under your do-main. Domain Names:

Reflect the domain hierarchy. Domain names are written from most specific, a host name, to least specific, a top-level domain, with each part of the domain name separated by a dot (<host name>.<subdomain>.<domain>).

... ...

... ... ... ... ... ... ... ... ... ... ... ... ... ... ...

Generic World Wide Domains Generic US only Country

States

AUedu com net org gov mil

..

US ZWint

AK AL WYAZ

Figure 105 shows organisation of the DNS name space.

Network Information Service (NIS):

Is an administrative database system that provides central control and automatic dissemination of im-portant administrative files, NIS can be used in conjunction with DNS, or as an alternative to it. NIS and DNS have some similarities and some differences. Like DNS, the NIS overcomes the problem of accurately distributing the host table, nut unlike DNS, it only provides service for the local area net-works. NIS is not intended as a service for the Internet as a whole. Another difference is that NIS pro-vides access to a wider range of information than DNS. As its name implies, NIS provides much more than name-to-address conversion. It converts several standard UNIX files into databases that can be queried over the network. These databases are called NIS maps. NIS provides a distributed database system for common configuration files. NIS servers manage cop-ies of the database files, and NIS clients request information from the servers instead of using their own, local copies of these files. Once NIS is running, simply updating the NIS server ensures that all machines will be able to retrieve the new configuration file information A major problem in running a distributed computing environment is maintaining separate copies of common configuration files such as the password, group, and hosts files. Ideally, the network should be consistent in its configuration, so that users don't have to worry about where they have accounts or if they'll be able to find a new machine on the network. Preserving consistency, however, means that every change to one of these common files must be propagated to every host on the network. The Network Information Service (NIS) addresses these problems. It is a distributed database system that replaces copies of commonly replicated configuration files with a centralised management facility. In-stead of having to manage each host's files, you maintain one database for each file on one central server. Machines that are using NIS retrieve information as needed from these database. If you add a new system to the network, you can modify on file on a central server and propagate this change to



the rest of the network, rather than changing the hosts file for each individual host on the network. Be-cause NIS enforces consistent views of files on the network, it is suited for files that have no host-specific information in them. Files that are generally the same on all hosts in a network, fit the NIS model of a distributed database nicely. NIS provides all hosts information from its global database.

Master, Slaves, and Clients:

NIS is built on the client-server model. An NIS server is a host that contains NIS data files, called maps. Clients are hosts that request information from these maps. Servers are further divided into master and slave servers: The master server is the true single owner of the map data. Slave NIS servers handle client requests, but they do not modify the NIS maps. The master server is responsible for all map maintenance and distribution to its slave servers. Once an NIS map is built on the master to include a change, the new map file is distributed to all slave servers. NIS clients see these changes when the perform queries on the map file, it doesn't matter whether the clients are talking to a master or a slave server, because once the map data is distributed, all NIS servers have the same information.

Map TransfersNIS Requests

Client

NISSlave Server

NISMaster Server

NISSlave Server

Client Client Client

Figure 106 shows NIS masters, slaves, and clients.

With the distinction between NIS servers and clients firmly established, we can see that each system fits into the NIS scheme in one of three ways:

• Client only: This is a typical of desktop workstations, where the system administrator tries to minimise the amount of host-specific tailoring required to bring a system onto the net-work. As an NIS client, the host gets all of its common configuration information from an extant server.

• Server only: While the host services client request for map information, it does not use NIS for its own operation. Server-only configuration may be useful when a server must provide global host and password information for the NIS clients, but security concerns prohibit the server from using these same files. However, bypassing the central configuration scheme opens some of the same loopholes that NIS was intended to close. Although it is possible to configure a system to be an NIS server only, we don't recommend it.

• Client and server: In most cases, an NIS server also function as an NIS client so that its management is streamlined with that of other client-only hosts.

Most precisely, a domain is a set of NIS maps. A client can refer to a map from any of several different domains. Most of the time, however, any given host will only look up data from one set of NIS maps. Therefore, it's common to use the term domain to mean the group of sys-tems that share a set of NIS maps. All systems that need to share common configuration in-formation are put into an NIS domain. Although each system can potentially look up informa-tion in any NIS domain, each system is assigned to a default domain, meaning that the sys-tem, by default, looks up information from a particular set of NIS maps. It is up to the adminis-trator to decide how many different domains are needed.

An interruption in NIS service affects all NIS clients if no other servers are available. Even if another server is available, clients will suffer periodic slowdowns as the recognise the current server is down and hunt for a new one.



A second imperative for NIS servers is synchronisation. Clients may get their NIS information from any server, so all servers must have copies of every map file to ensure proper NIS op-eration. Furthermore, the data in each map file on the slave servers must agree with that on the master server, so that NIS clients cannot get out-of-data or stale data. NIS contains sev-eral mechanisms for making changes to map files and distributing these changes to all NIS servers on a regular basis.

Remote Procedure Call (RPC): Provides a mechanism for one host to make a procedure call that appears to be part of the local proc-ess but is really executed on another machine on the network. Typically, the host on which the proce-dure call is executed has resources that are not available on the calling host. This distribution of com-puting services imposes a client/server relationship on the two hosts: The host owning the resource is a server for that resource, and the calling host becomes a client of the server when it needs access to the resource. The resource might be a centralised configuration file (NIS) or a shared filesystem (NFS). Instead of executing the procedure on the local host, the RPC system bundles up the arguments passed to the procedure into a network datagram. The exact bundling method is determined by the presentation layer, described in the next section. The RPC client creates a session by locating the ap-propriate server and sending the datagram to a process on the server that can execute the RPC. On the server, the arguments are unpacked, the server executes the result, packages the result (if any), and sends it back to the client. Back on the client side, the reply is converted into a return value for the procedure call, and the user application is reentered as if a local procedure call has completed. RPC services may be built on either TCP or UDP transports, although most are UDP-oriented because the are centred short-lived requests. Using UDP also forces the RPC call to contain enough context infor-mation for its execution independent of any other RPC request, since UDP packets may arrive in any order, if at all. When an RPC call is made, the client may specify a time-out period in which the call must complete. If the server is overloaded or has crashed, or if the request is lost in transit to the server, the remote call may not be executed before the time-out period expires. The action taken upon an RPC times varies by application, some resend the RPC call, while others may look for another server. Remote Procedure Call Execution:

User Process

ruser (host)

ruser (host) library callencode argumentsRPC client code

decode return value

RPC Server

RPC server codedecode argumentsexecute ruser() locally

encode return value

Figure 107 shows Remote Procedure Call Execution.

External Data Representation (XDR): Is built on the notion of an immutable network byte ordering, called the canonical form. It isn't really important what the canonical form is, your systems may or may not use the same byte ordering and structure packing conventions. This form simply allows network hosts to exchange structured data independently of any peculiarities of a particular machine. All data structures are converted into the network byte ordering and padded appropriately. The rule of XDR is sender makes local canonical, receivers makes canonical local. Any data that goes over the network is in canonical form. A host sending data on the network converts it to canonical form, and the host that receives the data converts it back into its local representation. A different way to implement the presentation layer might be receiver makes local. In this case, the sender does noth-



ing to the local data, and the receiver must deduce the packing and encoding technique and convert it into the local equivalent, While this scheme may send less data over the network, it places the burden of incorporating a new hardware architecture on the receiving side, rather than on the new machine.


An overview of TCP/IP components 72

An overview of TCP/IP components:

Many of the descriptions included in this section are intended to give you only the basic.

Internet Protocol (IP): IP is responsible for several tasks, most importantly determining a route to the description. In addition, IP is responsible for the packing of messages into small network-transportable packets, called data-grams. IP is used with almost all TCP protocols, sitting at the bottom of the TCP protocol stack just above the network-layers. IP has no control over whether messages sent and received are intact. All IP does is handle the sending and receiving, leaving it up to the next higher layer, usually TCP or UDP, to take care of any problems that occur with lost or damaged data.

Internet Control Message Protocol (ICMP): ICMP is a special form of IP used to handle error and status messages between IP layers on different machines. Whenever one IP layer has to send information to another, it uses ICMP. Also, whenever IP software detects an error of some sort, it uses ICMP to send reports to the other machine. Probably the most common use of ICMP is for the ping command, which checks whether a machine is respon-sive by sending a small ICMP message to the machine and waiting for a reply.

Transmission Control Protocol (TCP): TCP is used primarily to verify that whatever was sent by the sending machine is received intact by the destination. TCP is called a reliable delivery protocol, meaning that it makes sure everything sent was received properly. TCP adds a header to the front of each message that contains checksums, num-bering, and other reliability information to ensure that every packet sent is received without modifica-tion. If there is a transmission problem, TCP takes care of resending the information. TCP sits between the application and the IP layer on each machine, acting as a packaging layer for application data and a delivery mechanism of sending packets to an application. TCP usually runs with IP, but it can work with other protocols. TCP is a connection-based protocol, meaning that the sending and the destination machines commu-nicate with each other by sending status messages back and forth. If the connection is lost because of routing problems or machine failures, errors are sent to the applications that use TCP. Some service use TCP to maintain a connection between two machines, notably FTP or Telnet, both of which enable you to move files and commands back and forth between two machines as if you were logged into both at the same time.

User Datagram Protocol (UDP): UDP is an alternative to TCP. It is a connection-less protocol, meaning that the sending and receiving machine are not constantly connected to each other. They can send status messages back and forth to indicate reception of packets, but there is no constant connection maintained. UDP is used by services that do not require a connection, such as the TFTP, DNS, NFS, and RPC. Because of the lack of a connection, UDP is often thought of as a less reliable delivery protocol than TCP, although other protocols can pick up the tasks that TCP offers. UDP sits in the layer between the applications and IP. UDP usually uses IP to handle its packets.



Telnet: The Telnet service provides a remote login capability. This lets a user on one machine log into another machine and act as if they are directly in front of the second machine. The connection can be any-where on the local network, or on another network anywhere in the world, as long as the user has permission to log into the remote system. Telnet uses TCP to maintain a connection between two ma-chines.

File Transfer Protocol (FTP): FTP enables a file on one system to be copied to another system. Users don't actually log in as full users to the machine they want to access but instead use the FTP service to provide access. The re-mote machine must be set up with the permissions necessary to provide the user access to the files. FTP uses TCP to create and maintain a connection between source and destination machines. Once the connection to a remote machine has been established, FTP enables you to copy one or more files to your machine. The term transfer implies that the file is moved from one system to another, but the original is not affected, files are copied from one system to another.

Simple Mail Transfer Protocol (SMTP): SMTP is one protocol used for transferring electronic mail. Transparent to the user. SMTP connects to different machines and transfers mail messages, much like FTP transfers files.

Domain Name System (DNS): DNS enables a device with a common name to be converted to a special network address. DNS pro-vides the conversion from a common local name to the unique physical address of the device's net-work connection.

Simple Network Management Protocol (SNMP): SNMP is a network management protocol. SNMP uses UDP as a transport mechanism. SNMP relies on several terms from TCP/IP standard specifications, working with managers and agents instead of clients and servers. An agent provides information about a device, whereas a manager communicates across the network.

Network File Server (NFS): NFS is used to transparently enable multiple machines to access each other's directories. NFS ac-complishes this by using a distributed filesystem scheme. NFS systems are common in large corpo-rate environments.

Remote Procedure Calls (RPC): RPC are programming functions that enable an application to communicate with another machine, the server. They provide the programming functions, return codes, and predefined variables to support distributed computing.



Trivial File Transfer Protocol (TFTP): TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It uses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can be used on many systems that do not enable FTP access. In some ways, TFTP can be analogous to an e-mail message requesting and receiving a file instead of a text body.

BOOT Protocol (BOOTP): The BOOT Protocol, called BOOTP, is used to start up machines on a network that do not have their own hard drives or storage devices containing operating systems and network information. BOOTP is used for X-terminals and other diskless workstations.

Address Resolution Protocol (ARP): ARP is one of several protocols that helps determine addresses on a network. ARP works with IP to set routes to a destination. ARP converts an IP address to a network interface hardware address.

Reverse address Resolution Protocol (RARP): RARP as its name suggest, is the reverse process of ARP. RARP uses a network interface hardware address and from that produces the IP address, whereas ARP produces the IP address from the hardware address.

Network Time Protocol (NTP): NTP is used to synchronise clocks across a network. This is important because many packets have a prespectified amount of time to reach their routes. If a clock on one machine is inaccurate, the timers in the packet might expire prematurely. Time is also used to build efficient routing tables that let IP determine the fastest route to a destination.


The TCP/IP Family and Protocols 75

The TCP/IP Family of Protocols:

The protocols that make up the TCP/IP family can be divided into groups of similar functionality for convenience.


Internet Layer

Transport Layer

Application Layer

ATM, Ethernet II, IEEE 802.x, ISDN, X.25, etc.

RoutingProtocol

ARP,RARP

SMTP FTP Telnet TFTPSNMP

NFSDNS

IP

TCP UDP

ICMP

RPC

Figure 108 shows the TCP/IP family tree.

Transport: Protocols that control the movement of data between two machines. • TCP (Transport Control Protocol): A connection-based service, meaning that the sending and re-

ceiving machines are communicating with each other at all times.

• UDP (User Datagram Protocol): A connection-less service, meaning that the two machines are not communicating with each other.

Routing: Protocols that handle the addressing of data and determine the best routing to the destination. They also handle the breaking up and reassemble of larger messages. • IP (Internet Protocol): Handles the actual transmission of data.

• ICMP (Internet Control Message Protocol): Handles status messages for IP, such as errors and network changes that can affect routing.

• RIP (Routing Information Protocol): One of several protocols that determines the best routing method.

• OSPF (Open Shortest Path First): An alternate protocol for determining routing.

Network Address: These protocols handle the way machines are addressed, both by a unique number and a more com-mon symbolic name. • ARP (Address Resolution Protocol): Determines the unique numeric addresses of the machine on

the network. • DNS (Domain Name System): Determines numeric addresses from machine names. • RARP (Reverse Address Resolution Protocol): Determines addresses of machines on the network,

but in a manner backward from ARP.


The TCP/IP Family and Protocols 76

User services: These are applications to which users have direct access. • BOOTP (BOOT Protocol): Starts up a network machine by reading the boot information from a

server.

• FTP (File Transfer Protocol): Transfers files from one machine to another without excessive over-head. Uses TCP as the transport.

• TFTP (Trivial File Transfer Protocol): A simple file transfer method that uses UDP as the transport.

• Telnet: Enables remote logins so that users on one machine can connect to another machine and behave as if they are sitting at the remote machine's keyboard.

Gateway Protocols: These protocols help the network communicate routing and status information. • EGP (Exterior Gateway Protocol): Transfers routing information for external networks.

• GGP (Gateway-to-Gateway Protocol): Transfers routing information between Internet gateways

• IGP (Interior Gateway Protocol): Transfer routing information for internal networks.

Others: Services that don't fall into any of the preceding categories. • NFS (Network File System): Enables directories on one machine to be mounted on another ma-

chine, then accessed by users as if they were on the local machine.

• NIS (Network Information Service): Maintains user accounts across networks simplifying logins and password maintenance.

• RPC (Remote Procedure Call): Enables remote applications to communicate with each other using function calls.

• SMTP (Simple Mail Transfer Protocol): A protocol for transferring electronic mail between ma-chines.

• NTP (Network Time Protocol): Used to synchronise clocks of machines on a network.

• SNMP (Simple Network Management Protocol): An administrator's service that sends status mes-sages about the network and devices attached to it.


Implementing TCP/IP 77

Implementing TCP/IP:

• The standard interface defined by Microsoft is the Network Device Interface Specification (NDIS).

• The standard interface defined by Novell is the Open Datalink Interface (ODI). These are different and incompatible specifications. Both of these driver interface standards allow multiple protocol stacks to be run on the same PC. This means that TCP/IP can share a single net-work interface with another protocol. such as NetWare, when an NDIS or ODI driver is used.

Multiple Protocol Stacks:

TCP/IPApplications

NetWareServices

TCP/IPProtocols

WorkstationShell

ODIConverter

Novell IPXProtocols

Multiple Link Interface Driver

Link Support Layer


Figure 109 shows Multiple Protocol Stacks.

• To build complex static routes, use the ROUTE command:

ROUTE [-f] [command [destination] [MASK netmask] [gateway] ]

-f : Flush all of the routes from the routing table.

command : Specifies the action that the command should take ADD, DELETE, CHANGE or PRINT

destination : This is the network host that is reached trough this route

MASK netmask : Is applied to the address provided in the destination field to determine the true destination of the route. If a bit in the netmask is set to 1, the corre-sponding bit in the destination field is a significant bit in the destination ad-dress. For example, a destination of 134.239.96,1 with a netmask of 255.255.0.0 defines the route to network 134.239.0.0, but the same destina-tion with a mask 255.255.255.255 defines the route to the host 134.239.96.1. If no value is specified for the netmask, it defaults to 255.255.255.255.

gateway : This is the IP address of the gateway for this route • To build complex dynamic routes, use IP Routing:

NetBIOS and the associated protocol NetBEUI (NetBIOS Extended User Interface) have long been the basis of Microsoft's networking strategy.



Basic Input Output System (BIOS): It is the part of DOS that defines the I/O calls that applications use to request DOS I/O services. Net-BIOS extends this to include calls that support I/O over a network. NetBIOS is an Application Pro-gramming Interface (API) that defines how an application program request services from the underly-ing network. NetBEUI includes the NetBIOS API, the Service Message Block (SMB) protocol, and the NetBIOS Frame (NBF) protocol. SMB is an API that defines how applications ask for network services, but NetBEUI is not just an API. It also includes the NBF protocol that builds NetBIOS frames for transmission over the network. NetBIOS is not just used to refer to the API, it is frequently used to re-fer to any network that uses NetBIOS. NetBIOS requires very little memory and runs on any type of PC equipment. It is a fast, lightweight protocol suitable for small LAN’s. NetBIOS is only suitable for LAN applications, it cannot be used by itself for a WAN or an enterprise network because it is a non-routable protocol (the protocol cannot be passed through routers, she can only be passed on a single physical network, it has no routing proto-col and no independent address structure), and it depends on an underlying broadcast medium (it cannot be used over serial lines, point-to-point networks, or internets built from dissimilar physical networks).

NetBIOS over TCP/IP (NBT): Is a standard protocol, by encapsulating the NetBIOS messages inside TCP/IP datagrams. It is based on the B-node (is an end node that uses broadcast messages to register its name and to request the names of other systems on the network) architecture. The NetBIOS messages are encapsulated in UDP messages and sent using the IP broadcast address. In effect, IP acts as the broadcast medium for the NetBIOS protocol. The B-node architecture doesn't address the problem of broadcast dependence, so NBT loads a cache with NetBIOS-name-to-IP-address mappings from the LMHOSTS file. In the B-node model, broadcast are only needed for name resolution. Other messages are addressed directly to the remote host. Therefore, broadcasts are only needed for names that cannot be resolved by other means. NBT also uses a name cache to further improve performance. The name cache pro-vides information about computers that cannot respond to a broadcast. These are computers located outside of the broadcast area, including computers located behind routers or on non-broadcast links. Broadcasts continue to be used to local computers, so no entries need to be made for them in the LMHOSTS file. This keeps the file small and permits it to be cached in memory. Encapsulating NetBIOS inside IP datagrams reduces the performance and increase the complexity of the protocol. Both protocols requires some level of configuration, whether it is the address for IP or he LMHOSTS file for NetBIOS.

• NetBIOS-specific information are the hostname, and are the workgroup name.

• NBT-specific information are the scope ID (limits communication between NBT hosts, it limits access and prevents the resources being offered by a system from being seen by systems with a different scope ID), and the location from which the LMHOSTS file should be imported.

Windows Internet Name Service (WINS): It is a protocol to provide name service for NetBIOS names. The advantage of WINS is that it dynami-cally learns names and addresses from the transmission on the network, and that it can be dynami-cally updated by DHCP. The disadvantage is that it requires an NT server, and it is primarily a Net-BIOS service. It is generally not used on TCP/IP networks.



DNS Windows Name Resolution: Can be used to map a NetBIOS name to an IP address, but only if the NetBIOS name and the Internet hostname of the computer are the same. It is a good idea to always make the NetBIOS name and the hostname the same on every system

LMHOSTS File Lookup: Is a simple flat file that associates NetBIOS names with IP addresses. #PRE Causes the entry to be pre-loaded into the cache and permanently retained there. Nor-

mally entries are only cached when they are used for name resolution and are only re-tained in the cache for a few minutes. Use #PRE to speed up address resolution for fre-quently used hostnames.

#DOM Domain identifies NT domain controllers.

#INCLUDE File specifies a remote file that should be incorporated in the local LMHOSTS file. This allows a centrally maintained LMHOSTS file to be automatically loaded. To provide re-dundant sources for LMHOSTS, enclose a group of #INCLUDE commands inside a pair of #BEGIN_ALTERNATE and #END_ALTERNATE statements. The system tries the vari-ous sources in order and stops as soon it successfully downloads one copy of the LMHOSTS file.

134.268.67.1 SERVER01 #PRE 134.268.67.2 SERVER02 #PRE #DOM:DOMAIN01 134.268.67.3 SERVER03 #BEGIN_ALTERNATE #INCLUDE \\ SERVER01 \ADMIN\lmhosts #INCLUDE \\ SERVER02\ADMIN\lmhosts #END_ALTERNATE The system first checks the LMHOSTS file and then issues a DNS query if the NetBIOS name is not found in the file. Many systems use a small LMHOSTS file to provide the addresses of important serv-ers.

TCP/IP Applications: Ping, Telnet, FTP, NFS, SMTP, enz..

Reverse Address Resolution Protocol (RARP): Is a protocol that converts a physical network address into an IP address. This is the reverse of what Address Resolution Protocol (ARP) does. Address Resolution Protocol maps an IP address to a physical address so that data can be delivered over a physical network. It does this by broadcasting an ARP packet that contains the IP address in question. When a system receives an ARP packet that contains its IP address, it responds with a packet that contains its physical network address, e.g. its Ethernet address. Reverse Address Resolution Protocol (RARP) maps a physical address to an IP address for a system that doesn't know its own IP address. The client uses the broadcast services of the physical network to send out a packet that contains the client's physical network address, and asks if any system on the network knows what IP address is associated with the address. The RARP server responds with a packet that contains the client's IP address. RARP is a useful tool, but it only provides the IP address. There are still several other values (the sub-net mask, default gateway, the list of name servers, and the broadcast address) that need to be manually configured.



Bootstrap Protocol: Is an alternative to RARP, and when is used, RARP is not needed. BOOTP is a more comprehensive configuration protocol than RARP. It provides much more configuration information, and it continues to evolve to provide ever more comprehensive information. Over time they have expanded to become the Dynamic Host Configuration Protocol (DHCP). The BOOTP client broadcasts a single packet called a BOOTREQUEST packet that contains, at a minimum, the client's physical network address. The client sends the broadcast using the address 255.255.255.255, which is a special address called the limited broadcast address. The clients wait for a response from the server, and if one is not received within a specified time interval, the client re-transmits the request. The server responds to the client's request with a BOOTREPLY packet.

OpCode HTYPE HLEN HOPS

Seconds unusedTransaction Identification Number

Client IP AddressMachine IP AddressServer IP Address

Gateway IP Address

Server Host NameBoot File Name

Vendor-specific Information

8 bits each32 bits16 bits each32 bits32 bits32 bits32 bitsUp to 128 bitsClient Hardware AddressUp to 512 bitsUp to 1024 bitsUp to 512 bits

Figure 110 shows the BOOTP message format.

BOOTP uses UDP as a transport protocol and, unlike RARP, it does not require any special Network Access Layer protocols. It uses two different well-known port numbers: UDP port number 67 is used for the server, and UDP port number 68 is used for the client. This is very unusual. Most software uses a well-know port on the server side and a randomly generated port on the client side. The random port number ensures that each pair of source/destination ports identifies a unique path for exchanging in-formation. A BOOTP client, however, is still in the process of booting, it may not know its IP address. Even if the client generates a source port for the BOOTREQUEST packet, a server response ad-dressed to that port and the client's IP address won't be read by a client that doesn't recognise the ad-dress. Therefore BOOTP sends the response to a specific port on all hosts. A broadcast set to UDP port 68 is read by all hosts, even by a system that doesn't know its specific address. The system then determines if it is the intended recipient by checking the physical network address embedded in the response. The server fills in all of the fields in the packet for which it has data. There are many differ-ent values a server can provide. Parameter Description Example

bf Bootfile :bf=null bs Bootfile size :bs=22050 cs Cookie servers list :cs=134.268.xxx.xxx ds Domain name servers list :ds=134.268.xxx.xxx gw Gateway list :gw=134.268.xxx.xxx ha Hardware address :ha=7FF8100000AF hd Bootfile directory :hd=/usr/boot hn Send hostname boolean :hn ht Hardware type :th=ethernet im Impress server list :im=134.268.xxx.xxx ip Host IP address :ip=134.268.xxx.xxx lg Log servers list :lg=134.268.xxx.xxx lp LPR servers list :lp=134.268.xxx.xxx ns IEN-116 name servers list :ns=134.268.xxx.xxx rl Resource location servers :rl=134.268.xxx.xxx sm Subnet mask :sm=255.255.255.0 tc Template continuation :tc=default1 to Time offset :to=18000 ts Time servers list :ts=134.268.xxx.xxx vm Vendor magic cookie selector :vm=auto Tn Vendor extension n :T132="1234597AD3B"



# /etc/bootptab defaults:\ :hd=/usr/boot: \ :bf=null: \ :ds=134.268.67.1 134.239.67.3: \ :sm=255.255.255.0: \ :gw=134.268.67.5: PC0087: \ :tc=defaults: \ :ht=ethernet: \ :ha=0000c0a15e10: \ :ip=134.268.67.87: \ :hn: PC0088: \ :tc=defaults: \ :ht=ethernet: \ :ha=0000c0a10e15: \ :ip=134.268.67.88: \ :hn: It is possible to configure a BOOTP server to handle a very large number of clients. One server for each subnet is a good design because it eliminates the need to pass BOOTP information through a router, which requires a special router configuration.

Dynamic Host Configuration Protocol (DHCP): Is the latest generation of BOOTP. It is designed to be compatible with earlier versions. DHCP is only a proposed standard. DHCP uses the same UDP ports, 67 and 68, as BOOTP, and the same BOOTREQUEST and BOOTREPLY packet format. But DHCP is more than just an update of BOOTP.

The new protocol expands the functions of BOOTP:

• The configuration parameters provided by DHCP server include everything defined in the Requirements for Internet Hosts. DHCP provides a client with a complete set of TCP/IP configuration values.

• DHCP permits automated allocation of IP addresses. DHCP uses the portion of the BOOTP packet originally set aside for vendor extensions to indicate the DHCP packet type and to carry a complete set of configuration information. DHCP calls the values in this part of the packet options instead of vendor extensions. This is a more accurate description be-cause DHCP defines how the options are used and does not leave their definition up to the vendors. To handle the full set of configuration values from the Requirements for Internet Hosts, the option field is expanded to 312 bytes from the original 64 bytes of the BOOTP vendor extension field.

DHCP allows addresses to be assigned Manual-, Automatic- and Dynamic allocation:

• Manual allocation: The network administrator keeps complete control over addresses by specifically assigning them to clients. This is exactly the same way that addresses are handled by BOOTP.

• Automatic allocation: The DHCP server permanently assign an address from a pool of ad-dresses. The administrator is not involved in the details of assigning a client an address.

• Dynamic allocation: The server assigns an address to a DHCP client for a limited period of time. The client can return the address to the server at any time, but the client must re-quest an extension from the server to retain the address longer than the time permitted. The server automatically reclaims the address after the lease expires if the client has not requested an extension.



Dynamic allocation is useful in a large distributed network where many PC’s are being added and de-leted. Unused addresses are returned to the pool of addresses without relying on users or system ad-ministrators to take action to return them. Addresses are only used when and where they're needed. Dynamic allocation allows a network to make the maximum use of a limited set of addresses. DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses are assigned.

Local Network

Remote Network

Router with BOOTP enabled

DHCP Server DHCP Client

RouterRouter

DHCP ClientDHCP Client

Figure 111 illustrates an example of a network running DHCP.

In figure 111, it consists of a single DHCP server and a few clients. As shown, a single DHCP server can supply addresses for more than one network. To support DHCP on an internetwork, routers must be configured with BOOTP forwarding. The DHCP server maintains pools of IP addresses, called scopes. When a DHCP client enters a net-work, it requests and granted a lease to use an address from an appropriate scope. The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This approach ensures that unused addresses become available for use by other cli-ents. A single DHCP server can support clients on several networks in an internetwork. Clients moved to different networks are assigned IP addresses appropriate to the new network.

DHCP Client DHCP Server

Acknowledgement message

Offer message

Request message

Discover message

Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a DHCP client obtains a lease from a DHCP server.



Begin1. Initialising state

(sends discover message)

2. Initialising state(receives offer message)

4. Requesting state(sends request message)

3. Selecting state(examines offers)

8. Rebinding(obtains new lease)

5. Requesting state(attempts to renew lease)

6. Bound state(attempts to renew lease)

7. Renewal(attempts to renew lease)

RenewalGranted

Figure 113 shows the life cycle of a DHCP address lease.

The stages in the life cycle are as follow:

• 1) A DHCP client hosts that enters a network enters an initialising state and broadcasts a discover message on the local network. This message may be relayed to other networks to deliver it to DHCP servers in the Internet.

• 2) Each DHCP server that receives the discover message and can service the request responds with an offer message that consists of an IP address and associated configuration information.

• 3) The DHCP client enters a selecting state and examines the offer message that it receives.

• 4) When the DHCP client selects an offer, it enters a requesting state and sends a request mes-sage to the appropriate DHCP server, requesting the offered configuration.

• 5) The DHCP server grants the configuration with an acknowledgement message that consists of the IP address and configuration along with a lease to use the configuration for a specific time. The local network administrator establishes lease policies.

• 6) The DHCP client receives the acknowledgement and enters a bound state in which the IP con-figuration is applied to the local TCP/IP protocols. Client computers retain the configuration for the duration of the lease and may be restarted without negotiating a new lease.

• 7) When the lease approaches expiration, the client attempts to renew its lease with the DHCP server.

• 8) If the lease cannot be renewed, the client reenters the binding process and is assigned a lease to a new address. Non-renewed addresses return to the available address pool.

This process is completely transparent to the client and requires little ongoing maintenance on the part of the network administrator. DHCP can be configured to assign specific addresses to specific hosts, which enables administrators to use DHCP to set host protocol options while retaining fixed address assignments. Several types of hosts must assigned fixed, manual addresses so that other hosts can enter the ad-dresses into their configurations.



Network File System (NFS): Is a TCP/IP file sharing protocol that allows a server to export files that are mounted by clients and used as if they are local files. NFS is a client/server application. The server makes part of its filesys-tem available for use by its clients, and the client uses the remote filesystem as if it were part of its local filesystem. Attaching a remote directory to the local filesystem (a client function) is called mount-ing a directory. Offering a directory for remote access (a server function) is called exporting a direc-tory. NFS is a distributed filesystem. An NFS server has one ore more filesystems that are mounted by NFS clients, to the NFS clients, the remote disks look like local disks. NFS filesystems are mounted using the standard UNIX mount command, and all UNIX utilities work just as well with NFS-mounted files as they do with files on local disks. NFS makes system administration easier because it elimi-nates the need to maintain multiple copies of files on several machines: All NFS clients share the sin-gle copy of the file on the NFS server. NFS also makes life easier for users: Instead of logging on to many different systems and moving files from one system to another, a user can stay on one system and access all the files that he or she needs within one consistent file tree. The Network File System is a distributed file system that provides transparent access to remote disks. Just as NIS allows you to centralise administration of user and host information, NFS allows you to centralise administration of disks. Instead of duplicating common directories on every system, NFS provides a single copy of the directory that is shared by all systems on the network. To a host running NFS, remote filesystems are indistinguishable from local ones. For the user, NFS means that he/she doesn't have to log into other systems to access files. There is no need to use RCP or tapes to move files onto the local system. Once NFS has been set up properly, users should be able to do all their work on their local system, remote files will appear to be local to their own system. NFS and NIS are frequently used together: NIS makes sure that configuration information is propagated to all hosts, and NFS ensures that the files a user needs are accessible from these hosts. NFS is also built on the RPC protocol and imposes a client-server relationship on the hosts that use it. An NFS server is a host that owns one ore more filesystems and makes them available on the net-work, NFS clients mount filesystems from one or more servers. This allows the normal client-server model where the server owns a resource that is used by the client. In the case of NFS, the resource is a physical disk drive that is shared by all clients of the server.

Simple Mail Transfer Protocol (SNMP): Is the TCP/IP mail delivery protocol. It moves mail across the Internet and across your local network. It runs over the reliable, connection-oriented service provided by Transmission Control Protocol (TCP), and it uses well known port number 25. Command Syntax Function

Hello HELLO <sending-host> Identify sending SMTP

From MAIL FROM <from-addresses> Sender address

Recipient RCPT TO:<to-address> Recipient address

Data DATA Begin a message

Reset RSET Abort a message

Verify VRFY <string> Verify a username

Expand EXPN <string> Expand a mailing list

Help HELP <string> Request on-line help

Quit QUIT End the SMPT session SMPT is such a simple protocol you can literally do it yourself. You telnet to port 25 (telnet alex.firm.be 25) on a remote host and type mail in from the command line using the SMTP commands.



SMTP provides direct end-to-end mail delivery. This is unusual, most mail systems use store and for-ward protocols that move mail toward its destination one hop at a time, storing the complete message at each hop and then forwarding it on the next system until final delivery is made. If the direct end-to-end mail delivery fails, the local system knows it right away.

Post Office Protocol (POP): Is used to transfer the contents of the user's mailbox from the server to the users desktop. POP2 uses port 109 and POP3 uses port 110. These are incompatible protocols that use different commands, but they perform the same basic functions. The POP protocols verify the PC user's login name and pass-word, and move the user's mail from the server to the PC where it is read using a local PC mail reader. Command Syntax Function POP2

Hello HELLO user password Identify user account

Folder FOLD mail-folder Select mail folder

Read READ [n] Read mail, start with message n

Retrieve RETR Retrieve message

Save ACKS Acknowledge and save

Delete ACKD Acknowledge and delete

Failed NACK Negative acknowledge

Quit QUIT End the POP2 session Syntax Function POP3

USER username The user's account name

PASS password The user's password

STAT Display the number of unread messages/bytes

RETR n Retrieve message number n

DELE n Delete message number n

LAST Display the number of the last message accessed

LIST [n] Display the size of message n or of all messages

RSET Undelete all message, reset message number to 1

TOP n l Print the header and l lines of message n

NOOP Do nothing

QUIT End the POP3 session

Multipurpose Internet Mail Extensions (MIME): Is an extension of the TCP/IP mail system, not a replacement for it. MIME is more concerned with what the mail system delivers than it is with the mechanics of delivery. It doesn't attempt to replace SMTP or POP, it extends the definition of what constitutes mail.



File Sharing: A true file sharing system allows files to be accessed at the record level. This makes it possible for a client to read a record from a file located on a remote server, update that record, and write it back to the server without moving the full file from the server to the client. File sharing is transparent to the user and to the application software running on the user's system. Through file sharing, users and programs access files located on the remote systems as if they were local. In a perfect file sharing environment, the user neither knows nor cares where the files are actu-ally stored. • Remote File System (RFS): Is a TCP/IP file sharing protocol.

• Andrew File System (AFS): Is a TCP/IP file sharing protocol.

• Network File System (NFS): Is the only TCP/IP file sharing protocol widely available for PC's.

• Distributed File System (DFS): Is a new TCP/IP file sharing protocol.


Interaction of TCP/IP and other Protocols 87

Interaction of TCP/IP and Other Protocols:

It is possible to classify applications as being network-aware or network-unaware. The distinction can be made because some applications, such as Web browsers and client/server applications, need to make explicit use of an underlying network protocol. Other applications, such as standard Windows application suites, simply function within the confines of a workstation's own operating system. For these applications to make use of network file and print services, it is necessary for the NOS to pro-vide extensions to the functions of the local operating system. The next section examines how these different types of applications can make use of the underlying network.

Application Programming Interface (API): Application developers can write network-aware applications by accessing a set of standard proce-dures and functions through an Application Programming Interface (API). This interface specifies soft-ware-defined entry points that developers can use to access the functionality of the networking proto-cols. The use of an API enables a developer to develop networkable applications, while being shielded from having to understand how the underlying protocols operate. Other API’s define interfaces to other system functionality.

Network LayerTransport Layer

Presentation Layer


Application Layer

API accessing underlying network protocols

Application InterfaceStandard API Calls and Procedures

Network Protocol Interface Session Layer

Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-layer model.

The majority of network applications have been written specifically to access a single networking pro-tocol. This is because each of the NOS implementations have developed their API’s as a standard.

Redirectors and File Sharing: One of the main application requirements within a network is saving files on a central file store. To achieve this, NOS implementations commonly include a program known as a redirector. A redirector program extends the functionality of the workstation operating system to enable it to address remote file stores. In a DOS/Windows environment, file storage areas are denoted with the use of letters, typically with the letters A through E being reserved for local disk drives. When a user wants to access a network file volume, it is common for the NOS to facilitate some form of mapping between a volume name and an available drive letter. After the mapping has been made, it is possible for any application to access the shared file volumes in the same way as the would access a local drive. This is because of the op-eration of the installed redirector program. The program sits between the workstation operating system and the NOS protocol stack and listens for application calls made to any of the mapped network drives.



The functionality of a redirector can be further clarified by considering the example of an application user attempting to save a file on a network drive. The user prompts the application to save the file on a network file volume that the NOS has mapped to the DOS drive I:. The application makes a call to the workstation operating system to complete the required file save operation. The redirector program recognise that the application is attempting to access a network drive and steps in to handle the re-quired data transfer. If the redirector hadn't been active, the workstation operating system would have been presented with a request to save a file on a drive letter that is knew nothing about, and it would have responded with a standard error message, such as 'Invalid drive specification'. In a UNIX environment, similar file sharing capabilities are provided through the use of a Network File System (NFS). The use of NFS enables the workstation to access file volumes located on remote host machines as if they were extensions to the workstation's native filesystem. As such, the use of NFS, on the workstation side, is very similar to the use of the NOS redirector as outlined earlier. Implemen-tation of client NFS software are available from several thirdparty companies. These implementations require a TCP/IP protocol stack to operate alongside the installed NOS protocol stack. A workstation configured with both an NOS and a TCP/IP protocol stack is able to operate two inde-pendent applications that can provide file sharing access between environments. This is accomplished through the use of the redirector program, to provide access to the NOS file server, and NFS, operat-ing on the TCP/IP protocol stack to provide access to NFS volumes on UNIX-servers.

F:G:H:

UN

IX S

erve

r

Workstation

Net

War

e S

erve

r

Figure 115 illustrates how a single workstation can be utilise to access both network environments.

The indicated workstation loads a NetWare protocol software and the associated redirector software. File areas on the NetWare server are mapped as local drive F: and G:. The TCP/IP stack and NFS implementation are also loaded, and the remote UNIX file system is mounted as the local drive H: on the workstation PC. Files are then available to be saved by any application operating on the work-station to any of the mapped drivers.

NOS Gateways and Servers: It is often more efficient to utilise an NOS server as a gateway into an existing TCP/IP network than to run dual protocol stacks upon each network client. In figure 117, the NetWare server has the Novel NFS Gateway software installed. The UNIX host has exported the NFS, which has been mounted to a drive on it. This file area is now available to any of the NetWare client workstations. These users are able to access the UNIX file area through the stan-dard NetWare redirector program, removing the requirement of having to load a TCP/IP protocol stack and run a TCP/IP-based application. The NetWare server provides application gateway services between the IPX/SPX-based networks and the TCP/IP network. To achieve this, it is necessary for the server to load both protocol stacks. On the network clients, however, it is necessary to operate only the standard IPX/SPX protocol. The client directs applications requests to use resources within the UNIX network to the gateway using IPX/SPX protocols. The gateway relays these requests to the UNIX host via its TCP/IP protocol stack. In this way, the use of a gateway greatly reduces the administrative overhead required to provide network clients with access to TCP/IP hosts. Network users are able to utilise UNIX-based resources without the requirement to run multiprotocol stacks.



TCP

/IPP

roto

col s

tack

NFS

IPX

Pro

toco

l sta

ck

TCP

/IPP

roto

col s

tack

NFS

IPX Protocols TCP/IP Protocols

NetWare Client Workstations

Figure 116 outlines a sample configuration of a NOS server as a gateway.

NOS gateways tend to be implemented in one of two ways. The first is through the operation of proxy application services. The use of a proxy service provides the user with a special set of the network applications, such as Telnet, FTP, and Web browsers, that have been specifically written to operate over NOS protocols. The client applications communicate with the gateway process, which forwards the application request to the specified UNIX hosts. An alternative solution utilise a tailored version of a standard WinSock driver. This special WinSock driver provides support for standard WinSock appli-cations, but instead of operating on an underlying TCP/IP protocol stack it communicates using IPX/SPX protocols. Yet again, communication occurs between the client workstation and the gateway application, with the gateway acting to forward application data between the client and UNIX host. The use of the tailored WinSock driver means that network clients are able to utilise any standard. WinSock application and don't have to rely on the gateway manufacturer to provide specialised appli-cation software.

Gateway

Tailored WinSock

Standard IPXProtocol Stack

TCP/IPProtocol Stack

Standard WinSock

Client Workstationoperating IPX protocols

NOS Serverproviding gateway service

UNIX Workstationoperating TCP/IP protocols

Standard WinSockclient application

UNIX serverapplication process

Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use any standard WinSock application.

NOS Support for Native IP: The major NOS vendors have recognised an increasing demand to replace their proprietary commu-nication methods with native TCP/IP protocols. However, network applications have generally inter-faced with a specific protocol. If NOS vendors were to suddenly adopt a different protocol, many of the existing network applications would no longer function. For this reason, vendors are looking for ways to replace their proprietary network protocols, but at the same time to provide a degree of backward-compatibility to protect existing applications. For example, within NetWare it is possible to replace the standard IPX/SPX protocols with a TCP/IP protocol stack to provide standard communication between network client and server. However, within this implementation each data packet actually consists of an IPX packet enclosed within a UDP packet. The inclusion of the IPX header provides NetWare with the backward-compatibility it requires to support its existing application base. However, the inclusion of the IPX header places an additional overhead on each data packet. This overhead is likely to account for around 8 to 10 percent of the total packet size.



Other NOS vendors also provide native support for TCP/IP protocols. For example, Windows NT al-lows for the users of the NetBEUI protocol or TCP/IP protocols or a combination of both. Within NT, network protocols are provided via an interface that it refers to as the Transport Driver Interface (TDI). This is a layer that is loaded toward the top of the protocol stack and is used to provide a standard in-terface between application environments and any underlying network protocols.

NDIS Drivers & SLIP/PPP

Network InterfacePhysical Network Layer

Network Device Interface

Transport Device Interface

ARP IP Services ICMP

TCP/UDP Services

NetBIOSInterface

NetBIOSApplications

WinSockApplications

Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT.

At the TDI interface, standard API’s such as NetBIOS and WinSock are able to interact with communi-cation modules, principally TCP/IP and NetBEUI. The TDI model has been designed around a flexible architecture so that it can be adapted to support additional network protocols as required. Under this networking model, applications that have been written to the NetBIOS interface can operate over an installed TCP/IP protocol stack. NetBIOS operates by assigning a unique name to every net-work node. The assignment and management of the NetBIOS name space results in the generation of a large amount of network traffic. This is because hosts send out broadcasts to all network nodes when they want to register the use of a name they need to perform name resolution. The NetBIOS over TCP/IP standards specifies a method whereby this functionality can occur over a TCP/IP protocol stack. The excessive broadcast requirements effectively limit the use of NetBIOS to small LAN envi-ronments where the necessary bandwidth is available. IP networks, on the other hand, often include wide area links where bandwidth might not be sufficient to handle the required broadcasts needed to maintain the NetBIOS address space.


Buiding an Internet Server 91

Building an Internet Server:

Isolating the Server: If an organisation merely wants to offer a service to the Internet community without enabling the users to use the same connection to the Internet, limiting the security risk is easy.

Internet Server

local network

Internet

Internet

Figure 119 shows an Internet server isolated from the local network.

Figure 119 illustrates a configuration that completely isolates local users computers from the Internet. If someone breaks into your Internet server, access is limited to the server itself.

local network

Internet Server InternetTCP/IP Protocols

IPX Protocols

Internet

Figure 120 shows an Internet server that connect to the Internet using TCP/IP.

In figure 120, the server is connected to the organisation’s LAN using NWLink (IPX/SPX). Windows NT servers do not route between different protocol stacks, and this approach very effectively isolates outside TCP/IP users from inside users connected using NWLink.

Providing Full Internet Connectivity: Suppose that you want your Internet connection to enable outside users to connect in and inside users to connect out. Don’t use an insecure Internet connection. If an outsider attempts to violate security, you’ll know it. After all, the intruder can be readily identified because he will be using a nonlocal netid.



local network

Internet Server

Internet

InternetTCP/IP Protocols

Windows NTRouter

Figure 121 shows an insecure Internet connection.

Unfortunately, IP addresses aren’t secure. Any reasonably knowledgeable Internet snoop can use a technique known as IP spoofing to make his packets appear to have originated on your local network. All the intruder needs to do is listen into your network for awhile, pick up a few usernames and pass-words, which are transmitted in the clear, spoof an IP address, and break in. Once in, an intruder can gain entry to dozen of TCP/IP systems. If the intruder can spoof in using the address of a user logged on to a server, the intruder might be able to impersonate the logged-on user and access files using that user’s security permissions. A basic rule of TCP/IP security is as follows:

• Never base security on IP addresses. Security must always be based on a secure login procedure that authenticates all users who are given access to critical systems.

• Isolate your Internet servers from your LAN clients, you can use therefore firewalls. A firewall is a filter that can be configurated to block certain types of network traffic. Traffic can be filtered in various ways:

Restricting certain protocols.

Restricting certain types of packets.

Permitting inside traffic out, while preventing outside traffic from entering. A firewall is essentially an IP router that has had its routing function replaced by a more secure method of forwarding messages. Some firewalls are specialised pieces of hardware, while other fire-walls might consist of software running on a multihomed TCP/IP host.

Router

Firewall

all packets are forwarded throughthe IP layer.

no packets are forwarded, packetsaddressed to the fi rewal l areprocessed locally by the firewallmachine

Figure 122 shows a comparison between a firewall and an IP router.



In figure 122, the router handles packets up through the IP layer. The router forwards each packet based on the packet’s destination address, and the route to that destination indicated in the routing table. A host, on the other hand, does not forward packets, and the firewall system is just a special type of multihomed host. Just like any host, the firewall accepts packets that are addressed to it, and processes those packets through the Application Layer. The firewall ignores packets that are not ad-dressed to it.

local network

firewall/Internet Server

Internet


Figure 123 shows a basic firewall/Internet server combination.

Figure 123 illustrates a firewall configuration in which on Internet host provides all Internet services and runs firewall software. The firewall/Internet server combination is configured to enable inside us-ers to connect out to the Internet. Outside users are not permitted to connect to the LAN.

local network


Internet


AdditionalInternetServer

Figure 124 shows a firewall configuration that poses potential problems.

In figure 124, if you must configure more than on Internet server, you should avoid this example. No matter how tightly the firewall is configured to restrict outside users from accessing specific hosts, an intruder still could circumvent the firewall and gain access to other LAN-based hosts. You should isolate the servers on a separate network segment and configure the firewall to route traf-fic appropriately.




local network

Internet


AdditionalInternetServer

Figure 125 shows a more secure firewall configuration.

In figure 125, the firewall permits outside users to access designated servers on one network seg-ment, but prevent access to systems on the other segments. Because firwalls are used in place of routers, the are usually thought of as a way to separate an inter-nal network from the external world. However, isolating an entire network behind a firwall may not be required. Even at sites that need a firewall, most workstations and desktop computers may not contain information or applications that need this level of protection. Frequently, only a limited set of com-puters contain truly sensitive data or processes critical to the operation or the organisation. One way to limit the impact of a firewall on the operation of a network is to use an internal firewall that isolates selected critical systems, while allowing all other systems to operate in a normal manner.

Internet

Internet

Internal network of sensitiveand non-sensitive systemsInternet external firewall

Internet Router internal firewallInternal network ofnon-sensitive systems

Secure network of sensitive systems

RouterRouter

Figure 126 illsutrates networks using both Internal and External Firewalls.

The difficulty of identifying all sensitive systems, and the fear of making a mistake that could compro-mise critical information, causes many security-conscious sites to prefer an external firewall, or even a combination of internal and external firewalls. However, if sensitive systems can be identified and iso-lated, the majority of users benefit from a more user friendly network because the entire network is not isolated behind an external firewall. The techniques for cracking into TCP/IP networks are advancing at least as quickly as the techniques for building firewalls. and potting too much faith in the security you implement in unwise. For many, a secure network is merely an inspiration to try harder. For this reason, physical isolation of critical com-puters remain the one certain way to prevent intrusion.


Simple Network Management Protocol 95

Simple Network Management Protocol (SNMP):

Is a client/server (agent/manager) protocol. The network management software used on TCP/IP based networks is based on the SNMP. The agent (the server) runs on the device being managed, which is called the Managed Network Entity. The agent monitors the status of the device and reports that status to the manager. The manager (the client) runs on the Network Management Station, it collects information from all of the different devices that are being managed, consolidates it, and presents it to the human network manager. SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its transport protocol because it has no need for the overhead of TCP. Reliability is not required because each request generates a response. If the SNMP application does not receive a response, it simply reissues the request. Sequencing is not needed because each request and each response travels as a single datagram. The request and response messages that SNMP sends in the diagrams are called Protocol Data Units (PDU). These message types allow the manager to request management information, and when ap-propriate, to modify that information. The messages also allow the agent to respond to manager re-quests and to notify the manager of unusual situations. SNMP Protocol Data Units:

PDU Use

GetRequest Manager requests an update

GetNextRequest Manager requests the next entry in a table

GetResponse Agent answers a manager request

SetRequest Manager modifies data on the managed device

Trap Agent alerts manager of an unusual event The NMS periodically requests the status of each device (GetRequest) and each agent responds with the status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the burden on the agent because the NMS decides when polls are needed, and the agent simply re-sponds. Polling also reduces the burden on the network because the polls originate from a single sys-tem are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates. If a problem occurs on a managed device, the manager does not find out until the agent polled. To handle this, SNMP uses a modified polling system called trap-directed polling. A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent does not wait for the manager to poll, instead it immediately sends information to the manager. Traps allow the agent to inform the manager of unusual events while allowing the manager to maintain con-trol of polling. SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and lis-tens for traps on port 162.


Simple Network Management Protocol 96

Generic Trap: Trap Meaning

coldStart Agent restarted, possible configuration changes

warmStart Agent reinitialised without configuration changes

enterpriseSpecific An event significant to this hardware or software

authenticationFailure Agent received an unauthenticated message

linkDown Agent detected a network link failure

linkUp Agent detected a network link coming up

egpNeighborLoss The device's EGP neighbour is down The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol (SGMP), which was a tool for tracking the status of network routers. Routers are generally the only devices that have multiple network links to keep track of and are the only devices that run Exterior Gateway Protocol (EGP). These traps are not significant for PCs. The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are defined differently by every vendor's SNMP agent software. Therefore it is possible for the trap to be tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that is privately defined by a vendor or organisation as opposed to something that is globally defined by an RFC. The Structure of Management Information (SMI) defines how data should be presented in an SNMP environment. The SMI defines how managed objects are named, the syntax in which they are defined, and how they are encoded for transmission over the network. The SMI is based on previous ISO work. Each managed object is given a globally unique name called an object identifier. The object identifier is part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is iden-tified by a number. All SNMP managed object start with the number 1.3.6.1 .

Object Identifier Hierarchy: The number of the root is not included in the identifier. Objects are defined just as formally as they are named. The syntax used to define managed objects is Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It makes the data definition independent of rules for encoding data for transfer over a network. Installing SNMP:

Only one copy of the manager software is needed for a network. SNMP agents are installed in every system.


Microsoft TCP/IP 97

Microsoft TCP/IP: Microsoft Network Protocols:

Microsoft Windows operating systems support three network transport protocols:

• NetBIOS Frame protocol (NBF).

• NWLink.

• TCP/IP.

DLC: Supports network-attached printers.

These protocols are integrated using two technologies:

• The Network Driver Interface Specification (NDIS).

• The Transport Driver Interface (TDI).

The Microsoft Network Protocol Architecture:

Application/PresentationLayer

Session Layer

Transport LayerNetwork Layer

Data Link Layer

Physical Layer

NetBIOS

TCP/IP

NetBIOS overTCP/IP

WindowsSockets

NWLink NetBEUI (NBF)

Network AdaptersNetwork Adapter Drivers

NDIS Interface

TDI Interface

TCP/IPApplicationsWindows API Applications

Figure 127.shows the Microsoft Network Protocol Architecture.

NDIS and TDI act as the unifying layers that enable Microsoft workstations to support multiple protocol stacks over a single network interface. At the lowest level of the protocol stack model are network interface adapters and the driver software that enables them to connect with upper layers. NDIS is a standard interface between the MAC layer protocols and the network layer. At the MAC layer, NDIS provides a well-defined interface that enables vendors to write drivers for their network interface products. NDIS also provides a standard protocol layer that upper-layer protocols can use, enabling multiple NDIS-compliant network layer protocols to interface with any NDIS-compliant network adapter. NDIS enables a computer to support multiple network adapters, which might be of the same or mixed type. These adapters communicate with the same upper-layer protocol stacks, mediated by the NDIS interface. The Transport Driver Interface (TDI) defines a protocol interface between session layer protocols and the transport layer. Transport protocols, therefore, can be written to standard interfaces both above (TDI) and below (NDIS) in the protocol stack. Above the TDI, Microsoft provides support for two Application Programming Interfaces (API’s). Net-BIOS is the historic API for Microsoft network products. On the other hand, the standard API for TCP/IP applications is Berkeley sockets, which Microsoft has implemented as Windows Sockets. For environments that choose to implement TCP/IP without NetBEUI, and to support the non-routable NetBIOS protocols over internetworks, Microsoft has provides a NetBIOS over TCP/IP (NBT) feature that enables NetBIOS applications to access the TCP/IP transport.


Microsoft TCP/IP 98

NetBEUI Frame Protocol (NBF): An efficient protocol that functions well in local networks, part of Windows NT. NBF is compatible with the earlier NetBEUI implementations found in LAN Manager and Windows 3.x.

NBF provides two service modes:

• Unreliable connectionless communication (datagram).

• Reliable connection-oriented communication (virtual circuit).

reliable connectionless mode is unavailable. Connection-oriented communication is used in many situations on peer-to-peer networks. NBF de-pends heavily on broadcast messages, however, to advertise network names. When a NetBIOS com-puter enters a network, it broadcasts a message announcing its name to ensure that no other com-puter on the network already has the same name. This essential NetBIOS mechanism fails in inter-networks because broadcasts do not cross routers. Ordinarily, therefore, NBF is restricted to non-routed networks.

NWLink: Is a Microsoft implementation of the two protocols (IPX and SPX) that are the standard transport on NetWare networks.

• Internetwork Packet eXchange (IPX): Is a datagram network layer protocol that services as the primary workhorse on NetWare LAN’s. The majority of NetWare services operate over IPX.

• Sequenced Packet eXchange (SPX): Is an optional transport-layer protocol that provides connection-oriented, reliable message delivery.

IPX is a routable protocol, and NWLink can be used to construct routed networks using Microsoft products. The network/hardware address mechanism differs significantly from the mechanism used for IP. IPX uses sockets to direct messages to and from the correct upper-layer processes. In most cases, upper-layer functions are performed by the NetWare Core Protocols (NCP), which provides network services at the session, presentation, and application layers. NCP is not part of NWLink, although Mi-crosoft has implemented a NetWare client requester that implements the client side of NCP. The IPX/SPX protocols offer high performance, because node ID’s need not be maintained manually. Use of IPX/SPX, however, has been confined primarily to the NetWare environment.

TCP/IP: Microsoft has been including TCP/IP support in network products since LAN Manager. TCP/IP was Microsoft's choice as a notable protocol for use when the non-routable NetBEUI was not functional. DHCP Concept and Operation: DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses are assigned. A single DHCP server can supply addresses for more than one network. To support DHCP on an internetwork, routers must be configured with BOOTP forwarding. The DHCP servers maintains pools of IP addresses, called scopes. When a DHCP client enters a network, it request and is granted a lease to use an address from an appropriate scope. The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This approach ensures that unused addresses become available for use by other clients.


Microsoft TCP/IP 99

DHCP can be configured to assign specific addresses to specific hosts, which enables administrators to use DHCP to set host protocol options while retaining fixed address assignments. Several types of hosts must be assigned fixed, manual addresses so that other hosts can enter the addresses into their configuration, including, among others, the following examples: Routers (Gate-ways), WINS servers, and DNS servers.

Global Scope Client

Client options overridescope and global options

Global options apply unless overriddenby scope or client options

Scope options overrideglobal options

Figure 128 shows priority of DHCP options.

Managing WINS: The primary naming system for Microsoft networks is based on NetBIOS names. Each computer on the network is configured with a name that it broadcasts to the network make its presence known to all other computers on the local network. This system is easy to maintain because whenever a computer inserts itself into the network, the global name database is updated. This system works well on local networks on which all protocols are supported by Microsoft network products. Microsoft operating sys-tems configured using only TCP/IP protocols can use NetBIOS names within the context of a local, non-routed network. A significant limitation of NetBIOS naming in a TCP/IP environment is that the names do not propa-gate across routers. NetBIOS names are disseminated using broadcast datagrams, which IP routers do not forward. The NetBIOS names on one network, therefore, are invisible to computers on net-works connected via routers. The Microsoft LAN Manager products supported internetwork name resolution using static naming tables stored in files named LMHOSTS. An LMHOSTS file is a text file that contains mappings be-tween NetBIOS names and IP addresses. To enable computers on the internetwork to resolve names, a network administrator had to manually update the LMHOSTS file and distribute it to all computers on the Internet. This was a distinctly labour-intensive method of maintaining NetBIOS naming. Like LMHOSTS, Windows Internet Name Service (WINS) maintains a NetBIOS global naming service for TCP/IP internets. Unlike LMHOSTS, WINS is dynamic, extending the automatic configuration of the NetBIOS name directory from local networks to internets. The WINS database is updated auto-matically as NetBIOS computers insert and remove themselves from the network. Using WINS in con-junction with DNS is possible, which would enable WINS to provide DNS with host names for Micro-soft-based hosts within your network.


Microsoft TCP/IP 100

Resolving Names on Microsoft Networks: Resolution is the process of associating host names with addresses. Resolution of NetBIOS names on TCP/IP environments is the responsibility of the NetBIOS over TCP/IP (NBT) service. NBT name reso-lution has evolved from a basic, broadcast-based approach to the current name-service approach. Before discussing WINS, it is necessary to examine the name resolution modes supported by NBT.

• B-node: Is the oldest method employed on Microsoft networks, name resolution using broad-cast messages. When Host A needs to communicate with Host B, it sends a broadcast mes-sage to interrogates the network for the presence of Host B. If Host B receives the broadcast, it sends a response to Host A that includes its address. If Host A does not receive a response within a preset period of time, it times out and the attempt fails.

A B C D

Hey, everybody! What's the address of HOST B?

It's 134.67.32.2

Figure 129 shows B-node name resolution.

It works well in small, local networks, but poses two disadvantages that become criti-cal as networks grow:

• As the number of hosts on the network increases, the amount of broadcast traffic can consume significant network bandwidth.

• IP routers do not forward broadcasts, and this technique cannot propagate names through an internetwork.

B-node is the default name resolution mode for Microsoft hosts not configured to use WINS for name resolution. In pure B-node environments, hosts can be configured to use LMHOSTS files to resolve names on the networks.

• P-node: Is used for name resolution. P-node computers register themselves with a WINS

server, which functions as a NetBIOS name server. The WINS server maintains a database of NetBIOS names, ensures that duplicate names do not exist, and makes the database avail-able to WINS clients.

A B C

Hey, everybody! What's the address of HOST B?

It's 134.67.32.2

WIN

S S

erve

r

Figure 130 shows P-node name resolution.

Each WINS client is configured with the address of a WINS server, which may reside on the local network or on a remote network. WINS clients and servers communicate via directed messages that can be routed. No broadcast messages are required to P-node name resolu-tion.



Two liabilities of P-node name resolution are that:

• All computers must be configured using the address of a WINS server, even when communicating hosts reside on the same network.

• If a WINS server is unavailable, name resolution fails for P-node clients.

• M-node: computers first attempt to use B-node name resolution, which succeeds if the desired host resides on the local network. If B-node resolution fails, M-node hosts then to use P-node to resolve the name. M-node enables name resolution to continue on the local network when WINS servers are down. B-node resolution is attempted first on the assumption that in most environments, hosts communicate most often with hosts on their local networks. When this assumption holds, performance of B-node resolution is superior to P-node. Recall, however, that B-node can result in high levels of broadcast traffic. Microsoft warns that M-node can cause problems when network logons are attempted in a routed environment.

• H-node: Is the default for Microsoft TCP/IP clients configured using the addresses of WINS

servers. As a fallback, Windows TCP/IP clients can be configured to use LMHOSTS fields for name resolution. Nodes configured with H-node, however, first attempt to resolve addresses using WINS. Only after an attempt to resolve the name using a name server fails does an H-node computer an attempt to use B-node. H-Node computers, therefore, can continue to re-solve local addresses when WINS is unavailable. When operating in B-node, H-node com-puters continue to poll the WINS server and revert to H-node when WINS services are re-stored.

Architecture of the Windows Internet Name Service (WINS): WINS uses one ore more WINS servers to maintain a database that provides name-to-address map-pings in response to queries from WINS clients. WINS is a particularly got fit when IP addresses are assigned by DHCP. Although the DHCP lease renewal process results in a certain stability of IP ad-dress assignments. IP addresses can change if hosts are moved to different networks or if a hosts is inactive for a time sufficient to cause its address to be reassigned. WINS automatically updates its database to respond to such changes. Because WINS clients communicate with WINS servers via directed messages, no problems are encountered when operating in a routed environment.

B-node broadcast query

IP Address

WIN

S S

erve

r 1

IP A

ddre

ss

P-n

ode

dire

cted

que

ry

RouterRouter

RouterRouterP-node query

IP AddressWIN

S S

erve

r 2

Non-WINS Client WINS Proxy

Non-WINS Client WINS Proxy

WINS-Enabled Client

withBOOTP

withBOOTP

Database Replication

Figure 131 shows the architecture of a WINS name service.



WINS proxies enable non-WINS clients to resolve names on the internetwork. When a WINS proxy receives a B-node broadcast attempting to resolve a name on a remote network, the WINS proxy di-rects a name query to a WINS server and returns the response to the non-WINS client. WINS makes maintaining unique NetBIOS names throughout the Internet possible. When a computer attempts to register a NetBIOS name with WINS, it is permitted to do so only if the name is not cur-rently reserved in the WINS database. Without WINS, unique names are enforced only through the broadcast B-node mechanism on local networks. • When a WINS client is shut down in an orderly manner, it releases its name reservation in the

WINS database and the name is marked as released. After a certain time, a released name is marked as extinct. Extinct names are maintained for a period of time sufficient to propagate the in-formation to all WINS servers, after which the extinct name is removed from the WINS database.

• If a computer has released its name through an orderly shutdown, WINS knows that the name is available and the clients can immediately reobtain the name when it reenters the network. If the cli-ent has changed network addresses, by moving to a different network segment, a released name can also be reassigned.

• If a computer is not shut down in an orderly fashion, its name reservation remains active in the WINS database. When the computer attempt to reregister the name, the WINS server challenges the registration attempt. If the computer has changed IP addresses, the challenge fails and the cli-ent is permitted to reregister the name with its new address. If no other computer as actively using the name, the client is also permitted to reregister with the name.

• All names in the WINS database bear a timestamp that indicates when the reservation will expire. If a client fails to reregister the name when the reservation expires, the name is released. WINS supports definition of static assignments that do not expire.

Any Windows NT server computer can be configured as a WINS server, except WINS servers cannot receive their IP address assignment from DHCP. WINS clients communicate with WINS servers via directed datagrams, and you do not have to locate a WINS server on each network segment. How-ever, non-WINS clients are supported only if at least one WINS proxy is installed on each network or subnetmask. Multihomed computers should not be configured as WINS server. A WINS server may register its name with only one network. The name of a multihomed WINS server, therefore, cannot be registered with all attached networks. Also, some client connection attempts fail with multihomed WINS servers. WINS recognises a variety of special names, identified by the value of the 16th byte of LAN Manager-compatible names. Special names are encountered when setting up static mappings and when exam-ining entries in the WINS database.

• Multihomed Names:

A multihomed name is a single computer name that stores multiple IP addresses, which are associated with multiple network adapters on a multihomed computer. Each multihomed name can be associated with up to 25 IP addresses. This information is established when TCP/IP configuration is used to specify IP addresses for the computer.

When the WINS server service is running on a multihomed computer, the WINS service is al-ways associated with the first adapter in the computer configuration. All WINS messages on the computer, therefore, originate from the same adapter.

Multihomed computers with connections to two or more networks should not be configured as WINS servers. If a client attempts a connection with a multihomed WINS server, the server might supply an IP address on the wrong network, causing the connection attempt to fail.



• Normal Group Names:

Are tagged with the value 0x1E in the 16th byte. Browsers broadcast to this name and re-spond to it when electing a master browser. In response to queries to this name, WINS always returns the broadcast address FF.FF.FF.FF.

• Internet Group Names:

An internet group is used to register Windows NT server computers in internet groups, princi-pally Windows NT server domains. If the Internet group is not configured statically, member computers are registered dynamically as the enter and leave the group. Internet group names are identified by the value 0x1C in the 16th byte of the NetBIOS name. An internet group can contain up to 25 members, preference being given to the nearest Windows NT server com-puters. On a large internetwork, the Internet group register the 24 nearest Windows NT server computers plus the primary domain controller.

• Other Special Names:

0x0 identifies the redirector name of a computer.

0x3 identifies the messenger service name, used to send messages.

0x1B identifies the domain master browser, which WINS assumes is the primary domain con-troller. If it is not. the domain master browser should be statically configured in WINS.

0x1 identifies _MSBROWSE_, the name to which master browsers broadcast to announce their domains to other master browsers on the local subnet.

Having two or more WINS servers on any network is desirable. A second server can be used to main-tain a replica of the WINS database that can be used if the primary server fails. On large internet-works, multiple WINS servers result in less routed traffic and spread the name resolution workload across several computers. Pairs of WINS servers can be configured as replication partners. WINS servers can perform two types of replication actions: Pushing and pulling. And a member of a replication pair functions as either a push partner or a full partner. All database replication takes place by transferring data from a push partner to a pull partner. But a push partner cannot unilaterally push data. Data transfers may be initi-ated in two ways. • A pull partner can initiate replication by requesting replication from a push partner. All records in a

WINS database are stamped with a version number. When a pull partner sends a pull request, it specifies the highest version number that is associated with data received from the push partner. The push partner then sends any new data in its database that has a higher version number than was specified in the pull.

• A push partner can initiate replication by notifying a pull partner that the push partner has data to send. The pull partner indicates its readlines to receive the data by sending a pull replication re-quest that enables the push partner to push the data.

Pulls generally are scheduled events that occur at regular intervals. Pushes generally are triggered when the number of changes to be replicated exceeds a specified threshold. An administrator, how-ever, can manually trigger both pushes and pulls. WINS performs a complete backup of its database every 24 hours. If users cannot connect to a server running the WINS server service, the WINS database probably has become corrupt. In that case, you might need to restore the database from a backup copy.



Push Pull

Pull Push

Pus

h

Pul

l

Pul

l

P

ush

Push Pull

Pull Push

Pus

h

Pul

l

Pul

l

P

ush

Figure 132 shows a network with several WINS replication partnerships.

Naming versus Browsing: Browsers, however, maintain databases only of host names. Addresses must still be derived from a name resolution process. Browsing works somewhat differently on TCP/IP networks than on networks running NetBIOS and NWLink, although the difference becomes apparent only when routing is involved. Windows browsing is based on browse lists, which catalogue all available domains and servers. Browse lists are maintained by browsers. By default all Windows NT server computer are browsers. Windows NT workstations computers are potential browsers, and can become browsers if required. Each domain has one master browser that serves as the primary point for collecting the browse data-base for the domain. Servers, any computer that offers shared resources, that enter the network transmit server announcements to the master browser to announce their presence. The master browser uses these server announcements to maintain its browse list. Backup browsers receive copies of the browse list from the master browser at periodic intervals. She introduce redundancy to the browsing mechanism and distribute browsing queries across several computers. An election process among the various browsers determines the master browser. In do-mains, the election is biased in favour of making the Primary Domain Controller (PDC) the master browser, which always is the master browser if it is operational. All Windows NT server computers function as master or backup browser. Windows NT workstations can function as browsers. In the presence of sufficient Windows NT server computers, no Windows NT workstation will be configured as browsers. When no Windows NT server computers are available, at least two Windows NT workstations computers will be activated as browsers. An additional browser will be activated for every 32 Windows NT workstation computers in the domain.



Severs must announce their presence to the master browser at periodic intervals, starting at one min-ute intervals and increasing to 12 minutes. If a server fails to announce itself for three announcement periods, it is removed from the browse list. Therefore, up to 36 minutes may be required before a failed server is removed from the browse list. Domains are also maintained in the browse list. Every fifteen minutes, a master browser broadcast a message announcing its presence to master browsers in other domains. If a master browser is not heard for three 15-minutes periodes, other master browsers remove the domain from their browse list. Thus, 45 minutes may be required to remove information about another domain from a browse list. Internetworks based on NetBIOS and NWLink protocols can route broadcast name queries across routers. Maintaining a single master for each domain, therefore, is necessary. Internetworks based on TCP/IP cannot forward broadcast queries between networks. Therefore, Mi-crosoft TCP/IP networks maintain a master browser for each network or subnetmask. If a domain spans more than one network or subnetwork, the domain master browser running on the PDC has a special responsibility of collecting browse lists from the master browser on each network and subnet-work. The domain master browser periodically rebroadcasts the complete domain browse list to the master browser, which in turn update backup browsers on their networks. Therefore, significant time might be required to disseminate browsing data through a domain on a large TCP/IP internetwork. The browsing service is a convenience but is not required to enable clients to access servers on the internetwork. Clients processes still can use shared resources by connecting directly with the Univer-sal Naming Convention (UNC) name of the resource. On a TCP/IP internetwork, that makes WINS a near necessity. Browsing, on the other hand, is very convenient but is not essential. Multihomed hosts often present an ambiguous face to the network community. Different hosts can use different IP addresses to access services running on the host, with unpredictable results. One case in which this unpredictability seems to appear is browsing when the PDC for a domain is multihomed. Clients are not hard-wired with the address of browsers, and a multihomed browser appears to con-fuse things, causing various clients to see different browse lists. More consistent results seem to be obtained when the PDC has a single IP address. In any case, the PDC cannot serve as master browser for more than one network or subnetmask. Sometimes dynamic name-address mappings are not desirable. At such times, creating static map-pings in the WINS database proves useful. A static mapping is a permanent mapping of a computer name to an IP address. Static mappings cannot be challenged and are removed only when they are explicitly deleted. Reserved IP addresses assigned to DHCP clients override any static mappings as-signed by WINS. Static mappings for unique and special group names can be imported from files that conform to the format of LMHOSTS files.

Managing LMHOST Files: Although a complete name resolution system can be based on LMHOSTS files, static naming files can be a nightmare to administrator, particularly when they must be distributed to several hosts on the network. Nevertheless, LMHOSTS files may be necessary if WINS will no be run on a network or if having a backup is desirable in case the WINS service fails. Although LAN manager host files supported little more than mappings of NetBIOS names to IP ad-dresses, Windows NT offers several options that make LMHOSTS considerably more versatile.



The basic format of an LMHOSTS file is as follow:

IP-address Name

134.67.32.0 Logon-Server-Network-A 134.67.32.1 Host-1-Network-A 134.67.32.2 Host-2-Network-A 134.67.40.0 Logon-Server-Network-B 134.67.32.3 Host-3-Network-B 134.268.67.0 Logon-Server-Network-C 134.268.67.3 Host-3-Network-C 134.268.67.5 Host-5-Network-C

Managing DNS: Domain Name Service (DNS) is the standard naming service used on the Internet and on most TCP/IP networks. If your Windows TCP/IP network is not connected to non-Microsoft TCP/IP networks, you do not need DNS. WINS can provide all the naming services required on a Microsoft Windows Network. You need DNS if you want to connect your TCP/IP hosts to the Internet or to a UNIX based TCP/IP network, but only if you want to enable users outside the Windows network to access your TCP/IP hosts by name.

Name Resolution with HOSTS Files: Before DNS, name resolution was accomplished using files named HOSTS. Supporting a naming ser-vice is a simple matter of editing a master HOSTS file and distributing it to all computers, which could be accomplished by copying the file when a user logs on to a domain, or it could be done using a soft-ware distribution system.


Transmission Line Theory 107

Transmission Line Theory:

The electrical characteristics of the media used to send network datagrams partly define the physical layer: The determine the maximum transmission rate, the longest straight run of cable, and other con-strains of the network. This are all products of the transmission line theory, a study how signals be-have when they are transmitted over long distances. While the extremely lower-level theory doesn’t have any direct implications for higher-level protocols, violating the constraints imposed by transmis-sion line theory can lead to intermittent and puzzling network failures that appear to the higher-level protocol breakdowns. A transmission line is any signal path that is long compared to the wavelength of the signal travelling the path. Signals of higher frequencies have shorter wavelengths, so higher frequencies signals re-quire transmission line analysis over much shorter path lengths. For example, low-speed AC line volt-age going from a power company generator to a substation or transformer is affected by transmission line problems over a distance of several miles. On the other end of the spectrum, high-speed inte-grated circuits that produce pulses in the nanosecond range require transmission line treatment for signals that are a few centimetres long. Signals on the Ethernet have wavelengths of about one meter, so transmission line theory applies to every network with at least two stations on it, assuming the ma-chines aren’t located on top of each other. Every signal conductor has some inherent capacitance and inductance. The inductance comes from the fact that any conductor must have a real non-zero thickness, the capacitance is due to coupling with the ground plane and other nearby wires. Ethernet backbones are limited in length partly because of these capacitive loading effects: The longer the cable, the greater its capacitance. As the capaci-tance increases, each signal must charge up the line for a longer time, and after some critical value, the time required to charge the line’s capacitance is significant compared to the time required to send the packet’s preamble. At low frequencies, the non-ideal characteristics of the wire may be ignored, but at the Ethernet data transmission frequency of 10 MHz, the become important.

L1 L2 Ln

C1 C2 Cn

Figure 133 shows a drawing how a real-world Ethernet cable looks.

In figure 133, the series of inductors/capacitor pairs define an AC impedance for the cable. Impedance is usually a function of the frequency of the signal encountering the L/C pairs. Ethernet packets are sent with a constant frequency (not the frequency of the packets themselves, but the frequency of the modulated signal representing the packet), fixing the AC impedance of the cable. The fixed imped-ance is why you can put a fixed-value resistor on the Ethernet as a terminator, the rest of this discus-sion explores the transmission line theory underpinnings that determine the value of that terminator. On a non-ideal wire, the voltage at an endpoint can’t change instantaneously, due to the capacitive and inductive effects described earlier. When a signal is impressed on a line (when a host sends a packet on the Ethernet), the voltage at the end of the wire must go from 0 to -2.5 volts. A packet rolling down the Ethernet cable is represented as a series of voltage changes, each with a corresponding change in current as defined by Ohm’s law. The endpoint of the wire appears to be a signal load, for this discussion assume that the load has an arbitrary value.



IO = IL - IRIR

IL

VO VLZO ZL

load

Figure 134 shows the signal on an Ethernet.

The endpoint of the wire, represented as the load above, is initially at 0 volts. In order to satisfy Ohm’s and Kirkhoff’s laws, a reflected signal must be created. • Kirkhoff’s law dictates that the current flowing into a node must equal the current leaving it.

The incident, load, and reflected currents obey the following equation:

I I IO L R= − • Kirkhoff’s law states that the loop voltage around a circuit must add up to zero.

We can use this form of Kirkhoff’s law to express the relationship of the voltages in the circuit:

V V VL RO= + • Ohm’s law is used to describe the relationship of the line impedance, Z, and the current:

V I ZL L L= .

Substituting for VL and IL, we get:

[[[[ ]]]]V + V = Z I - IO R L O R

Apply Ohm’s law again, with VR = IR . ZO, since the reflected signal sees the same impedance as the incident signal:

[[[[ ]]]]V VZZ

V VO RL

OO R++++ ==== ��

��

��−−−−

Rearranging terms, we can express the amplitude of the reflected signal as a function of the origi-nal signal:

VV

Z ZZ Z

R

O

L O

L O= −

+

Now let’s revisit our assumption that the load impedance, ZL, is some arbitrary value. An unterminated cable endpoint has an infinite load impedance, so with ZL infinite, the fraction’s value is approximately unity and VO = VR. The reflected current becomes a signal that looks electrically similar to the incident packet, travelling in the opposite direction. Again, the non-ideal physical characteristics of the wire prevent the reflected signal from being a mirror image of the incident signal. At the same time, the end point of the line starts to charge to -2.5 volts, so the voltage V at the endpoint of the wire isn’t precisely 0 volts. The combination of these two effects makes the reflected signal a slightly attenuated version of the original. After several trips down the



length of the cable, the reflected signal is damped out completely. During the voltage rise time, how-ever, reflected signals are making the line ring. The fairly obvious solution is to make the reflection coefficient (the numerator in the fraction above) equal to zero, so that there is no signal reflection. By placing a terminating resistor between the cable and ground, the incident signal is caught and any reflection is suppressed. Ethernet cabling has a characteristic impedance of 50 ohms, which is precisely the value used for termination. Note that the line impedance is seen by AC signals only, and that DC testing of the line itself, without the terminators, should show a DC resistance of a fraction of an ohm. However, this fact can be exploited to perform a simple cable test: With a multimeter set on ohms, measure the DC re-sistance between the centre conductor of the Ethernet and the ground shield on a network with no traf-fic. Do not measure resistance on a live network. The network activity will cause the ohmmeter to give an inexact reading. You may inadvertently create a short on the network, possibly damaging some transceivers equipment. The multimeter should read 25 ohms, half of the terminating resistor value, for a properly terminated Ethernet. The resistance of the entire cable is 25 ohms because it is the effective resistance of the two 50 ohm terminators wired in parallel, joined by two conductors of the Ethernet cable:

R.

e ffectiveR R

R RR====

++++====

1 2

1 2 2

R1 R2

Ehternet Conductor

R1 = R2 = 50 ohms

Figure 135 shows the terminators on an Ethernet cable.

Sometimes the most perplexing network problems stem from a failure in the physical layer. This theo-retical discussion may not help you debug open circuits or locate bad transceivers by watching wave-forms, but it should help you build a mental checklist of potential problems to be used when examining network cabling.


Troubleshooting TCP/IP 110

Troubleshooting TCP/IP:

Introduction: • Resolving most problems requires a methodical approach and the application of your knowledge of

TCP/IP and of your network.

• TCP/IP is a four-layer hierarchy. Problems seen by the user in the Application Layer may be caused by problems in the lower layers.

• IP requires that each system have a globally unique, software-defined address. IP uses the ad-dress to move data through networks and through the layers of software in a host. Unlike networks that use hardware addresses, IP relies on the system administrator to define the correct address. Problems are frequently caused by configuration errors.

• Routing is required to deliver data between any two systems that are not directly connected by the same physical network. Subnetting divides a network into separate physical networks so that rout-ing may even be required within a single enterprise network.

Tree steps in tracking down the real problem are:

• Gather information when the problem is reported, ask the user several questions. What application failed! What is the address and hostname of the remote computer? What is the address and the hostname of the user's computer? What error message was displayed? If possible, have the user verify the problem by running the application while you talk trough it. If possible, duplicate the prob-lem yourself.

• Run preliminary tests using another application, such as PING. Check if the problem occurs in other applications on the user's host. Check if the user's problem occurs with only one remote host, with all remote hosts, or only with hosts off the user's subnet. Check if the problem occurs on other local systems or just on the user's system. Does it fail from your system? How about from other systems on the user's subnet?

• Visualise each protocol and device that handles the user's data. If the problem occurs on some systems and not others, think about difference in the path that data takes from those systems. Think about where and how things could go wrong, to avoids oversimplifying the problem. It also highlights the areas that are most likely cause the user's problem. The problem can be anywhere in the path you visualise.

Some hints on analysing the test results are:

• If only one application is having a problem, the application may misconfigured. If the same applica-tion fails on different local hosts, but only when connecting to a specific remote host, the application may not be available on the remote host. If the application that fails is from a different source than the TCP/IP protocol stack, e.g., a commercial protocol stack and a freeware application, the appli-cation and the stack may not be compatible. The last condition is particularly prevalent in Windows 3.1 and 3.11 when the application is designed for a specific WINSOCK.DLL and a different one is used by the stacks.

• If problems occur on all local PC’s, regardless of the application or the remote host they are con-necting to, the problem is in one of the devices that connects the network to the outside world. If the problem only occurs on systems on a single subnet, the problem is in the device that connects the subnet to the rest of your network. If the problem only occurs on one PC, that PC is probably misconfigured. Check its configuration. If it appears okay, take your laptop and check the network link.



• Pay attention to the error messages. Error messages are often vague, but they contain valuable pointers to the underlying problem.

• The error Unknown host indicates a name server problem. If other computers resolve the

name correctly, the user's PC is probably misconfigured. If no system resolves the name correctly, the name the user has may be wrong or the name server may be misconfigured. Have the user try to connect with the numeric address.

• The error Network unreachable indicates a routing problem. It means that there is no route to the remote host. If no system can reach it, the remote site might be down. If only the user's PC has the problem, check the PC's routing configuration.

• The error Cannot connect or No answer or Connection timed out means that the remote system is not responding. Either the remote system is down or a link between the user's PC and the remote system is down. If the user is trying to connect using a numeric ad-dress, it could mean that the user has the wrong address. Ask him/her to use the remote system's hostname.

Troubleshooting TCP/IP: Deals with the unexpected. Network problems are usually unique and sometimes difficult to resolve. Troubleshooting is an important part of maintaining a stable, reliable network service. Effective trou-bleshooting requires a methodical approach to the problem, and a basic understanding of how the network works. The key to solving a problem is understanding what the problem is. This is not as easy as it may seem. The surface problem is sometimes misleading, and the real problem is frequently ob-scured by many layers of software. When the true nature of the problem is understood, the solution of the problem is often obvious. Approaching a Problem:

• Gather detailed information about exactly what's happening. When the first problem is reported, talk to the user. Find out which application failed. What is the remote host's name and IP address? What is the user's hostname and address? What error message was displayed? If possible, verify the problem by having the user run the application while you talk him/her through it. If possible, du-plicate the problem on your own system.

• Does the problem occur in other applications on the user's host, or is only one application having trouble? If only one application is involved, the application may be misconfigured or disabled on the remote host. Because of rising security concerns, more and more systems are disabling some ser-vices.

• Does the problem occur with only one remote host, all remote hosts, or only certain groups of re-mote hosts? If only one remote host is involved, the problem could easily be with that host. If all remote hosts are involved, the problem is probably with the user's system. If only hosts on certain subnets or external networks are involved, the problem may be related to routing.

• Does the problem occur on other local systems? Make sure you check other systems on the same subnet. If the problem only occurs on the user's host, concentrate testing on that system. If the problem affects every system on a subnet, concentrate on the router for that subnet.

Once you know the symptoms of the problem, visualise each protocol and device that handles the data. Visualising the problem will help you avoid oversimplification, and keep you from assuming that you know the cause even before you start testing.



Troubleshooting Hints:

• Approach problems methodically, don't jump into another test scenario based on a hunch, without ensuring that you can pick up your original test scenario where you left off.

• Keep a historical record of the problems in case it reappears.

• Don't assume a problem seen at the application level is not caused by a problem at a lower level.

• Test each possibility and base your actions on the evidence of the tests.

• Pay attention to error messages.

• Duplicate the reported problem yourself.

• Most problems are caused by human errors.

• Keep your users informed, users want solutions to their problems, they're not interested in specula-tive techno-babble.

• Don't speculate about the cause of the problem while talking to the users.

• Stick to a few simple troubleshooting tools.

• Don't neglect the obvious, a loose Ethernet cable is a very common network problem. Check plugs, connectors, cables, and switches.

• Small things can cause big problems. Diagnostic tools: Most network problems can be solved using the free diagnostic software. Large networks probably need a network analyser, or at least a hardware tester such as a Time Domain Reflectometer (TDR).

ifcongif : Provides information about the basic configuration of the interface. It is useful for detecting bad IP addresses, incorrect subnet masks, and improper broad-cast addresses.

arp : Provides information about Ethernet/IP address translation. It can be used to detect systems on the local network that are configured with the wrong IP address.

netstat : Provides a variety of information. It is commonly used to display detailed sta-tistics about each network interface, network sockets, and the network rout-ing table.

ping : Indicates whether a remote host can be reached.

nslookup : Provides information about the DNS name service.

dig : Provides information about name service.

ripquery : Provides information about the contents of the RIP update packet being sent or received by your system.

traceroute : Tells you which route packets take going from your system to a remote sys-tem. Information about each hop is printed.

etherfind : Analyses the individual packets exchanged between hosts on the network. It is most useful for analysing protocol problems.

Testing Basic Connectivity: The ping command tests whether a remote host can be reached from your computer. This simple function is extremely useful for testing the network connection, independent of the application in which the original problem was detected. Ping allow you to determine whether further testing should be di-rected toward the network connection (the lower layers) or the application (the upper layers). If ping shows that packets can travel to the remote system and back, the user's problem is probably in the upper layers. If packets can't make the round-trip, lower protocol layers are probably at fault.


Abbreviations 113

Abbreviations:

AC Access Control ACK Acknowledgement ADS Acknowledged Datagram Service AFS Andrew File System API Application Programming Interface ARP Address Resolution Protocol AS Autonomous Systems ASN.1 Abstract Syntax Notation One BIOS Basic Input Output System BNC Bus Network Connector BOOTP BOOT Protocol CD Collision Detection CRC Cyclic Redundancy Checksum CSMA Carrier Sence Multiple Access CSMA/CA Carrier Sence Multiple Access/Collision Avoid CSMA/CD Carrier Sence Multiple Access/Collision Detection CSU Channel Service Unit DA Destination Address DDS Digital Data Service DFS Distributed File System DHCP Dynamic Host Configuration Protocol DLP Data Link Protocol DNS Domain Name Service DSAP Destination Service Access Point DSU Digital Service Unit ED Ending Delimiter EFS End-of-Frame Sequence EGP Exterior Gateway Protocol ETR Early Token Release FC Frame Control FCS Frame Check Sequence FS Frame Status FTP File Transfer Protocol GGP Gateway to Gateway Protocol ICMP Internet Control Message Protocol IGP Interior Gateway Protocol IP Internet Protocol IPX Internetwork Packet eXchange IPX/SPX Internetwork Packet eXchange/Sequenced Packet eXchange ISDN Integrated Services Digital Network ISN Initial Sequence Number ISO International Standards Organisation LAN Local Area Network LLC Logical Link Control LSAP Link Service Access Point LSL Link Support Layer MAC Media Access Control MAU Media Access Unit MIME Multipurpose Internet Mail Extensions MLID Multiple Link Interface Drivers MTU Maximum Transmission Unit NBF NetBIOS Frame Protocol NBT NetBIOS over TCP/IP NCP NetWare Core Protocols NDIS Network Driver Interface Specification NetBEUI NetBIOS Extended User Interface


Abbreviations 114

NETBIOS Network Basic Input Output System NFS Network File System NIC Network Interface Card NIS Network Information System NOS Network Operating System NSAP Network Service Access Point NTP Network Time Protocol ODI Open Datalink Interface OSI Open Systems Interconnect OSPF Open Shortest Path Protocol PAD Packet Assembly/Disassembly PING Packet Internet Groper PAR Positive Acknowledgement with Retransmission PDC Primary Domain Controller PDU Protocol Data Unit POP Post Office Protocol PPP Point-to-Point Protocol RARP Reverse Address Resolution Protocol RFC Request For Comments RFS Remote File System RIP Routing Information Protocol RPC Remote Procedure Call SA Source Address SAP Service Access Point SD Starting Delimiter SFD Start Frame Delimiter SFS Start-of-Frame Sequence SGMP Simple Gateway Management Protocol SMB Service Message Block SMI Structure of Management Information SMTP Simple Mail Transfer Protocol SNA System Network Architecture SNMP Simple Network Management Protocol SPX Sequenced Packet eXchange SSAP Source Service Access Point STP Shielded Twisted-Pair SYN Synchronising Segment TCB Transmission Control Block TCP Transmission Control Protocol TCP/IP Transmission Control Protocol/Internet Protocol TDI Transport Driver Interface TDM Time-Division Multiplexing TDR Time Domain Reflectometer TELNET Terminal Networking TFTP Trivial File Transfer Protocol TLI Transport Layer Interface TSAP Transport Service Access Point UDP User Datagram Protocol UDS Unacknowledged Datagram Service ULP Upper Layer Protocol UNC Universal Naming Convention UTP Unshielded Twisted-Pair VCS Virtual Circuit Service WAN Wide Area Network WINS Windows Internet Name Service WWW World Wide Web XDR eXternal Data Representation


Table of Figures 115

Table of Figures: Figure 1 shows different possibilities for communication of great distance............................................................ 1 Figure 2 shows the symbol used for a Twisted-Pair line tag................................................................................... 2 Figure 3 shows the symbol used for a Coaxial line tag. ......................................................................................... 2 Figure 4 shows the symbol used for a Fibre-optic line tag. .................................................................................... 3 Figure 5 shows the symbol used for a Network Interface Card. ............................................................................. 4 Figure 6 shows the symbol used for a Client.......................................................................................................... 4 Figure 7 shows the symbol used for a Server. ....................................................................................................... 4 Figure 8 shows a Client-Server model.................................................................................................................... 5 Figure 9 shows Local Resources............................................................................................................................ 5 Figure 10 shows Remote Resources...................................................................................................................... 5 Figure 11 shows a Node......................................................................................................................................... 6 Figure 12 shows the symbols used for a Concentrator. ......................................................................................... 6 Figure 13 shows the symbol used for a Hub. ......................................................................................................... 6 Figure 14 shows the symbol used for a Repeater. ................................................................................................. 6 Figure 15 shows the symbol used for a Bridge....................................................................................................... 6 Figure 16 shows the symbol used for a Router. ..................................................................................................... 7 Figure 17 shows the symbol used for a Gateway. .................................................................................................. 7 Figure 18 shows the symbol used for a Backbone. ................................................................................................ 7 Figure 19 shows a schematic of a bus network...................................................................................................... 8 Figure 20 shows a schematic of a machine-to-machine bus network. ................................................................... 8 Figure 21 shows a schematic of a Token Ring network. ........................................................................................ 9 Figure 22 shows the token access method in a Token Ring network..................................................................... 9 Figure 23 shows a schematic of a star network.................................................................................................... 10 Figure 24 shows a schematic of a hub network.................................................................................................... 10 Figure 25 shows fragmentation and reassemble of a message on a circuit switching network. ......................... 11 Figure 26 shows fragmentation and reassemble of a message on a packet switching network. ......................... 11 Figure 27 shows a schematic of a Backbone Network. ........................................................................................ 12 Figure 28 shows a schematic of a Thinnet Network. ............................................................................................ 12 Figure 29 shows a schematic of a 10BASET Network. ........................................................................................ 12 Figure 30 shows the seven-layer Open Systems Interconnection Reference Model. .......................................... 14 Figure 31 shows an example of a data frame....................................................................................................... 16 Figure 32 shows how simple delivering of a frame on a local network can be. .................................................... 16 Figure 33 shows the schematic of a single, local network.................................................................................... 18 Figure 34 shows the schematic of a bridged network........................................................................................... 18 Figure 35 shows the schematic of a subnetted network....................................................................................... 18 Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network..................................... 19 Figure 37 shows Headers and the OSI protocol layers. ....................................................................................... 22 Figure 38 shows the Protocol Data Unit layout..................................................................................................... 22 Figure 39 shows the receiving computer risks losing data whenever its communication buffers become full. .... 25 Figure 40 shows the format of the LLC protocol data unit. ................................................................................... 26 Figure 41 shows the format of an IEEE 802 MAC address. ................................................................................. 26 Figure 42 shows IEEE 802 standards related to the OSI reference model. ......................................................... 26 Figure 43 shows the schematic of an Ethernet network. ...................................................................................... 27 Figure 44 shows collisions on an Ethernet. .......................................................................................................... 28 Figure 45 shows the structure of an Ethernet II frame.......................................................................................... 29 Figure 46 shows the structure of an Ethernet II Node Address. ........................................................................... 29 Figure 47 shows the format of a IEEE 802.3 Frame............................................................................................. 30 Figure 48 shows the format of the SNAP data format. ......................................................................................... 31 Figure 49 shows the token access method in a ring network. .............................................................................. 32 Figure 50 shows how Token Rings are wired in a star. ........................................................................................ 33 Figure 51 shows the format of a Token Ring frame.............................................................................................. 33 Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the OSI

model. ........................................................................................................................................................... 35 Figure 53 provides a generic illustration of a data packet moving through the different protocol layers of the OSI

model. ........................................................................................................................................................... 35 Figure 54 shows a more specific example of an application packet moving through a TCP/IP network. ............. 36 Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program. ............... 37 Figure 56 shows an internetwork consisting of several networks. ........................................................................ 39 Figure 57 illustrates one method of time-division multiplexing of digital signals................................................... 39 Figure 58 depict a more advanced technique, statistical time-division multiplexing............................................. 39 Figure 59 illustrates circuit switching. ................................................................................................................... 40 Figure 60 illustrates packet switching. .................................................................................................................. 40 Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model. ....................... 41 Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.......................... 42



Figure 63 illustrates Hop-count routing................................................................................................................. 42 Figure 64 shows connecting remote sites with a Digital Leased Circuit. .............................................................. 44 Figure 65 shows the Layers in the TCP/IP Protocol Architecture. ........................................................................ 44 Figure 66 shows TCP/IP Data Encapsulation....................................................................................................... 44 Figure 67 shows Data Structures. ........................................................................................................................ 44 Figure 68 shows the processing of data during the transmission and the receiving for TCP. .............................. 44 Figure 69 shows processes/applications and protocols that rely on the Network Access Layer for the delivery of

data to their counterparts across the network............................................................................................... 44 Figure 70 shows the IP Datagram Format............................................................................................................ 44 Figure 71 shows Routing Through Gateways....................................................................................................... 44 Figure 72 shows the ICMP Header Format. ......................................................................................................... 44 Figure 73 shows processes/applications and protocols rely on the Internet Layer for the delivery of data to their

counterparts across the network................................................................................................................... 44 Figure 74 shows the UDP Datagram Format........................................................................................................ 44 Figure 75 shows the relationship between UDP and IP headers.......................................................................... 44 Figure 76 shows the data segment format of the TCP Protocol. .......................................................................... 44 Figure 77 shows the format of the TCP pseudoheader. ....................................................................................... 44 Figure 78 shows TCP establishes virtual circuits over which applications exchange data................................... 44 Figure 79 shows a Three-Way Handshake. ......................................................................................................... 44 Figure 80 shows the positive acknowledgement with retransmission technique.................................................. 44 Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments. ......................... 44 Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0....................................... 44 Figure 83 shows how data are processed as the travel down the protocol stack, through the network, and up the

protocol stack of the receiver........................................................................................................................ 44 Figure 84 shows processes/applications and protocols rely on the Transport Layer for the delivery of data to their

counterparts across the network................................................................................................................... 44 Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway. ...................................................................... 44 Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of data to

their counterparts across the network........................................................................................................... 44 Figure 87 shows the IP address classes. ............................................................................................................. 44 Figure 88 shows host communication on a local network. ................................................................................... 44 Figure 89 shows IP addresses with and without subnetting. ................................................................................ 44 Figure 90 shows host communication with subnetting. ........................................................................................ 44 Figure 91 shows a view of routing. ....................................................................................................................... 44 Figure 92 shows the Internet Routing Architecture............................................................................................... 44 Figure 93 shows a flowchart depiction of the IP routing algorithm. ...................................................................... 44 Figure 94 show the operation of ARP................................................................................................................... 44 Figure 95 shows the layout of an ARP request or ARP reply. .............................................................................. 44 Figure 96 shows Routing Domains....................................................................................................................... 44 Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the Ethernet data

frame............................................................................................................................................................. 44 Figure 98 shows Protocol and Port Numbers. ...................................................................................................... 44 Figure 99 shows the protocol interdependency between Application level protocols and Transport level proto-

cols. .............................................................................................................................................................. 44 Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the targeted

TCP/IP applications. ..................................................................................................................................... 44 Figure 101 shows the exchange of port numbers during the TCP handshake. .................................................... 44 Figure 102 shows the format of the Host.txt records. ........................................................................................... 44 Figure 103 shows resolution of a DNS query. ...................................................................................................... 44 Figure 104 shows Domain Hierarchy.................................................................................................................... 44 Figure 105 shows organisation of the DNS name space...................................................................................... 44 Figure 106 shows NIS masters, slaves, and clients. ............................................................................................ 44 Figure 107 shows Remote Procedure Call Execution. ......................................................................................... 44 Figure 108 shows the TCP/IP family tree. ............................................................................................................ 44 Figure 109 shows Multiple Protocol Stacks. ......................................................................................................... 44 Figure 110 shows the BOOTP message format. .................................................................................................. 44 Figure 111 illustrates an example of a network running DHCP. ........................................................................... 44 Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a DHCP client

obtains a lease from a DHCP server. ........................................................................................................... 44 Figure 113 shows the life cycle of a DHCP address lease. .................................................................................. 44 Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-layer model.44 Figure 115 illustrates how a single workstation can be utilise to access both network environments.................. 44 Figure 116 outlines a sample configuration of a NOS server as a gateway. ........................................................ 44 Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use any stan-

dard WinSock application. ............................................................................................................................ 44 Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT. ............. 44 Figure 119 shows an Internet server isolated from the local network................................................................... 44 Figure 120 shows an Internet server that connect to the Internet using TCP/IP. ................................................. 44



Figure 121 shows an insecure Internet connection. ............................................................................................. 44 Figure 122 shows a comparison between a firewall and an IP router. ................................................................. 44 Figure 123 shows a basic firewall/Internet server combination. ........................................................................... 44 Figure 124 shows a firewall configuration that poses potential problems............................................................. 44 Figure 125 shows a more secure firewall configuration........................................................................................ 44 Figure 126 illsutrates networks using both Internal and External Firewalls. ......................................................... 44 Figure 127.shows the Microsoft Network Protocol Architecture. .......................................................................... 44 Figure 128 shows priority of DHCP options. ......................................................................................................... 44 Figure 129 shows B-node name resolution. ......................................................................................................... 44 Figure 130 shows P-node name resolution. ......................................................................................................... 44 Figure 131 shows the architecture of a WINS name service................................................................................ 44 Figure 132 shows a network with several WINS replication partnerships. ........................................................... 44 Figure 133 shows a drawing how a real-world Ethernet cable looks. ................................................................... 44 Figure 134 shows the signal on an Ethernet. ....................................................................................................... 44 Figure 135 shows the terminators on an Ethernet cable. ..................................................................................... 44


Index 118

Index:

—1— 10BASE2 ........................................................................2 10BASE5 ........................................................................2 10BASET Network .......................................................12

—8— 802 LAN Physical Address ...........................................26

—A— Abbreviations.............................................................113 Abstract Syntax Notation One.......................................96 AC.................................................................................34 Access Control ..............................................................34 Access method’s ...........................................................24 Accident-proof network ..................................................1 Acknowledged Datagram Service .................................25 Activity Management....................................................21 Address Resolution .......................................................63 Address Resolution Protocol...........48, 58, 63, 74, 75, 79 Addressing, Routing, and Multiplexing.....................58 ADS ..............................................................................25 AFS ...............................................................................86 An Internet ....................................................................17 An Internetwork ............................................................17 An overview of TCP/IP components ..........................72 Andrew File System......................................................86 API....................................................................78, 87, 97 Application layer...........................................................21 Application Programming Interface ..................78, 87, 97 Approaching a Problem ..............................................111 Architecture of the IEEE 802 Standards .......................24 Architecture of the Windows Internet Name Service..101 ARP.................................................48, 58, 63, 74, 75, 79 AS .................................................................................61 ASN.1 ...........................................................................96 Asynchronically ..............................................................1 Automatic allocation .....................................................81 Autonomous Systems....................................................61

—B— Backbone ....................................................................7, 8 Backbone Network........................................................12 Backplane......................................................................10 Basic Input Output System............................................78 BIOS .............................................................................78 BNC connectors ..............................................................2 B-node.........................................................................100 Boot Protocol ..........................................................74, 76 BOOTP ...................................................................74, 76 BOOTREPLY packet....................................................80 BOOTREQUEST packet...............................................80 Bootstrap Protocol ........................................................80 Bridge .......................................................................6, 41 Bridges, Routers, and Switches.....................................41 Broadband.....................................................................39 Building an Internet Server ........................................91

Bus ..................................................................................8 Bus Network Connector ..................................................8 Bus Networks ..................................................................8

—C— Canonical form..............................................................70 Carrier Sence.................................................................27 Carrier Sence Multiple Access ......................................27 Carrier Sence Multiple Access/Collision Avoid............27 Carrier Sence Multiple Access/Collision Detection ......27 CD.................................................................................28 Channel Service Unit ....................................................44 Characteristics of Layered Architectures.......................13 Characteristics of Layered Protocols.............................22 Cheapernet ......................................................................2 Checking remote hosts ..................................................51 Circuit ...........................................................................40 Circuit Switching ..........................................................40 Circuit-Switched networks ............................................11 Client...............................................................................4 Client-Server model ........................................................5 Coaxial cable...................................................................2 Collision........................................................................28 Collision Detection .......................................................28 Communication Protocols.............................................13 Concentrator..............................................................6, 10 Connectionless Protocols ..............................................41 Connection-oriented......................................................41 Contention.....................................................................24 CRC ........................................................................29, 31 Creating Domains and Subdomains ..............................68 CSMA ...........................................................................27 CSMA/CA.....................................................................27 CSMA/CD.....................................................................27 CSU...............................................................................44 Cyclic Redundancy Checksum................................29, 31

—D— DA.................................................................................34 Data Field......................................................................29 Data Frame..............................................................15, 16 Data Link Layer ............................................................15 Data Section ..................................................................33 Data Stream Maintenance .............................................55 Data-communication .......................................................1 Datagram.....................................................20, 41, 48, 72 Datagram Delivery ........................................................20 Data-processing...............................................................1 Data-transmission............................................................1 DDS ..............................................................................44 Decapsulation................................................................23 Dedicated Leased Lines.................................................44 Delivering Data Through Internetworks ...................39 Demultiplexer................................................................39 Demultiplexing..............................................................20 Demux...........................................................................39 Destination Address ......................................................34 Destination and Source address...............................29, 31 Destination Service Access Point..................................26 Detecting unreachable destinations ...............................50


Index 119

Device ...........................................................................16 DFS...............................................................................86 DHCP......................................................................80, 81 DHCP Concept and Operation......................................98 Diagnostic tools ..........................................................112 Digital Data Service.....................................................44 Digital Service Unit ......................................................44 Distributed File System.................................................86 DLC ..............................................................................97 DNS ..........................................................66, 73, 75, 106 DNS Windows Name Resolution..................................79 Domain Name Service ....................................66, 67, 106 Domain Name System.............................................73, 75 Domain Names..............................................................68 DSAP ............................................................................26 DSU ..............................................................................44 Dynamic allocation .......................................................81 Dynamic Host Configuration Protocol....................80, 81 Dynamically Allocated Port ..........................................66

—E— Early Token Release .....................................................32 ED.................................................................................34 EFS ...............................................................................33 EGP.........................................................................76, 96 Encapsulation................................................................46 End Systems..................................................................19 Ending Delimiter...........................................................34 End-of-Frame Sequence................................................33 Ethernet Address...........................................................17 Ethernet PVC coax..........................................................2 Exporting a directory ....................................................84 Exterior Gateway Protocol ......................................76, 96 eXternal Data Representation .................................57, 70

—F— FC .................................................................................34 FCS ...................................................................29, 31, 34 Fibre-optic cable .............................................................3 Fields.............................................................................16 File Sharing...................................................................86 File Transfer Protocol .............................................73, 76 Flow Control .................................................................50 Fragmentation .........................................................48, 50 Fragmenting Datagrams ................................................50 Frame Check Sequence .....................................29, 31, 34 Frame Control ...............................................................34 Frame Status..................................................................34 Frames...........................................................................16 Frames and Network Interfaces.....................................17 FS..................................................................................34 FTP .........................................................................73, 76

—G— Gateway ..............................................................7, 19, 48 Gateway Protocols ........................................................76 Gateway-to-Gateway Protocol ................................61, 76 GGP ........................................................................61, 76

—H— Handshake.....................................................................54

Header ...........................................................................46 Heterogeneous Network................................................13 H-node ........................................................................101 Host address ..................................................................58 Host name .....................................................................66 Host table ......................................................................66 Hosts .............................................................................19 Host-to-Host Transport Layer .......................................51 How Ethernet Works.....................................................27 How Token Ring Works................................................31 Hub..................................................................................6 Hub Network.................................................................10

—I— ICMP.................................................................50, 72, 75 IEEE 802.3 Frames .......................................................30 IEEE 802.3 Media.........................................................30 IEEE 802.3 Networks....................................................27 IEEE 802.5 Frames .......................................................33 IEEE 802.5 Networks....................................................31 IEEE LAN’s.................................................................24 IGP ................................................................................76 Implementing TCP/IP .................................................77 Implementing TCP/IP over IEEE 802.3........................31 Index ...........................................................................118 Informatics ......................................................................1 Information Field ..........................................................34 Initial Sequence Number...............................................53 Integrated Services Digital Network .............................45 Interaction of TCP/IP and Other Protocols...............87 Interior Gateway Protocol .............................................76 Intermediate Systems ....................................................19 International Standards Organisation ............................13 Internet ..........................................................................44 Internet Control Message Protocol....................50, 72, 75 Internet Group Names .................................................103 Internet Protocol..........................................17, 48, 72, 75 Internet Routing Architecture........................................61 Internetwork Layer ........................................................48 Internetwork Packet eXchange......................................98 Introduction ...................................................................1 IP 17, 48, 72, 75 IP Address...............................................................48, 58 IP Address Classes ........................................................59 IP Datagram Format ......................................................49 IP Host Address ............................................................58 IPX................................................................................98 ISDN .............................................................................45 ISN................................................................................53 ISO................................................................................13 Isolating the Server .......................................................91

—L— LAN ..............................................................................10 Layer .............................................................................13 Layered Architecture.....................................................13 Leased line ....................................................................44 Length Field ..................................................................31 Limited Broadcast Address ...........................................80 Link Service Access Point.............................................24 Link Support Layer .......................................................37 Links .............................................................................10 LLC...............................................................................24


Index 120

LLC Data Field .............................................................31 LMHOSTS....................................................................99 LMHOSTS File Lookup ...............................................79 Local Area Networks ....................................................10 Local Device ...................................................................5 Local Resource................................................................5 Logical Link Control.....................................................24 LSAP.............................................................................24 LSL ...............................................................................37

—M— MAC .................................................................17, 26, 36 Machine-to-Machine network.........................................8 Managed Network Entity ..............................................95 Managing Connections .................................................56 Managing DNS ...........................................................106 Managing LMHOST Files ..........................................105 Managing WINS ...........................................................99 Manual allocation .........................................................81 Maps .............................................................................69 MAU ...............................................................................9 Maximum Transmission Unit..................................17, 50 Media Access Control .............................................17, 36 Media Access Unit ..........................................................9 Medium Access Control................................................26 Microsoft Network Protocol Architecture.....................97 Microsoft Network Protocols........................................97 Microsoft TCP/IP ........................................................97 MIME ...........................................................................85 MLID ............................................................................37 M-node........................................................................101 Mounting a directory.....................................................84 MTU .......................................................................17, 50 Multihomed Names.....................................................102 Multiple Link Interface Drivers ....................................37 Multiple Protocol Stacks...............................................77 Multiplexer....................................................................39 Multiplexing......................................................20, 39, 64 Multipurpose Internet Mail Extensions.........................85 Mux...............................................................................39

—N— Name Resolution with HOSTS Files...........................106 Names and Addresses ...................................................66 Naming versus Browsing ............................................104 NBF...................................................................78, 97, 98 NBT ................................................................78, 97, 100 NCP ..............................................................................98 NDIS .......................................................................36, 97 NetBEUI .......................................................................77 NetBEUI Frame Protocol..............................................98 NETBIND.....................................................................37 NetBIOS........................................................................77 NetBIOS Frame.............................................................78 NetBIOS Frame protocol ..............................................97 NetBIOS over TCP/IP.....................................78, 97, 100 NetWare Core Protocol.................................................98 Network Access Layer ..................................................47 Network Address.....................................................18, 75 Network Components....................................................4 Network Driver Interface Specification ........................97 Network Driver Interface Standard ...............................36 Network File Server ......................................................73

Network File System.........................................76, 84, 86 Network Information Service ..................................68, 76 Network Interface Card ...................................................4 Network Layer...............................................................17 Network Media ..............................................................2 Network Medium ............................................................2 Network Operating System .............................................4 Network Time Protocol ...........................................74, 76 Network Topology ..........................................................8 Networks ........................................................................8 Next Hop.......................................................................62 NFS .............................................................73, 76, 84, 86 NIC..................................................................................4 NIS ..........................................................................68, 76 NIS maps.......................................................................68 Node....................................................................6, 10, 16 Normal Group Names .................................................103 NOS ................................................................................4 NOS Gateways and Servers...........................................88 NOS Support for Native IP ...........................................89 NTP.........................................................................74, 76 NWLink ..................................................................97, 98

—O— Object Identifier ............................................................96 Object Identifier Hierarchy ...........................................96 ODI ...............................................................................37 ODINSUP.COM ...........................................................38 Open Datalink Interface ................................................37 Open Shortest Path First ...............................................75 Open Systems Interconnect ...........................................13 Operating Dual Protocol Stacks ....................................36 OSI ................................................................................13 OSPF.............................................................................75 Other Special Names...................................................103

—P— Packet....................................................11, 16, 17, 18, 41 Packet Switching...........................................................40 Packet-Switched networks ............................................11 PAR...............................................................................52 Passing Datagrams to the Transport Layer ....................50 PDC.............................................................................104 PDU ............................................................22, 29, 31, 95 Peer-to-Peer Communication ........................................23 Peer-to-Peer network.......................................................8 Physical Layer ...............................................................14 P-node .........................................................................100 Polling.....................................................................24, 95 POP ...............................................................................85 Port Numbers ................................................................65 Positive Acknowledgement with Retransmission..........52 Post Office Protocol ......................................................85 Preamble .................................................................29, 31 Presentation Layer.........................................................21 Primary Domain Controller.........................................104 Probabilistic Access Method.........................................31 Process/Application Layer ............................................57 PROTMAN.DOS ..........................................................36 PROTMAN.OS2 ...........................................................36 Protocol Data Unit ......................................22, 29, 31, 95 Protocol Manager Program ...........................................36 Protocol Numbers .........................................................65


Index 121

Protocol Stack.........................................................13, 14 PROTOCOL.INI ...........................................................37 Protocols and Protocol Stacks ....................................35 Protocols, Ports, and Sockets ........................................64 Providing Full Internet Connectivity ............................91

—R— RARP..........................................................64, 74, 75, 79 Redirecting routes .........................................................51 Redirectors and File Sharing.........................................87 Reliability and Acknowledgement ................................54 Reliable Delivery Protocol............................................72 Remote File System ......................................................86 Remote Procedure Call .....................................70, 73, 76 Remote Procedure Call Execution ................................70 Remote Resource ............................................................5 Repeater ..........................................................................6 Request For Comments .................................................46 Resolving Names on Microsoft Networks...................100 Reverse Address Resolution Protocol .........64, 74, 75, 79 RFC...............................................................................46 RFS ...............................................................................86 RG-58 .............................................................................2 Ring Network..................................................................9 RIP ..........................................................................61, 75 RJ-11...............................................................................2 RJ-45...........................................................................2, 8 Root server....................................................................67 Router .....................................................7, 17, 18, 41, 42 Routing .......................................................18, 48, 60, 75 Routing Datagram.........................................................50 Routing Information Protocol .................................61, 75 RPC...................................................................70, 73, 76

—S— SA .................................................................................34 SAP ...............................................................................19 Scopes .....................................................................82, 98 SD .................................................................................34 Segment ........................................................................52 Sequenced Packet eXchange.........................................98 Server ..............................................................................4 Service Access Point .....................................................19 Service Message Block .................................................78 Session Layer ................................................................20 SFD...............................................................................31 SFS................................................................................33 SGMP ...........................................................................96 Shielded Twisted-Pair .....................................................2 Simple Gateway Management Protocol ........................96 Simple Mail Transfer Protocol..........................73, 76, 84 Simple Network Management Protocol ......28, 73, 76, 95 SMB..............................................................................78 SMI ...............................................................................96 SMTP......................................................................73, 76 SNMP ...................................................28, 73, 76, 84, 95 Socket .....................................................................55, 66 Some examples of common used networks...................12 Source Address .............................................................34 Source Routing .............................................................42 Source Service Access Point .........................................26 Spanning-tree algorithm................................................42 SPX...............................................................................98

SSAP.............................................................................26 Star Network .................................................................10 Start Frame Delimiter....................................................31 Start-of-Frame Sequence...............................................33 Station ...........................................................................16 Stat-MUX......................................................................39 STP..................................................................................2 Structure of Management Information ..........................96 Subdomains...................................................................68 Subnet ...........................................................................59 Switche....................................................................41, 43 Switched Digital Lines ..................................................45 Switching Data ..............................................................40 Synchronically.................................................................1

—T— Table of Figures ..........................................................115 T-connector .....................................................................8 TCP .................................................19, 51, 52, 72, 75, 84 TCP Segment Format ....................................................53 TCP/IP ..............................................................17, 97, 98 TCP/IP Applications .....................................................79 TCP/IP Protocols Inside a Sample Gateway .................57 TDI..........................................................................90, 97 TDR.............................................................................112 Telecommunication.........................................................1 Telematics .......................................................................1 Telnet ......................................................................73, 76 Terminology..................................................................24 Testing Basic Connectivity .........................................112 TFTP .......................................................................74, 76 The Domain Hierarchy..................................................67 The Host Table..............................................................66 The Internet ...................................................................17 The Internet Model .....................................................46 The Network Information Centre Host Table................67 The Routing Table.........................................................61 The seven-layer OSI Reference Model.......................13 The Starting Delimiter...................................................34 The TCP/IP Family of Protocols ................................75 The way data are delivered through internetworks........39 Thick coax.......................................................................2 Thin coax ........................................................................2 Thin Ethernet ..................................................................2 Thinnet Network ...........................................................12 Three-Way Handshake ..................................................54 Time Domain Reflectometer .......................................112 Time-Division Multiplexing..........................................39 TMD..............................................................................39 Token Passing ...............................................................24 Token Ring......................................................................9 Transmission Control Protocol .............19, 51, 52, 72, 84 Transmission Line Theory ........................................107 Transport .......................................................................75 Transport Control Protocol ...........................................75 Transport Driver Interface.......................................90, 97 Transport Layer .............................................................19 Trap-directed polling.....................................................95 Trivial File Transfer Protocol..................................74, 76 Troubleshooting Hints.................................................112 Troubleshooting TCP/IP...................................110, 111 T-shaped connector .........................................................8 Twisted-pair cable ...........................................................2 Type field ......................................................................29


Index 122

—U— UDP ............................................................19, 51, 72, 75 UDS ..............................................................................25 ULP...............................................................................24 Unacknowledged Datagram Service .............................25 UNC............................................................................105 Universal Naming Convention....................................105 Unreliable......................................................................41 Unshielded Twisted-Pair.................................................2 Upper-Layer Protocols..................................................24 Upper-Level Protocol driver ...................................36, 37 User Datagram Protocol..............................19, 51, 72, 75 User services .................................................................76 UTP.................................................................................2

—V— VCS...............................................................................25 Virtual Circuit Service ..................................................25

—W— WAN .............................................................................12 What TCP/IP provides ..................................................46 Wide Area Networks .....................................................12 Windows Internet Name Service.............................78, 99 WINS ..............................................................78, 99, 101

—X— XDR........................................................................57, 70

Tcpip

Documents

Transcript of Tcpip