You are on page 1of 292

M.Sc.

Information Technology
(DISTANCE MODE)

DIT 116 Network Protocols

I SEMESTER COURSE MATERIAL

Centre for Distance Education
Anna University Chennai Chennai – 600 025

Author

Dr. P. Yogesh
Senior Lecturer Department of Computer Science and Engineering Anna University Chennai Chennai – 600 025

Reviewer

Dr. Ranjani Parthasarathy
Professor Department of Computer Science and Engineering Anna University Chennai Chennai – 600 025

Editorial Board

Dr. C. Chellappan
Professor Department of Computer Science and Engineering Anna University Chennai Chennai – 600 025

Dr. T.V. Geetha
Professor Department of Computer Science and Engineering Anna University Chennai Chennai – 600 025

Dr. H. Peeru Mohamed
Professor Department of Management Studies Anna University Chennai Chennai – 600 025

Copyrights Reserved (For Private Circulation only)

ACKNOWLEDGEMENT

I would like to convey my sincere thanks to Dr. C. Chellappan, Professor and Deputy Director, Centre for Distance Education, Anna University, Chennai for providing me the opportunity to prepare this course material. I thank my wife Mrs. A. Thiruchelvi and for master Y. Mukil kumar for their constant encouragement in preparing this course material. I have drawn inputs from several sources for the preparation of this course material, to meet the requirements of the syllabus. The author gratefully acknowledges the following sources    Dougles E Corner internet working with TCP / IP – Principles, Protocols and Architectures, “ Fourth Edition, Prentice Hall of India, 2002. Behrouz A Forouzan, TCP /IP protocol suite “ Third Edition Tata McGraw Hill Edition, 2006 Uyless Black, “Computer Networks – Protocols, Standards and Interfaces Second Edition, Prentice Hall of India, 2002.

Dr. P.Yogesh Senior Lecturer Department of Computer Science and Engineering Anna University, Chennai – 25.

.

Comer. Udupa. UNIT III The Domain Name System (DNS) – Applications : Remote Login (TELNET. IMAP. NFS). “Network Management System essentials”. Protocols and Architectures. Routing : Exterior Gateway Protocols and Autonomous Systems (BGP) UNIT II Internet Multicasting – Mobile IP – Bootstrap And Auto configuration (BOOTP. Standards and Interfaces”. ‘Computer Networks – Protocols. 2. Delhi. Fourth Edition. Rlogin) – File Transfer and Access (FTP. TFTP. . 1999. 2002. TEXT BOOK 1. POP. Tail Drop and TCP – Random Early Discard. Second Edition. UNIT V Applications : Internet Management (SNMP) – Internet Security and Firewall Design (Ipsec) – The Future of TCP / IP (IPV6).DIT 116 NETWORK PROTOCOLS UNIT I Internet Protocol : Routing IP Datagrams – Error and Control Messages (ICMP). UNIT IV Applications : Electronic Mail (SMTP. Douglas E. REFERENCES 1. Prentice – Hall of India Private Limited. DHCP). “Internetworking with TCP / IP – Principles. McGraw Hill. Uyless Black. Prentice Hall of India. Response to congestion – congestion. Reliable Stream Transport Service (TCP) : TCP State Machine. MIME) – World Wide Web (HTTP) – Voice and Video over IP (RTP). 2002.

.

3 1.4 2.12 1.2 3.10 1.4 3.11 1.13 1.7 3.14 Introduction Learning Objectives TCP/IP Reference Model Internet Architecture and Design Philosophy Routing in an internet Internet Protocol (IP) Internet Control Message Protocol Necessity of Transport Layer TCP State Machine Timer management of TCP Congestion Control Behavior of TCP Congestion-control Mechanisms in Network Layer User Datagram Protocol Autonomous Systems NOTES UNIT .3 3.2 1.5 2.6 1.4 1.9 Introduction Learning Objectives Domain Name System Shared File Access File Transfer Protocol Trivial File Transfer Protocol Network File System TELNET Protocol Rlogin (BSD UNIX) 1 Anna University Chennai .1 1.3 2.8 1.1 2.2 2.8 3.5 3.7 1.6 2.1 1.7 2.5 1.8 Introduction Learning Objectives Obtaining IP Addresses IP Multicast Internet Group Management Protocol Multicast Routing Issues and Protocols Multicasting over the Internet Mobile IP UNIT .DIT 116 NETWORK PROTOCOLS UNIT .6 3.2 2.1 3.3 3.9 1.

1 5.5 Electronic Mail 4.4 4.2 Learning Objectives 4.DIT 116 NETWORK PROTOCOLS NOTES UNIT .5 5.6 5.9 Real-Time Transport Protocol (RTP) 4.4 5.7 Message Formats 4.10 IP Telephony and Signaling UNIT .6 Protocols of E-Mail System 4.5 5.3 5.7 5.4 Hyper Text Transfer Protocol 4.8 Introduction Learning Objectives Network Management Simple Network Management Protocol Network Security IP Security (IPSec) Firewalls and Internet Access The Future of TCP/IP Anna University Chennai 2 .3 World Wide Web 4.8 Multimedia Applications 4.2 5.1 Introduction 4.

In order to understand how data is sent from one machine situated at one corner of the world to another machine situated at another corner of the world. The discussion about TCP gives you the details about these events. Overall.1 INTRODUCTION Internet is a packet switched network that provides the world wide connectivity to its users. 1. The communication software that provides this ability is the TCP (Transmission Control Protocol)/IP (Internet Protocol) protocol stack.DIT 116 NETWORK PROTOCOLS UNIT . To fully understand the functioning of the Internet.1 NOTES Network Protocols 1. this unit gives you the foundation to understand the rest of the units of this subject.2          LEARNING OBJECTIVES To understand the basics of network reference models To introduce TCP/IP reference model To discuss about the issues of routing To study the various fields of IP To understand the necessity of ICMP To understand the end-to-end issues of the data communication To discuss the TCP protocol in detail To understand the various congestion control policies To discuss the idea of Autonomous Systems 3 Anna University Chennai . Internet enables its users to exchange the information among them even if they are geographically separated across continents. Finally this unit makes you understand the concept of autonomous systems. the core protocol of the entire stack and its adjunct protocol ICMP (Internet Control Message Protocol). it is necessary to understand the events that are likely to happen once the datagram reaches the destination. The unit then discusses IP. This unit introduces you to the TCP/IP reference model and the various operations that are required to transmit the data across multiple networks. it is necessary to understand the various protocols of this protocol suite.

each one built upon the one below it. the forerunner of the Internet was using a set of protocols during its initial deployment and demonstration. one per layer. However the term ‘internet’ is different from the global ‘Internet’. During these demonstrations. The short form of internetwork is internet. Initially.DIT 116 NETWORK PROTOCOLS NOTES 1. In a computer network. (Please note the capitalization of the letter i in the global Internet).3. 1. the researchers of ARPA realized the limitations of the existing protocols and initiated more research on protocols with the aim of developing a protocol suite that works better in a highly internetworked environment. A set of layers and protocols is called network architecture. To exchange the information and to provide some useful services.1 TCP/IP REFERENCE MODEL Network Software Basically a computer network is an interconnection of computers. A computer in N1 can communicate with any other computer in N1. Layer n on one machine communicates with layer n on another machine. The set of protocols followed by a communication system. the basic requirement to provide useful services to the users. The process of interconnecting different networks is called internetworking and the resultant network is called an internetwork. is called a protocol stack. shielding those layers from the implementation details of the services. However. Such a communication is not possible as long as N1 and N2 function like islands.3. apart from network N1 many other networks also exists in the world. a computer network N1 is formed by interconnecting a set of computers. To reduce the design complexity. network software is organized as a stack of layers or levels. This may give you an idea that. The outcome of their research is TCP/IP protocol suite and you are going to learn about this particular protocol stack in detail in this unit. the fact is just a physical interconnection of a set of computers can not provide any useful service.2 Internetworking and the Internet As you know. The rules and conventions followed in this communication are collectively known as layer n protocol. network software is highly structured. Interconnection of networks N1 and N2 is necessary to achieve the above communication. ARPANET (Advanced Research Projects Agency Network). you should understand that software also plays a major role in networking. Now a days.3 1. computer networks were designed with the hardware as the main concern and software was not given due importance. The fact is. This strategy failed as the expectations of the users increased. The purpose of each layer is to offer certain services to the higher layers. interconnected computers should be able to exchange information among them. it is sufficient to provide the mere physical interconnection between these computers. Assume that host Hx of network N1 wants to communicate with host Hy of N2. Internetworking is difficult since internetworking Anna University Chennai 4 .

DIT 116 NETWORK PROTOCOLS involves incompatible networks. you need special computers that are willing to transfer packets from one network to another.1 TCP/IP Reference Model 5 Anna University Chennai . 1. Computers that interconnect two networks and pass packets from one to the other are called internet gateways or internet routers. electronic mail etc is a packet switched network to which billions of users. Nj. Since the underlying network is a packet switched network different datagrams from source machine S may take different routes before reaching destination machine D. To have a viable internet.3 TCP/IP Protocol Stack TCP/IP protocol stack was designed and implemented by the researchers of ARPA from the beginning itself with the sole purpose of internetworking different and incompatible networks.3. Routers or gateways make it possible to transport the datagrams from source S to destination D across various incompatible networks.1. The global Internet that provides you many useful services like browsing. millions of computers and thousands of networks across various continents are connected. The bottom most layer can be considered either as a single layer (host to network layer) or a collection of two layers (data link layer and physical layer). Nk. … etc. The TCP/IP reference model and its correspondence with OSI (Open System Interconnection) reference model are shown in Figure 1. Host Hs of network Ns is able to send and receive datagrams to and from host Hd of network Nd possibly through many intermediate networks Ni. The TCP/ IP protocol stack is the glue or the lynchpin that holds the entire Internet together. OSI Application Presentation Session Transport Network Data Link Physical TCP/IP Application Transport Internet Host to Network NOTES Figure 1. file transfer. The TCP/IP reference model may be considered to have either four or five layers.

The job of the internet layer is to deliver IP packets where they are supposed to go. It simply points out that the host has to connect to the network using some protocol so it can send IP packets to it. UDP provides an unreliable. From this. Application layer of TCP/IP protocol stack has to carry out the functions of session layer and presentation layer also. Some popular application layer protocols are TELNET. At the destination. connectionless protocol for applications that do not want flow control and error control operations.DIT 116 NETWORK PROTOCOLS NOTES The Internet Layer The job of this layer is to permit the hosts to inject the packets into any network and have them traveled independently to the destination (You should understand that the destination may be on a different network). the receiving TCP process resembles the received messages into the output stream. Please observe the difference between the functionality of the application layer in OSI and TCP/IP irrespective of the similarity in the name. SMTP. Have you understood? 1. What is an internetwork? 2. What is the difference between an internet and the Internet? 3. Mention the protocols of the transport layer. 5. Flow control and error control are also done by TCP. TCP provides a reliable connection oriented service that allows a byte stream originating on one machine to be delivered without error on any other machine in the internet. HTTP etc. The Host-to-Network Layer This reference model does not deal much with the happenings below the Internet layer. The Transport Layer The function of this layer allows peer to peer entities on the source and destination to carry on a conversation. Anna University Chennai 6 . What are the functions of the internet layer of TCP/IP protocol stack? 4. Transport layer defines two protocols namely TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). This layer is also called network access layer. The Application Layer This layer contains all the higher-level protocols. Applications are to be developed using client/server paradigm with respect to these protocols. Whether host to network layer is a layer or an interface? Justify your answer. It fragments the incoming byte stream into discrete messages and passes each one on to the Internet layer. This layer defines an official packet format and protocol called IP (Internet Protocol). you should understand that irrespective of reliability transport layer is required to achieve the end to end functionality. Datagrams may arrive in a different order than they were sent.

7 Anna University Chennai . You should understand that the internet does not drop the datagrams intentionally and unreliability arises only when resources are exhausted or underlying networks fail. The packet may be lost. the transport layer has to provide the reliability if users expect reliable services from the network.2. delayed. One of the most significant advantages of this conceptual separation is that it becomes possible to replace one service without disturbing others. A sequence of packets sent from one computer to another may travel over different paths. nor will it inform the sender or receiver.4. connectionless packet delivery system. Technically. Thus. TCP/IP provides three sets of services as shown in Figure 1. At the next level. research and development can proceed concurrently on all three. but the service will not detect such conditions. At the lowest level. a reliable transport service provides a higher platform on which applications depend.4. the service is said to use best-effort delivery because the internet software makes an earnest attempt to deliver packets. APPLICATION SERVICES RELIABLE TRANSPORT SERVICE CONNECTIONLESS PACKET DELIVERY SERVICE Figure 1.2 Three conceptual layers of internet services 1. or delivered out of order.2 Connectionless Delivery System The most fundamental internet service consists of a packet delivery system.1 The Conceptual Service Organization You observe the fact that each of these services is implemented in the form of protocol software. Irrespective of this fact it is also necessary to identify them as conceptual parts of the internet to understand the design philosophy of the TCP/IP reference model. Finally. or some may be lost while others are delivered. The service is called connectionless because each packet is treated independently from all others.DIT 116 NETWORK PROTOCOLS 1. a connectionless delivery service provides a foundation on which everything rests. analogous to the service provided by the network hardware that operates on a best-effort delivery paradigm.4 INTERNET ARCHITECTURE AND DESIGN PHILOSOPHY NOTES Conceptually. Hence. the service is defined as an unreliable. duplicated. Internet software is designed around three conceptual networking services arranged in a hierarchy. 1. much of its success has resulted because this architecture is surprisingly robust and adaptable. The service is called unreliable because delivery is not guaranteed. best-effort.

In a packet switched network. First step is to build the routing table that contains the information about the next hop through which the datagrams are forwarded for a particular destination. Second step is to actually forward the datagrams to the next hop. This action of IP is called IP routing. the TCP/IP protocols eventually generate one or more IP datagrams. In general. now-a-days in the Internet. or the type of service specified in the datagram header when selecting the best path. Both multi-homed hosts and routers participate in routing an IP datagram to its destination. 1. in a switched network.DIT 116 NETWORK PROTOCOLS NOTES Have you understood? 1.5 What is the advantage of conceptual service organization of the internet architecture? What type of service is provided by the network in TCP/IP reference model? ROUTING IN AN INTERNET To understand routing. and router refers to a computer making the choice. Routing in an internet is more difficult than a single network. since an internet is composed of multiple physical networks interconnected by routers and the source and the destination may be in different networks. As figure 1. The host must make an initial routing decision when it chooses where to send the datagrams. Separate protocols like IP (Internet Protocol) and IPX (Internet Packet Exchange) exist to forward the datagrams through any one of the outgoing interfaces. Routing is a major task in packet switched network since routing is a decision to be taken for individual packets of the data flow between the source and destination. When an application program on a host attempts to communicate. The information used to make routing decision is known as IP routing information. In the internet. datagram length. the routing table construction software (routing protocols such as RIP or OSPF) would examine network load. So it becomes necessary to send the voice or data through a number of intermediate devices. Hosts can also take part in the routing activity if they have been provided multiple network interface cards and such hosts are called multi-home hosts. the source and destination are not directly connected by a single medium. routing has two different but related tasks. They are connected through a number of intermediate devices like routers and switches. Separate protocols like Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) are available to construct the routing tables at the routers. the forwarding protocol makes use of this information built by routing protocols. However. IP is the protocol that is responsible for forwarding the datagram towards the destination. Ideally. 2. by and large routing is confined to routers alone. you have to understand the basic fact that. IP routing information is available in the routing tables of the routers and hosts.3 Anna University Chennai 8 . routing refers to the process of choosing a path over which to send packets. IP.

hosts must make routing decisions even if they have only one network connection. the sender extracts the network portion of the destination IP address and compares it to the network 9 Anna University Chennai . Any computer with multiple network connections can act as a router and hence multi-homed hosts running TCP/IP have all the software needed for routing. To see if a destination lies on one of the directly connected networks. to transfer an IP datagram. The issue is easily resolved since IP version 4 follows a hierarchical addressing scheme. and uses the network hardware to deliver it. An IP address has two parts namely net id and host id. Two machines can engage in direct delivery only if they both attach directly to the same underlying physical transmission system (e. a single Ethernet or a single Token Ring). forcing the sender to pass the datagram to a router for delivery.1 Datagram Delivery in a Single Network If the source and destination are present in the same network the datagrams can be delivered using direct delivery itself. 1. maps the destination IP address into a physical address.DIT 116 NETWORK PROTOCOLS shows. the sender encapsulates the datagram in a physical frame.g. So it becomes clear that even if a host is multi-homed it can not be considered as a router according to the TCP/IP standards. and sites that try to mix host and router functions on a single machine sometimes find that their multi – homed hosts engage in unexpected interactions.5. you please note the fact that the TCP/IP standards draw a sharp distinction between the functions of a host and those of a router. However.. However the issue is how the sender knows whether the destination lies on a directly connected network. In such a case. Path to some destinations Path to other destinations NOTES R1 R2 HOST Figure 1.3 An example of a single – homed host that must route datagrams The primary purpose of routers is to make IP routing decisions. The process of routing deliver the packets to the destination either using direct delivery or indirect delivery. The router delivers the datagrams to the destination using indirect delivery occurs when the destination is not a directly attached network.

Once the frame reaches the router. it encapsulates the datagram and sends it to the nearest router. We know that the host can reach a router because the host or the network in which the host is present has a physical connection to the router. When one host wants to send to the other. Your brother drops you at Tirunelveli bus station (Host to the nearest router with datagram encapsulation) in his vehicle (direct delivery). You get into a bus (Extracting the datagram) and reach Madurai bus station (next router along the path with datagram encapsulation).2 Indirect Delivery Indirect delivery is more difficult than direct delivery because the sender must identify a router to which the datagram can be sent. 1. 1. Hence it becomes necessary for the routers to maintain the routing tables. and so on. The datagram is again placed in a frame and sent over the next physical network to a second router. Now the issue is how the intermediate routers know where to forward the datagrams further. Finally you reach Chennai (Last router) and your cousin takes you to his house in his vehicle (direct delivery – last step in the whole indirect delivery process). and the IP software selects the next router along the path towards the destination. Indirect delivery is similar to the following scenario in the real life. The router must then forward the datagram on toward its destination network. the final router will deliver the datagram using direct delivery. direct delivery between the source and destination is a special case of general purpose routing. software extracts the encapsulated datagram. The final router along the path between the source and its destination will connect directly to the same physical network as the destination. imagine a large internet with many networks interconnected by routers but with only two hosts at the far ends. even if the datagram traverses many networks and intermediate routers.3 Table . Bus stations of Tiruchirappalli and Villuppuram are the other intermediate routers.Driven IP Routing The IP routing algorithm employs a routing table (sometimes called an IP routing table) on each machine that stores information about possible destinations and how to Anna University Chennai 10 . until it can be delivered directly. Thus.DIT 116 NETWORK PROTOCOLS NOTES portion of its own IP address. If both of them match it implies that datagrams can be handed over through direct delivery itself. you can think of direct delivery as the final step in any datagram transmission.5. From an internet perspective. Assume that you are a native of Tirunelveli and you want to go to Chennai. You please understand that. To visualize how indirect routing works.5.

4 shows a concrete example that helps explain routing tables. Typically. Router R is called the next hop. More important.0.DIT 116 NETWORK PROTOCOLS reach them. IP software locates the destination IP address and extracts the network portion.0. a routing table consists of pairs (N.R).0. selecting a router that can be reached directly.7. where N is the IP address of a destination network. keeping the details of specific hosts confined to the local environment in which those hosts operate. it consults the routing table to decide where to send the datagram. Figure 1. Hence IP follows a hierarchical addressing scheme.0.7 because both R and S attach directly to network 30. Because R connects directly to networks 20. all routers listed in machine M’s routing table must lie on networks to which M connects directly. Thus.0.0. When a datagram is ready to leave M.0. R can reach address 30. S will then deliver the datagram directly.0. it uses direct delivery to send to a host on either of those networks. That is.0.0.0. M then uses the network portion to make a routing decision. and the idea of using a routing table to store a next hop for each destination is called next-hop routing. the size of the routing table increases in proportion to the number of hosts in the networks. 30. Please note the fact that achieving the scalability is the major challenge in the maintenance of routing tables.0 and 30.5. Whenever the IP routing software in a host or router needs to transmit a datagram. It is important to understand that each entry in a routing table points to a router that can be reached across a single network.0. and R is the IP address of the “next” router along the path to network N. the routing table in a router R only specifies one step along the path from R to a destination network – the router does not know the complete path to a destination. 1. Because both hosts and routers route datagrams. In the figure. As a result it is enough for the routers to store only the details about the local hosts and other networks.4 Next – Hop Routing NOTES Using the network portion of a destination address instead of the complete host address makes routing efficient and keeps routing tables small. Hierarchical addressing followed in IP version 4 follows a two level hierarchy: network id and host id. it helps hide information. the routing table maintained at the routers facilitate the routers to select the next hop. both have IP routing tables. Given a datagram destined for a host of network 40. R routes it to the address of router S. If a router has to maintain the details about all the hosts of the connected networks.0.0. 11 Anna University Chennai . The example internet consists of four networks connected by three routers.0.

it only grows when new networks are added.0.0.0. Anna University Chennai 12 . it is enough if a router maintains the details about other networks alone and it is not necessary for a router to maintain the details about each and every host in other networks.0 10.0.0.0. it is better to have host-specific routes also for the hosts to which frequently datagrams are forwarded.5 20. To put it in other words.6 30.0 30.0.7 To Reach Hosts on Network 20. An example internet with 4 networks and 3 routers and the routing table in R As Figure 1.0 S Network 40. Assume that the network has k local hosts.5.0.0.0 20.0.DIT 116 NETWORK PROTOCOLS NOTES Network 10. Since internetworks follow a hierarchical addressing scheme.0.5 Reducing the size of the Routing Tables It is possible to reduce the size of the routing tables considerably in the cases where the networks have a small set of local hosts and only one connection to the rest of the internet.0.0.0. However.0.0.0 40.0.0.0.5 30.4.0 R Network 30.0.0.0.0.5 30. to forward a datagram the routing decision has only two tests: one for the local network and another from the default internet connection. 1. You also note that most of the routers in the edge level and the distribution level of the internets will have default routes to reduce the size of the routing tables.7 Q Network 20. Entries in the routing table that have the routing information about other networks are network specific and the entries that convey the information about the hosts in the local network are host specific.0.0 10.0. the size of the routing table depends on the number of networks in the internet.0.0.4 demonstrates. The number of entries in the routing table is k+1 (k entries for k local hosts and 1 entry for the rest of the internet). Although most of the entries in the routing table are network specific rather than host specific.7 Figure 1.0.0.6 40.0. the table size and contents are independent of the number of individual hosts connected to the networks. Having host specific entries speeds up the process of taking the routing decisions and thereby the datagram forwarding. The whole idea behind scalability is to keep information only about destination network and not about individual hosts.0 Route to this Address Deliver Directly Deliver Directly 20.0.0.

Second. 1.1 The Internet Datagram The internet calls its basic transfer unit an Internet datagram. sometimes referred to as an IP datagram or merely a datagram or sometimes a packet. Like any other protocol data units. First. 4. 2. What is the advantage of having host-specific entries in the routing table? Define a logical subnet. in addition to the precise. Thus.5. When a datagram is in transit. 5. IP includes a set of rules that embody the idea of unreliable packet delivery. Figure 1.6 What is meant by indirect delivery in a network? List down the steps required in next-hop routing. 1. IP is the glue that holds the entire internet together. IP provides three important definitions. it specifies the exact format of all data as it passes across the internet. formal specification of data formats and routing. IP software performs the routing function. Construction of the routing table and the maintenance of the routing table in the routers is done by another set of protocols like Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). the intermediate routers do not examine the payload and what they check is the header part. 3. Irrespective of the underlying network (may be an Ethernet LAN or a wireless LAN or a X. INTERNET PROTOCOL (IP) NOTES The protocol that is responsible for the selection of the routes and forwarding of the datagram is the Internet Protocol (IP). DATAGRAM HEADER DATAGRAM DATA AREA Figure 1. Its importance can be understood from the fact that the whole protocol is referred as TCP/IP.6. One important point you should understand is that the information required for the route selection and data forwarding is not gathered by IP. 6. where TCP is another dominant transport layer protocol of the suite.25 WAN or an ATM network) the IP is able to forward the datagram in the correct direction towards the destination. a datagram is divided into header and data areas. choosing a path over which data will be sent. General form on an IP datagram 13 Anna University Chennai .DIT 116 NETWORK PROTOCOLS Have you understood? 1.5 shows the general form of a datagram. What is the purpose of a subnet mask? List down the steps involved in forwarding a datagram with subnetting. Third. the IP protocol defines the basic unit of data transfer used throughout a TCP/IP internet.

It is necessary to include this field as the size of the header may vary due to the options that may be present in the header. TOTAL LENGTH . the maximum possible size of an IP diagram is 216 or 65. It may become more important in the future if higher speed network can carry data packets larger than 65.6 IP header VERS .2 IP Header Figure 1. Because the TOTAL LENGTH field is 16 bits long. SERVICE TYPE – Also called Type Of Services (TOS). it specifies how the datagram should be handled.7 The original five subfields that comprise the 8 – bit SERVICE TYPE field Anna University Chennai 14 . PADDING Figure 1. HLEN – This field gives the datagram header length measured in 32-bit words. In most applications this is not a severe limitation. including the length of the header (HLEN).field gives the length of the IP diagram measured in octets.6. The current popular version is 4 and the next generation IP aims at version 6. 0 1 2 3 4 5 6 7 PRECEDENCE D T R UNUSED Figure 1. It is used to verify that the sender. Hence it becomes necessary for you to understand that the mere inclusion of the TOS field can not provide differentiated service to the connections. It is optional for the routers to interpret this field.The first 4-bit contains the version of the IP protocol that was used to create the datagram.6 shows the various fields of the IP datagram. If a router is not capable of handling TOS field. This field is the forerunner of Quality of Service (QoS) in IP networks. and any routers in between them agree on the format of the diagram. The field was originally divided into five subfields as shown in Figure 1. receiver.7. 535 octets.DIT 116 NETWORK PROTOCOLS NOTES 1.535 octets. it ignores the specifications of this field. 0 VERS 4 HLEN 8 SERVICE TYPE 16 19 24 31 TOTAL LENGTH FLAGS FRAGMENT OFFSET HEADER CHECKSUM IDENTIFICATION TIME TO LIVE PROTOCOL SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS ( IF ANY ) DATA ….

8 Differentiated Services Code Point Under the differentiated services interpretation. without bothering about the underlying network technology. The small pieces when the datagram is divided are called fragments. This limitation of the network is referred as Maximum Transfer Unit (MTU). 0 1 2 CODE POINT 3 4 5 6 7 NOTES UNUSED Figure 1. A codepoint value maps to an underlying service definition.g. However. When set. since internet layer or network layer provides a different abstraction. FDDI – Approximately 4470 octets). Three fields in the datagram header. Ethernet . Field IDENTI15 Anna University Chennai . Flags and Fragment Offset As you know the size of the frame (Protocol Data Unit of Layer 2) is limited since the underlying network hardware or technology has limitations regarding this. the D bit requests low delay. and the R bit requests high reliability.8 illustrates the resulting definition. Fragments must be reassembled to produce a complete copy of the original datagram before it can be processed at the destination. IDENTIFICATION.1500 octets. the first six bits comprise a codepoint. Hence it is desirable to map a datagram directly onto a real packet if possible. Identification. limiting the datagram to at most 65. However. control fragmentation and reassembly of datagrams. FLAGS. Bits D.DIT 116 NETWORK PROTOCOLS Three PRECEDENCE bits specify datagram precedence. the T bit requests high throughput. However IP allots only 16 bits to the total length field.. Figure 1. TCP/IP reference model chooses a convenient initial datagram size and arranges a way to divide large datagrams into smaller pieces when the datagrams needs to traverse a network that has a small MTU. and process of dividing a datagram is known as fragmentation. However in the real world the size of the datagrams can be considerably less due to the fact that as datagrams move from one machine to another. Each network technology places a fixed upper bound on the amount of data that can be transferred in one physical frame (e. In the 1990s the IETF redefined the meaning of the 8-bit SERVICE TYPE field to accommodate a set of differentiated services (DS) and renamed it as Differentiated Services Code Point (DSCP). allowing senders to indicate the importance of each diagram. and FRAGMENT OFFSET.535 octets. they must always be transported by the underlying physical network. with values ranging from 0 (normal precedence) through 7 (network control). T and R specify the type of transport desired for the datagram. it may appear to you that there is not any limitation on the size of the datagrams since they are handled by software. and the last two bits are left unused. which is sometimes abbreviated DSCP.

the destination uses the IDENTIFICATION field along with the datagram source address to identify the datagram. When a router fragments a datagram. As a fragment arrives. Whenever a router needs to fragment a datagram that has the do not fragment bit set. It is called the more fragments bit. application software using TCP/IP does not care about fragmentation because both fragmentation and reassembly are automatic procedures that occurs at the low level in the operating system. and assigns the result as the datagram’s IDENTIFICATION field. It is called the do not fragment bit because setting it to 1 specifies that the datagram should not be fragmented. Each fragment has exactly the same format as a complete datagram.DIT 116 NETWORK PROTOCOLS NOTES FICATION contains a unique integer the datagram. invisible to end users. the destination must obtain all fragments starting with the fragment that has offset 0 through the fragment with the highest offset. starting at offset zero. it may be important to test sizes of datagrams for which fragmentation occurs. When a fragment arrives. so the destination cannot use the TOTAL Anna University Chennai 16 . Computers sending IP datagrams must generate a unique value for the IDENTIFICATION field for each datagram. For example. The first control bit aids in such testing by specifying whether the datagram may be fragmented. increments it each time a new datagram is created. Its primary purpose is to allow the destination to know which arriving fragments belong to which datagrams. The low order bit in the FLAGS field specifies whether the fragment contains data from the middle of the original datagram or from the end. One technique used by IP software keeps a global counter in memory. measured in units of 8 octets. An application may choose to disallow fragmentation when only the entire datagram is useful. For a fragment. However. Fragments do not necessarily arrive in order. and there is no communication between the router that fragmented the datagram and the destination trying to reassemble it. Usually. the field FRAGMENT OFFSET specifies the offset in the original datagram of the data being carried in the fragment. Thus. the IDENTIFICATION field must be copied. The low-order two bits of the 3-bit FLAGS field control fragmentation. it copies most of the fields in the datagram header into each fragment. If the embedded system has been designed so it needs the entire image or none of the datagram should have the ‘do not fragment bit’ set. the TOTAL LENGTH field in the header refers to the size of the fragment and not to the size of the original datagram. the router discards the datagram and sends an error message back to the source. It will receive fragments (possibly out of order) and needs to know when it has received all fragments for a datagram. to test internet software or debug operational problems. consider the IP software at the ultimate destination attempting to reassemble a datagram. consider a bootstrap sequence in which a small embedded system executes a program in ROM that sends a request over the internet to which another machine responds by sending back a memory image. To see why such a bit is needed. To reassemble the datagram.

practically it is very difficult to estimate the exact time at which the datagram has to expire since routers do not usually compute the transit time for the datagrams.DIT 116 NETWORK PROTOCOLS LENGTH field to tell whether it has collected all fragments. the TIME TO LIVE acts as a “hop limit” rather than an estimate of delay. PROTOCOL – This field of the IP header specifies the high-level protocol that has created the DATA area of the datagram. From the FRAGMENT OFFSET and TOTAL LENGTH fields. By examining the FRAGMENT OFFSET and TOTAL LENGTH of all fragments that have arrived.g. ping) may also get encapsulated within the IP datagram. HEADER CHECKSUM – The purpose of this field is to ensure that the IP header is in tact as the datagram is in transit. since the header usually occupies fewer octets than the data. The advantage is. adding them together using one’s complement arithmetic. The chief disadvantage is that higher level protocols are forced to add their own checksum or risk having corrupted data go undetected. The more fragments bit solves the problem easily: once the destination receives a fragment with ‘the more fragments bit’ turned off. The TTL field of a datagram is initialized to some value and is decremented by the router for every hop taken by the datagram and once the value reaches zero the network discards the datagram and sends an error message back to the source.. and then taking the one’s complement to the result. For the purpose of computing the checksum. it can compute the length of the original datagram. Hence you understand that in practice. Ideally the routers of the internet should decrement the TIME TO LIVE field as time passes and remove the datagrams from the internet when its time expires. a receiver can tell whether the fragments on hand contain all pieces needed to reassemble the original datagram. field HEADER CHECKSUM is assumed to contain zero. One simple way of implementing this field is to take the decision in terms of the number of hops taken by the network. it knows this fragment is the last for the current datagram. However. Separating the checksum for headers and data has advantages and disadvantages. TIME TO LIVE – This field theoretically specifies how long. But the fact is. ICMP messages (of Layer 3 itself) or some times messages of applications themselves (e. the datagram is allowed to remain in the internet system. You please observe the fact that checksum only applies to values in the IP header and not the data. The separation also allows higher level protocols to choose their own checksum scheme for the data. 17 NOTES Anna University Chennai . The IP checksum is formed by treating the header as a sequence of 16-bit integers (in network byte order). If you observe the protocol layering of the TCP/IP reference model it may look like that PROTOCOL field has only two possible options namely TCP and UDP since these are the two protocols of the transport layer that is immediately above the internet layer. having a header checksum reduces processing time at routers which only need to compute header checksums. in seconds.

so if a host is on two networks. Figure: 1. In the best effort model of the Internet. which encodes its network number and host number. in practice. It is important to understand that many of the routers of the internet are not able to interpret them and take the appropriate measures to satisfy the restrictions. the network does not differentiate between the datagrams with respect to the content of the datagram.6. DATA – This field indicates the payload of the IP datagram. If the routers are not able to interpret the options.9 IP address format Anna University Chennai 18 .DIT 116 NETWORK PROTOCOLS NOTES SOURCE IP ADDRESS and DESTINATION IP ADDRESS – These fields refer to the 32-bit IP addresses of the datagram’s sender and intended recipient. The next hop IP addresses in the intermediate routers are just used and forgotten. PADDING – This field depends on the options selected. the options field of the header is variable in size and depends on the various restrictions the network service provider or the application wants to impose in the process of routing. This part of the datagram is not examined or interpreted by the routers of the internet. it must have two IP addresses. they simply ignore them. although the datagram may be routed through many intermediate routers. It is important to note that an IP address does not actually refer to a host. This is one of the stateless features of the IP. no two machines on the internet have the same IP address.3 IP Addresses Every host and router on the internet has an IP address. 1. IP OPTIONS – As we have already discussed. The length of the datagram depends on the nature of programs running in the application layer of the end systems. It represents bits containing zero that may be needed to ensure the datagram header extends to an exact multiple of 32 bits. However. One important and interesting point you should note is. It really refers to a network interface. the source and destination fields never change. The combination is unique: in principle. All IP addresses are 32 bits long and are used in the source address and destination address fields of IP datagrams. most hosts are on one network and thus have one IP address.

C and D formats allow for up to 128 networks with 16 million hosts each. are usually written in dotted decimal notation. IP addresses with 0 as network number refer to the current network. The IP address 0.255. These addresses allow machines to refer to their own network without knowing its number (but they have to know its class to know how many 0s to include).0.000 networks are now connected to the Internet and the number grows every year.x.255.z are reserved for loopback testing. and 2 million networks (e.0.0 is used by hosts when they are being booted.0 and the highest is 255.g. Over 500.9. ICANN has delegated parts of the address space to various regional authorities which then dole out IP addresses to ISPs and other companies. LANs) with up to 256 hosts each (although a few of these are special).10.0.41. The value of -1 is used as a broadcast address to mean all hosts on the indicated network. The addresses with a proper network number and all 1s in the host field allow machines to send broadcast packets to distant lands anywhere in the internet. Network addresses which are 32 bit numbers.6.DIT 116 NETWORK PROTOCOLS For several decades. For example. Addresses beginning with 1111 are reserved for future use.y.. Packets 19 Anna University Chennai .255. Network numbers are managed by a non-profit corporation called ICANN (Internet Corporation for Assigned Names and Numbers) to avoid conflicts. In this format. The address consisting of all 1s allows broadcasting on the local network. from 0 to 255. in which a datagram is directed to multiple hosts.B. Also supported is multicast. each of the four bytes is written in decimal.0. Finally. all addresses of the form 127. IP addressees were divided into five categories listed in figure 1. The values 0 and -1 (all 1s) has special meanings as shown in figure 1. typically a LAN. The lowest IP addresses 0. This allocation has come to be called classful addressing. The class A. NOTES Figure: 1. the 32 bit hexadecimal address C0290614 is written as 192. It is no longer used. In turn.10 Special IP addresses The value 0 means this network or this host. but references to it in the literature are still common. 16384 networks with up to 64K hosts.20.

12. A packet addressed to 130.15.50. Instead. how to identify the subnet in which the destination host is present. Gathering and maintaining the routing information in the routers is not the task of IP. to do this IP is in need of the routing table or information that should be present in the intermediate routers. It makes many addresses combinations among the 232 addresses unusable. the 32 bit subnet mask 11111111 11111111 00000000 00000000 specifies that the first two octets identify the network and the last two octets identify a host on that network and this is the default subnet mask for class B networks.252.252. Now the problem is.50. Subnetting is the process of splitting a large network into many small logical subnets. Even after the split the network appears as a single network to the outside world. it imposes serious limitations in the way the IP addresses can be allotted to the networks and hosts. if the IP header format is not proper in a datagram.0. Moreover. Open Shortest Path First (OSPF) etc. the datagram may be discarded or dropped from the network. these two functions are done by routing protocols like Routing Information Protocol (RIP). 1.255. within the network IP does not examine the contents of the payload field.0/22 to give the address 130. it checks the fields of the header and forwards the datagram according to the entry present in the routing table.DIT 116 NETWORK PROTOCOLS NOTES send to that addresses are not put out on to the wire: they are processed locally and treated as incoming packets. if subnetting is supported then it is possible to have a subnet mask like 11111111 11111111 11111100 00000000 which is represented as 255. Instead. That is the reason for having the checksum field that takes care of header alone and not the data. For example. Many temporary solutions have been proposed and the most important one is subnetting. These allow packets to be send to the local network without the sender knowing its number. (Please note the difference between a logical subnet and the communication subnet. However.255.6 and arriving at the main router is ANDed with the subnet mask 255. This address is looked up in the routing tables to find out which output line to use to get to the router for subnet 3. However.0 or /22. the subnet id and the host id. switches etc). Logical subnet is a subnetwork of a large network which is transparent to the outside world whereas communication subnet is the collection of lines (trunks or media or channel) and the networking devices like routers. The inability to examine the contents of the datagram is Anna University Chennai 20 .4 IP – Data forwarding Protocol IP is able to forward the datagrams form the source all the way up to the destination across the communication subnet. Subnets are created by borrowing certain bits from the host portion to the network portion. The solution is to have a subnet mask which is logically ANDed with the destination address to extract the net id.6. Even though class based and hierarchical addressing scheme of IP version 4 (IPv4) improves the scalability of the design. However. As the size of the Internet grows exponentially IPv4 suffers from the problem of address space exhaustion.

Internet engineering Task Force (IETF) has taken efforts in this direction and it has proposed two models namely Integrated Services Architecture (ISA) and Differentiated Services Architecture (DSA) to overcome the limitations of the Internet. this forwarding algorithm is called IP routing algorithm.11. if N matches any directly connected network address deliver datagram to destination D over that network (This involves resolving D to a physical address. However. D. 21 Anna University Chennai . Routing Table) Extract destination IP address.12. and sending the frame. Figure 1.) else if the table contains a host – specific route for D send datagram to next-hop specified in table else if the table contains a route for network N send datagram to next-hop specified in table else if the table contains a default route send datagram to the default router specified in table else declare a routing error. The IP Routing Algorithm Once a datagram arrives at a router. Conventionally. The algorithm IP uses to forward a datagram.11. NOTES Algorithm: Route Datagram (Datagram . encapsulating the datagram. it has to take a series of decisions before forwarding it.DIT 116 NETWORK PROTOCOLS allowed to reduce the complexity of the routers. from the datagram and compute the network prefix N. in the context of multimedia applications and other time sensitive applications IP suffers in terms of quality of service requirements. The unified routing algorithm that is capable of handling subnetting is shown in figure 1. These decisions are summarized in the form of a routing algorithm as shown in figure 1.

Communication lines and the networking devices along the path may fail. Figure 1. What are the two parts of a datagram? What is the purpose of TTL field? Do the address fields of IP header change or not? Justify your answer. we can say that such a network is based on besteffort service model. 8. encapsulating the datagram. declare a routing error.DIT 116 NETWORK PROTOCOLS NOTES Algorithm: Route_IP_Datagram(datagram. How many octets indicate the host in a class C address? What is the purpose of class D addresses? What are the limitations of IP? What is meant by fragmentation and reassembly? INTERNET CONTROL MESSAGE PROTOCOL An internetwork based on packet switching provides unreliable. 4. The unified IP routing algorithm Have you understood? 1. the internet is subjected to certain conditions that may result in the failure of delivery of datagrams.7 IP is a forwarding protocol. The system works correctly if every thing goes fine. Another possible reason for the failure of delivery of datagrams is that the destination may be temporarily or permanently disconnected from the network. In other words. from datagram. 5. However. ID. 7. 1. 2. 3. If prefix of ID matches address of any directly connected network send datagram to destination over that network (This involves resolving ID to a physical address.) else for each entry in routing table do Let N be the bitwise-and of ID and the subset mask If N equals the network address field of the entry then route the datagram to the specified next hop address endforloop If no matches were found.12. Justify this statement. and sending the frame. Even congestion can be a reason for the failure since congestion leads to buffer overflow and exhaustion Anna University Chennai 22 . connectionless service to the users. 6. routing_table) Extract destination IP address.

However.1 Error Reporting Mechanism NOTES The phrase ‘control protocol’ may give you a wrong idea that errors encountered in the network is kept under control by ICMP.e. As we have discussed in the previous sections. the source is also not able to determine which router caused 23 Anna University Chennai . it is left to the sender of the datagram to relate the ICMP message to an individual application program or take other action to correct the problem. To solve this problem the TCP/IP protocol stack provides an adjunct protocol to IP by name Internet Control Message Protocol (ICMP). However. You have to understand another important fact that even ICMP messages are encapsulated inside IP datagrams and they are also subjected to all the risk faced by IP datagrams. The outline of protocol specification says ICMP may suggest possible actions to the sender. The purpose of ICMP is to inform what went wrong in the subnet to the sender of the datagram. we can say that ICMP is an error reporting mechanism rather than an error correcting mechanism. As the name implies it is basically a messaging system. ICMP is capable of informing about the problem only to the sender. intermediate routers are not able to handle the incoming traffic and the subnet starts dropping the datagrams. throughout the travel from the source to the destination. In most of the cases. practically ICMP does not fully specify the action to be taken for possible error. Another important fact is that the ultimate destination of ICMP messages is the IP software running in another machine of the network. a datagram retains the source address and destination address only. it only sends suitable messages to the sender and does not try to fix the problem. Similarly.. However. Datagrams do not record the complete route of its journey from the source to the destination. The IP protocol itself does not provide any mechanism to give feedback to the sender about what happened to the transmitted datagram.7. But the fact is ICMP is only an error reporting mechanism. We can say in other words that both routers and hosts can use ICMP messages to communicate among themselves about the errors encountered by the datagrams in the network. 1. In other words. When a datagram is transmitted from the source (sender) to the destination (receiver). To put it in other words. In other words. Problems faced by the datagrams in the subnet can not be corrected by ICMP itself. It is left to the upper layers to decide what to do with the errors. Due to congestion. datagram may encounter problem anywhere in the path between the source and destination.DIT 116 NETWORK PROTOCOLS of bandwidth. i. ICMP can be used by both hosts and routers to communicate with other routers and hosts. there is a chance that the problem would have been caused by any one of the intermediate routers also. This is due to the stateless nature of IP. we can say that ICMP provides the communication between the IP software running in one machine and the IP software running in another machine.

13. ICMP restricts the communication to the original source. there is no additional reliability or priority. Anna University Chennai 24 . the processes of route discovery and route maintenance takes place in a distributed manner. Since ICMP is an adjunct protocol of IP. established to avoid the problem of having surplus of error messages. An exception is made to the error handling procedures if an IP datagram carrying an ICMP message cause an error.7. and trusts that host administrators will cooperate with network administrators to locate and repair the problem. Figure 1. if the router detects a problem. Just like ordinary datagrams it may be necessary for the ICMP messages to take multiple hops before reaching the destination. 1. control messages are created at layer 3. the error message may cause additional congestion. Datagrams carrying ICMP messages are routed exactly like datagrams carrying information for users. The exception. Thus. Moreover. error messages themselves may be lost or discarded. it cannot know the set of intermediate machines that processed the datagram. in an already congested network.2 Message Delivery Once ICMP messages are generated. they should be delivered to the appropriate destination (either a sender host or sender router). which itself travels across each physical network in the data portion of a frame. Two levels of ICMP encapsulation. Each ICMP message travels across the internet in the data portion of an IP datagram. Hence ICMP messages require two levels of encapsulation as shown in figure for the ICMP messages require two levels of encapsulation as shown in figure 1. ICMP also makes use of the connectionless service of the IP to deliver the messages. Furthermore. routers can establish and change their routing table irrespective of other routers.13. Because of the stateless nature of IP. As there is no global knowledge of the routes.DIT 116 NETWORK PROTOCOLS NOTES problem. specifies that ICMP messages are not generated for errors that result from datagrams carrying ICMP error messages. Hence the router uses ICMP to inform the original source that a problem has occurred.

an 8-bit CODE field that provides further information about the message type. Such a design works properly since higher level protocols in the TCP/IP suite are designed so that crucial information is encoded in the first 54 bits. an 8-bit integer message TYPE field that identifies the message. they all begin with the same three fields. In addition.7. 1. and a 16-bit CHECKSUM field. ICMP checksum only covers the ICMP message. Irrespective of this. Hence. Later you will study about mobile IP where the encapsulation of IP within IP is followed. ICMP should support different types of messages and each one of them may have their own format. The ICMP TYPE field defines the meaning of the message as well as its format. The reason for returning more than the datagram header alone is to allow the receiver to determine more precisely which protocol and which application program were responsible for the datagram. The types include: Type Field _________ 0 3 4 5 8 9 10 11 12 13 14 15 16 17 18 ICMP Message Type ________________ Echo Reply Destination Unreachable Source Quench Redirect (change a route) Echo Request Router Advertisement Router Solicitation Time Exceeded for a Datagram Parameter Problem on a Datagram Timestamp Request Timestamp Reply Information Request(obsolete) Information Reply (obsolete) Address Mask Request Address Mark Reply 25 Anna University Chennai . However. ICMP also uses the same additive checksum algorithm as IP.DIT 116 NETWORK PROTOCOLS Encapsulation of ICMP messages is a classical example of encapsulating the protocol data units of one layer in the same layer itself (Layer 3). ICMP messages that report errors always include the header and first 64 data bits of the datagram causing the problem.3 Message Format NOTES Dozens of reasons exist for the failure in delivering the datagrams to the destination.

Fields IDENTIFIER and SEQUENCE NUMBER are used by the sender to match replies to requests. intermediate routers between the source and destination machine are running properly and both ICMP and IP software are working properly and finally. The format of echo request and reply messages is shown in figure 1. it implies that IP software on the source computer routes the datagram properly.14. The field listed as OPTIONAL DATA is a variable length field that contains data to be returned to the sender. If the ICMP echo reply reaches in time. CODE field is used to give more information about the type of error that has occurred. Ping tool is based on ICMP echo request and echo reply messages. Because both the request and reply travel in IP datagrams. ICMP echo request or reply The value of the TYPE field specifies whether the message is a request (8) or a reply (0). Figure 1. CODE and CHECKSUM. Anna University Chennai 26 . TCP/IP protocol suite provides facilities to help network administrators and managers or even to users identify network problems. 1. Any machine that receives an echo request formulates an echo reply and returns it to the original sender. Thus the correct arrival of echo reply ensures the proper functioning of the major elements of the transport system. successful receipt of a reply verifies that major pieces of the transport system work. One of the most frequently used debugging tools is ping. You observe that even this request/reply message also has TYPE. The request contains an optional data area and the reply contains a copy of the data sent in the request.DIT 116 NETWORK PROTOCOLS NOTES The following sections describe the purpose of each of these types and explain the corresponding message format. An echo reply always returns exactly the same data as was received in the request.7. it is necessary to check the connectivity between the source and the destination at the network layer level. A host or router sends an ICMP echo request message to a specified destination.14. before checking the applications.4 Testing Destination Reachability and Status (Ping) In network administration. The echo request and associated reply can be used to test whether a destination is reachable and responding. if the services at application layer level are not working properly. all routers along the return path have correct routes.

or because the router 27 Anna University Chennai . discarding datagrams should not be taken lightly. NOTES Figure 1. Another motivation behind best-effort model is to make the network as simple as possible. Destinations may be unreachable because hardware is temporarily out of service. Possible values are listed as follows. Code Value __________ 0 0 1 2 3 4 5 6 7 8 9 10 11 Meaning _______________________________ Network Unreachable Host Unreachable Protocol Unreachable Port Unreachable Fragmentation needed and DF set Source route failed Destination network unknown Destination host unknown Source host isolated Communication with destination network administratively prohibited Communication with destination host administratively prohibited Network unreachable for type of service Host unreachable for type of service Although IP is a best-effort delivery mechanism.15. using the format shown in Figure 1. because the sender specified a nonexistent destination address.DIT 116 NETWORK PROTOCOLS When a router cannot forward or deliver an IP datagram. it sends a destination unreachable message back to the original source. ICMP destination unreachable message The CODE field in a destination unreachable message contains an integer that further describes the problem. if datagrams are dropped or discarded frequently it may degrade the performance of the network considerably. IP follows best-effort delivery mechanism on the assumption that the underlying network is by and large able to deliver the datagrams properly to the destination. ICMP through its error and control messages with a short prefix of the datagram that caused the problem helps the source to identify what would have gone wrong and thereby helps the sender to take the corrective actions. However.15.

routers have only limited buffer capacity. 1. If the datagrams are part of a small burst. they may not know of all delivery failures. At this point you should understand that. buffering may solve the problem up to certain extent. For example. lowers the rate at which it sends datagrams to D until it stops receiving source quench messages. routers are overrun with traffic and start dropping the datagrams. Although efficient congestion control algorithms running at the end systems are available. streams of datagrams begin arriving on three or four input lines and if all of them want the same output line. Then the source gradually increases the rate as long as no further source quench requests are received. the network hardware does not provide acknowledgements. If the routers CPU are slow at operations like queuing buffers. queue builds up. Congestion can arise due to several factors. Therefore. it is also necessary to identify the congestion at the network itself to deal with the problem of congestion more effectively. 2. imagine a super computer generating internet traffic. Moreover. even though there is excess line capacity. This results in simple routers whose sole responsibility is forwarding the datagrams across multiple hops up to the destination.13. a host that receives source quenches messages for a destination. a router can continue to send packets to a destination after the destination is powered down without receiving any indication that the packets are not being delivered. 3. Instead. Anna University Chennai 28 .DIT 116 NETWORK PROTOCOLS NOTES does not have a route to the destination network. For example. Routers use ICMP source quench messages to report congestion to the original source. 1. The format of the source quench message is shown in figure 1. datagrams are lost. A source quench message is a request for the source to reduce its current rate of datagram transmission. if the destination machine connects to an Ethernet network. If all of a sudden. D. although routers report failures they encounter. It is important for you to know that there is no ICMP message to reverse the effect of a source quench. a condition known as congestion. the host or router eventually exhausts memory and must discard additional datagrams that arrive. updating tables.7. Congestion will occur in the router that attaches the LAN to the WAN because datagrams arrive faster than they can be sent. etc. The datagrams may eventually need to cross a slower speed Wide Area Network(WAN) even though the super computer itself attaches to a high speed Local Area Network (LAN). queues can build up.5 Role of ICMP in Congestion Control The design philosophy of IP networks is to make the network as simple as possible and to leave the issue of reliability to the end systems (host). An IP router does not have the facility to reserve memory or communication resources in advance of receiving datagrams. If the buffer associated with that particular output line becomes full. Hence if too many datagrams are injected into the network by various hosts. A high speed computer may be able to generate traffic faster than a network can transfer it. If the traffic continues.

DIT 116 NETWORK PROTOCOLS NOTES Figure 1. 1.6 Role of ICMP in the maintenance of optimal routes Forwarding of datagrams takes place properly only if correct information is maintained in the routing tables of the routers. and system administrators seldom make routing changes during normal operations. called a redirect. Routing tables in hosts and routers usually remain static over long periods of time. many of the internets follow dynamic routing protocol like Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) that enables the routers to exchange the routing information periodically to accommodate network changes and keep their routes upto-date. The router also forwards the original datagram on its destination.6. The host begins with minimal information and relies on routers to update its routing table. As with most ICMP messages that report an error. 1. requesting the host to change its entry in the routing table. If the routing protocol used is a static one then these changes can not be reflected in the topology. In internets. communication line failure etc.7. There is a possibility that a host may use a non-optimal route in the process of data forwarding. Figure 4 illustrates the format. CHECK SUM fields. Even new hosts and routers may be added to the existing network. ICMP source quench message format In addition to the usual ICMP TYPE. source quench messages have a field that contains a datagram prefix. However. the datagram prefix field contains a prefix of the datagram that triggered the source quench request.1 Redirect Messages Redirect messages do not solve the problem of propagating routes in a general way. However. however.16. When a router detects this it sends the host an ICMP message. the initial host route configuration specifies the minimum possible routing information needed to communicate. CODE. A line that remained down might have come up. In all these cases routing tables in a router or host may become incorrect.7. Hosts initialize them from a configuration file at system startup. and an unused 32-bit field. network topology is subjected to changes like router failure. because they are limited to interactions between a router and a host on 29 Anna University Chennai . The advantage of the ICMP redirect scheme is that it enables the host to maintain a small routing table but still the routing table contains optimal routes for all destinations in use.

Assume that router R1 incorrectly routes the datagram through router R2 instead of through router R4 (i. Thus.DIT 116 NETWORK PROTOCOLS NOTES a directly connected network.17 illustrates the limitation. The CODE field of an ICMP redirect message further specifies how to interpret the destination address.18 shows. When router R1 receives the datagram. it cannot send an ICMP redirect message to R1. In the figure. R1 incorrectly chooses a longer path than necessary).18. Code Value _____________ 0 1 2 3 Meaning _______________________________ Redirect datagrams for the Net (now obsolete) Redirect datagrams for the Host Redirect datagrams for the Type of Service and Net Redirect datagrams for the Type of Service and Host Anna University Chennai 30 .e. A routing scenario In addition to the requisite TYPE. each redirect message contains a 32-bit ROUTER INTERNET ADDRESS field and an INTERNET HEADER field. CODE. because it does not know R1’s address. R2 R3 R1 R5 D S R4 Figure 1.17. a host receiving an ICMP redirect examines the datagram prefix to determine the datagram’s destination address. The INTERNET HEADER field contains the IP header plus the next 64 bits of the datagram that triggered the message. Figure 1. assume source S sends a datagram to destination D. ICMP redirect message format The ROUTER INTERNET ADDRESS field contains the address of a router that the host is to use to reach the destination mentioned in the datagram header. and CHECKSUM fields.. as figure 1. based on values assigned as follows. Figure 1.

the receiving host starts a timer and considers it an error if the timer expires before all the pieces of the datagram arrive. Whenever a router discards a datagram because its hop count has reached zero or because a time out occurred while waiting for fragments of a datagram. We have already seen that IP header has a field by name TTL or hop count which is initialized to some value and then decremented on every hop. When several routers form a cycle. it will pass endlessly.DIT 116 NETWORK PROTOCOLS As a general rule.19. or it can consist of several routers. A routing cycle can consist of two routers that each route a datagram for destination D to the other. However.19. the datagram is dropped. Code value 1 is used to report such errors to the sender: one message is sent for each such error. 31 Anna University Chennai . NOTES Figure 1.2 Time Exceeded Messages Since next hop routing is the popular routing in internet. if this TTL becomes zero. If a datagram enters a routing cycle. routers only send ICMP request to hosts and not to other routers. using the format shown in figure 1. they each route a datagram for destination D to the next router in the cycle. When the first fragment of a datagram arrives. errors in routing tables can produce a routing cycle for some destination. D. instead of dropping the datagram abruptly. ultimately one router may have an entry that forms a cyclic loop. At a router. the source is given an indication with the help of ICMP.6. it sends an ICMP time exceeded message back to the datagram’s source. Even in the case of several routers. 1.7. ICMP time exceeded message format ICMP uses the CODE field in each time exceeded message (value zero or one) to explain the nature of the time out being reported: Code Value _____________ 0 1 Meaning _______________________________ Time-to-live count exceeded Fragment reassembly time exceeded Fragment reassembly refers to the task of collecting all the fragments from a datagram.

Since different hosts use different clocks. This problem can be solved to certain extent with the help of ICMP messages. 1. asking that the second machine return its current value for the time of day. the sender uses the POINTER field in the message header to identify the octet in the datagram that caused the problem. the POINTER field is not used for code 1. Figure 1.20. However. the applications for which time is a sensitive parameter.21. is only sent when the problem is so severe that the datagram must be discarded.3 Parameter Problem Messages When a router or host finds problems with a datagram not covered by previous ICMP error messages. the IDENTIFIER and SEQUENCE NUMBER fields are used by the source to associate replies Anna University Chennai 32 .7 Clock Synchronization The hosts on an internet operate independently. with each host maintaining its own notion of the current time.7. The receiving machine returns a timestamp reply back to the machine making the request. One possible cause of such problems occurs when arguments to an option are incorrect. they may communicate among themselves since they are on the internet.. ICMP timestamp request or reply message format The TYPE field identifies the message as a request (13) or a reply (14).7. a security option in the military community). The message formatted as shown in figure 1. Figure 1. it sends a parameter problem message to the original source.DIT 116 NETWORK PROTOCOLS NOTES 1. users of distributed systems software may be confused. A requesting machine sends an ICMP timestamp request message to another machine. users may not get proper services.20.21 shows the format of timestamp request and reply messages. ICMP parameter problem message format To make the message unambiguous. As a result. Code 1 is used to report that are required option is missing (e.g. One of the simplest techniques uses an ICMP message to obtain the time from another machine. Figure 1.6.

or broadcast the message if it does not. recall that because IP is a best-effort technology.8 Obtaining Subnet Mask NOTES It is important to understand that when hosts use subnet addressing. a machine can send an address mask request message to a router and receive an address mask reply. To learn the subnet mask used for the local network. or delivered out of order. and from that. ICMP address mask request or reply message format 33 Anna University Chennai . datagrams can be dropped.22. accurate estimation of round-trip delay can be difficult and substantially restricts the utility of ICMP timestamp messages. However. Thus. The ORIGINATE TIMESTAMP field is filled in by the original sender just before the packet is transmitted. given in milliseconds since midnight. if it knows the router’s address. sophisticated statistical analysis is needed to produce precise estimates. as well as the time at which the reply left. The machine making the request can either send the message directly. The information needed to interpret the address is represented in a 32-bit quantity called the subnet mask. delayed. Because the reply includes the ORIGINATE TIMESTAMP field. a host can compute the total time required for a request to travel to a destination. To participate in subnet addressing. one must take many measurements and average them. some bits in the hosted portion of their IP address identify a physical network. and the TRANSMIT TIMESTAMP field is filled immediately before the reply is transmitted. Figure 1. the host can compute the network transit time. to obtain an accurate estimate of round trip delay. the RECEIVE TIMESTAMP field is filled immediately upon receipt of a request. the round-trip delay between a pair of machines that connect to a large internet can vary dramatically. Because the reply carries both the time at which the request entered the remote machine. estimate the differences in remote and local clocks. Universal Time. be transformed into a reply. and return. even over short periods of time. Figure 1. Furthermore.DIT 116 NETWORK PROTOCOLS with requests. Hosts use the three timestamp fields to compute estimates of the delay time between them and to synchronize their clocks. merely taking many measurements may not guarantee consistency. Of course.7. In practice. 1.22 shows the format of address mask messages. Remaining fields specify times. a host needs to know which bits of the 32-bit internet address correspond to the physical network and which correspond to host identifiers.

Figure 1. Anna University Chennai 34 . ICMP supports a router discovery scheme that allows a host to discover a router address. a host that obtains a default route at startup can lose connectivity if a single router crashes. More important. However. the host cannot detect the crash.23. A reply contains the network’s subnet address mask in the ADDRESS MASK field.9 Route Discovery After a host boots. As usual. ICMP router advertisement message format used with IPv4. the mechanism uses a soft state technique with timers to prevent hosts from returning a route after a router crashes. the mechanism permits a host to obtain information directly from the router itself. The ICMP router discovery scheme helps in two ways. However. For example. Since the state information expires automatically it is called soft state.each of the protocols provides a way for a host to obtain the address of a default router along with other bootstrap information. instead of providing a statically configured router address via a bootstrap protocol. consider a network that has only a single router connecting it to the rest of the internet. Of course. In this method. First. BOOTP and DHCP have a serious deficiency: the information they return comes from a database that network administrators configure manually. static router configuration does work well in some situations. it must learn the address of at least one router on the local network before it can send datagrams to destinations on other networks. the IDENTIFIER and SEQUENCE NUMBER fields allow a machine to associate replies with requests. routers advertise their information periodically and a host discards a route if the timer for a route expires. the information cannot change quickly. 1. The BOOTP and DHCP protocols provide the main alternative .DIT 116 NETWORK PROTOCOLS NOTES The TYPE field in an address mask message specifies whether the message is a request (17) or a reply (18). ICMP router discovery is not the only mechanism a host can use to find a router address. There is no need for a host on such a network to dynamically discover routers or change routes.7. Thus. if a network has multiple routers connecting it to the rest of the internet. Figure 1.23 illustrates the format of the advertisement message a router sends. Second.

e..24. and CHECKSUM fields.0. To avoid such delays. Figure 1.7. ICMP router solicitation message If a host supports multicasting. The default value for LIFETIME is 30 minutes. Of course. they chose the default of 10 minutes. the solicitation does not need to carry information beyond the TYPE.2). As the figure shows.0. If not. a router multicasts ICMP router advertisement messages to the all – systems multicast address (i. which means that a host will not discard a route if the host misses a single advertisement message... The remainder of the message consists of NUM ADDRS pairs of fields. the default delay has a severe disadvantage: a host cannot afford to wait many minutes for an advertisement when it first boots. the router sends the message to the limited broadcast address (i. NOTES Figure 1. otherwise the host sends the solicitation to the limited broadcast address (i. but would increase network traffic. From the point of view of a host. The value was selected as a compromise between rapid failure detection and overhead.0. 224. and CHECKSUM fields. CODE. If the router and the network support multicast. and the default for periodic retransmission is 10 minutes.DIT 116 NETWORK PROTOCOLS Besides the TYPE.10 Router Solicitation Although the designers provided a range of values to be used as the delay between successive router advertisements.e. CODE.24 illustrates the message format.0.1). the all 1’s address).e. an ADDR SIZE field that specifies the size of an address in 32-bit units ( 1 for IPv4 addresses ). a larger value would decrease traffic but would delay failure detection. the message contains a field labeled NUM ADDRS that specifies the number of address entries which follow (often 1).. a host must never send a router advertisement message. 224. and a LIFETIME field that specifies the time in seconds a host may use the advertised address(es). The precedence value is a two’s complement integer: a host chooses the route with highest precedence. One of the issues the designers considered was how to accommodate a large number of routers on the same network.e. where each pair contains a ROUTER ADDRESS and an integer PRECEDENCE LEVEL for the route. 1. the all 1’s address). A smaller value would allow more rapid detection of router failure. the host sends the solicitation to the all-routers multicast address (i. the designers included an ICMP router solicitation message that allows a host to request an immediate advertisement. The arrival of a solicitation message causes a router to send a normal router advertisement. 35 Anna University Chennai .

8 NECESSITY OF TRANSPORT LAYER A generic internet or the specific Internet is basically a packet switched network. One question that may arise in your mind is why the application layer itself can’t take care of the reliability issues. 5. Furthermore. the responsibility is left to the end systems (hosts).DIT 116 NETWORK PROTOCOLS NOTES Have you understood? 1. an internet based on packet switching. So in between application layer and network layer. It is not reasonable to expect that since most of the application programmers do not have the necessary technical background. 1. How does ICMP achieve clock synchronization? 10. Moreover. Justify this statement. Applications running at the end systems can not be built directly over the internet or network layer due to the inherent limitations of the network. What are the ICMP messages used by ping utility? 6. packets can be lost or destroyed when transmission errors interfere with data. connectionless and unreliable service. This transport layer has to compensate all the limitations of the network and shield the applications or users from the implementation details of reliability. Anna University Chennai 36 . can deliver datagrams out of order. or deliver duplicates. another layer or abstraction by name transport layer is required. or when networks become too heavily loaded to accommodate the load presented. Since the network is not capable of providing reliability. deliver them after a substantial delay. Hence in an internet. TCP/IP reference model suggests that it is enough for the network layer to provide simple. What is the encapsulation procedure followed for ICMP messages? 3. ICMP is an adjunct protocol of IP. Whether ICMP is an error reporting mechanism or an error correcting mechanism? Justify your statement. 2.8. What is the purpose of ICMP source quench message? 8. What is the role of ICMP router advertisement message? 1. In short we can say an internet is an unreliable one. When does a router send ICMP redirect message to the source? 9. What are the common fields of all ICMP messages? 4. when network hardware fails.1 Requirements of a Reliable service It becomes necessary for the transport layer to provide the following features to implement reliable and effective services. users expect reliable services from the network. underlying network technologies may dictate an optimal packet size or pose other constraints needed to achieve efficient transfer rates. However. What is the relationship between TYPE and CODE fields of ICMP messages? 7.

When we say that the sequence is to be preserved at the octet level. Similarly. verifying that the transfer is authorized. even if the application program generates the stream one octet at a time. the protocol modules inform the application programs that a connection has been established and that transfer can begin. For example. 37 NOTES Anna University Chennai . 2. Application programs using the stream service must understand stream content and agree on stream format before they initiate a connection. Virtual Circuit at Transport level ISO/OSI reference model suggests that network layer can follow either datagram subnet or virtual circuit subnet. However. transfer across an internet may be quite efficient. there is no way for a payroll application to have the stream service mark boundaries between employee records. Buffered Transfer It is not advisable to send and receive the datagrams at the same rate as generated by the application at the sender side since it may result in ineffective utilization of network resources. To make transfer more efficient and to minimize network traffic. However if the network has to provide a reliable service. according to TCP/IP recommendations the network layer need not to support virtual circuit subnet. During transfer. it is necessary to ensure that the receiver receives the octets (bytes) as sent by the sender.DIT 116 NETWORK PROTOCOLS 1. 4. and that both sides are ready. Unstructured Stream It is important to understand that the TCP/IP stream service does not honor structured data streams. Stream Orientation The underlying network is able to deal in terms of datagrams and not in terms of bit and bytes. Once all details have been settled. Hence internet layer provides only datagram subnet. if the application program chooses to generate extremely large blocks of data. If the communication fails for any reason both machines detect the failure and report it to the appropriate programs. 3. it implies that the transport layer entities need to preserve the message boundaries. Protocol software modules in the two operating systems communicate by sending messages across an internet. Hence it becomes necessary for the transport layer entities of the TCP/IP reference model to emulate a telephone call and such a emulated call is called a virtual circuit. transport layer entities usually collect enough data from a stream to fill a reasonably large datagram before transmitting it across an internet. or to identify the contents of the stream as being payroll data. Thus. protocol software on the two machines continues to communicate to verify that data is received correctly. the protocol software can choose to divide each block into smaller pieces of transmission.

2 Providing Reliability The major issue in the network design is that the transport layer (mostly functioning at end systems) has to provide reliability over the unreliable service provided by the network layer. sending back an acknowledgement (ACK) message as it receives data. The sender also starts a timer when it sends a packet and retransmits a packet if the timer expires before an acknowledgement arrives. This ability is called piggybacking and piggybacking reduces network traffic. Positive acknowledgement with retransmission Anna University Chennai 38 . making the connection half duplex. The technique requires a recipient to communicate with the source. Figure1.25 shows how the simplest positive acknowledgement protocol transfers data. From the point of view of an application process. The basic mechanism followed by transport layer entities to provide reliability is positive acknowledgement with retransmission. Figure 1. The stream service allows an application process to terminate flow in one direction while data continues to flow in the other direction.DIT 116 NETWORK PROTOCOLS NOTES 5. Such connections are called full duplex. The sender keeps a record of each packet it sends and waits for an acknowledgement before sending the next packet. The advantage of a full duplex connection is that the underlying protocol software can send control information for one stream back to the source in datagrams carrying data in the opposite direction. a full duplex connection consists of two independent streams flowing in opposite directions. 1.8. Full Duplex Connection Connections provided by the TCP/IP stream service allow concurrent transfer in both directions.25. with no apparent interaction.

When the timer expires.26. events at the sender and receiver are shown on the left and right. positive acknowledgement protocols send sequence numbers back in acknowledgements.26 are stop and wait algorithms. mechanisms explained in figures 1. Solving duplication requires careful thought because both packets and acknowledgements can be duplicated. Usually.25.DIT 116 NETWORK PROTOCOLS In the figure 1.8. Even though we did not mention explicitly.25 to show what happens when a packet is lost or corrupted. Timeout and retransmission that occurs when a packet is lost The final reliability problem arises when an underlying packet delivery system duplicates packets.25 and 1. reliable protocols detect duplicate packets by assigning each packet a sequence number and requiring the receiver to remember which sequence numbers it has received. Each diagonal line crossing the middle shows the transfer of one message across the network. 1. The sender starts a timer after transmitting a packet.26 uses the same format diagram as figure 1. NOTES Figure 1. so the receiver can correctly associate acknowledgements with packets.3 Sliding Window Algorithms The major functions required to provide reliability are flow control and error control. The major limitations of the stop and wait algorithm are 39 Anna University Chennai . Figure 1. the sender assumes the packet was lost and retransmits it. To avoid confusion caused by delayed or duplicated acknowledgements. Error control is performed along with flow control as an adjunct process.

DIT 116 NETWORK PROTOCOLS NOTES the inefficient usage of bandwidth and the wastage of time. The functioning of sliding window protocol is explained in figure 1. In the sliding window algorithms.27. Anna University Chennai 40 . Sliding window protocols use network bandwidth better because they allow the sender to transmit multiple packets before waiting for an acknowledgement. the number of packets that can be unacknowledged at any given time is constrained by the window size and is limited. Technically. to a small.27 shows an example of the operation of a sliding window protocol when sending three packets.27. fixed number. the sender is permitted to transmit 8 packets before it receives an acknowledgement. once the sender receives an acknowledgement for the first packet inside the window. Both of these limitations are effectively overcome in sliding window algorithms. For example. in a sliding window protocol with window size 8. it “slides” the window along and it sends the next packet. Figure 1. We say that a packet is unacknowledged if it has been transmitted but no acknowledgement has been received. The window continues to slide as long as acknowledgements are received. sender can send more than one segment (maximum number is restricted by the size of the window). An example of three packets transmitted using a sliding window protocol Figure 1. As figure shows. You please note that the sender transmits all the three packets before receiving any acknowledgement. The easiest way to understand the sliding window algorithm is to consider the stop and wait protocol as a sliding window protocol with a window size of 1.

and those packets that lie in the window are being transmitted. That is. it does not dictate the details of the interface between an application program and TCP. The reliability required by these applications is provided by a particular protocol of the transport layer by name Transmission Control Protocol (TCP). as well as the procedures the computers use to ensure that the data arrives correctly. Since reliability is the major requirement of many applications. received and acknowledged. The protocol also specifies how two computers initiate a TCP stream transfer and how they agree when it is complete. it moves past all acknowledged packets. not a piece of software. If a packet is lost. TCP is a communication protocol. those packets to the right have not yet been transmitted. At the receiving end. Some popular examples are e-mail. a sliding window protocol always remembers which packets have been acknowledged and keeps a separate timer for each acknowledged packet.4 The Transmission Control Protocol NOTES Most of the applications of the Internet have to provide reliable services to the users. and how communicating machines recover from errors like lost or duplicated packets. The lowest numbered packet in the window is first packet in the sequence that has not been acknowledged. the window partitions the sequence of packets into three sets: those packers to the left of the window have been successfully transmitted. accepting and acknowledging packets as they arrive. 1. The difference between a protocol and the software that implements it is analogous to the difference between the definition of a programming language and a compiler. The protocol specifies the format of the data and acknowledgements that two computers exchange to achieve a reliable transfer. In particular. the whole protocol stack is referred as TCP/ IP along with the dominant protocol of the internet layer. The best way to understand a protocol is to learn what the protocol does and what the protocol does not. the protocol documentation only discusses the operations TCP supplies and it does not specify the exact procedures application programs invoke to access these operations. Allowing the implementor flexibility makes it possible to have a single specifica41 Anna University Chennai . Although the TCP specifications describe how application programs use TCP in general terms. It is better to understand the difference between a protocol and the software that implements it. the timer expires and the sender transmits that packet.8. It is also important to understand what the protocol does not include. the protocol software keeps an analogous window.DIT 116 NETWORK PROTOCOLS Conceptually. When the sender slides its window. because programmers usually implement TCP in the computer’s operating system. It specifies how TCP software distinguishes among multiple destinations on a given machine. The reason for leaving the application program interface unspecified is flexibility. they need to employ whatever interfaces the operating system supplies. World Wide Web etc. file transfer. Thus.

an acknowledgement traveling from machine A to machine B may travel in the same segment as data traveling from machine A to machine B. TCP can be used with a variety of packet delivery systems. this field is required since options field can vary in length. including the IP datagram delivery service.contain the TCP port numbers that identify the application programs at the ends of the connection SEQUENCE NUMBER – This field identifies the position in the sender’s byte stream of the data in the segment ACKNOWLEDGEMENT NUMBER – The purpose of this field is to identify the number of the octet that the source expects to receive next. while the acknowledgement number refers to the stream flowing in the opposite direction from the segment. Figure 1. 1. advertise window sizes.DIT 116 NETWORK PROTOCOLS NOTES tion for TCP that can be used to build software for a variety of machines.Segments are exchanges to establish connections.8. The format of a TCP segment SOURCE PORT and DESTINATION PORT . Similar to that of IP datagram. Figure 1. even though the acknowledgement refers to data sent from B to A. and close connections.28 shows the TCP segment format.5 TCP Segment Format The unit of transfer between the TCP software on two machines is called a segment. Similar to that of IP. Because TCP assumes little about the underlying communication system. You please observe that the sequence number refers to the stream flowing in the same direction as the segment. Because TCP uses piggybacking. Anna University Chennai 42 . transfer data. send acknowledgements. a TCP segment also has two parts namely header and payload. HLEN – Contains integer that specifies the length of the segment header measured in 32-bit multiples.28.

The six bits tell how to interpret other fields in the header according to the table in figure 1. The checksum algorithm is simply to add up all the 16-bit words in 1’s complement and then to take the one’s complement of the sum. As a consequence when the receiver performs the calculation on the entire segment. including the checksum field. Using large segments is more efficient than using small ones because the 20-byte header can then be amortized over more data. The field contains a 16-bit unsigned integer in network-standard byte order. but small hosts may not be able to handle big segments. The 6-bit field marked RESERVED is reserved for future use CODE BITS – These bits are also called flag bits. This field provides a way to add extra facilities not covered by the regular header. Window advertisements provide another example of piggybacking because they accompany all segments. When performing this computation.29. the result should be zero. the data and the conceptual pseudo header shown in figure 1. NOTES Bit (left to right) URG ACK PSH RST SYN FIN Meaning if bit set to 1 Urgent pointer field is valid Acknowledgement field is valid This segment requests a push Reset the connection Synchronize sequence numbers to initiate connection Sender has reached end of its byte stream and sender wants to close the connection Figure 1.30.DIT 116 NETWORK PROTOCOLS OPTIONS – Varies in length based on the service to be provided to the user. CHECKSUM – It checksums the header. Bits of the CODE field in the TCP header WINDOW .29. including those carrying data as well as those carrying only an acknowledgment. The most important option is the one that allows each host to specify the maximum TCP payload it is willing to accept.TCP software uses this field to advertise how much data it is willing to accept every time it sends a segment by specifying its buffer size. TCP software uses this field to determine the purpose and contents of the segment. the TCP checksum field is set to zero and the data is padded out with an additional zero byte if its length is an odd number. Some segments carry only an acknowledgement while some carry data. Others carry requests to establish or close a connection. 43 Anna University Chennai . TCP segments are used not only to carry the data but also to carry the control information that is required in the process of connection establishment and connection release.

1. The three-way handshake is shown as in figure 1. This facility is a bare-bone way of allowing the sender to signal the receiver without getting TCP itself involved in the reason for the interrupt.31 Anna University Chennai Three way handshake protocol 44 . The sending application tells the sending TCP that the piece of data is urgent. TCP uses a three-way handshake. The sending TCP creates a segment and inserts the urgent data at the beginning of the segment.9. Figure 1. This means that the sending application wants a peace of data to be read out of order by the receiving application.9 1.31.DIT 116 NETWORK PROTOCOLS NOTES Figure 1. There are occasions in which an application program needs to send urgent bytes. Pseudo header included in the checksum URGENT POINTER – This field is used to indicate a byte offset from the current sequence number at which urgent data are to be found.1 TCP STATE MACHINE TCP Connection Establishment To establish a connection.30. This facility is in lieu of interrupt messages.

The second message has both the SYN and ACK (Acknowledgement) bits set. The receiving TCP acknowledges the FIN segment and informs the application program on its end that no more data is available. However. Once a connection has been established. or if retransmitted requests are delayed until after a connection has been established. There is no master or slave. data can flow in both directions equally well. one going in each direction. Of course. 1. waits for the receiver to acknowledge it.9. TCP refuses to accept more data for that direction. remember that TCP builds on unreliable packet delivery service. To understand why. Trouble arises if retransmitted and original requests arrive while the connection is being established. and then sends a segment with the FIN (Finish) bit set. Figure 1. Usually the TCP software on one machine waits passively for the handshake. When an application program tells TCP that it has no more data to send.2 TCP Connection Release NOTES Two programs that use TCP to communicate can terminate the conversation gracefully using the close operation. The final handshake message is only an acknowledgement and is merely used to inform that both sides agree that a connection has been established. When both the directions have been closed.DIT 116 NETWORK PROTOCOLS The first segment of a handshake can be identified because it has the SYN (Synchronization) bit set in the code field. the sending TCP finishes transmitting the remaining data. TCP will close the connection in one direction. the TCP software at each endpoint deletes its record of the connection. acknowledgements continue to flow back to the sender even after a connection has been closed. TCP connections are full duplex and can be viewed as containing two independent stream transfers. delayed.32 illustrates the procedure. data can continue to flow in the opposite direction until the sender closes it. Thus the protocol must use a timeout mechanism and retransmit lost requests. To close its half of a connection. TCP uses a modified three-way handshake to close connections. Meanwhile. duplicated or delivered out of order. used and terminated. indicating that it acknowledges the first SYN segment as well as continuing the handshake. Internally. A three way handshake plus the condition that the TCP ignores additional requests for connection after a connection has been established) solves these problems. The three-way handshake is both necessary and sufficient for correct synchronization between two ends of the connection. 45 Anna University Chennai . and the TCP software on another machine initiates it. so messages can be lost. Once a connection is closed in one direction. the handshake is carefully designed to work even if both machines attempt to initiate a connection simultaneously.

1.33 shows the TCP finite state machine. The label on each tranisition shows what TCP receives to cost the transition and what it sends in response. TCP also informs the application program that a reset occurred.4 Finite State machine Like most protocol. The other side responds to a reset segment immediately by aborting the connection. The acknowledgement prevents transmission of the initial FIN segment during the wait. an application program uses the close operation to shutdown a connection when it finishes using it.DIT 116 NETWORK PROTOCOLS NOTES Figure 1. Instead of generating a second FIN segment immediately. when the application program instructs TCP to shut down the communication completely. Informing the application program of the request and obtaining a response may take considerable time. 1. For example. with circles representing states and arrows representing transitions between them. and resources such as buffers are released.9. closing connections is considered a normal part of use. TCP sends an acknowledgement and then informs the application of the request to shut down. A reset is an instantaneous abort that means that transfer in both directions ceases immediately. TCP provides a reset facility for such abnormal disconnections. one side initiates termination by sending a segment with the RST bit in the CODE field set. the operation of TCP can best be explained with a theoretical model called a finite state mechaine. Thus. an ACK.3 TCP Connection reset Normally. To reset a connection. TCP sends the second FIN segment and the original site replies with the third message. The figure 1.32 TCP Connection Release The difference between three way handshakes used to establish and break connections occurs after a machine receives the initial FIN segment. the TCP software at each end point begins in the Anna University Chennai 46 . Finally. analogous to closing files. Sometimes abnormal conditions arise that force an application program or the network software to break a connection.9.

To avoid having segments from a previous connections interfere with the current one. NOTES Anything/reset Closed begin Passive open close LISTEN active open / syn syn/syn+ack send/syn reset close SYN RCVD syn/syn+ack ack close/fin ESTBD fin/ack close/fin SYN SENT timeout/reset Syn+ack/ack CLOSE WAIT CLOSING FIN WAIT-1 ack FIN WAIT-2 Close/fin Fin-ack/ack ack LAST ACK ack/ fin/ack TIMED WAIT Figure 1. However. TCP will reject them. It remains in the state for twice the maximum segment lifetime before deleting its record for the connection. TCP moves to the TIMED WAIT state after closing a connection. An active open command forces a transition from the CLOSED state to the SYN SENT state. it prevents TCP from responding with the RST (reset) if the other end retransmits FIN request.DIT 116 NETWORK PROTOCOLS CLOSED state. TCP acknowledges valid segments and restarts the timer. or an active open command (to initiate a connection). to handle cases where the last acknowledge was lost. If any duplicate segments happen to arrive for the connection during the lifetime interval.33 TCP Finite State Machine 47 Anna University Chennai . When the other end returns a segment that contains a SYN plus ACK. The TIMED WAIT state reveals how TCP handles some of the problem incurred with unreliable delivery. When TCP follows the transition. Because the timer allows TCP to distinguish old connections from new ones. it emits a SYN segment. Application programs must issue either a passive open command (to wait for a connection from another machine). the maximum time an old segment can remain alive in an internet. TCP keeps a notion of maximum segment lifetime (MSL). TCP moves to the ESTABLISH state and begins data transfer.

What are the five bits of the CODE field in TCP? 13. Whether reliability is provided by IP or not? 6. What does a port number refer in TCP? 14. What is meant by sliding window in TCP? 12. the basic mechanism followed by TCP to ensure reliability is the acknowledgement. or it may travel across multiple intermediate networks through multiple routers. Justify this statement.g. What is meant by conceptual pseudo header in checksum computation of TCP? 1. What is the various control segments involved in the TCP connection establishment? 3. Closing a connection is more subtle than establishment of a connection. Why is a three way handshake necessary in TCP connection establishment? 2. a segment traveling between a pair of machines may traverse a single. they become a must to ensure that the segments have really reached the other side. What is meant by expectational acknowledgement? 10.10.DIT 116 NETWORK PROTOCOLS NOTES Have you understood? 1.. TCP assumes that the segment was lost or corrupted and retransmits it. The following scenarios help you to understand the difficulty in deciding the timeout period. Every time the TCP entity of the sender sends a segment. In an internet. What is the purpose of window field in TCP header format? 15. Furthermore. Like other reliable protocols. low delay network (e. it starts a timer and waits for an acknowledgement from the TCP entity of the receiver. a high speed LAN). What is meant by positive acknowledgement with retransmission? 8. it is impossible to know a priori how quickly acknowledgements will return to the source.10 TIMER MANAGEMENT OF TCP As we have already seen. What are the advantages of simple stop and wait flow control scheme? 11. What are the requirements of a reliable service? 7. so the total time required for a segment to travel to the destination and an acknowledgement Anna University Chennai 48 . the delay at each router depends on traffic. Here the issue is how long the sender has to wait before going for retransmission.1 Basic timer management algorithm The basic idea in retransmission is the sender has to wait for certain amount of time before choosing the option of retransmission. Even though retransmissions consume considerable bandwidth. 1. If the timer expires before data in the segment has been acknowledged. Thus. Identify the various states in the process of connection establishment and connection release. 5. 4. TCP expects the destination to send acknowledgements whenever it successfully receives new octets from the data stream.

g. to weight the old average against the latest round trip sample as shown in equation in 1. if β = 1. TCP monitors the performance of each connection and deduces reasonable value for timeouts. For example. and made the timeout greater than the current round trip estimate as shown in equation 1. TCP uses an adaptive retransmission algorithm that monitors delays on each connection and adjusts its timeout parameter accordingly.2) Choosing a value for β can be difficult. On one hand.. which wastes network bandwidth.. Choosing a value for á close to 0 makes the weighted average respond to changes in delay very quickly. to detect packet loss quickly. one early averaging technique used a constant weighting factor. Early implementations of TCP used a constant weighting factor. TCP is overly eager – any small delay will cause an unnecessary retransmission. Timeout = β * RTT (1.. To accommodate the varying delays encountered in an internet environments.DIT 116 NETWORK PROTOCOLS to return to the source varies dramatically from one instant to the other. When it sends a packet. To collect the data needed for an adaptive algorithm. TCP records the time at which each segment is sent and the time at which an acknowledgement arrives for the data in the segment. Usually. where 0 d” α < 1. 49 Anna University Chennai . more recent work described below has produced better techniques for adjusting timeout.1. RTT = (α * Old_RTT)+ (( 1 – α) * New_Round_Trip_Sample) (1. As the performance of a connection changes.2. it adapts to the change). β (β > 1). the timeout value should be close to the current round trip time (i. a single segment that encounters long delay). In essence. TCP computes a timeout value as a function of the current round trip estimate.e. β should be close to 1). Detecting packet loss quickly improves throughput because TCP will not wait an unnecessarily long time before retransmitting. as a weighted average and uses new round trip samples to change the average slowly. TCP revises its timeout value (i. If we measure the round trip time of various segments transmitted over a period of time. we can observe the considerable variation in the RTT. α. TCP computes an elapsed time known as a sample route trip time or round trip sample. TCP must be able to accommodate these wide variations in RTT and time out at the appropriate time. when computing a new weighted average. TCP accommodates varying internet delays by using an adaptive retransmission algorithm.e. Hence.1) NOTES Choosing a value for á close to 1 makes the weighted average immune to changes that last a short time (e. TCP software stores the estimated round trip time RTT. Whenever it obtains a new round trip sample. On the other hand. TCP adjusts its notion of the average round trip time for the connection. From the two times. The original specification setting β = 2.

35 explain the consequences of wrong estimation. If an acknowledgement arrives after one or more retransmissions. The next time TCP sends a segment.34. Guessing wrong can seriously contaminate the estimate of RTT.2 Refinements in the basic timer mechanism One problem that occurs with the dynamic estimation of RTT is what to do when a segment times out and sends again. it is unclear whether the acknowledgement refers to the first transmission or a later one. TCP will measure the round trip sample from the original transmission.35. and compute a new RTT using the excessively long sample. When the acknowledgement comes in. Associating the ACK with retransmission The above two figures reveal the fact that associating the acknowledgement with the original transmission can make the estimated round trip grow without bound in cases where an internet loses datagrams. Thus. RTT will grow slightly. Associating the ACK with original transmission Figure 1. the larger RTT will result in slightly Anna University Chennai 50 . Figure 1. Figures 1.34 and 1.DIT 116 NETWORK PROTOCOLS NOTES 1.10.

3. Unfortunately. a simplistic implementation of Karn’s algorithm. what should TCP do? The accepted answer is simple: TCP should not update the round trip estimate for retransmitted segments. When TCP sends a segment. Associating the acknowledgement with the most recent retransmission can also fail. and set the new value as shown in equation 1.DIT 116 NETWORK PROTOCOLS longer timeouts. such that the correct round trip is slightly longer than some multiple of T. known as Karn’s Algorithm. and so on. the next sample round trip time will be even larger. one that merely ignores times from retransmitted segments. which is now too small. Ultimately. Implementations of TCP that associate acknowledgements with the most recent retransmission have been observed that TCP sends each segment exactly twice even though no loss occurs. avoids the problem of ambiguous acknowledgements altogether by only adjusting the estimated round trip for unambiguous acknowledgements (acknowledgements that arrive for segments that have only been transmitted once). The backoff technique computes an initial timeout using a formula like the one shown. If TCP ignores acknowledgements from retransmitted segments. Consider what happens when TCP sends a segment after a sharp increase in delay. it will never update the estimate and the cycle will continue. Consider what happens when the end-to-end delay suddenly increases. but the increase in delay means the timer expires before the acknowledgement arrives. the estimated round trip time can stabilize at a value T. and TCP retransmits the segment. 51 NOTES Anna University Chennai . To accommodate such failures. if the timer expires and causes a retransmission. Shortly after TCP retransmits. RTT.Implementations use a variety of techniques to compute backoff. However. 1. TCP computes a timeout using the existing round trip estimate. TCP increases the timeout (to keep timeouts from becoming ridiculously long. Karn’s algorithm requires the sender to combine retransmission timeouts with a timer backoff strategy. most implementations limit increases to an upper bound that is larger than the delay along any path in the internet). . Most choose a multiplicative factor. and so if an acknowledgement arrives after one or more retransmission. the first acknowledgement arrives and is associated with the retransmission. it uses the old round trip estimate to compute timeout.3 Karn’s Algorithm and Timer Backoff If the original transmission and the most recent transmission both fail to provide accurate round trip times. as well. The round trip sample will be much too small and will result in a slight decrease of the estimated round trip time.10. lowering the estimated round trip time guarantees that TCP will set the timeout too small for the next segment. can lead to failures. The segment arrives and an acknowledgement starts back. Of course. The timeout will be too small for the new delay and will force retransmission. The idea.

(It has been argued that values of  less than 2 lead to instabilities). 2. TCP recomputes. Karn’s algorithm separates computation of the timeout value from the current round trip estimate. What is the basis for providing reliability in TCP? When does TCP decide to retransmit a segment? What are the difficulties in measuring RTT? How RTT and Timeout are are estimated in the original implementation of TCP? What is the suggestion proposed by Karn to improve the measurement of RTT? 52 Anna University Chennai . and retain the timeout value from a retransmitted packet for subsequent packets until a valid sample is obtained. It uses the round trip estimate to compute an initial timeout value. ρ is a fraction between 0 and 1 that controls how quickly the new sample affects the round trip timeout. TCP chooses δ and ρ to each be an inverse of a power of 2.DIT 116 NETWORK PROTOCOLS NOTES New_timeout = γ * timeout (1. the round trip estimate and resets the timeout accordingly. 4. 1. Experience shows that Karn’s algorithm works well even in networks with high packet loss. δ is a fraction between 0 and 1 that controls how quickly the new sample affects the weighted average. scales the computation by 2n for an appropriate n. When it sends subsequent segments.3) Typically. 5. When computing the round trip estimate. Other implementations use a table of multiplicative factors.10.Old_DEV) Timeout = Smoothed_RTT + η * DEV (1.6) (1.5) (1. and to use the estimated variance in place of the constant .4 Jacobson/Karels Algorithm Jacobson and Karels suggested that the TCP implementations should estimate both average round trip time and the variance. DIFF = SAMPLE – Old_RTT Smoothed_RTT = Old_RTT + δ*DIFF DEV = Old_DEV + ρ (|DIFF| . Karn’s algorithm combines the backoff technique with round trip estimation to solve the problem of never increasing round trip estimates. Have you understood? 1. but then backs off the timeout on each retransmission until it can successfully transfer a segment. To make the computation efficient. Estimation of timeout period involves the following the set of equations. it retains the timeout value that results from backoff. Generally speaking. when an acknowledgement arrives corresponding to a segment that did not require retransmission.7) where DEV is the estimated mean deviation. when an internet misbehaves. ignore samples that correspond to retransmitted segments. but use a backoff strategy. and uses integer arithmetic. allowing arbitrary backoff at each step. 3.  is 2. Finally.4) (1.

In the worst case.4) 53 Anna University Chennai .DIT 116 NETWORK PROTOCOLS 1. but transport protocols like TCP can help to avoid congestion by reducing transmission rates automatically whenever delays occur. If unchecked. the total number of datagrams arriving at the congested router grows until the router reaches capacity and starts to drop datagrams. However the fact is. delays increase and the router begins to enqueue datagrams until it can route them. To them. TCP entity at the sender has to decide the sending rate as shown in equation 1. They are related and can be implemented easily. until the network becomes useless. it may appear that only flow control is an end to end issue and congestion control is an issue of the network. To avoid congestion.g. at routers). there is no preallocation of resources to individual TCP connections). called the congestion window limit or congestion window that it uses to restrict data flow to less than the receiver’s buffer size when congestion occurs. Hence TCP has the provision to react to the problems caused by congestion in the network. Retransmission aggravates congestion instead of alleviating it.4. Congestion is a condition of severe delay caused by an overload of datagrams at one or more switching points (e.. Allowed_window = min (receiver_advertisement. Hosts do not usually know the details of where congestion has occurred or why. algorithms to avoid congestion must be constructed carefully because even under normal operating conditions an internet will exhibit wide variation in round trip delays. If steps are not taken to control congestion. To avoid congestion collapse. and so on. Of course.. To control congestion TCP maintains a second limit. Such a condition is referred as congestion collapse. the TCP standard now recommends using two techniques: slow-start and multiplicative decrease. the increased traffic will produce increased delay. We said that for each connection. Routers watch queue lengths and use techniques like ICMP source quench to inform hosts that congestion has occurred. TCP must remember the size of the receiver’s window (i. congestion simply means increased delay.e. leading to increased traffic. congestion_window) (1. most transport protocols use timeout and retransmission. the buffer size advertised in acknowledgements). When congestion occurs. Unfortunately. in a datagram based internet. TCP must reduce transmission when congestion occurs. so they respond to increased delay by retransmitting datagrams.e.11 CONGESTION CONTROL BEHAVIOR OF TCP NOTES If we look at the operation of networks superfluously. We must remember that each router has finite storage capacity and that datagrams compete for that storage (i.. the network may reach a state in which the network will not be able to deliver any datagrams to the destination. a network can be relieved of congestion only if the end systems react to the indication of congestion given by the subnet.

congestion avoidance. Because TCP reduces the congestion window by half for every loss. When the acknowledgement arrives. it increases the congestion window to 2. When the two acknowledgements arrive they each increase the congestion window by 1. Have you understood? 1. For those segments that remain in the allowed window. the start is not very slow. TCP reduces the volume of traffic exponentially and the rate of retransmission exponentially. it takes only log2N round trips before TCP can send N segments. it decreases the window exponentially if loss continues. if congestion is likely. Acknowledgements for those will increase the congestion window to 8. The idea is to provide quick and significant traffic reduction to allow routers enough time to clear the datagrams already in their queues. To estimate congestion window size. TCP follows a technique called slow-start to scale up transmission. TCP can send 16 segments. 2. and waits. and exponential timer backoff improve the performance of TCP dramatically without adding any significant computational overhead to the protocol software. sends two segments. slow start. List down the factors that affect the data transmission rate of a host. sends an initial segment. Even for extremely large windows. so TCP can send 4 segments.DIT 116 NETWORK PROTOCOLS NOTES In the steady state on a non-congested network. Reducing the congestion window reduces the traffic TCP will inject into the connection. What is the size of effective window in congestion control? Anna University Chennai 54 . Multiplicative decrease algorithm reduces the congestion window by half (down to a minimum of atleast one segment). and waits. the congestion window is the same size as the receiver’s window. TCP eventually limits transmission to a single datagram and continues to double timeout values before retransmitting. Whenever starting traffic on a new connection or increasing traffic after a period of congestion. To recover from the congestion. Versions of a TCP that uses these techniques have improved the performance of previous versions by factors of 2 to 10. the retransmission timer is backed of exponentially. TCP assumes that most datagram loss come from congestion and uses the multiplicative decrease algorithm. Slow-start avoids swamping the internet with additional traffic immediately after congestion clears or when new connection suddenly starts. If the loss continues. often enough to reach the receiver’s window limit. multiplicative decrease. start the congestion window at the size of a single segment and increase the congestion window by one segment each time an acknowledgement arrives. TCP initializes the congestion window to 1. In other words. additive increase. measurement of variation. Taken together. Within four round trip times. The term slow-start may be a misnomer because under ideal conditions.

12 What is meant by slow start? What is meant by additive increase and multiplicative decrease in TCP congestion control? CONGESTION-CONTROL MECHANISMS IN NETWORK LAYER NOTES Congestion can occur in the network due to many reasons. The most important interaction between IP implementation policies and TCP occurs when a router becomes overrun and drops datagrams. which reduces throughput until TCP begins receiving ACKs and increases the congestion window. the loss causes TCP to enter slow-start. Congestion control policies employed in each of these layers have impact over the other layer and hence the overall performance of the network. it becomes necessary to know the details about other layers to implement a particular layer efficiently. Network layer is responsible for taking steps to control congestion in the network and transport layer is responsible at the end systems. Because a router places each incoming datagram in a queue in memory until it can be processed.DIT 116 NETWORK PROTOCOLS 3. In this section. In the simple case where datagrams traveling through a router carry segments from a single TCP connection. Tail-drop has an interesting effect on TCP. Especially. the queue increases. we are going to discuss about few congestion-control mechanisms employed in the network layer. However. because memory is finite. we discussed about the TCP congestion control algorithm through which the hosts are made to adjust their sending rate. However. 1. the queue cannot grow without bound. We will present the problem of congestion in two different angles. discard the datagram. There are many possible reasons for congestion in this scenario. 4.12. 55 Anna University Chennai . Some routers might have failed or datagrams arriving through different input lines may demand the same outgoing line. In the previous section. The conclusion is congestion can be caused either by end systems or by the network. the congestion control or congestion avoidance algorithms followed in the network layer has tremendous impact over the performance of TCP. 1. hosts are generating data at normal rate. When datagrams arrive faster than they can be forwarded. A more severe problem can occur. however the network is not able to deliver the datagrams properly. Tail drop refers to a policy in which if the input queue is filled when a datagram arrives.1 Tail Drop Policy Even though layers function in isolation of each other except in terms of the interface. certain hosts generate data at excessive rates and the network is not able to accommodate them. the policy focuses on queue management. however. Second. First. network functions properly and tries its best to deliver the datagrams. Early router software used a tail-drop policy to manage queue overflow.

discard the new datagram. Thus. Otherwise. RED does not discard any datagrams...DIT 116 NETWORK PROTOCOLS NOTES when the datagrams traveling through a router carry segments from many TCP connections because tail-drop can cause global synchronization. a new value of p is computed for each datagram. p. (i. RED can cause the same global oscillations as tail-drop. The key to making RED work well lies in the choice of the thresholds Tmin and Tmax. and the discard probability p. A router that implements RED uses two threshold values to mark positions in queue: Tmin and Tmax. observe that all RED processing can be viewed probabilistically. When the queue size is less than Tmin. 1. making the discard probability 1. Random Early Discard tries to sense congestion and avoid it through early warnings.3 Random Early Discard (RED) It is better to avoid congestion occurrence rather than permitting the congestion to occur and then to control. Instead of using a constant. making the discard probability 0. with successive datagrams each coming from a different source. the probability can vary from 0 to 1 linearly. those between Tmin and Tmax ). Computation of the discard probability. The general operation of RED can be described by three rules that determine the disposition of each arriving datagram:  If the queue currently contains fewer than Tmin datagrams.e. Other abbreviations for RED are Random Early Drop. when the queue size is greater than Tmax . Tmin must be large enough that the output link has high utilization. A simple tail drop policy permits congestion to occur and once the queues become full.g. To understand the scheme.  If the queue contains more than Tmax datagrams. the value must be greater than Tmin by more than the typical increase in queue size during one TCP round trip time (e. randomly discard the datagram according to a probability.  In the queue contains between Tmin and Tmax datagrams. The randomness of RED means that instead of waiting until the queue overflows and then driving many TCP connections into slow-start. datagrams are lost. The simultaneous loss causes all N instances of TCP to enter slow-start at the same time. Furthermore. because RED operates like tail-drop when the queue exceeds Tmax. set Tmax at least twice as large as Tmin). a router slowly and randomly drops datagrams as congestion increases. add the new datagram to the queue. Similarly. Anna University Chennai 56 . a tail-drop policy makes it likely that the router will discard one segment from N connections rather than N segments from one connection. RED discards all datagrams. observe that datagrams are typically multiplexed. To see why. for intermediate values of queue size. or Random Early Detection. p. is the most complex aspect of RED.12. the value depends on the relationship between the current queue size and the thresholds.

resulting in a taildrop policy which has the potential to cause global synchronization problems. The value of avg is an exponential weighted average.. Thus. How can RED assign a higher discard probability as the queue fills without discarding datagrams from each burst? The answer lies in a technique borrowed from TCP. a change must be made to avoid overreacting.DIT 116 NETWORK PROTOCOLS Although the linear scheme forms the basis of RED’s probability computation. Of course. a router should not drop datagrams unnecessarily because doing so has a negative impact on TCP throughput. it makes sense to measure the queue in octets rather than in datagrams. they have lower probability of being dropped.5. avoids the synchronization that results from tail drop. For example. In particular. if a (large) data segment does arrive. One positive consequence of using size is that when acknowledgments travel over a congested path.g. RED computations can be made extremely efficient by choosing constants as powers of two and using integer arithmetic. In addition to equations that determine . Both analysis and simulations show that RED works well. it is unwise to drop datagrams because the queue will never overflow. those that carry file transfer traffic). because the time required to forward a datagram is proportional to its size. instead of using the actual queue size at any instant. the average will track long term trends. Small data grams (e. the sending TCP will receive the ACK and will avoid unnecessary transmission. It handles congestion. avg. Measuring queue size in octets affects the type of traffic dropped because it makes the discard probability proportional to the amount of data a sender puts in the stream rather than the number of segments. which affects both the RED computation and its overall effect on TCP. If γ is small enough. if a burst is short.5) NOTES where γ denotes a value between 0 and 1. doing so requires only minor changes to the equations for p and ã. However. but will remain immune to short bursts. As a result. 57 Anna University Chennai . The need for the change arises because network traffic is bursty. If RED used a simplistic linear scheme. and uses the average size to determine the probability. which results in rapid fluctuations of a router’s queue.g. those that carry remote login request to servers) have lower probability of being dropped than large data grams (e. RED contains other details that we have glossed over. and allows short bursts without dropping datagrams unnecessarily. The IETF now recommends that routers implement RED. updated each time a datagram arrives according to the equation 1. later datagrams in each burst would be assigned high probability of being dropped (because they arrive when the queue has more entries). RED computes a weighted average queue size.γ ) * Old_avg + γ * Current_queue_size (1. RED cannot postpone discard indefinitely because a long-term burst will overflow the queue. Another important detail concerns the measurement of queue size. avg = (1.

multiplexing and demultiplexing. UDP datagram format is shown in figure 1. electronic mail. Anna University Chennai 58 .36 UDP datagram format UDP was used rarely in the early days of the Internet. UDP does not take care of the issues like out of order delivery of datagrams.13 USER DATAGRAM PROTOCOL The discussion about the transport layer is not complete if another protocol of the transport layer by name User Datagram Protocol (UDP) is not discussed. flow control. 4. Applications in which late data is worse than bad data use UDP as the transport layer protocol. Compared with TCP. Figure 1. UDP is considered as a light weight protocol since the functions performed by UDP are limited. The reason for these conventional applications of the Internet like file transfer. Justify this statement. What type of applications prefers UDP over TCP? 2. they may not be able to satisfy the timing requirements of the users. If the applications decide that reliability is not required or they themselves can implement it to the desired level. UDP takes care of the basic end to end issues like fixing the end points for communication. web are errorsensitive applications and they expect reliability from the transport layer which can be provided by TCP only. If multimedia applications follow TCP in the transport layer.36.DIT 116 NETWORK PROTOCOLS NOTES Have you understood? 1. Have you understood? 1. Recently UDP has gained significance due to the emergence of multimedia applications in the Internet. Whether cooperation is required between the end systems and the network in congestion control? What is meant by FCFS scheduling in routers? What is meant by drop tail policy? What are the advantages of RED scheme? 1. 3. UDP is a light weight protocol compared to TCP. then a sophisticated protocol like TCP is not required. duplicate packets. Multimedia applications are delay-sensitive applications rather than error-sensitive applications. error control and congestion control. we can say that in multimedia applications. 2. late data is worse than bad data. In other word. Hence they choose light weight UDP rather than heavy weight TCP.

3 and 4 (R1 already knows about network 1 because it has a direct connection to it). Note that. Due to the inclusion of NSFNET into the Internet. If a pair of autonomous system agrees to exchange routing information. a dual core architecture was introduced in which the ARPANET and the NSFNET were the core networks and other networks were organized as the secondary networks. a group of networks and routers control by a single administrative authority is called an autonomous system (AS). R3. In this material. it has evolved through four (quite different) versions. propagating. To handle the traffic effectively. Known as the Border Gateway Protocol (BGP).DIT 116 NETWORK PROTOCOLS 1. and R4 fall under control of one administrative authority. which gives raised to the formal name of the current version: BGP-4. even the dual core architecture was not able to manage the Internet effectively. each must designate a router that will speak BGP on its behalf. Initially. because routers R2. under the definition. that authority has to guarantee that internal routes remain consistent and viable.14 AUTONOMOUS SYSTEMS NOTES The Internet is a network of networks. Each change in routing protocol within the core autonomous system was made without affecting the routers in other autonomous system. that authority can arrange to have R3 advertise networks 2. In figure 1. the term BPG refers to BGP-4 by default. Furthermore. as more and more networks were connected to the Internet. Hence the Internet follows an architecture based on Autonomous Systems. However. Because the networks and routers fall under a single administrative authority. the two routers are said to become BGP peers of one another. validating and checking the consistency of routes. Each AS is under the control a single administration authority. Currently a single exterior protocol is used in most TCP/IP internets. An Autonomous System (AS) is a collection of IP networks and routers under the control of one entity (or sometimes more) that represents a common routing policy in the Internet.37. Because a router speaking BGP must communicate with a 59 Anna University Chennai . the administrative authority can choose one of its routes to serve as the machine that will appraise the outside world of networks within the organization. 1. the Internet followed a single core architecture in which the ARPANET was the core and all other networks were considered as secondary networks.14. it is necessary to organize these networks properly. For Purposes of routing.1 An Exterior Gateway Protocol Computer scientists use the Exterior Gateway Protocol (EGP) to pass routing information between two autonomous systems. Each version is numbered. Routers within an autonomous system are free to choose their own mechanism for discovering. the original internet core routers formed an autonomous system.

DIT 116

NETWORK PROTOCOLS

NOTES

peer in another autonomous system, it makes sense to select a machine that is near the “edge” of autonomous system. Hence, BGP terminology calls the machine a border gateway or border router. Conceptual illustration of two routers, R1, and R2 using BGP to advertise networks in their autonomous system after collecting the information from other routers internally. An organization using BGP usually chooses a router that is close to outer “edge” of the autonomous system. In figure 1.37, router R1 gathers information about networks in autonomous system 1 and reports that information to R2 using BGP, while router R2 reports information from autonomous system 2.

Backbone Network

R1

R2

Rn

AS1

AS2

ASn

Figure 1.37 Internet with Autonomous Systems

1.14.2 BGP Characteristics BGP is unusual in several ways. Most important, BPG is neither a pure distance vector protocol nor a pure link state protocol. It can be characterized by the following features. Inter-Autonomous System Communication Because BGP is designed as an exterior gateway protocol, its primary role is to allow one autonomous system to communicate with another. Coordination Among Multiple BGP Speakers If an autonomous system has multiple routers each communicating with a peer in an outside autonomous system, BGP can be used to coordinate among routers in the set to guarantee that they all propagate consistent information. Propagation of Reachability Information BGP allows an autonomous system to advertise destinations that are reachable either in or through it, and to learn such information from another autonomous system.
Anna University Chennai 60

DIT 116

NETWORK PROTOCOLS

Next-Hop Paradigm Like distance-vector routing protocol, BGP supplies next-hop information for each destination. Policy Support Unlike most distance-vector protocol that advice exactly the routes in the local routing table, BGP can implement policy that the local administrator chooses. In particular, a router running BGP can be configured to distinguish between the set of destination reachable by computers inside its autonomous system and the set of destination advertised to other autonomous system. Reliable Transport BGP is unusual among protocols that pass routing information because it assumes reliable transport. Thus, BGP uses TCP for all communication. Path Information In addition to specifying destinations that can be reached and a next-hop for each, BGP advertisements include path information that allows the receiver to learn a series of autonomous system along a path to the destination. Incremental Updates To conserve network bandwidth, BGP does not pass full information in each update message. Instead, full information is exchanged once, and then successive messages carry incremental changes called deltas. Support For Classless Addressing BGP supports an addressing scheme in which rather than expecting address to be self-identifying, the protocol provides a way to send a mask along with each addresses. Route Aggregation BGP conserves network bandwidth by allowing a sender to aggregate route information and send a single entry to represent multiple, related destinations. Authentication BGP allows a receiver to authenticate messages (i.e., verify the identity of a sender).

NOTES

61

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

Have you understood? 1. 2. 3. 4. What is an Autonomous System? Differentiate between interior gateway protocols and exterior gateway protocols. Give an example for exterior gateway protocol. Is RIP an exterior gateway protocol or interior gateway protocol? Justify your answer.

Summary 1. A network is an interconnection of computers in which computers are able to exchange information among themselves and the master/slave relationship is excluded. When a set of networks are connected together, the resultant network is called an internetwork. The short form of internetwork is internet. i in lower case refers any generic internet and I in uppercase refers the specific world wide Internet. TCP/IP reference model was designed and developed from the beginning itself by keeping internetworking in mind. The underlying network is a packet switched network in which different datagrams may be forwarded through different routes. Packet switched networks are more suitable for data communication than the circuit switched networks. The internet layer of TCP/IP reference model provides an unreliable, connectionless datagram delivery system in which datagrams may arrive out of order, some datgarams may be duplicated and some datgrams may be lost. Routing is the process of forwarding the datagram from the source to the destination through intermediate routers with the help of the routing tables maintained at the routers. IP is a forwarding protocol which has the required headers to hide the implementation details of the underlying network technologies from the higher layers. When a datagram is in transit, only the headers are examined and the payload or the data is not examined. Hence IP in its original form is not able to provide differentiated services to the users. RIP and OSPF are the routing protocols that are responsible for the creation and maintenance of routing tables at the routers by exchanging the topological information among the routers. The routing tables built by these tables are used by IP to forward the datagrams. Various types of routing are static routing, dynamic routing, next hop routing, table driven routing, multicast routing etc. The transport layer of the TCP/IP reference model provides the reliability by taking measures to overcome the limitations of the internet layer.

2.

3. 4.

5.

6.

7. 8.

9.

10. 11.

Anna University Chennai

62

DIT 116

NETWORK PROTOCOLS

12.

13.

14.

15.

16.

17.

18.

19. 20.

21.

22.

Transport layer has two protocols by name TCP and UDP. TCP provides a reliable stream oriented service and UDP provides an unreliable message oriented service. TCP employs suitable error control, flow control and congestion control algorithms to provide the reliability. These algorithms require considerable time and resources and as a result TCP is called as a heavy weight protocol. UDP is preferred by the delay sensitive application since it is a light weight protocol in comparison with light weight protocol. UDP is chosen as the transport layer protocol where late data is worse than bad data. The basic mechanism in TCP to provide reliability is retransmission. After sending a segment, the TCP entity on the source waits for acknowledgement for some amount of time, then times out and retransmits the segment. TCP follows a weighted average scheme to estimate the RTT and timeout period in a better way. TCP estimates RTT over a period of time and does not take the values at a particular instant. TCP follows the techniques like slow start, additive increase and multiplicative decrease to control the sending rate of the source in reaction to the congestion indication from the network. TCP employs a three way handshake protocol to establish the connection. A three way handshake is required and sufficient to overcome the limitations of internet layer in establishing a TCP connection. TCP provides a full duplex connection and connection in one direction can be closed and still connection in another direction can continue to send segments. An Autonomous System is a single network or a collection of networks maintained by a single authority. Initially the Internet followed single core architecture and then moved to the dual core architecture. Because of the limitations of these architectures, the Internet right now follows the Autonomous System architecture. An interior gateway protocol is one which is used to exchange the routing information within an autonomous system. It can not exchange the routing information across the autonomous systems. An exterior gateway protocol can exchange the routing information between the autonomous systems.

NOTES

Exercises 1. 2. 3. Whether data link layer and physical layer are present in TCP/IP reference model? Justify your answer. What are the steps followed in a router in routing a datagram? How are the fields IDENTIFICATION, FLAGS and FRAGMENT OFFSET of IP header are used in the process of fragmentation and reassembly?

63

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

4.

5. 6.

7. 8.

Find the class of each of the following IP addresses. a. 227.12.14.87 b. 193.14.56.22 c. 14.23.120.8 d. 252.5.15.111 e. 134.11.78.56 Must the loopback address be 127.0.0.1? An organization is granted a block of addresses with the beginning address 14.24.74.0/24. There are 232-24=256 addresses in this block. The organization needs to have 11 subnets as shown below: a. Two subnets, each with 64 addresses. b. Two subnets, each with 32 addresses. c. Three subnets, each with 16 addresses. d. Four subnets, each with 4 addresses. Design the subnets. For what type of datagrams ICMP error messages will not be generated? The values of the parameters in timestamp-request and timestamp-reply messages are as follows. Original Timestamp: 46 ms Receive Timestamp: 59 ms Transmit Timestamp:60 ms Return Time:67ms Find out the values of sending time, receiving time, round-trip time and time difference. If the TCP round-trip time, RTT, is currently 30msec and the following acknowledgments come in after 26, 32, and 24 msec, respectively, what is the new RTT estimate using Jacobson algorithm? Use =0.9. Is slow start of AIMD congestion control algorithm really slow? Justify your answer.

9.

10.

Answers 1. Data link layer and physical layer are present in the TCP/IP reference model. However, unlike the specifications of ISO/OSI reference model TCP/IP does not explain about these two layers in detail. It just points out that the host has to connect to the network using some protocol so it can send IP packets to it. Hence the name network access layer or host-to-network layer is used to refer both data link layer and physical layer in TCP/IP reference model.

Anna University Chennai

64

74.74. 127. If prefix portion the destination IP address matches address of any directly connected network. The IDENTIFICATION field is neede to allow the destination host to determine which datagram a newly arrived fragment belongs to.7.56.24. there is a maximum of 8192 fragments per datagram. i. b. NOTES 3.74.12. Extract the destination IP address of the datagram.z can be used as loopback address. The FRAGMENT OFFSET tells where in the current datagram this fragment belongs. d.y. conventionally in many of the organizations. route the datagram to the specified next hop address.64/26 14.87 – Class D (Since first byte is 227 (between 224 and 139)) 193. a. loopback address is always specified as 127.78. Actions taken by a router as soon as it receives a datagram in the process of routing are as follows.56 – Class B (Since first byte is 134 (between 128 and 191)) 5. c. iv.14. . Perform the bitwise-and of the destination IP address and the subnet mask.0. e.128/27 14.111 – Class D (Since first byte is 252 (between 240 and 255)) 134. a.24.23.4.0. Hence addresses of the form 127. 4.10.DIT 116 NETWORK PROTOCOLS 2. Since 13 bits are provided.24. According to IPv4 addressing scheme any IP address of the form 127. However.74. MF stands for more fragments. DF bit of the flags is an order to the routers not to fragment the datagram because the destination is incapable of putting the pieces back together again.8 – Class A (Since first byte is 14 (between 0 and 127)) 252.536 bytes. All fragments except the last one have this bit set. the elementary fragment unit.9. It is needed to know when all fragments of a datagram have arrived. All fragments except the last one in a datagram must be a multiple of 8 bytes. 14. All the fragments of a datagram contain the same identification value. If a match does not occur perform the following steps fro every entry in the routing table. ii.15.22 – Class C (Since first byte is 193 (between 192 and 223)) 14. iii.14. declare a routing error. If no matches were found.6.11. Need not be. one more than the TOTAL LENGTH field.120.24. b. send the datagram to the destination over that network.24. 227.0/26 14.5.1.160/27 14.7 etc can be used as loopback addresses.5.192/28 64 addresses 64 addresses 32 addresses 32 addresses 16 addresses 65 Anna University Chennai 6.x. If the result of the above operation equals the network address field of the entry. giving a maximum datagram length of 65.

14. RTT= RTT + (1.2 10. (each with 4 addresses) i.α) * M RTT = 30 + (1-0. 8.244/30 4 addresses 14.6 + (1-0.74.24.0. It has been given the name slow start in comparison with the original congestion control algorithm in which the size of the congestion window was set to the maximum possible window directly. No ICMP error messages will be generated in response to a datagram carrying an ICMP error message.252/30 4 addresses We use the first 128 addresses for the first two subnets. No ICMP error message will be generated for a datagram having a special address such as 127. No ICMP error message will be generated for a datagram having a multicast address.74. No ICMP error message will be generated for a fragmented datagram that is not the first fragment.208/28 16 addresses 14.9) * 24 = 38.8 + (1-. i. Given parameters are (all in milliseconds) Original timestamp:46 Receive timestamp:59 Transmit timestamp:60 Return time:67 Sending time = 59-46=13 ms Receiving time = 67-60=7 ms Round-trip time=13+7=20ms Time difference = receive timestamp – (original timestamp field + one way time duration) =59-(46+10)=3 ms 9. 66 Anna University Chennai .0.6 RTT = 32. It is exponential because the congestion window keeps growing exponentially until either a timeout occurs or the receiver’s window is reached. ii.0.DIT 116 NETWORK PROTOCOLS NOTES 7.248/30 4 addresses 14.24.24.24.0.0 or 0.224/28 16 addresses 14. Slow start of Additive Increase and Multiplicative Decrease of TCP congestion control is not slow at all.0.24. iii.8 RTT = 35. (each with 32 addresses) We use the next 48 addresses for the next three subnets.24.240/30 4 addresses 14.74.9) * 26 = 32. (each with 64 addresses) We use the next 64 addresses for the next two subnets.74.9) * 32 = 35.74.74.(each with 16 addresses) We use the next 16 addresses for the next four subnets.

Every machine on the internet should have an address (IP address). But in fact. to provide useful services to the customers. TCP of the transport layer hides all the limitations of the network to the users and provides a reliable service.2            LEARNING OBJECTIVES To understand the ideas and features of multicasting To learn the functional components of multicasting To study about IP multicast addresses To discuss about the scope and delivery of multicasting To learn the multicast group management To introduce multicast routing paradigms and routing protocols To learn about mobile hosts To learn about the agents required to support mobile hosts To study about tunneling in mobile hosts To understand the importance of uniqueness of IP addresses To study about the protocols involved in the assignment of IP addresses 67 Anna University Chennai . the basic requirement for the communication to take place is addresses.1 INTRODUCTION IP is the glue that holds the entire internet together and accomplishes the Himalayan task of forwarding the datagram from a source which may be in one continent to a destination that may be in other continent and is supported by ICMP to indicate the source about the possible errors that would have arisen in the delivery of datagrams. Moreover. these protocols alone are not sufficient. The basic mode of communication provided by IP is one to one. the end systems can be mobile also.2 2. However. many applications involve one sender and multiple receivers and for such applications IP has to provide the multicasting capability. Especially the task of IP is not as simple as that of mere forwarding as we have discussed in Unit I. However. Whether unicast or multicast or stationary hosts or mobile hosts. Hence it becomes necessary for IP to accommodate roaming hosts also. 2. The issue is how to assign the addresses to the hosts dynamically and effectively. IP in its original form assumes that the hosts are stationary.DIT 116 NETWORK PROTOCOLS NOTES UNIT . This unit gives an idea about all these issues and the corresponding solutions.

The system administrator manually assigns and tracks IP addresses for each computer. Since this is a Layer 2 address. Servers should be assigned a static IP address so workstations and other devices will always know how to access needed services. Other devices that should be assigned static IP addresses are network printers.3 OBTAINING IP ADDRESSES A network host needs to obtain a globally unique address in order to function on the Internet. Communications between two LAN segments have an additional task. the router does not use it to forward outside the LAN. printer. identifying the host within the local area network.1. Consider how difficult it would be to phone a business that changed its phone number every day. Both the IP and MAC addresses are needed for both the destination host and the intermediate routing device. infrequently changing networks. TCP/IP has a variation on ARP called Proxy ARP that will provide the MAC address of an intermediate device for transmission outside the LAN to another Anna University Chennai 68 . There needs to be a way to automatically map IP to MAC addresses. or server on the intranet. These groups of addresses allow efficient transfer of data across the Internet. These methods are static and dynamic. application servers. This protocol is a hierarchical addressing scheme that allows individual addresses to be associated together and treated as groups.1 Address Mapping Protocols One of the major problems in networking is how to communicate with other network devices. which can automatically obtain MAC addresses for local transmission. Communications within a LAN segment require two addresses.3.3. In TCP/IP communications. no two interfaces can have the same IP address. This is possible only when there are a small number of devices to track. a datagram on a local-area network must contain both a destination MAC address and a destination IP address. 2. Network administrators use two methods to assign IP addresses. If it does not match. Static assignment works best on small. 2. Two hosts that have the same IP address could create a conflict that might cause both of the hosts involved not to operate properly. Good recordkeeping is critical to prevent problems which occur with duplicate IP addresses. The physical or MAC address that a host has is only locally significant. Different issues are raised when data is sent outside of the local area network. and routers. the datagram will be discarded by the destination host. Regardless of which addressing scheme is chosen.1 Address Resolution Protocol The TCP/IP suite has a protocol. It would be too time consuming for the user to create the maps manually. These addresses must be correct and match the destination MAC and IP addresses of the host device.DIT 116 NETWORK PROTOCOLS NOTES 2. called Address Resolution Protocol (ARP). IP addresses are the most commonly used addresses for Internet communications.

there is another process that can be used. If one of the local devices matches the IP address of the request. In this situation. When a source determines the IP address for a destination. If the request is for a different IP network. there is no response to the ARP request. the data will not pass from Layer 3 to the upper layers. The data packet is then sent out over the networking media to be picked up by the destination device. the router sends an ARP reply announcing its own hardware (physical) address. it sends back an ARP reply that contains its IP-MAC pair. it uses information provided by the ARP table. The computer that requires an IP and MAC address pair broadcasts an ARP request.DIT 116 NETWORK PROTOCOLS network segment. If the IP address is for the local area network and the computer does not exist or is turned off. a data packet must contain both a destination MAC address and a destination IP address. These are called Address Resolution Protocol (ARP) tables. After the router receives the actual IP packet. MAC addresses and IP addresses act as checks and balances for each other. After devices determine the IP addresses of the destination devices. destination IP address to destination MAC address. Some devices will keep tables that contain MAC addresses and IP addresses of other devices that are connected to the same LAN. Each device on a network maintains its own ARP table. All the other devices on the local area network analyze this request. When a network device wants to send data across the network. With TCP/IP networking. NOTES 69 Anna University Chennai . In this way. There are two ways that devices can gather MAC addresses that they need to add to the encapsulated data.2 Proxy ARP A proxy ARP is an ARP that acts on behalf of a set of hosts. it sends the packet to the appropriate host or router. If the source locates an entry in its table. ARP tables are stored in RAM memory. the address pairs populate the ARP table. it will associate the IP address to the MAC address and then uses it to encapsulate the data. Whenever a router running a proxy ARP receives an ARP request looking for the IP address of one of these hosts. Another way to get an address pair for data transmission is to broadcast an ARP request. the source device reports an error.1. where the cached information is maintained automatically on each of the devices. All stations on an Ethernet network will analyze all traffic to determine if the data is for them. It is very unusual for a user to have to make an ARP table entry manually. it then consults the ARP table in order to locate the MAC address for the destination. One way is to monitor the traffic that occurs on the local network segment. 2. they can add the destination MAC addresses to the data packets.3. Part of this process is to record the source IP and MAC address of the datagram to an ARP table. So as data is transmitted on the network. If the packet is missing either one.

A network device. RARP requests are broadcast onto the LAN and are responded to by the RARP server which is usually a router. the destination MAC address will be set to all binary 1s. Thus. a router performs a proxy ARP. to the requesting host. it may be Anna University Chennai 70 . and respond to the originating device. The MAC address for the router was learned from the ARP table by using the IP address of that router. 2.3 Reverse Address Resolution Protocol (RARP) Reverse Address Resolution Protocol (RARP) associates a known MAC addresses with an IP addresses. The router responds with the MAC addresses for those requests in which the IP address is not in the range of addresses of the local subnet. One or the other is required to have a connection outside of the local area network. The source IP address field is empty. the source initiates a process called a RARP request. In this example. RARP allows the device to make a request to learn its IP address. The source host compares the destination IP address and its own IP address to determine if the two IP addresses are located on the same segment. pass it to higher layers of the OSI model. If the feature is turned on. the source host sends the data using the actual IP address of the destination and the MAC address of the router. The source device must include both its MAC address and IP address in order for the destination device to retrieve data. Workstations running RARP have codes in ROM that direct them to start the RARP process. However. Devices using RARP require that a RARP server be present on the network to answer RARP requests. If the default gateway on the host or the proxy ARP feature on the router is not configured.DIT 116 NETWORK PROTOCOLS NOTES Routers do not forward broadcast packets. This request helps the source device to get its own IP address from a RARP server. Consider an example where a source device wants to send data to another device. Therefore. The default gateway is a host option where the IP address of the router interface is stored in the network configuration of the host.1. 2. using it requires direct access to the network hardware. If the receiving host is not on the same segment.3.3. The RARP packet format contains places for MAC addresses of both the destination and source devices. no traffic can leave the local area network. First. RARP uses the same packet format as ARP. such as a diskless workstation. Therefore. a router sends an ARP response with the MAC address of the interface. In this version of ARP. Another method to send data to the address of a device that is on another network segment is to set up a default gateway. on which the request was received. the source device knows its own MAC address but is unable to locate its own IP address in the ARP table. in a RARP request. the MAC headers and “operation code” are different from an ARP request. The broadcast goes to all devices on the network. might know its MAC address but not its IP address.2 BOOTP The RARP protocol has three drawbacks. because RARP operates at a low level.

because IP does not provide checksum for data. The reason is if B uses A’s IP address.2 BOOTP Transmission Policy BOOTP places all responsibility for reliable communication on the client. We know that because UDP uses IP for delivery. To guard against corruption.3. it accepts and processes the first. because RARP uses a computer’s hardware address to identify the machine. IP address consisting of all 1s specifies limited broadcast. 71 NOTES Anna University Chennai . As a result A will not respond to the B’s ARP request. Now the issue is whether B has to respond with A’s IP address (since B knows A’s IP address) or with the limited broadcast address. BOOTP eliminates these drawbacks to certain extent and DHCP is more dynamic and effective. although RARP requires a packet exchange between a client machine and a computer that answers its request. A does not know its IP address. This drawback is annoying on networks like an Ethernet that enforce a minimum packet size because additional information could be sent in response at no additional cost. it must broadcast its initial BOOTP request using the IP limited broadcast address. It also specifies that requests and replies should be sent with the do not fragment bit set to accommodate clients that have too little memory to reassemble datagrams. 2. Furthermore. Because A does not know B’s IP address or the IP address of the network. messages can be delayed. Suppose client machine A wants to use BOOTP to find bootstrap information including its IP address and suppose B is the server on the same physical net that will answer the request.2. BOOTP requires that UDP use checksums. the UDP datagram could arrive with some bits corrupted. IP software can accept the broadcast address even before the software has discovered its local IP address information.1 Using BOOTP to determine an IP address BOOTP uses UDP to carry messages and that UDP messages are encapsulated in IP datagrams for delivery. Third. Here the issue is how a computer can send BOOTP in an IP datagram before the computer learns its IP address.2. BOOTP solves this problem with the help of special case IP addresses.3. it cannot be used on networks that dynamically assign hardware addresses to identify the machine. broadcasting is the only solution. Second. BOOTP is also constructed to allow multiple replies. 2. On systems that do not allow programs to modify the ARP cache. The server B uses the limited broadcast address. However till the BOOTP reply reaches A.DIT 116 NETWORK PROTOCOLS difficult or impossible for an application programmer to build a server. the reply contains only one small piece of information: the client’s 4 octet address. Therefore B has only two alternatives: either broadcast the reply or use the information from the request packet to manually add an entry to its ARP cache. lost. delivered out of order. or duplicated. B’s network interface software has to use mechanisms like ARP to find out A’s MAC address.

DIT 116

NETWORK PROTOCOLS

NOTES

To handle datagram loss, BOOTP uses the conventional technique of timeout and retransmission. When the client transmits a request, it starts a timer. If no reply arrives before the timer expires, the client must retransmit the request. Of course, after a power failure all machines on a network will reboot simultaneously, possibly overrunning the BOOTP server (s) with requests. If all clients exactly follow the same transmission timeout, many or all of them will attempt to retransmit simultaneously. To avoid the resulting collisions, the BOOTP specification recommends using a random delay. In addition, a specification recommends starting with a random type of value between 0 and 4 seconds, and doubling the timer after each retransmission. After the timer reaches a large value, 60 seconds, the client does not increase the timer, but continuous to use randomization. Doubling the timeout of each retransmission keeps BOOTP from adding excessive traffic to a congested netwok; the randomization helps avoids simultaneous transmissions. 2.3.2.3 The BOOTP Message Format To keep an implementation as simple as possible, BOOTP messages have fixed length fields, and replies have the same format as requests. Although we said that the client and servers are programs, the BOOTP protocol uses the terms loosly, referring to the machine that ends a BOOTP request as the client and any machine that sends a reply as a server. The figure 2.1 shows the BOOTP message format. Field OP specifies that the message is a request (1) or a reply (2). As in ARP, fields HTYPE and HLEN specify the network hardware type and length of the hardware address (eg Ethernet has type 1 and address length 6). The client places 0 in the HOPS field. If it receives the request and decide to pass the request on to another machine (e.g. to allow bootstrapping across multiple routers), the BOOTP server increments the HOPS counts. The TRANSACTION ID field contains a integer that diskless machines use to match responses with requests. The SECONDS field reports the number of seconds since the client started to boot. The CLIENT IP ADDRESS field and all fields following it contains the most important information. To allow the greatest flexibility, clients fill in as much information as they know and leave remaining fields set to zero. For example, if a client knows the name or address of a specific server from which it wants information, it can fill in the SERVER IP ADDRESS or SERVER HOST NAME fields. If these fields are nonzero, only the server with matching name/address will answer the request; if they are zero, any server that receives the request will reply.

Anna University Chennai

72

DIT 116

NETWORK PROTOCOLS

NOTES

Figure 2.1. The format of BOOTP message

BOOTP can be used from a client that already knows its IP address (eg to obtain boot file information). A client that knows its IP address places it in the CLIENT IP ADDRESS field; other clients use zero. If the clients IP address is zero in the request, a server returns the client’s IP address in the YOUR IP ADDRESS field. 2.3.2.4 The Two-Step Bootstrap procedure BOOTP uses a two step bootstrap procedure. It doesn’t provide client with the memory image – it only provides the client with the information needed to obtain an image. The client then uses the second protocol to obtain the memory image. While the two-step procedure may seem unnecessary, it allows a clean separation of configuration and storage. A BOOTP server doesn’t need to run on the same machine that stores memory images. In fact, the BOOTP server operates from a simple database that only knows the names of memory images. Keeping configuration separate from storage is important because it allows administrator to configure sets of machines so they act identically or independently. The BOOT FILE NAME field of a BOOTP message illustrates the concept. Suppose an
73 Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

administrator has several work stations with different architecture, and suppose that when users boot one of the workstation, they either choose to run UNIX or a local operating system. Because the set of outstation includes multiple hardware architectures, no single memory image will operate on all machines. To accommodate such diversity, BOOTP allows the BOOT FILE NAME field in a request to contain a generic name like “unix”, which means, “I want to boot the UNIX operating system for this machine”. The BOOTP server consults its configuration database to map the generic name into a specific file name it contains a UNIX memory image appropriate for the client hardware, and returns the specific (i.e. fully qualified) name in its reply. Of course, the configuration database also allows completely automatic bootstrapping in which the client places zeros in the BOOT FILE NAME field, and BOOTP selects a memory image for the machine. The advantage of the automatic approach is that it allows users to specify generic names that work on any machine; they don’t need to remember specific file name or hardware architecture. 2.3.3 Dynamic Host Configuration Protocol

BOOTP is not a dynamic configuration protocol. When a client requests its IP address, the BOOTP server consults a table that matches the physical address of the client with its IP address. This implies that the binding between the physical address and the IP address of the client already exists. The binding is predetermined. BOOTP can not handle situations like assigning a temporary IP address or changing an IP address. The Dynamic Host Configuration Protocol (DHCP) has been devised to provide static and dynamic address allocation that can be manual or automatic. The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters. The assignment occurs when the DHCP-configured machine boots up or regains connectivity to a network. The DHCP client sends out a query requesting a response from a DHCP server on the locally attached network. The query is typically initiated immediately after booting up and before the client initiates any IP based communication with other hosts. The DHCP server then replies to the client with its assigned IP address, subnet mask, DNS server and default gateway information. The assignment of the IP address generally expires after a predetermined period of time, before which the DHCP client and server renegotiate a new IP address from the server’s predefined pool of addresses. Typical intervals range from one hour to several months, and can, if desired, be set to infinite (never expire). The length of time the address is available to the device it was assigned to is called a lease, and is determined by the server. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. Administrators must usually allow access to the entire reAnna University Chennai 74

DIT 116

NETWORK PROTOCOLS

mote DHCP subnet for a particular TCP/UDP port. Most home routers and firewalls are configured in the factory to be DHCP servers for a home network. An alternative to a home router is to use a computer as a DHCP server. ISPs generally use DHCP to assign clients individual IP addresses. DHCP is a broadcast-based protocol. As with other types of broadcast traffic, it does not cross a router unless specifically configured to do so. Users who desire this capability must configure their routers to pass DHCP traffic across UDP ports 67 and 68. Home users, however, will practically never need this functionality. 2.3.3.1 IP Address Allocation Depending on implementation, the DHCP server has three methods of allocating IP-addresses:  Manual allocation, where the DHCP server performs the allocation based on a table with MAC address - IP address pairs manually filled by the server administrator. Only requesting clients with a MAC address listed in this table get the IP address according to the table.  Automatic allocation, where the DHCP server permanently assigns to a requesting client a free IP-address from a range given by the administrator.  Dynamic allocation, the only method which provides dynamic re-use of IP addresses. A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its TCP/IP software configured to request an IP address from the DHCP server when that client computer’s network interface card starts up. The request-and-grant process uses a lease concept with a controllable time period. This eases the network installation procedure on the client computer side considerably. This decision remains transparent to clients. Some DHCP server implementations can update the DNS name associated with the client hosts to reflect the new IP address. 2.3.3.2 DHCP discovery The client broadcasts on the local physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client-implementation creates a UDP packet with the broadcast destination of 255.255.255.255 or subnet broadcast address. A client can also request its last-known IP address. If the client is still in a network where this IP is valid, the server might grant the request. Otherwise, it depends whether the server is set up as authoritative or not. An authoritative server will deny the request, making the client ask for a new IP immediately. A non-authoritative server simply ignores the request, leading to an implementation dependent time out for the client to give up on the request and ask for a new IP.
75

NOTES

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

2.3.3.3 DHCP Request/Response and Acknowledgement When a DHCP server receives an IP lease request from a client, it extends an IP lease offer. This is done by reserving an IP address for the client and sending a DHCPOFFER message across the network to the client. This message contains the client’s MAC address, followed by the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer. The server determines the configuration, based on the client’s hardware address as specified in the CHADDR field. Here the server, 192.168.1.1, specifies the IP address in the YIADDR field. When the client PC receives an IP lease offer, it must tell all the other DHCP servers that it has accepted an offer. To do this, the client broadcasts a DHCPREQUEST message containing the IP address of the server that made the offer. When the other DHCP servers receive this message, they withdraw any offers that they might have made to the client. They then return the address that they had reserved for the client back to the pool of valid addresses that they can offer to another computer. Any number of DHCP servers can respond to an IP lease request, but the client can only accept one offer per network interface card. After 50% of the lease time has passed, the client will attempt to renew the lease with the original DHCP server that it obtained the lease from using a DHCPREQUEST message. Any time the client boots and the lease is 50% or more passed, the client will attempt to renew the lease. At 87.5% of the lease completion, the client will attempt to contact any DHCP server for a new lease. If the lease expires, the client will send a request as in the initial boot when the client had no IP address. If this fails, the client TCP/IP stack will cease functioning. When the DHCP server receives the DHCPREQUEST message from the client, it initiates the final phase of the configuration process. This acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the TCP/IP configuration process is complete. The server acknowledges the request and sends the acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. The exchanging of messages in DHCP is shown in figure 2.2.

Anna University Chennai

76

Figure 2. but modifies the contents and meanings of some fields.2 DHCP message exchange 2. The format for DHCP message 77 Anna University Chennai .DIT 116 NETWORK PROTOCOLS NOTES DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK DHCPREQUEST DHCPNACK DHCPRELEASE Client Server Figure 2.3.3 illustrates.3.3. DHCP uses the BOOTP message format.4 DHCP Message Format As figure 2.

each option consists of a 1. Because the DHCP request message contains the client hardware address.4. However. and the third contains the value used to identify one of the possible DHCP messages. IP is required to accept and handle any datagram sent to the IP broadcast address.3. a DHCP server can be programmed to answer BOOTP requests. DHCP interprets BOOTP’s UNUSED field as a 16-bit FLAGS field. 2. a DHCP client can request that the server send responses using IP broadcast.3. The first octet contains the code 53. the two protocols are compatible. most of the fields in a DHCP message are identical to fields in a BOOTP message.5 DHCP Options and Message Type Surprisingly. The format of the 16-bit FLAGS field in a DHCP message. To ensure IP software accepts and delivers DHCP messages that arrive before the machine’s IP address has been configured. Infact. The options field has the same format as the VENDOR SPECIFIC AREA. the second contains the length 1.5 illustrates the DHCP message type option use to specify which DHCP message is being sent. DHCP changes the meaning of two fields. A client sets the high order bit in the FLAGS field to request that the server respond using hardware broadcast instead of hardware unicast. the OP field in the DHCP message contains the same values as the OP field in a BOOTP message: the messages either a boot request (1) or a boot reply(2). figure 2. figure 2. To encode information such as the lease duration. and DHCP honors all the vendor specific information items defined for BOOTP. DHCP does not add new fixed fields to the BOOTP message format. However. DHCP uses options.DIT 116 NETWORK PROTOCOLS NOTES As the figure shows. a DHCP address normally sends its responses to the client using hardware unicast. For example.4 shows that only the high order bit of the FLAGS field has been assigned a meaning. Figure 2. it does not yet have an IP address. As in BOOTP. recall the while the client communicates with a DHCP server. the option used to specify a DHCP message type consists of exactly three octets. If a datagram arrives via hardware unicast and the destination address does not match the computer’s address. nor does it change the meaning of most fields. In particular. IP can discard the datagram.octet code field and a 1-octet length field followed by octets of data that comprise the option. Anna University Chennai 78 . As the figure shows. To understand why a client might choose a broadcast response. First. Infact.

.e. i. Some other popular examples that involve one sender and multiple receivers are updating replicated.. If a given message does not contain information in either of those fields. distributed databases.4 2.e. and look for options in the fields instead. For example.DIT 116 NETWORK PROTOCOLS TYPE FIELD Corresponding DHCP Message Type _________________________________________________________ 1 2 3 4 5 6 7 Figure 2.4. To allow a DHCP server to use the two fields for other options. 2. the overload option tells the receiver to ignore the usual meaning of the SERVER HOST NAME and BOOT FILE NAME fields. In such applications the required mode of communication is one to many. The idea followed in multicasting is instead of forcing the source host to send a separate packet to each of the destination Anna University Chennai 79 . Now the issue is who is responsible for the creation of multiple datagrams and delivery to all members of the group. The fact to be observed by you in all these cases is that. When present. The motivation for developing multicast is that there are applications that want to send a packet to more than one destination host. the basic forwarding mechanism of IP. i. The choices are either the host or the network. the datagram generated by the source should reach all the members of the multicast group. DHCP defines an option overload option. unicasting is not sufficient.5 NOTES DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPDECLINE DHCPACK DHCPNACK DHCPRELEASE Possible values for TYPE in DHCP Message Fields SERVER HOST NAME and BOOT FILE NAME in the DHCP message header each occupy many octets. transmitting stock quote to multiple brokers etc.1 IP MULTICAST Motivation and Requirements The term multicasting is used to describe the distribution of a copy of the packets/ datagrams generated by each host to all other hosts in the group called multicast group. applications such as audio and video conferencing require a copy of the information generated by each host participating in a conference to be sent to all the other hosts that belong to the same conference. the space is wasted.

The normal addresses that are assigned to the hosts can not be used for multicasting. Hence it becomes necessary for the address field to have special fields or an indication to inform the network that the mode of communication required is not the usual unicast. Internet multicast can be implemented on top of a collection of networks that support hardware multicast (or broadcast) by extending the routing and forwarding functions implemented by the routers that connect these networks.DIT 116 NETWORK PROTOCOLS NOTES hosts in the multicast group. 1. we want the source to be able to send a single packet to a multicast address. Ethernet etc. However to make the normal IP to support multicasting. the network has to satisfy the following requirements of the hosts. a number of additional data structures and tables are to be maintained by the routers (at least by a subset of routers) because the normal IP communication is between one sender and one receiver. In the internet. Hosts can then choose to join or leave this group at will. and the network is expected to deliver a copy of that packet to each of a group of hosts. Implementing multicast through hardware is feasible in the LAN technologies like token ring. multicasting is implemented by making use of the services provided by the normal IP. hardware implementation of multicast in a world wide network like the Internet is almost impossible. you are going to learn the various concepts and protocols involved in the process of multicasting. An efficient internetwork forwarding facility It is important for you to understand that any transmission scheme should have an addressing scheme in which the destinations can be identified without any conflict in the addresses. without synchronizing or negotiating with other members of the group. Also a host may belong to more than one group at a time.4. An effective notification and delivery mechanism 3. It has to allow local autonomy in assigning the IP addresses and at the same time the assigned addresses should have global meaning. Besides the delivery of the datagrams to multiple hosts. instead the information is to be delivered to a set of hosts. Hence IP multicasting is the software abstraction of hardware multicasting. The three conceptual pieces required for the general purpose internet multicasting system are as follows. The major challenge in devising multicast addresses is that addressing scheme has to satisfy two conflicting goals.2 Characteristics and Components of IP Multicasting Multicasting can be implemented either with the rapport of the network technology (hardware) or as a software abstraction. A multicast addressing scheme 2. 2. In this section. Anna University Chennai 80 . However.

IP uses broadcast or unicast to deliver IP multicast.DIT 116 NETWORK PROTOCOLS Similarly hosts need a notification mechanism to inform routers about multicast groups in which they are participating. meaning that multicast datagrams can be lost. and are available for private use. 4. and should allow hosts to join and leave groups at any time. In IP terminology. 5. and routers need a delivery mechanism to transfer multicast packets to hosts. 1. delayed. Other addresses are temporary. 81 NOTES Anna University Chennai . Inter-Network Forwarding: Because members of an IP multicast group can attach to multiple physical networks. 6. Number of Groups: IP provides address for unto 228 simultaneous multicast groups. Delivery Semantics: IP multicast uses the same best-effort delivery semantics as other IP datagram delivery. the capability is usually added to conventional routers. group membership is only used to determine whether the host receives datagrams sent to the group. Group Address: each multicast group is a unique class D address. a host may be a member of an arbitrary number of multicasting groups. Furthermore. All these issues indicate that multicasting is much more complicated than the simple unicasting scheme. Membership and Transmission: An arbitrary host may send datagram to any multicast group. should not send a copy of a datagram along a path if the path does not lead to a member of group. the number of groups is limited by practical constraints on routing table size rather than addressing. It should route multicast packets along the shortest paths. 7. Thus. special multicast routers are required to forward IP multicast. specifies how hosts send and receive multicast datagrams and describes the protocol routers use to determine multicast group membership on a network. IP multicasting has the following characteristics. it should allow IP multicast delivery over networks which do not have hardware support for multicast. and correspond to groups that always exist even if they have no current members. a given subset is known as multicast group. duplicated or delivered out of order. IP uses hardware multicast to send IP multicast. Dynamic Group Membership: A host can join or leave an IP multicast group at any time. If the hardware does not support multicast. 2. Even here also complications arise due to the fact that the multicasting scheme should make effective use of hardware multicast when it is available and at the same time. IP multicasting includes all three aspects. Feed Unidirectional IP (FUIP) multicast addresses are permanently assigned by the internet authority. 3. Multicasting scheme has to support effective and dynamic forwarding mechanism that can support the requirements of the group without wasting the valuable resources of the network. It defines IP multicast addressing. Use of Hardware: If the underline network hardware supports multicast.

FFFF).ffff. it becomes necessary to have multicast addresses at layer 3 level.7. This allocation allows for 23 bits in the Ethernet address to correspond to the IP multicast group address. Figure 2.6 shows the location of the broadcast/multicast bit in an Ethernet frame. Figure 2. Some means had to be devised so that multiple hosts could receive the same packet and still be capable of differentiating among multicast groups. In the 802.6. Please note the fact that. This creates the range of available Ethernet MAC addresses to be 0100.3  MAC Address  Format This bit indicates that the frame is destined for an arbitrary group of hosts or all hosts on the network (in the case of the broadcast address. IP multicast makes use of this capability to transmit IP packets to a group of hosts on a LAN segment. special type of addresses is required for multicast.  IEEE  802.DIT 116 NETWORK PROTOCOLS NOTES 2. we can say that most of the Local Area Networks (LANs) support broadcast and hence multicasting which is a subset of broadcasting can be accomplished at the hardware level itself. The mapping places the lower 23 bits of the IP multicast group address into these available 23 bits in the Ethernet address as shown in Figure 2. Fortunately.1 Layer 2 Multicast Addresses Normally. the IEEE LAN specifications made provisions for the transmission of broadcast and/or multicast packets. Network Interface Cards (NICs) on a LAN segment will receive only packets destined for their burned-in Medium Access Control (MAC) address or the broadcast MAC address. in technologies where broadcast is supported it is possible to have multicast addresses at layer 2 level. However.3 Multicast Addresses and Multicast Delivery You recall the fact that many hardware technologies contain mechanisms to send packets to multiple destinations simultaneously (or at least nearly simultaneously). 2. The IANA (Internet Assigned Numbers Authority) owns a block of Ethernet MAC addresses that start with 01:00:5E in hexadecimal. Especially shared media networks are able to deliver the frames to all the nodes of the network and this type of delivery is called broadcast.3 standard.4.5e7f.FFFF. Half of this block is allocated for multicast addresses.4. 0xFFFF.0000 through 0100. in the case of switched networks or internets it is not possible to achieve multicasting at the hardware itself.5e00.3. even in technologies where hardware level broadcast is available. Anna University Chennai 82 . In other words. In other networks. bit 0 of the first octet is used to indicate a broadcast and/or multicast frame. In such networks either broadcast or multicast is to be implemented at the software level. Hence.

32 different multicast group IDs all map to the same Ethernet address as shown in 2.7. IP supports multicasting using class D addresses.8. After the reconfiguration.2 Class D Multicast Address The TCP/IP reference model supports multicast addressing in layer 3 and it becomes a must to make use of these addresses when the members of a multicast group are geographically distributed across networks. It is better for you to know that Ethernet technology has the required device driver software to reconfigure the device to allow it to also recognize one or more multicast addresses. However. 2. In fact. Layer 2 multicast addressing has been discussed in terms of that. the resulting address is not unique. Each class D address identifies a group of hosts. so over 250 million groups can exist at the same time. Twenty-eight bits are available for identifying groups. the broadcast address.4. Ideally. or that one multicast address.DIT 116 NETWORK PROTOCOLS NOTES Figure 2.  Mapping  of  IP  Multicast  to  Ethernet/FDDI  MAC Address Because the upper 5 bits of the IP multicast address are dropped in this mapping. 83 Anna University Chennai . IP multicast has to support all types of layer 2 level multicast addresses. an interface will accept any packet sent to the computer’s unicast addresses. the fact is IP multicast supports only popular technologies like Ethernet.8. Figure 2.  MAC Address Ambiguities Since Ethernet is the most popular LAN technology.3.

the remaining addresses up through 224. Furthermore. For example.0.255.255. nor does it contain administrative information such as whether all members of the group are on one physical network. many parts of the address space have been special meaning.0 through 239. they are used for major services on the global Internet as well as for infrastructure maintenance (e. multicast routing protocols). In particular. Two kinds of group addresses are supported: permanent addresses and temporary ones. 1 1 1 0 Group Identification Figure 2.g.0. The remaining 28 bits specify a particular multicast group.0. the lowest address. Permanent addresses are called well known. a best-effort attempt is made to deliver it to all the members of the group associated.0.255. 224. the group field is not partitioned into bits that identify the origin or owner of the group. However.0. A temporary group must be created before it can be used.10 shows few examples of popular permanently assigned addresses. Anna University Chennai 84 .9 The format of class D address The first 4 bits contain 1110 and identify the addresses as a multicast.0. When expressed in dotted decimal notation. The format of a class D address is shown in figure 2. A router is prohibited from forwarding a datagram sent to any address in that range.DIT 116 NETWORK PROTOCOLS NOTES When a process sends a packet to a class D address.9. Figure 2. multicast addresses range from 224. but no guarantees are given.255 are devoted to multicast routing and group maintenance protocol.0 is reserved it cannot be assigned to any group. Some members may not get the packet. There is no further structure in the group bits. Other multicast addresses correspond to transient multicast groups that are created when needed and discarded when the count of group members reaches zero.

11 224.0.0. Furthermore.0.6 224.0.0 224.0. Address 224.0.1. and address 224. In general.DIT 116 NETWORK PROTOCOLS NOTES Address 224.3 224.10.0.0.0.8 224.19 through 224.0.15 224.17 224.0 through 239. datagrams sent to these addresses only reach machines on the same local network as the sender.0.2 224.0.0.13 224.0.012 224.0.0.10 224.251.0.0.0.0.0.1 224.1.0.0.85 239.0.0.0.84 224.0.0.0.0.255.0.0.0.0.1 is permanently assigned to the all systems group.0. two of the addresses are especially important to the multicast delivery mechanism.0. both of these groups are used for control protocols and not for the normal delivery of data.0.255 Meaning Base address (Reserved) All systems on this subnet All routers on this subnet Unassigned DWMRP routers OSPFIGP All Routers OSPFIGP Designated Routers ST Routers ST Hosts RIP2 Routers IGRP Routers Mobile Agents DHCP Server/ Relay agent All PIM Routers RSVP Encapsulation All CBT Routers Designated-Sbm All-Sbms VRRP Unassigned DVMRP onMOSPF Jini Announcement Jini Request Scope restricted to one organization Figure 2. 85 Anna University Chennai . there are no IP multicast addresses that refer to all systems in the internet or all routers in the internet.0.9 224.0.0.4 224.192. The all system group includes all hosts and routers on a network that are participating in IP multicast.0.5 224.0.21 224.0.0.14 224. whereas the all routers group includes only the routers that are participating.1.0.18 224.2 is permanently assigned to the routers group.16 224.0.0.0.255 224. Examples of few permanent IP addresses Among the above set of permanent multicast group addresses.0.7 224.

it will receive the datagram and forward it on to the other network if necessary. the datagrams transmitted by the source (host) has to reach all other members (hosts) of the multicast group. a host can send directly to a destination host merely by placing the datagram in a frame and using a hardware multicast address to which the receiver is listening. or to make a default route as a multicast router. 2. In addition to the group’s scope. a host sends the datagram to the nearest multicast router and multicast routers forward the datagrams across the network.3 Role of Hosts and Routers in Multicast Delivery It is important for you to understand the role played by the host and the network (routers and multicast routers) in delivering datagrams to all the members of the group. nor can it appears in a source route or record route option.3. a multicast address can only be used as a destination addresses. not in hosts. In the later case. destination unreachable. Furthermore. Anna University Chennai 86 . the technique a host uses to forward a multicast datagram to a router is unlike the routing lookup used for unicast and broadcast datagrams – the host merely uses the local network hardwares multicast capability to transmit the datagram. As usual. Thus. we say that the group’s scope is restricted to one network.4. The role prohibiting ICMP errors is somewhat surprising because IP routers do honor the time-to-live field in the header of the multicast datagram. each router decrements the count. Instead. and discards the datagram (without sending an ICMP message) if the count reaches zero. One is a single network and another one is an internet. IP multicasting reduces the responsibility of the hosts and it does not expect either a host to install a router as a multicast router. We will see that some protocols use the time-tolive count as a way to limit datagram propagation. If all the members are on the physical network. In multicasting. Multicast routers listen for all IP multicast transmissions.g. For example. a ping sent to a multicast address will go unanswered. if all members of a group lie within a single organization. which is defined to be the set of networks over which a given multicast datagram will be propagated. Informally. or time exceeded). a multicast addresses can never appear in the source address field of a datagram. Two possible scenarios exist in which we have to achieve this. we say that the group has a scope limited to one organization. source quench.4.DIT 116 NETWORK PROTOCOLS NOTES IP treats multicast addresses differently than unicast addresses.3. a datagram’s scope is referred to as its range. 2. However. In the former case. no ICMP error messages can be generated about multicast datagrams (e. Thus the primary difference between local and nonlocal multicast lies in multicast routers. echo reply. If a multicast router is present on the network. each multicast datagram has a scope. Thus.4 Multicast Scope The scope of a multicast group refers to the range of group members. Similarly.

Address 224. Furthermore. because the TTL expires on reading the router to discard the datagram. if two applications running on a single host want to use IP multicast for interprocessor communication (e. For example. By setting the TTL to small value. whereas the all routers group includes only the routers that are participating.4.0. As a consequence a router never forwards any datagram carrying control information. source quench. there are no IP multicast addresses that refer to all systems in the internet or all routers in the internet. they can choose a TTL value of 0 to prevent the datagram from leaving the host.0. Furthermore. destination unreachable.g. 2. The all system group includes all hosts and routers on a network that are participating in IP multicast.3. It is possible to use successively larger values of the TTL field to further extend the notion of scope. a multicast addresses can never appear in the source address field of a datagram. a host can limit the distance the datagram will be routed.0. According to the standard. 87 NOTES Anna University Chennai . Among the above set of permanent multicast group addresses. Administrative scoping consists of reserving parts of the address field for groups that are local to a given site or local to a given organization.g. two of the addresses are especially important to the multicast delivery mechanism. Thus. Thus. routers in the internet are forbidden from forwarding any datagram that has an address chosen from the restricted space.2 is permanently assigned to the routers group. for testing software). IP treats multicast addresses differently than unicast addresses. Similarly. We conclude that it is possible to use the TTL field in a datagram header to provide coarse-grain control over the datagram’s scope. no ICMP error messages can be generated about multicast datagrams (e. For example.11 shows. a multicast address can only be used as a destination addresses.1 is permanently assigned to the all systems group.0. and address 224.2 shows examples of address ranges that correspond to administrative scoping. the standards specify the control messages which are used for communication between a host and a router on the same network must have a TTL of 1. to prevent multicast communication among group members from accidentally reaching outsiders. some router vendors suggest configuring routers at a site to restrict multicast datagrams from leaving the site unless the datagram has a TTL greater than 15. In general. an organization can assign the group an address that has local scope.DIT 116 NETWORK PROTOCOLS IP uses two techniques to control multicast scope.5 Extending Host Software to Handle Multicasting A host participates in IP multicast at one of the three levels as figure 2. nor can it appears in a source route or record route option. For example. datagrams sent to these addresses only reach machines on the same local network as the sender. The second technique is administrative scoping. Figure 2. The first technique relies on the datagram’s time-to-live (TTL) field to control its range. both of these groups are used for control protocols and not for the normal delivery of data.

The role prohibiting ICMP errors is somewhat surprising because IP routers do honor the time-to-live field in the header of the multicast datagram. and discards the datagram (without sending an ICMP message) if the count reaches zero. As a consequence a Anna University Chennai 88 . We will see that some protocols use the time-tolive count as a way to limit datagram propagation. In addition to the group’s scope. The first technique relies on the datagram’s time-to-live (TTL) field to control its range. the technique a host uses to forward a multicast datagram to a router is unlike the routing lookup used for unicast and broadcast datagrams – the host merely uses the local network hardwares multicast capability to transmit the datagram. a host can send directly to a destination host merely by placing the datagram in a frame and using a hardware multicast address to which the receiver is listening. IP multicasting reduces the responsibility of the hosts and it does not expect either a host to install a router as a multicast router. not in hosts.4 Multicast Scope The scope of a multicast group refers to the range of group members. Thus the primary difference between local and nonlocal multicast lies in multicast routers. which is defined to be the set of networks over which a given multicast datagram will be propagated. a datagram’s scope is referred to as its range. If a multicast router is present on the network. In multicasting. we say that the group has a scope limited to one organization.4.DIT 116 NETWORK PROTOCOLS NOTES echo reply. For example. a host can limit the distance the datagram will be routed. IP uses two techniques to control multicast scope. Thus. we say that the group’s scope is restricted to one network. the standards specify the control messages which are used for communication between a host and a router on the same network must have a TTL of 1. 2. Informally. each multicast datagram has a scope. As usual.3. if all members of a group lie within a single organization. a ping sent to a multicast address will go unanswered. a host sends the datagram to the nearest multicast router and multicast routers forward the datagrams across the network. In the former case. By setting the TTL to small value. Similarly.3 Role of Hosts and Routers in Multicast Delivery It is important for you to understand the role played by the host and the network (routers and multicast routers) in delivering datagrams to all the members of the group. However. Instead. Two possible scenarios exist in which we have to achieve this. it will receive the datagram and forward it on to the other network if necessary. or time exceeded). In the later case. or to make a default route as a multicast router. Multicast routers listen for all IP multicast transmissions.4. each router decrements the count.3. 2. One is a single network and another one is an internet. If all the members are on the physical network. the datagrams transmitted by the source (host) has to reach all other members (hosts) of the multicast group.

and the network interface software must be able to map an IP multicast address into the corresponding hardware multicast address (or use broadcast if the hardware does not support multicasting). NOTES Level 0 1 2 Meaning Host can neither send nor receive IP multicast Host can send but not receive IP multicast Host can both send and receive IP multicast Figure 2. some router vendors suggest configuring routers at a site to restrict multicast datagrams from leaving the site unless the datagram has a TTL greater than 15.2 shows examples of address ranges that correspond to administrative scoping. The IP software must allow an application program to specify a multicast address as a destination IP address. That is. the IP software must remember to pass each of them a copy of datagrams that arrive destined for the group. 2. For example. Administrative scoping consists of reserving parts of the address field for groups that are local to a given site or local to a given organization. If multiple application programs join the same group. According to the standard. IP software on the host must have an API that allows an application program to declare that it wants to join or leave a particular multicast group. Thus. for testing software). Extending host software to receive IP multicast datagram’s are more complex. Three levels of participation in IP multicast Modifications that allow a host to send IP multicast are not difficult. To understand the reason for keeping group 89 Anna University Chennai . Figure 2.3. they can choose a TTL value of 0 to prevent the datagram from leaving the host.DIT 116 NETWORK PROTOCOLS router never forwards any datagram carrying control information.11. Similarly. because the TTL expires on reading the router to discard the datagram. It can also ask its host to leave the group. Each host keeps track of which groups its processes currently belong to. routers in the internet are forbidden from forwarding any datagram that has an address chosen from the restricted space. When the last process on a host leaves the group. We conclude that it is possible to use the TTL field in a datagram header to provide coarse-grain control over the datagram’s scope. if two applications running on a single host want to use IP multicast for interprocessor communication (e. The second technique is administrative scoping. that group is no longer present on the host. an organization can assign the group an address that has local scope. It is possible to use successively larger values of the TTL field to further extend the notion of scope. a host with multiple network connection may join a particular multicast group on one network and not on another.g. to prevent multicast communication among group members from accidentally reaching outsiders.11 shows.4. A process can ask its host to join a specific group.5 Extending Host Software to Handle Multicasting A host participates in IP multicast at one of the three levels as figure 2.

3. 5. you will learn about the header format and operation of IGMP protocol. Like ICMP. an application program must specify a particular network when it asks to join or leave a multicast group. The assumption is the multicast routers have stored in its multicast address table the complete address that each multicast router has an interest in. IGMP messages are encapsulated in IP datagrams. The Internet Group Management Protocol (IGMP) is used by IP hosts to report their multicast group memberships to any immediately neighboring multicast routers. The host may want to use a multicast application to interact with machines on one physical net and not with the machines of another. To participate in a multicast that spans multiple networks. Because group membership is associated with particular networks. Have you understood? 1. IGMP is an integral part of IP. TCP/IP protocol stack includes a group management protocol (IGMP) exclusively to maintain the multicast groups available in the internet. and may even respond to their own queries. Anna University Chennai 90 . the host must inform local multicast routers. When we say that ‘the network hast to do something’. This is achieved by a protocol by name Internet Group Management Protocol (IGMP).DIT 116 NETWORK PROTOCOLS NOTES membership associated with networks. a host must have IGMP that allows it to send and receive multicast datagrams. What is the necessity of layer 3 or IP multicast? INTERNET GROUP MANAGEMENT PROTOCOL From the discussion we have made in the above sections. It is required to be implemented by all hosts wishing to receive IP multicasts. remember that it is possible to use IP multicasting among local sets of machine. The major goal of multicast IP is to relieve the source from the overhead of sending a separate packet to each of the destination hosts in the multicast group and to put the responsibility in the network. the software must keep separate lists of multicast addresses for each network to which the machine attaches. 2. To participate in IP multicast on a local network.5 What is the basic difference between unicasting and multicasting? What are the roles of hosts and routers in multicasting? What are the conceptual pieces of IP multicasting? Give some examples for LAN technologies that support multicasting. you might have understood that the management of multicast groups is the basic necessity to implement IP multicasting. Furthermore. we refer to the multicast routers in the network. In the following sections. with an IP protocol number of two. 2. Routers that are members of multicast groups are expected to behave as hosts as well as routers. 4. Here the issue is how a multicast router learns the multicast address associated with its own attached networks/subnets.

However.12. and set to the group address being queried when sending a group-specific query. With respect to each of its attached 91 Anna University Chennai . The computation of checksum in IGMP is similar to that of the computation of checksum in IP.12.1 IGMP Header NOTES CHECK SUM Various fields of the IGMP header is shown in figure 2. the IGMP checksum is always computed over the whole IP payload. Other fields Certain IGMP messages may be longer than 8 octets. not a list of all of the members. the group address field is set to zero when sending a general query.In a membership query message. not just over the first 8 octets.The checksum is the 16-bit one’s complement of the one’s complement sum of the whole IGMP message (the entire IP payload). As long as the Type is one that is recognized. and a timer for each membership. The value 0x11 of this field indicates that it is a membership query. A multicast router keeps a list of multicast group memberships for each attached network. an IGMPv2 implementation must ignore anything past the first 8 octets while processing the packet. it is set to zero by the sender and ignored by receivers. CHECKSUM .5. and specifies the maximum allowed time before sending a responding report in units of 1/10 second. the group address field holds the IP multicast group address of the group being reported or left.The maximum response time field is meaningful only in membership query messages. which is used to learn if a particular group has any members on an attached network. The value 0x16 indicates that the message is a member report. Leave group messages are indicated by 0x17.DIT 116 NETWORK PROTOCOLS 2.5. In a membership report or leave group message.router interaction. RESP TIME .2 IGMP Operation Multicast routers use IGMP to learn which groups have members on each of their attached physical networks. There are two sub-types of membership query messages by name general query that is used to learn which groups have members on an attached network and group specific query. GROUP ADDRESS . 2. IGMP header TYPE .There are three types of IGMP messages of concern to the host. In all other messages. TYPE RESP TIME GROUP ADDRESS (ZERO IN QUERY) Figure 2. Multicast group memberships mean the presence of at least one member of a multicast group on a given attached network.

Querier is the router that initiates the query message and the non-querier is the one that responds to the messages initiated by the queriers. it must become a non-querier on that network. it is recommended that it be repeated once or twice after short delays called unsolicited report interval. it stops its timer for the specified group and does not send a report. it adds the group being reported to the list of multicast group memberships on the network on which it received the report and sets the timer for the membership to the group membership interval. If it was not the last host Anna University Chennai 92 . When a router receives a Report. a multicast router may assume one of two roles: querier or non-querier. Max Response Time] for the group being queried if it is a member on the interface from which it received the query. with IP TTL of 1. using the highest clock granularity available on the host. it is reset to the random value only if the requested maximum response time is less than the remaining value of the running timer. it sets delay timers for each group (excluding the all-systems group) of which it is a member on the interface from which it received the query.0. When a host receives a group-specific query. and has a maximum response time called query response interval. When a host leaves a multicast group. if it was the last host to reply to a query with a membership report for that group.1). Routers periodically send a general query on each attached network for which this router is the querier. If a router has not heard a query message from another router for certain interval. a router should send specified number of general queries spaced closely together in order to quickly and reliably determine membership information. A general query is addressed to the all-systems multicast group (224. it resumes the role of querier.0.0. When a group’s timer expires. in order to suppress duplicate reports.2). Each timer is set to a different random value. to solicit membership information. it should immediately transmit an unsolicited version 2 membership report for that group. If the host receives another host’s report (version 1 or 2) while it has a timer running. Max Response Time] with maximum response time as specified in the query packet. in case it is the first member of that group on the network. If no Reports are received for a particular group before this timer has expired. On startup. it should send a leave group message to the all-routers multicast group (224. All multicast routers start up as a querier on each attached network. When a host receives a general query. If a multicast router hears a query message from a router with a lower IP address. the router assumes that the group has no local members and that it need not forward remotelyoriginated multicasts for that group onto the attached network.DIT 116 NETWORK PROTOCOLS NOTES networks. Repeated reports refresh the timer. has a group address field of 0. the host multicasts a version 2 membership report to the group. When a host joins a multicast group. If a timer for the group is already running.0. There is normally only one querier per physical network. To cover the possibility of the initial membership report being lost or damaged. selected from the range (0. it sets a delay timer to a random value selected from the range (0.

Initially. IGMP decrements the group’s reference counter. a group from which the host accepts datagrams). IGMP increments the reference counter in the entry. all entries in the table are unused.3 Group Membership State Transitions NOTES On a host..e. 93 Anna University Chennai . In a multicast group. the same router keeps sending the group-specific queries. if its existing group membership timer is greater than last member query count times the maximum response time specified in the message. Whenever an application on the host joins a new group.5. and queriers should ignore leave group messages for which there are no group members on the reception interface. 2. IGMP keeps a group reference counter which it initializes to 1. the host informs multicast routers that it is leaving the multicast group. the routers assume that the group has no local members. in order to accommodate implementations of an earlier version of this standard. Routers should accept a leave group message addressed to the group being left.DIT 116 NETWORK PROTOCOLS to reply to a query. IGMP must remember the status of each multicast group to which the host belongs (i. Any querier to non-querier transition is ignored during this time. Non-queriers must ignore leave group messages. there are three possible states of an entry in a host’s multicast group table and transitions among them take place where each transition is labeled with an event and an action and is depicted in figure 2. Each time another application program joins the group. a host without sufficient storage to remember whether or not it was the last host to reply may always send a leave group message when it leaves a group. but it does no harm to address the message to the group. If one of the application program terminates execution (or explicitly drops out of the group). as above. IGMP software allocates an entry and fills in information about the group. This is an optimization to reduce traffic. These group-specific queries have their maximum response time set to last member query interval.13. When the reference count reaches zero. When a querier receives a leave group message for a group that has group members on the reception interface. it sets its group membership timer to that value. it may send nothing as there must be another member on the subnet. it sends last member query count to the group it is leaving from. Among the information. When a non-querier receives a group-specific query message. We think of a host as keeping a table in which it records group membership information. Leave group messages are addressed to the all-routers group because other group members have no need to know that a host has left the group. If no reports are received after the response time of the last query expires.

Members of certain hosts might have spread across multiple networks and members of certain groups may be present in a single network. 4. You note the fact that multicast groups can be formed in different ways.DIT 116 NETWORK PROTOCOLS NOTES join group/start timer NONMEMBER Timer expires/send DELAYING MEMBER MEMBER group/cancel timer query arrives/start timer Figure 2. what does it indicate? What do the terms querier and non-querier mean in IGMP? What are the three possible states of an entry in the IGMP table? MULTICAST ROUTING ISSUES AND PROTOCOLS Multicast routing is considerably different from the unicast routing due to many complications involved. Hence it becomes necessary for the routers to identify the networks in which the members of a group are present and it is necessary for the routers to forward the datagrams to all the networks in which the members are present and the router has to ensure that the datagrams are not forwarded to the networks in which the members of the group are not present.6 IGMP is an integral part of IP. the forwarding of Anna University Chennai 94 . What are the complications involved in the maintenance of multicast groups? If the group address field of the IGMP header is zero. the host cancels its timer and moves to the MEMBER state. the host sends a response message before moving to the MEMBER state. Usually in the internet. 2. When a host first joins the group or when a query arrives from a multicast router. Because a router only generates a query message every 125 seconds. routes can change simply because an application program joins or leaves a multicast group. routes change only when the topology changes or equipment fails whereas in multicast routing. Have you understood? 1. the host moves the entry to the DELAYING MEMBER state and chooses a random delay. If the timer expires. In the case of unicast routing.13 Three possible states of an entry in the host’s multicast group table A host maintains an independent table entry for each group of which it is currently a member. 3. one expects the host to remain in the MEMBER state most of the time. 2. 5. If another host in the group responds to the router’s query before the timer expires. Justify this statement.

Even though the members are logically present in the same multicast group. looks it up in the local routing table. However. To avoid such routing loops. the router extracts the source address. the interface that leads to the source. When a multicast datagram arrives. If RPF specifies discarding the copy. One more complication is that the source of information may not be a member of the multicast group and it may be necessary for the internet to forward the datagrams across networks that do not have any group members attached. However.DIT 116 NETWORK PROTOCOLS datagrams is done just by examining the destination address of the datagram. To use RPF. To use TRPF. if care is not taken. a multicast router needs two pieces of information: a conventional routing table and a list of multicast groups reachable through each network interface. otherwise. it is also necessary to ensure that when a datagram is to be forwarded across multiple routers. Hence. the router forwards a copy to each of the other interfaces. it restricts propagation by avoiding paths that do not lead to group members. in multicasting it is not sufficient if the destination address is alone examined. the basic RPF scheme guarantees that every host in a multicast group will receive a copy of each datagram sent to the group. the actual way or direction in which datagrams are delivered to the destinations may differ. The major issue in multicast routing is exactly what information should be present in a multicast router to enable it to forward a datagram to a multicast group. The solution to the above problem is a modified form of RPF by name Truncated Reverse Path Forwarding (TRPF). the schemes uses a datagram’s source address to prevent the datagram from traveling around a loop repeatedly. However.6. especially in the cross group communication. Because it ensures that a copy of each multicast datagram is sent across every network in the internet. TRPF basically follows RPF algorithm. the router first applies the RPF rule. they may be physically in different networks. multicast routers rely on the datagram’s source addresses. If the datagram arrives over interface I. the router does so. and finds I. a multicast router must have a conventional routing table with shorter paths to all destinations. When a datagram arrives. Known as Reverse Path Forwarding (RPF). 2. multicast routing is in need of an optimal forwarding system. the multicast routing may choose the routers that may form a cycle or routing loop. Since a multicast destination represents a set of computers. which can transmit to all members of the multicast groups without sending a datagram across a given network twice.1 Truncated Reverse Path Forwarding NOTES One of the first ideas to emerge for multicast forwarding was a form of broadcasting described earlier. if RPF specifies transmitting the datagram over a 95 Anna University Chennai . Moreover. you should know that RPF alone is not used for multicast routing because it wastes bandwidth by transmitting multicast datagrams over networks that neither has group members nor lead to group member. the router discards the copy. However.

We said that TRPF is used instead of conventional RPF to avoid unnecessary traffic: TRPF does not forward a datagram to a network unless that network leads to at least one member of the group.a router truncates forwarding when no more group members lie along the path. each entry in a multicast table is identified by a pair: Anna University Chennai 96 . Each multicast router corresponds to the node in the tree. they either forward datagrams across some networks unnecessarily or fail to send datagrams to all group members). So. We also said that IP allows any host to join or leave a multicast group at any time. On one hand. so routing may lag changes. The terminology is sometimes applied to networks as well – researchers call a network hanging off a leaf router a leaf network. More important. if group membership information is not propagated rapidly. we can now understand the origin of the term truncated . For a given multicast group. a multicast design represents a tradeoff between traffic overhead and inefficient data transmission. The set of paths in a multicast group can be said to form a tree called forwarding tree or delivery tree.6. a multicast router must have knowledge of group membership.2 Tree Structure of TRPF The set of all paths from a given source to all members of a multicast group can be described using graph theory concepts. Finally. a multicast routing scheme that communicates every membership change to every router is doomed because the resulting traffic can overwhelm an internet. Therefore. each possible source of datagrams can determine a different forwarding tree. In fact. because membership can change rapidly. the last router along each of the paths from the source is called a leaf router. group membership information must be propagated across the internet. the router skips that interface. and a network that connects two routers corresponds to an edge in the tree. Unlike conventional routing tables. and continuous examining the next one. Each design chooses a compromise between the two extremes. The source of a datagram is the root or root node of the tree.DIT 116 NETWORK PROTOCOLS NOTES particular interface. Consequently. which results in rapid membership changes. If no group members are reachable over the interface. On the other hand. One of the immediate consequences of the principle concerns the size of tables used to forward multicast. In general. 2.e. A multicast forwarding tree is defined as a set of paths through multicast router from a source to all members of a multicast group. the router first makes an additional check to verify that one or more members of the group designated in the datagram’s destination address are reachable over the interface. multicast routers will not make optimal decisions (i. membership does not follow local scope – a host that joins may be far from some router that is forwarding datagrams to the group. the information available at a given router is imperfect.

When it receives a copy from network 2 (the shortest path to A). That is. Topology with RPF Scheme In the figure. For example. routing protocol use a network prefix as a source. N etw o r k 1 R1 A R2 N etw o rk 2 R3 N etw o r k 4 N etw o r k 3 R4 B Figure 2. source) Conceptually. In practice. Unlike a conventional table in which the size is proportional to the number of networks in the internet.. R1 forwards a copy to network 2. figure 2. First. R3 forwards the copy to network 4. any host in the internet). routers R1 and R2 each receive a copy. 2. a multicast table has size proportional to the product of the number of networks in the internet and the number of multicast groups. source identifies a single host that can send datagrams to the group (i.15 shows how multicast routers forward datagrams from two different sources across a fixed topology.3 Limitations of TRPF NOTES Although TRPF guarantees that each member of a multicast group receives a copy of each datagram sent to the group. Figure 2. because it relies on RPF to prevent loops. 97 Anna University Chennai . to save space.6. when host A sends a datagram. Thus. and R2 forwards a copy to network 3. although RPF allows R3 and R4 to prevent a loop by discarding the copy that arrives over network 4.14 illustrates how duplicates arise.14.e. A second surprising consequence arises because TRPF uses both source and destination addresses when forwarding datagrams: delivery depends on a datagram’s source. TRPF delivers an extra copy of datagrams to some networks just like conventional RPF. each router defines one forwarding entry that is used for all hosts on the same physical network. keeping a separate entry for each host is unwise because the forwarding trees defined by all hosts on a single network are identical. Thus.DIT 116 NETWORK PROTOCOLS (Multicast group. multicast routing table can grow much larger than conventional routing table. host B receives two copies of the datagram. it has two surprising consequences. Aggregating entries by network prefix instead of by host address reduces the table size dramatically. However. Because the datagram arrives over the interface that lies along the shortest path to A.

In part (b).4 Reverse Path Multicasting Reverse Path Multicasting (RPM) extends TRPF to make it more dynamic. the source affects both the path a datagram follows to reach a given network as well as the delivery details. only one copy of a transmission by host Z reaches network 5. a transmission by host X causes TRPF to deliver two copies of the datagram to network 5.DIT 116 NETWORK PROTOCOLS NOTES Net 1 X Net 2 R1 R2 Net 3 R3 Y R4 R5 Z R6 Net 4 Net 5 Net 6 Connection Data Flow Figure 2. Three assumptions underlie the design. For example in part (a) of the figure.15b Sample multicast scenario As the figure shows. but two copies reach networks 2 and 4. 2. it is more important to ensure that a multicast Anna University Chennai 98 .15a Sample multicast scenario Net 1 Net 2 R1 X R2 Net 3 R3 Y R4 R5 Z R6 Net 4 Net 5 Net 6 Connection Data Flow Figure 2. First.6.

DIT 116

NETWORK PROTOCOLS

datagram reaches each member of the group to which it is sent than to eliminate unnecessary transmission. Second, multicast routers each contain a conventional routing table that has correct information. Third, multicast routing should improve efficiency when possible (i.e. eliminate needless transmission). RPM uses a two step process. When it begins, RPM uses the RPF broadcast scheme to send a copy of each datagram across all networks in the internet. Doing so ensures that all group members receive the copy. Simultaneously, RPM proceeds to have multicast routers inform one another about paths that do not lead to group members. Once it learns that no group member lie along a given path, a router stops forwarding along that path. How do routers learn about the location of group members? As in most multicasting routing schemes, RPM propagates membership information bottom up. The information starts with hosts that choose to join or lead groups. Hosts communicate membership information with their local router by using IGMP. Thus although a multicast router does not know about distant group members, it knows about local members. As a consequence routers attached to leaf networks can decide whether to forward over the leaf network – if a leaf network contains no members for the given group, the router connecting that network to the rest of the internet does not forward on the network. In addition to taking local action the leaf router informs the next router along the path back to the source. Once it learns that no group member lie beyond the given router space the next router stops forwarding datagrams for the group across the network. When a router finds that no group members lie beyond it, the router informs the next router along the path to the route. Using graph theoretic terminology, we say that when a router learns that a group has no members along the path and stops forwarding it has pruned the path from the forwarding tree. In Fact, RPM is called a broadcast and prune strategy, because a router broadcasts until it receives information that allows it to prune a path. Researches also use another term for the RPM algorithm: they say that the system is data driven, because a router does not send group membership information to any other routers until datagrams arrive for the group. In the data driven model, a router must also handle the case where a host decides to join a particular group after the routers pruned the path for that group. RPM handles joins bottom-up: when a host informs a local router that it has joined a group, the router consults its record of the group and obtains the address to the router to which it had previously sent a pruned request. The router sends a new message that undoes the effort of the previous prune and causes datagrams to flow again. Such a message is known as graft request, and the algorithm is said to graft the previously pruned branch back on to the tree.
99

NOTES

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

Have you understood? 1. Whether all the members of a multicast group should be on the same physical network? Justify your answer. 2. What is the basic principle of Reverse Path Forwarding? 3. How does TRPF overcome the limitations of RPF? 4. What do nodes and edges in a multicast tree represent? 5. What is meant by pruning in multicast forwarding? 6. What are the extensions that have been added to RPM when compared to TRPF? 2.7 MULTICASTING OVER THE INTERNET

When the hosts that are part of a multicast group attached to different networks/ subnetworks geographically distributed around the Internet, then intermediate subnet routers and/or interior/exterior gateways may be involved. Thus since an IP multicast address (class D address) has no structure – and hence no net id – associated with it, a different type of routing from that used to route unicast packets must be used. The sequence of steps followed to route a packet with a multicast address is as follows:   A router that can route packets containing a (destination) IP multicast address is known as a multicast router (mrouter) Normally, in the case of a network that comprises multiple subnets interconnected by subnet routers, a single subnet router also acts as mrouter for the network Each mrouter learns the set of multicast group addresses of which all the hosts attached to the networks which mrouter serves are currently members The information gathered by each mrouter is passed on to each of the mrouters so that each knows the complete list of group addresses that each mrouter has an interest in On receipt of a packet with a destination IP multicast address, each mrouter uses an appropriate routing algorithm to pass the packet only to those mrouters that are attached to a network which has an attached host that is a member of the multicast group indicated in the destination IP address field.

 

As with broadcast routing, two different algorithms are used, the choice determined by the routing algorithm that is used to route unicast packets. The aim of both algorithms is to minimize the amount of information bandwidth required to deliver each multicast packet to those multicast routers that have an interest in that packet. Two algorithms we are going to discuss are Distance Vector Multicast Routing Protocol and Multicast Open Shortest Path First. One of them is a distance vector algorithm and another one is a link state algorithm.
Anna University Chennai 100

DIT 116

NETWORK PROTOCOLS

2.7.1

Distance Vector Multicast Routing

NOTES

Distance Vector Multicast Routing (DVMRP) is an “interior gateway protocol”; suitable for use within an autonomous system, but not between different autonomous systems. DVMRP is not currently developed for use in routing non-multicast datagrams, so a router that routes both multicast and unicast datagrams must run two separate routing processes. DVMRP is designed to be easily extensible and could be extended to route unicast datagrams. DVMRP differs from Routing Information Protocol (RIP) in one very important way. RIP thinks in terms of routing and forwarding datagrams to a particular destination. The purpose of DVMRP is to keep track of the return paths to the source of multicast datagrams. When distance vector routing table is being used, an additional set of routing tables (to those used to route unicast packets) based on multicast router to multicast router (MR-to-MR) distances are derived. They are based on a routing metric of hop count and have been derived using the procedure used in ordinary distance vector routing algorithm. Multicast Address Table (MAT) maintained in each multicast router maintains the multicast addresses in which the multicast router is interested in. The IP first consults its MAT and finds the list of multicast routers to which a copy of the packet should be sent to. It then proceeds to consult its routing table and finds the shortest path to the multicast routers. In case if a set of multicast routers are on the path to some other multicast router, then it is not necessary to create separate copies of the packet. 2.7.1.1 DVMRP in UNIX Mrouted is a well known program that implements DVMRP for UNIX systems. mrouted cooperates closely with the operating system kernel to install multicast routing information. However, mrouted can be used only with a special version of UNIX known as multicast kernel. A UNIX multicast kernel contains a special multicast routing table as well as the code needed to forward multicast datagrams. Just like ordinary routing protocols, mrouted has also to do two different but related functions namely routing and forwarding. mrouted uses DVMRP to propagate multicast routing information from one router to another. A computer running mrouted interprets multicast routing information, and constructs a multicast routing table. Each entry in the table specifies a (group,source) pair and a corresponding set of interfaces over which to forward datagrams that match the entry. However, mrouted needs a base routing protocol also. Since all routers on the internet do not support multicasting, mrouted arranges a tunnel to multicast datagrams from one router to another through intermediate routers that do not participate in multicast routing.

101

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

Although a single mrouted program can perform both the tasks, a given computer may not need both functions. To allow a manager to specify exactly how it should operate, mrouted uses a configuration file. The configuration file contains entries that specify which multicast groups mrouted is permitted to advertise on each interface, and how it should forward datagrams. Furthermore, the configuration file associates a metric and threshold with each route. The metric allows a manager to assign a cost to each path. The threshold gives the minimum IP TTL that a datagram needs to complete the path. If a datagram does not have a sufficient TTL to reach its destination, a multicast kernel does not forward the datagram. Instead, it discards the datagram, which avoids wasting bandwidth. Multicast tunneling is perhaps the most interesting capability of mrouted. A tunnel is needed when two or more hosts wish to participate in multicast applications, and one or more routers along the path between the participating hosts do not run multicast routing software. Figure 2.16 illustrates the concept.

Figure 2.16 Multicast Tunneling

To allow hosts on networks 1 and 2 to exchange multicast, managers of the two routers configure an mrouted tunnel. The tunnel merely consists of an agreement between the mrouted programs running on the two routers to exchange datagrams. Each router listens on its local net for datagrams sent to the specified multicast destination for which the tunnel has been configured. When a multicast datagram arrives that has a destination address equal to one of the configured tunnels, mrouted encapsulates the datagram in a conventional unicast datagram and sends it across the internet to the other router. When it receives a unicast datagram through one of its tunnels, mrouted extracts the multicast datagram, and then forwards according to its multicast routing table. The encapsulation technique that mrouted uses to tunnel datagrams is known as IP-in-IP. Figure 2.17.

Anna University Chennai

102

DIT 116

NETWORK PROTOCOLS

DATAGRAM HEADER

MULTICAST DATAGRAM DATA AREA

NOTES

DATAGRAM HEADER

UNICAST DATAGRAM DATA AREA

Figure 2.17. IP-in-IP encapsulation in mrouted

IP-in-IP encapsulation preserves the original multicast datagram, including the header, by placing it in the data area of a conventional unicast datagram. On the receiving machine, the multicast kernel extracts and processes the multicast datagram as if it arrived over a local interface. In particular, once it extracts the multicast datagram, the receiving machine must decrement the TTL field in the header by one before forwarding. Thus, when it creates a tunnel, mrouted treats the internet connecting two multicast routers like a single, physical network. 2.7.1.2 Multicast Backbone (MBONE) Multicast tunnels form the basis of the Internet’s Multicast Backbone (MBONE). Many Internet sites participate in the MBONE; the MBONE allows hosts at participating sites to send and receive multicast datagrams, which are then propagated to all other participating sites. The MBONE is often used to propagate audio and video. To participate in the MBONE, a site must have at least one multicast router connected to at least one local network. Another site must agree to tunnel traffic, and a tunnel is configured between routers at two sites. When a host at the site sends a multicast datagram over a tunnel, a multicast router removes the outer encapsulation, and then forwards the datagram over the tunnel using IP-in-IP. When it receives a multicast datagram over a tunnel, a multicast router removes the outer encapsulation, and then forwards the datagram according to the local multicast routing table. The easiest way to understand the MBONE is to think of it as a virtual network built on the top of the Internet. Conceptually, the MBONE consists of mrouters that are interconnected by a set of point-to-point networks. Some of the conceptual point-topoint connections coincide with physical networks; others are achieved by tunneling. The details are hidden from the multicast routing software. Thus, when mrouted computes a multicast forwarding tree for a given (group,source), it thinks of a tunnel as a single link connecting two routers. Tunneling has two consequences. First, because some tunnels are much more expensive than others, they cannot all be treated equally. Mrouted handles the problem by allowing a manager to assign a cost to each tunnel, and uses the costs when choosing routes. Typically, a manager assigns a cost that reflects the number of hops in the underlying internet. It is also possible to assign costs that reflect administrative boundaries. Second, because DVMRP forwarding depends
103 Anna University Chennai

e. 2. OSPF allows an Autonomous System to be split into areas... The major problem with the existing protocols is that they do not scale well in environments where Anna University Chennai 104 .. In these cases the source’s neighborhood is approximated by OSPF summary link advertisements or by OSPF as external link advertisements respectively.e. However. In both cases (i. the group-membership-LSA. An ability to “tunnel” multicast datagrams through non-multicast routers is not provided.DIT 116 NETWORK PROTOCOLS NOTES on knowing the shortest path to each source. the forwarding extent of IP multicasts is limited by the number of MOSPF routers present in the Autonomous System (and their interconnection. This may lead to some inefficiency in routing. MOSPF forwards a multicast datagram on the basis of both the datagram’s source and destination (this is sometimes called source/destination routing).7. The path of a multicast datagram can then be calculated by building a shortest-path tree rooted at the datagram’s source.e. if any). In MOSPF. Both types of routers can interoperate when forwarding regular (unicast) IP data traffic. 2. When forwarding multicasts between areas. on demand). An analogous situation exists when the source of the multicast datagram lies in another Autonomous System. The results of the shortest path calculation are then cached for use by subsequent datagrams having the same source and destination. Routers running MOSPF can be intermixed with non-multicast OSPF routers. the source of the datagram belongs to a different OSPF area. or to a different Autonomous system) the neighborhood immediately surrounding the source is unknown.2 Multicast Open Shortest Path First Multicast Open Shortest Path first (MOSPF) provides the ability to forward multicast datagrams from one IP network to another (i. All branches not containing multicast members are pruned from the tree. only incomplete shortest-path trees can be built. and because multicast tunnels are completely unknown to conventional routing protocols. through internet routers).3 Protocol Independent Multicast Protocol Independent Multicast (PIM) was developed in response to the scaling problems of existing multicast routing protocols like DVMRP and MOSPF. The OSPF link state database provides a complete description of the Autonomous System’s topology. DVMRP must compute its own version of unicast forwarding that includes the tunnels. the location of all multicast group members is pinpointed in the database.7. when this is done complete knowledge of the Autonomous System’s topology is lost. datagrams (multicast or unicast) are routed “as is” — they are not further encapsulated or decapsulated as they transit the Autonomous System. just as in the base OSPF protocol. Obviously. By adding a new type of link state advertisement. These pruned shortest-path trees are initially built when the first datagram is received (i.

Its operations is like CBT. unlike DVMRP. 5. This situation is sufficiently common that PIM divides the problem space into sparse mode and dense mode. the use of a protocol that broadcasts the packet is justified because almost all routers are involved in the process. 3. however.8 Is class D addressing a hierarchical address or flat address? Justify your answer. it is simpler because it does not require acknowledgement from a join message. Have you understood? 1. [The Core-Based Tree (CBT) protocol is a group shared protocol that uses a core as the root of the tree. PIM-DM is a source-based tree routing protocol that uses RPF and pruning/grafting strategies for multicasting. 2. One of the characteristics of PIM-SM is that it can switch from a group-shared tree strategy to a source-based tree strategy when necessary. 2.DIT 116 NETWORK PROTOCOLS a relatively small proportion of the routers want to receive traffic for a certain group. PIM Dense Mode (PIM-DM) is used when there is a possibility that each router is involved in multicasting (dense mode). PIM-SM is a group-shared tree routing protocol that has a Rendezvous Point (RP) as the source of the tree. What are the differences between an ordinary router and mrouter? DVMRP is an extension of RIP. originally 105 Anna University Chennai . This can happen if there is a dense area of activity far from the RP. Its operation is like DVMRP. Justify this statement. broadcasting traffic to all routers until they are explicitly asked to be removed from the distribution is not a good design choice if most routers do not want to receive the traffic in the first place. That area can be more efficiently handled with a source-based tree strategy instead of a group-based tree strategy. In this environment. the use of a protocol that broadcasts the packet is not justified. PIM Sparse Mode (PIM-SM) is used when there is a slight possibility that each router is involved in multicasting (sparse mode). In this environment. however. The autonomous system is divided into regions and a core (center router or rendezvous router) is chosen for each region]. it creates a backup set of RPs for each region to cover RP failures. For example. 4. It assumes that the autonomous system is using a unicast protocol and each router has a table that can find the outgoing interface that has an optimal path to a destination. What type of encapsulation is used in mrouted program of UNIX? How is tunneling performed in MBONE networks? MOBILE IP NOTES Mobile communication has received a lot of attention in the last decade. a protocol such as Core-Based Tree (CBT) protocol is more appropriate. The interest in mobile communication on the Internet means that the IP protocol. In addition. This unicast protocol can be a distance vector protocol (RIP) or a link state protocol (OSPF). it does not depend on a specific unicasting protocol.

For example. it permits mobility across the global internet. must be enhanced to allow the use of mobile computers. Interoperability with IPv4 A host using mobile IP can interoperate with stationary hosts that run conventional IPv4 software as well as with other mobile hosts. This scheme works fine with stationary hosts. Several solutions have been proposed. Macro mobility Rather than attempting to handle rapid network transitions such as one encounters in a wireless cellular system.DIT 116 NETWORK PROTOCOLS NOTES designed for stationary devices. mobile IP works well for a user who takes a portable computer on a business trip. and leaves it attached to the new location for a week. Routers use the net id portion to route a packet to the particular network and once a packet reaches the destination network. Scalability The solution scales to large internets.e. mobile IP should have the following characteristics. 2.8. In particular. the IP addressing structure needs to be modified. When a host moves from one network to another. Transparency Mobility is transparent to applications and transport layer protocols as well as to routers not involved in the change. Security Mobile IP provides security facilities that can be used to ensure all messages are authenticated (i. mobile IP focuses on the problem of long-duration moves. Anna University Chennai 106 . Furthermore. The original IP addressing was based on the assumption that a host is stationary. no special addressing is required – the addresses assigned to mobile hosts do not differ from addresses assigned to fixed hosts. to prevent an arbitrary computer from impersonating a mobile host). The main problem that must be solved in providing mobile communication using the IP protocol is addressing. host id is used to deliver the packet to the destination host.1 Characteristics of Mobility IP support According to IETF. attached to one specific network.. the address is no longer valid. If the network changes. Hence the address is valid only when the host is attached to the network. In particular. all open TCP connections survive a change in network and are ready for further use. as long as they remain idle.

They are described as follows. a “care-of address” is associated with the mobile node and reflects the mobile node’s current point of attachment. A foreign agent is a router on a mobile node’s visited network which provides routing services to the mobile node while registered. For datagrams sent by a mobile node. A typical communication scenario using mobile IP is shown in figure 2. Mobile IP Scenario 107 Anna University Chennai . assuming link-layer connectivity to a point of attachment is available. A mobile node is a host or router that changes its point of attachment from one network or subnetwork to another. the foreign agent may serve as a default router for registered mobile nodes. except where otherwise described in this document for datagrams sent for certain mobility management functions. home agent and foreign agent.2 Architectural entities and Terminology NOTES Three major architectural entities involved in mobile IP are mobile node. The foreign agent detunnels and delivers datagrams to the mobile node that were tunneled by the mobile node’s home agent. it may continue to communicate with other Internet nodes at any location using its (constant) IP address. A home agent is a router on a mobile node’s home network which tunnels datagrams for delivery to the mobile node when it is away from home. and maintains current location information for the mobile node. Mobile Node A Home Network for A (2) Internet or other topology or router and links 1 5 3 4 Home Agent Foreign Agent Foreign Network Server X Figure 2. A mobile node may change its location without changing its IP address.18a. When away from its home network. A mobile node is given a long-term IP address on a home network.8. The mobile node uses its home address as the source address of all IP datagrams that it sends.DIT 116 NETWORK PROTOCOLS 2.18a. This home address is administered in the same way as a “permanent” IP address is provided to a stationary host.

Home Network A network. A link underlies the network layer. Typically. Link-Layer Address The address used to identify an endpoint of some communication over a physical link. Note that standard IP routing mechanisms will deliver datagrams destined to a mobile node’s Home Address to the mobile node’s Home Network. having a network prefix matching that of a mobile node’s home address. The protocol can use two different types of care-of address: a “foreign agent care-of address” is an address of a foreign agent with which the mobile node is registered. Correspondent Node A peer with which a mobile node is communicating.DIT 116 NETWORK PROTOCOLS NOTES To understand the architecture and functioning. it is also necessary to become familiar with the following terms. Care-of Address The termination point of a tunnel toward a mobile node. for datagrams forwarded to the mobile node while it is away from home. Link A facility or medium over which nodes can communicate at the link layer. Anna University Chennai 108 . the Link-Layer address is an interface’s Media Access Control (MAC) address. possibly virtual. Home Address An IP address that is assigned for an extended period of time to a mobile node. Foreign Network Any network other than the mobile node’s Home Network. A correspondent node may be either mobile or stationary. It remains unchanged regardless of where the node is attached to the Internet. Agent Advertisement An advertisement message constructed by attaching a special Extension to a router advertisement message. and a “co-located care-of address” is an externally obtained local address which the mobile node has associated with one of its own network interfaces.

The mobile node operating away from home then registers its new care-of address with its home agent through exchange of a Registration Request and Registration Reply message with it. Agent Discovery Home agents and foreign agents may advertise their availability on each link for which they provide service. A mobile node may optionally solicit an Agent Advertisement message from any locally attached mobility agents through an Agent Solicitation message.DIT 116 NETWORK PROTOCOLS Mobility Agent Either a home agent or a foreign agent.8. When away from home. When a mobile node detects that it has moved to a foreign network. Registration When the mobile node is away from home. it registers its care-of address with its home agent. datagrams sent by the mobile node are generally delivered to their destination using standard IP routing mechanisms. or by some external assignment mechanism such as DHCP (a co-located care-of address).e. it obtains a care-of address on the foreign network. Datagrams sent to the mobile node’s home address are intercepted by its home agent. tunneled by the home agent to the mobile node’s care-of address. through exchange of a Registration Request and Registration Reply message with it. If returning to its home network from being registered elsewhere.3 Operation of mobile IP Mobility agents (i. received at the tunnel endpoint (either at a foreign agent or at the mobile node itself). not necessarily passing through the home agent. it operates without mobility services. A newly arrived mobile node can send a solicitation on the link to learn if any prospective agents are present. Mobile IP uses protocol tunneling to hide a mobile node’s home address from intervening routers between its home network and its current location. 2. In the reverse direction. foreign agents and home agents) advertise their presence via Agent Advertisement messages. the mobile node will register either directly with its home agent. The care-of address can either be determined from a foreign agent’s advertisements (a foreign agent care-of address). A mobile node receives these Agent Advertisements and determines whether it is on its home network or a foreign network. and finally delivered to the mobile node. When the mobile node detects that it is located on its home network. the mobile node deregisters with its home agent. The tunnel terminates at the mobile node’s care-of address.. Depending on its method of attachment. The care-of address 109 NOTES Anna University Chennai . or through a foreign agent which forwards the registration to the home agent. possibly via a foreign agent.

upon receiving tunneled datagrams.8. decapsulates them and delivers the inner datagram to the mobile node. When using a co-located care-of address. In this case. which the mobile node then associates with one of its own network interfaces.DIT 116 NETWORK PROTOCOLS NOTES must be an address to which datagrams can be delivered via conventional IP routing. This mode of acquisition is preferred because it allows many mobile nodes to share the same care-of address and therefore does not place unnecessary demands on the already limited IPv4 address space.4 Sample Scenario Let us take an example of IP datagrams being exchanged over a TCP connection between the mobile node A and another host by name server X as shown in figure 2. A “foreign agent care-of address” is a care-of address provided by a foreign agent through its Agent Advertisement messages. The operation of mobile IP is illustrated with the help of figure 2. the care-of address is an IP address of the foreign agent. in networks that have not yet deployed a foreign agent. Anna University Chennai 110 . for example.18a. the original datagram is removed from the tunnel and delivered to the mobile node.18b Registration Request/Reply 2. The address may be dynamically acquired as a temporary address by the mobile node such as through DHCP. At the care-of address. A “co-located care-of address” is a care-of address acquired by the mobile node as a local IP address through some external means. In this mode. The sequence of events are shown below.18b. The mode of using a co-located care-of address has the advantage that it allows a mobile node to function without a foreign agent. the mobile node serves as the endpoint of the tunnel and itself performs decapsulation of the datagrams tunneled to it. Home Agent Registration request (relay) Foreign Agent Mobile Host Registration request Registration reply Registration reply (relay) Figure 2. or may be owned by the mobile node as a long-term address for its use only while visiting some foreign network. the foreign agent is the endpoint of the tunnel and.

then the mobile node knows that it is in a foreign network. For the purpose of discovery. strips of the outer IP header and delivers the original datagram to A A intends to respond to this and sends traffic to X NOTES In this example. Typically.8. A router advertisement can carry information about default routers and information about one or more care-of-addresses. The mobile node on receiving this advertisement packet compares the network portion of the router IP address with the network portion of its own IP address allocated by the home network. the mobile node determines whether it is in a foreign network. it updates its routing table and sends a registration reply back to the mobile node. X is not mobile. Each mobile node and home agent shares the common secret. A uses X’s IP static address as the destination address in the IP header. the mobile host needs to be authenticated. using X’s IP address as the destination address. 2. a router or an agent periodically issue a router advertisement ICMP message. Using these procedures a router can detect whether a new mobile node has entered into its network. The IP datagram from A to X travels directly across the network. the mobile node can broadcast a solicitation that will be answered by any foreign agent. For routing A’s IP datagram to X. Therefore X has a fixed IP address. Once a mobile node obtains a care-of-address from the foreign network. the same needs to be registered with the home agent. this router is the foreign agent. each datagram is sent to some router in the foreign network.DIT 116 NETWORK PROTOCOLS          Home address of A is advertised and known to X X wants to transmit a datagram to A X does not know whether A is in the home network or a foreign network X sends the packet to A with A’s home address as the destination IP Home agent at A’s home network intercepts the packet Home agent discovers that A is in a foreign network Home agent encapsulates the entire packet within a new datagram (IP within IP) with A’s COA as destination address Foreign agent at A’s foreign network intercepts. Using 128 bit secret key and the MD5 hashing algorithm. The mobile node sends a registration request to the home agent with the care-of-address information. This secret 111 Anna University Chennai . using this procedure. If a mobile node needs a care-of-address without waiting for agent advertisements. a digital signature is generated. Also. As a part of the registration.5 Discovery and Registration The mobile IP discovery procedure has been built on top of an existing ICMP router discovery and advertisement procedure as specified in RFC 1256. If these network portions do not match. When the home agent receives this request.

At the end of the registration. the home agent encapsulates the packet in the payload field of an outer packet and sends the later to the foreign agent handling the mobile user. 2. the entire original IP header is preserved as the first part of the payload of the tunnel header. 3. We have assumed that the foreign agent will allocate the care-of-address. This mechanism is called tunneling. The registration process invokes the following four steps. the home agent looks up the mobile user’s new (temporary) location and finds the address of the foreign agent handling the mobile user. adds a new IP header called tunnel header. a triplet containing the home address. The mobile node requests for forwarding service from the foreign network by sending a registration request to the foreign agent. This is called a binding for the mobile node.6 Tunneling Once the home agent finds that the mobile node has moved away from the home network. the home agent.19 shows the tunneling operations in mobile IP.20).DIT 116 NETWORK PROTOCOLS NOTES makes the digital signature unique and allows the agent to authenticate the mobile node. care-of-address and registration lifetime is maintained in the home agent. As an alternate therefore. A collocated care-ofaddress is an IP address obtained by the mobile node that is associated with the foreign network. 1. Now. indicating that the next protocol header is again an IP header. The foreign agent relays this reply to the mobile node. 2. However.8. The home agent also tells the sender to send the packets hereafter to the mobile host by encapsulating them in the payload of packets explicitly addressed to the foreign agent. In the mobile IP. IPwithin-IP encapsulation mechanism is used. 4. The home agent either accepts or rejects the request and sends the registration reply to the foreign agent. Figure 2. The home agent maintains this association until the registration lifetime expires. The foreign agent relays this registration request to the home agent of that mobile node. it is possible that a mobile node moves to a network that has no foreign agents or on which all foreign agents are busy. The foreign agent after receiving the packet drops the tunnel header and delivers the Anna University Chennai 112 . Using IP-within-IP. The tunnel header uses 4 as the protocol number (figure 2. Hereafter the packets are sent to the user via the foreign agent and the home agent of the user is byepassed. In IP-within-IP. the mobile node act as its own foreign agent by using a colocated care-of-address. The new tunnel header uses the mobile node’s care-of-address as the tunnel destination IP address. The tunnel source IP address is the home agent’s IP address. If the mobile node is using a collocated care-of-address then the registering happens directly with its home agent.

For this purpose. This outer header includes the source address as the IP address of the home agent and destination address equal to the care-of-address.19. the home agent must be able to intercept all IP datagarm packets sent to the mobile node so that these datagrams can be forwarded via tunneling. The home agent. When a mobile is roaming in a foreign network. NOTES X MH ? Payload Encapsulated Diagram Src Dest Proto Src Dest Proto Home Agent HA COM 4 or 55 X MH ? PL Foreign Agent Src Dest Proto X MH ? PL Figure 2. ARP is used to notify all nodes in the home network. Tunneling Operation Let us take the example of figure 2. 113 Anna University Chennai .DIT 116 NETWORK PROTOCOLS rest to the mobile node. This is necessary for the host to know who has send the packet so the response reaches the right destination. The datagram is routed through the Internet to A’s home network. The home agent encapsulates the incoming datagram within outer IP header. In essence.18. As the care-ofaddress has the network portion of the foreign network. When this new datagram reaches the host in the foreign network. needs to inform other nodes in the home network that all IP datagrams with the destination address of the mobile node should be delivered to the home agent. the home agent steals the identitiy of mobile node in order to capture packets destined for that node that are transmitted across home networks. it strips of the outer IP header to extract the original datagram. The original IP datagram from X to A has a source address as IP address of X and destination address as the home IP address of A. where it is intercepted by the home agent. From this striped off packet it also finds out the original sender. the packet will find its way directly to the mobile host. therefore.

this is done through Home Location Register (HLR) and Visitor Location Register (VLR). Cellular IP is a protocol that provides mobility and handoff support for frequently moving hosts. These losses should be minimized in order to avoid a degradation of service quality as handoffs become more frequent. A change of access point during active data transmission or reception is called a handoff. and a care-of-address that reflects its current point of attachment. It is intended to be used at a local level. During or immediately after a handoff. Mobile IP is not appropriate for fast and seamless handoff control. The mobile IP architecture comprises three functions: 1.20 IP within IP 2. A mechanism is required that ensures that packets addressed to moving hosts are successfully delivered with high probability. In the case of GSM. Figure 2. for instance in a campus or metropolitan area network.7 Cellular IP Hosts connecting to the Internet via wireless interface are likely to change their point of access frequently. VERS HLEN SERVICE TOTAL LENGTH TYPE IDENTIFICATION FLAGS FRAGMENT OFFSET TIME TO LIVE PROTOCOL HEADER CHECKSUM SOURCE IP ADDRESS (ORIGINAL SENDER) DESTINATION IP ADDRESS (HOME ADDRESS) IP OPTIONS ( IF ANY ) PADDING DATA …. Same is true in mobile IP.8. that is. packet losses may occur due to delayed propagation of new location information. other one is for a dynamic location which changes as the user moves. Cellular IP uses a two tier addressing scheme to manage the mobility and handoff. A database that conatins the most up to date mapping between the two address spaces (home address to care-of-address) The translation of the host identifier to the actual destination address 114 Anna University Chennai . where the mobile host is associated with two IP addresses: a fixed home address that serves as the host identifier. Cellular IP can interwork with Mobile IP to support wide area mobility. One address is for a fixed location which is known to all.DIT 116 NETWORK PROTOCOLS NOTES VERS HLEN SERVICE TYPE TOTAL LENGTH IDENTIFICATION TIME TO LIVE FLAGS FRAGMENT OFFSET PROTOCOL HEADER CHECKSUM SOURCE IP ADDRESS (HOME AGENT ADDRESS) DESTINATION IP ADDRESS (CARE-OF-ADDRESS) IP OPTIONS ( IF ANY ) PADDING DATA …. 2. mobility between Cellular IP Networks.

21). PCs maintain mappings for stationary and idle (not in data communication state) hosts.DIT 116 NETWORK PROTOCOLS 3. Global Internet with Mobile IP (Coarse Grained Mobility) Mobile IP Gateway Redirect Fine-grained Mobility Wireless Access Network Cellular IP Global Mobility Local Handoffs Figure 2. Mapping entries in PCs have a large timeout interval in the order of seconds or minutes. none of the nodes know the exact location of a mobile host. transmitted by mobile hosts. whereas. RC maintains mappings for mobile hosts.21. RCs maintain mappings of mobile hosts currently receiving data or expecting to receive 115 Anna University Chennai . In a cellular IP. Packets addressed to a mobile host are routed to its current base station on a hop by hop basis where each node only needs to know on which of its outgoing ports to forward packets. This process works for slowly moving hosts. a new host mobility protocol has been designed to address this issue. For a high speed mobile host. Mobile IP fails to update the addressed properly for high speed mobility. Relationship between Mobile IP and Cellular IP This limited routing information (referred as mapping) is local to the node and does not assume the nodes have any knowledge of the wireless network topology. Otherwise. NOTES Whenever the mobile host moves to a new network managed by different foreign agents. Agents ensuring that the source and destination packets for arriving and outgoing packets are updated practically so that routing of packets are proper. Cellular IP (figure 2. the rate of update of the addresses needs to match the rate of change of addresses. the dynamic care-of-address will change. Mappings are created and updated based on the packets. Cellular IP uses two parallel structures of mapping through paging caches (PC) and routing caches (RC). This changed care-of-address needs to be communicated to the home agent. packets will be forwarded to the wrong (old address).

First few redirected packets will automatically configure a new path of RC mappings for the host to the new base station.DIT 116 NETWORK PROTOCOLS NOTES data. As the host approaches a new base station. 3.22. on a hop-by-hop basis. As there is data transmission. As long as data packets keep arriving. For a time equal to the timeout of RC mappings. packets addressed to the mobile host will be delivered at both old and new base stations. The paging update packet travel in the access network from the base station toward the gateway router. The PC mapping for X now points to location 2. Figure 2. What are the limitations of IPv4 in the context of mobile communication? What are the functions of home agent and foreign agent? What is meant by Care-Of-Address (COA)? What are the four steps involved in registering the COA with the home agent? Anna University Chennai 116 . it redirects its data packets from the old to the new base station. the mapping database to be used will be the RC. Cellular IP paging and Routing Idle mobile hosts periodically generate short control packets. Have you understood? 1. the PC mappings are used to find the host (step 2). called paging update packets. Figure 2. While idle at location 1. either by its outgoing data packets or through the transmission of dummy packets (step 3). For RC mappings the timeout are in the packet time scale. the mobile host X keeps PCs up to date by transmitting dummy packets at low frequency (step 1 in figure 2. 4. the host maintains RC mappings.22 illustrates the relationship between PCs and RCs. While at location 2.17). 2. These are sent to the nearest available base station. there are data packets to be routed to the mobile host X. Handoff in cellular IP is always initiated by the mobile host. Let us assume that the host is mobile and moved to lacation 2 without transacting any data.

Class D IPv4 addresses can not be assigned to individual hosts of the network. Members of a multicast may be in the same network or across different networks of an internet. Justify this statement. Multicasting is mode of data communication where the datagrams from a source are to be delivered to all the members of the multicast group. Instead the source has to follow the usual transmission procedure with only one exception that says that destination address is not an usual unicast address and it is a multicast address. without synchronizing or 117 Anna University Chennai 3. What are the various modes of IP address allotment supported by DHCP? 8. 2. Class D IPv4 addresses are used for multicast. Hosts expect a very high dynamic multicast services from the network so that the hosts can choose to join or leave this group at will. The key requirement of multicasting is to relieve the source from creating the required number of copies and transmitting across the network. 6. NOTES Have you understood? 1. How does a client discover DHCP servers? 10. 5. Why is IP-in-IP type of encapsulation required in mobile IP? List down the major differences between mobile IP and cellular IP. Another challenge in multicasting is due to the requirement that the multicasting scheme should make effective use of hardware multicast when it is available and at the same time. What are the limitations of BOOTP? 7. What are the two steps involved in the bootstrap procedure of BOOTP? 6. 4.DIT 116 NETWORK PROTOCOLS 5. 7. It becomes necessary for the multicast routers to maintain these details to forward the datagrams to all members of the multicast group with minimum overhead and effective utilization of bandwidth. It has to allow local autonomy in assigning the IP addresses and at the same time the assigned addresses should have global meaning. Class D addresses are not hierarchical addresses like class A. 6. Which protocol is used to map the IP address into its equivalent MAC address? 3. 2. B and C addresses where certain octets are used to indicate the net id and certain hosts are used to indicate the host id portion. . MAC address is a physical address and IP address is a logical address. What is the advantage of leasing scheme followed in DHCP? 9. What is meant by early lease termination in DHCP? Summary 1. What are the limitations of static allocation schemes of IP addresses? 5. How do the diskless workstations obtain their IP addresses? 4. it should allow IP multicast delivery over networks which do not have hardware support for multicast. The major challenge in devising multicast addresses is that addressing scheme has to satisfy two conflicting goals.

When the size of the network is small. 18. IP-within-IP encapsulation mechanism is used. a foreign agent must use the mobile’s home address for communication. 16. 11. Every site that wants to allow its users to roam has to create a home agent. 13. The mobile node sends a registration request to the home agent with the care-of-address information. Second address or the secondary address changes as the computer moves. it contacts the foreign hosts there and registers. 15. multicast routes can change simply because an application program joins or leaves a multicast group. IGMP is also an integral part of IP. 17. First address is the computer’s primary address and this address is fixed and permanent. Once a mobile node obtained a care-of-address from the foreign network. The human network administrator config118 Anna University Chennai . the same needs to be registered with the home agent. The new tunnel header uses the mobile node’s care-of-address as the tunnel destination IP address. 9. Mobile IP involves considerable overhead after each move and hence mobile IP is intended for situations in which a host moves infrequently and remains at a given location for a relatively long period of time. negotiating with other members of the group. 12. adds a new IP header called tunnel header. Also a host may be willing to become a member of more than one group at a time. Using IP-withinIP. Like ICMP. A mrouter learns the multicast addresses associated with its own attached networks/subnetworks using a protocol by name Internet Group Management protocol. In the mobile IP. it updates sits routing table and sends a registration reply back to the mobile node. When a mobile host shows up at a foreign site. The tunnel source IP address is the home agent’s IP address. A multicast datagram may originate on a computer that is not a part of the multicast groups. the home agent. The foreign host then contacts the user’s home agent and gives it a care-of-address. When a host (source) wants to communicate with another host (destination) in a different network it becomes necessary for the source to know the IP address of the destination. normally the foreign agent’s own IP address. The network has to ensure that all hosts in the internet have unique IP addresses. 10.DIT 116 NETWORK PROTOCOLS NOTES 8. 14. Unlike unicast routing in which routes change only when the topology changes or equipment fails. When the home agent receives this request. Instead of relaying on ARP for address binding. If a mobile does not have a unique foreign address. the agent records the mobile’s hardware address when a request arrives and uses the recorded information to supply the necessary binding. Every site that wants to allow visitors has to create a foreign agent. and may be routed across networks that do not have any group members attached. Mobile IP overcomes the limitations of IPv4 in the context of mobile communication by allowing a single computer to hold two addresses simultaneously. it is possible to assign IP addresses manually to all the systems in the network.

which are forwarded over routers. whereas bridges normally do. 9. a DHCP relay agent is needed on each LAN. Broadcasting by itself does not add to network traffic. NOTES Exercises 1. such as a diskless workstation. 3. 7. routers normally don’t forward broadcast packets. 8. 5. 20. Reverse Address Resolution Protocol (RARP) associates a known MAC addresses with an IP addresses. but it adds extra host processing. 224/4 etc? Change the multicast IP address 230. RARP allows the device to make a request to learn its IP address. BOOTP uses UDP messages. so broadcasts on a bridged network can travel much farther than they would on a routed network. In most systems. DHCP allows both manual IP address assignment and automatic assignment. 10.DIT 116 NETWORK PROTOCOLS 19. 6. Devices using RARP require that a RARP server be present on the network to answer RARP requests. Does broadcasting really increase the amount of traffic? What are the advantages of IP multicasting? Can multicasting use TCP? What is the advantage of the notation like 233/8. Since the DHCP server may not be reachable by broadcasting. the IP address of the default router and the subnet mask to use.43.7 to an Ethernet multicast physical address? What are the functions of a group joining module of IGMP? What are the functions of a group leaving module? What are the general characteristics of Mobile IP? Why is it necessary to use the limited broadcast in BOOTP request/response? How is DHCP different from RARP and BOOTP? Answers 1. 4. A network device. 21. 22. 119 Anna University Chennai . ures the IP addresses of all the systems in such a way that no two machines on the network have same IP addresses. including the IP address of the file server holding the memory image. When the size of the network becomes very large it is almost impossible to assign the addresses in this way.14. It also provides diskless workstations with additional information. 2. Also. To find the IP address. it has largely replaced RARP and BOOTP. DHCP follows the idea of leasing in order to avoid loosing IP addresses when the hosts go down. might know its MAC address but not its IP address. Broadcasting can lead to additional traffic if the receiving hosts incorrectly respond with errors such as with errors such as ICMP port unreachables. a newly booted host broadcasts a DHCP DISCOVERY packet and the DHCP server responds to that.

which is the GLOP address space. and no retransmission. 3. 4. the multicast address space can be described as 224. Multicasting uses UDP (User Datagram Protocol) as its underlying transport protocol.”) Strictly speaking. even more simply. a.0. video.255. Anna University Chennai 120 . Hence CIDR developed (and multicasting has adopted) a shorthand. at the transport layer. Multicasting is useful because it conserves bandwidth. in the above question. ii. UDP is a simpler protocol where there is no acknowledgement of the success or failure of the transmission of any packet.255. in order that dropped packets can be retransmitted. This form of feedback and retransmission does not scale well into the one to many cases. in many cases the most expensive part of network operations. 233/8 means all addresses between 233. We add the result of part a to the starting Ethernet Multicast address. No.255. therefore. 5. and also to determine if packets have arrived safely. This can be done by changing the rightmost 3 bytes to hexadecimal and then subtracting 8 from the leftmost digit if it is greater than or equal to 8. It is cumbersome to refer to address blocks in complete dotted decimal notation.0. UDP is called “best effort. thereby not transmitting unnecessary packets. multicast data transport is unreliable.” So. multiparty computer games and conference calls (many to many multicasts) and communication between devices behind the scenes (the focus of recent work on small group multicast. and the number of bits that are fixed. The result is 01:00:5E:2B:0E:07.0 to 233.DIT 116 NETWORK PROTOCOLS NOTES 2. as 224/4. Later IP multicasting has also adopted. TCP (transmission control protocol) uses frequent transmission of acknowledgement (ACK) packets between the receiver and the transmitter for flow control.0. b. We write the rightmost 23 bits of the IP address in hexadecimal. or data) from one location to many other locations on the Internet simultaneously. In our example the result is 2B:0E:07.0. If (found) Increment the reference count. also called explicit multicast or Xcast). Note that the larger the number after the slash. and this block would be pronounced “two twenty four slash four. Look for the corresponding entry in the table. In that shorthand. and any reliability must be engineered-in at a higher level. Receive a request from a process to join a group i. which is 01:00:5E:00:00:00. (In the jargon. the longer the prefix and the smaller the actual address block. Its commercial applications include webcasting over the Internet (one to many multicasts). 6. although some forms of reliable multicast do use negative acknowledgements (NACKs) to signal the need for retransmission. It does this by replicating packets as needed within the network.0/4 or. are specified. where the start of a block. Multicasting is the most economical technique for sending a packet stream (which could be audio. The solution can be obtained in two steps. The fixed part of the address is referred to as the prefix.

Security – Mobile IP provides security facilities that can be used to ensure all messages are authenticated (i. and leaves it attached to the new location for a week. Because A does not know B’s IP address or the IP address of the network. iv. Scalability – The solution scales to large internets. Look for the corresponding entry in the table.DIT 116 NETWORK PROTOCOLS 7. 2.. all open TCP connections survive a change in network and are ready for further use. The server B uses the limited broadcast address. it permits mobility across the global internet. General characteristics of IP mobility support are i. b. 4. c.e. If(not found) 1. it must broadcast its initial BOOTP request using the IP limited broadcast address. iii. Now the issue is whether B has to respond with A’s IP address (since B knows A’s IP address) or with the limited broadcast address. Macro mobility – Rather than attempting to handle rapid network transitions such as one encounters in a wireless cellular system. Decrement the refernce count. iii. Return Receive: a request from a process to leave a group i. In particular. Transparency – Mobility is transparent to applications and transport layer protocols as well as to routers that are not involved in the change. Create an entry with reference count set to one. 3. Suppose client machine A wants to use BOOTP to find bootstrap information including its IP address and suppose B is the server on the same physical net that will answer the request. Request a leave report from the output module. If (reference count is zero) a. Request a membership report from the output module. ii. If (any timer for this entry) cancel the timer. v. no special addressing is required – the addresses assigned to mobile hosts do not differ from addresses assigned to fixed hosts. 3. 2. The reason is if B uses 121 NOTES Anna University Chennai . 8. Inform the data link layer to update its configuration table iv. as long as they remain idle. Return. In particular. mobile IP works well for a user who takes a portable computer on a business trip. If (found) 1. Interoperability with IPv4 – A host using mobile IP can interoperate with stationary hosts that run conventional IPv4 software as well as with other mobile hosts. to prevent an arbitrary computer from impersonating a mobile host). 9. Add the entry to the table. Change the state to free. ii. Furthermore.

A’s IP address. while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. DHCP is based on BOOTP and maintains some backward compatibility. broadcasting is the only solution. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database. Additionally. B’s network interface software has to use mechanisms like ARP to find out A’s MAC address.DIT 116 NETWORK PROTOCOLS NOTES 10. As a result A will not respond to the B’s ARP request. DHCP and BOOTP are designed so they can be routed. Anna University Chennai 122 . However till the BOOTP reply reaches A. DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. On systems that do not allow programs to modify the ARP cache. which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. Therefore B has only two alternatives: either broadcast the reply or use the information from the request packet to manually add an entry to its ARP cache. A does not know its IP address. a server can only serve a single LAN. RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number. RARP doesn’t support other parameters and using it.

DIT 116 NETWORK PROTOCOLS UNIT .2     LEARNING OBJECTIVES To understand the ideas of domain names To differentiate between flat name space and hierarchical name space To study about the different types of resource records of DNS To learn about the various types of queries made by the DNS in resolving the mapping 123 Anna University Chennai . File Transfer Protocol (FTP). machines are assigned some mnemonic addresses called domain names. Another important aspect we discuss in this unit is the elimination of specialized servers and provides more generality by allowing the user to establish a login session on the remote machine and then execute commands. TCP and UDP are the basic protocols required to transfer the data from one machine to another machine across multiple networks. it becomes necessary for IP to support multicasting and mobility. In this unit. However all these do not serve the programmers or end users directly. These application programs are used by the end users to carry out their tasks. Another frequently used application is sharing the files among a set of users who belong to the same organization or working in the same project. Since remembering dotted decimal notation of IP addresses is difficult. ICMP.3 NOTES 3. Domain Name System (DNS) is the application protocol meant for this. you are going to learn about the application layer protocols with which application programmers develop the application programs. All these applications have to identify the remote machine with which they want to communicate. At the end of this unit you should be familiar with these protocols. IP.1 INTRODUCTION In first two units of this course. network layer protocols along with transport layer protocols are able to provide the data transport from one application program running in one machine to another application program running in another machine. To be more specific. you learnt about the protocols that are required for the basic functioning of the network. Trivial File Transfer Protocol (TFTP) and Network File System (NFS). The protocol that achieves this is TELNET. Hence it becomes necessary for the client to map the domain name into its equivalent IP address. However the TCP/IP protocol stack can understand only IP addresses in specifying the end points. 3. Due to the demands from the users.

The table can be manually stored in the computer memory by the network administrators.3 To study about the message formats of DNS To understand the ideas and challenges of shared file access To study about the process model of FTP To know the features of anonymous FTP To understand the differences between reliable file transfer and file transfer with limited features To study about the nature of file transfer in TFTP To understand the NFS protocol and other related protocols To learn about remote login facility To study about the TELNET protocol To know the features of Rlogin (BSD UNIX) DOMAIN NAME SYSTEM Domain Name System (DNS) is an application used by other application layer protocols or applications to map the mnemonic addresses called domain names into their equivalent IP addresses to communicate with applications running in other hosts of the network. But this is difficult for large networks as one single hosts file can not relate every name to its IP address and vice versa. Hence it is necessary to divide this huge amount of information into smaller parts and store each part on a different host. But this would create a huge traffic on the network. The host file grows too large. The end system that needs mapping will contact the closest server holding the relevant mapping information. Assigning names to machines should take place in such a way that the names should be unique and unambiguous. However the network is able to understand only numerical addresses. client/server architecture and the DNS message format.1 The Name Space The name space is the one from which the names are chosen and assigned to machines. We will discuss the DNS application protocol in terms of the name space. name servers. Remembering IP addresses of the servers is difficult for the users and hence they prefer mnemonic addresses. The name to address translation is easy for small scale networks. 3. One solution is to store all the information in a single computer and allow access to this centralized information to every computer that needs mapping. Hence some mechanism is required to convert the mnemonic addresses into numerical addresses and DNS is the application layer protocol that achieves this.DIT 116 NETWORK PROTOCOLS NOTES           3. Organization of name space is easier in small netAnna University Chennai 124 .3. domain name space. You will learn about the principles and the implementation details of DNS in this section.

since the size of the name space is small. annauniv indicates the name of the organization and cs indicates the computer science department. state or province. city. The main disadvantage of a flat name space is that it can not be used in a large system such as Internet because it must be centrally controlled to avoid ambiguity and duplication. mil 125 NOTES Anna University Chennai . and street address of the addressee. name management is done by requiring letters to specify (implicitly or explicitly) the country. edu indicates an educational institution. For example. Even if the names have a common section it does not have any significance. A central authority can assign the part of the name that defines the nature of the organization and the name of the organization. The responsibility of the rest of the name can be given to the organization itself.1. The top level domains come in two flavors: generic and countries. The leaves of the tree represent domains that have no sub domains. It is easy to satisfy uniqueness and unambiguity in such cases. the size of the Internet is very large (approximately one hundred million computers connected) and choosing symbolic names is very difficult in such a large network. The tree can have only 128 levels: level 0 (root) to level 127 as shown in figure 3. In cs. The original generic domains were com (commercial). In the hierarchical organization of the name space.edu. The names may or may not have a common section. where each domain covers many hosts. In a flat name space. a name is assigned to an address. The first part can define the nature of the organization. the internet is divided into over 200-top level domains.annauniv.edu has been assigned by a central authority and the name cs has been assigned by the university itself. it does not lead to duplication. edu (educational institutions). gov (the US Federal Government). In this scheme even if there are two persons with the same name in different areas of the city. Conceptually. the second part can define the name of an organization. and so on.3. One well known example for hierarchical naming space is the addressing scheme followed by the postal system. each name is made of several parts. in cs.2 Domain Name Space Domain Name space follows a hierarchical namespace to make the domain name system scalable. A name in this space is a sequence of characters without structure. Each domain is partitioned into sub domains. and these are further partitioned.edu. However. or it may represent a company and contain thousands of hosts. A leaf domain may contain a single host. only annauniv. and so on. In a hierarchical name space. the names are designed in an inverted-tree structure with the root at the top.DIT 116 NETWORK PROTOCOLS works. and the third part can define departments in the organization. In the postal system. int (certain international organizations). Two approaches are followed in the organization of the name space namely flat and hierarchical. 3.annauniv.

The country domains include one entry for every country. If a label is not terminated by a null string.atc. It is used when the name to be resolved belongs to the same site as the client. A full domain name is a sequence of labels separated by dots (. The root label is a null string. A PQDN starts from a node. it is called partially qualified domain name (PQDN). The domain names are always read from the node up to the root. it is called a fully qualified domain name (FQDN).edu site wants to get the IP address of the challenger computer. For example. DNS requires that nodes that branch from the same node have different labels. which is a string with a maximum of 63 characters. that uniquely define the name of the host. which means the last character is a dot because the null string is nothing. Each node in the tree has a domain name. An FQDN is a domain name that contains the full name of a host. which guarantees the uniqueness of the domain names. he or Anna University Chennai 126 . It contains all labels.1. The last label is the label of the root (null). A DNS server can only match an FQDN to an address. A portion of the Internet domain name space Each node in the tree has a label. If a label is terminated by a null string. as defined in ISO 3166. Generic Countries int com edu gov mil org net jp us nl sun yale acm eng jack jill ac ieee co oce vu eng keio cs ai india cs nec csl filts fluit cs pc24 robot Figure 3.fhda.DIT 116 NETWORK PROTOCOLS NOTES (the US armed forces). if a user at the fhda. net (network providers) and org (nonprofit organizations). from the most specific to the most general. the domain name challenger. This means that a full domain name always ends in a null label.edu is the FQDN of a computer named challenger installed at the Advanced Technology Center (ATC) at De Anza College. but it does not reach the root.). For example.

the ‘domain’ and the ‘zone’ refer to the same thing. Since the complete domain name hierarchy cannot be stored on a single server. it is divided among many servers. As a result. One way to do this is to divide the whole space into many domains based on the first level. Since a domain created this way could be very large. The DNS client adds the suffix atc. It is difficult to store it in a single computer as this makes it inefficient when requests are sent from all over the world to the same computer. A primary server is a server that stores a file about the 127 NOTES Anna University Chennai .DIT 116 NETWORK PROTOCOLS she can define the partial name challenger. this way of maintaining the information leads to single point of failure.3 Name Servers The entire information content of any domain name space is enormous. Its zone contains detailed information regarding that part of the zone not delegated to other servers. if a server divides its domain into subdomains and delegates part of its authority to other servers. A root server usually does not store any information about domains but delegates its authority to other servers. Moreover.3. the original server is still vested with the overall responsibility. The information is distributed among multiple DNS servers by dividing the whole name space into domains based on the first level. 3. each covering the whole domain name space. It still has a zone but the details of the data are maintained by lower level servers. However.fhda. the single computer is subjected to heavy load and may not be able to respond with the reply in a reasonable period. The solution to these problems is to distribute the information among many computers called DNS servers. DNS allows domains to be divided further into smaller domains (subdomains). The server makes a database called a zone file and keeps all the information for every node under the domain. ‘domain’ and ‘zone’ refer to different things. Besides the root server. The servers are distributed all around the world. The domain or sub-domain over which a server has complete authority is called a zone. with the original server keeping some sort of reference to these lower-level servers. If it is the case. The root stands alone and there are as many domains or subtrees as there are first level nodes. If a server accepts responsibility for a domain and does not divide the domain into smaller domains. A server can also divide part of its domain and delegate responsibility but still keep part of the domain for itself. There are several root servers. servers of the DNS are of two types namely a primary server and a secondary server. A root server is a server whose zone consists of the whole tree. The information about the nodes in the subdomains is stored in the servers at the lower levels. keeping references to those servers. However. we have a hierarchy of servers in the same way that we have a hierarchy of names.edu before passing the address to the DNS server.

it either refers the resolver to other servers or asks other servers to provide the information. it sends the request to another server (usually the parent) and waits for the response. it checks its database and responds. The server checks the generic domains or the country domains to find the mapping. The idea is not to put the secondary server at a lower level of authority but to create redundancy for the data so that if one server fails. If the server is an authority for the name. Servers can resolve the mapping in two ways namely recursive resolution and iterative resolution. When the query is finally resolved. It is responsible for creating. This means that the resolver expects the server to supply the final answer. it responds.DIT 116 NETWORK PROTOCOLS NOTES zone for which it is an authority. A host that needs to map an address to a name or a name to an address calls a DNS client called a resolver. it sends the answer. The resolver accesses the closest DNS server with a mapping request. it must be done by the primary server. If the newly addressed server can resolve the problem. it satisfies the resolver.3.4 The DNS Client Server Model DNS is designed as a client-server application. the other can continue serving clients. If the server is not the authority. Now the client must repeat the query to the third server. A secondary server is a server that transfers the complete information about a zone from another server (primary or secondary) and stores the file on its local disk. This process is called iterative because the client repeats the same query to multiple servers. it returns the IP address of a new server to the client. the response travels back until it finally reaches the requesting client. if the server has the information. If the parent is the authority. and updating the zone file. The secondary server neither creates nor updates the zone files. the resolver asks for a recursive answer from a name server. Anna University Chennai 128 . If it is not. otherwise. it sends the query to yet another server. otherwise. 3. In recursive resolution. otherwise. If the server is the authority for the domain name. If the client does not seek for a recursive solution. The client-server communication in resolving the domain names into their equivalent IP addresses can take place in two different ways. it returns (to the client) the IP address of the server that it thinks can resolve the query. The primary and secondary servers are both authoritative for the zones they serve. which sends the updated version to the secondary. If updating is required. it interprets the response to see if it is a real resolution or any error. In both the cases. The client is responsible for repeating the query to this second server. the mapping is done iteratively. After receiving the mapping. it answers the query with IP address. maintaining. It stores the zone file on a local disk. and delivers the result to the process that requested it.

the mapping is invalid and any query must be sent again to the authoritative server. DNS requires that each server keep a TTL counter for each mapping it caches. Domain name Server Message Format 129 Anna University Chennai . Answer Section … … … . DNS handles this with a mechanism called caching. Responses also contain information about the servers that are authorities for the replies and the IP addresses of those servers. TTL indicates the time in seconds that the receiving server can cache the information. After this time. To counter this. If a server caches a mapping for a long time. it stores this information in its cache memory before sending it to the client. it can check its cache memory and resolve the problem. Reduction of this search time would increase efficiency. The server responds by returning a similar message that contains answers to the questions for which the server has bindings. First.. it needs to search its database for a server IP address. When a server asks for a mapping from another server and receives the response. 3. Authority Section ………. Figure 3. the response will contain information about other name servers that the client can contact to obtain the answers. but it can also become problematic. Caching speeds up resolution. The cache memory must be searched periodically and those mappings with an expired TTL must be removed. a specification of the query class and the type of object desired. Second. However.5 DNS Message Format The DNS message format allows a client to ask multiple questions in a single message. two techniques are used. If the server cannot answer all questions. the server marks the response as unauthoritative. Param eter Num ber Of Answers Num ber Of Additional NOTES Figure 3.3. it may send an outdated mapping to the client. Each question consists of a domain name for which the client seeks an IP address. If the same or another client asks for the same mapping. to inform the client that the response is coming from the cache memory and not from an authoritative source. the authoritative server always adds information to the mapping called time to live (TTL). Identification Num ber Of Questions Num ber Of Authority Question Section ……….2.2 shows the message format. Additional Inform ation Section ……….DIT 116 NETWORK PROTOCOLS Each time a server receives a query for a name that is not in its domain.

as Figure 3.DIT 116 NETWORK PROTOCOLS NOTES As the figure shows.. The QUESTION SECTION contains queries for which answers are desired.4 Format of entries in QUESTION SECTION Anna University Chennai 130 . The client fills in only the question section.7 gives the interpretation of bits in the PARAMETER field. QUERY TYPE QUERY CLASS Figure 3. the server returns the questions and answers in its response. Figure 3. Bit PARAMETER field 0 Meaning Operation: 0 Query 1 Response Query Type: 0 Standard 1 Inverse 2 Completion 1 (now obsolete) 3 Completion 2 (now obsolete) Set if answer authoritative Set if message truncated Set if recursion desired Set if recursion available Reserved Response Type 0 No error 1 Format error in query 2 Server failure 3 Name does not exist 1-4 5 6 7 8 9-11 12-15 Figure 3. and a PARAMETER field that specifies the operation requested and a response code. For example. The fields labeled NUMBER OF each give a count of entries in the corresponding sections that occur later in the message.. each message begins with a fixed header.3 shows. the field labeled NUMBER OF QUESTIONS give sthe count of entries that appear in the QUESTION SECTION of the message. The header contains a unique IDENTIFICATION field that the client uses to match responses to queries.3 Meaning of bits of the PARAMETER FIELD QUERY DOMAIN NAME …………. Each question consists of a QUERY DOMAIN NAME followed by QUERY TYPE and QUERY CLASS fields.

(Apart from domain name space) What are the two flavors of top level domains? 131 Anna University Chennai . 5.5 Format of resource records used in messages returned by DNS The RESOURCE DOMAIN NAME field contains the domain name to which this resource record refers. 4. It is used by clients who have requested a name binding and may want to cache the results. Have you understood? 1. The TYPE field specifies type of the data included in the resource record. AUTHORITY SECTION. each of the ANSWER SECTION.DIT 116 NETWORK PROTOCOLS Although the QUERY DOMAIN NAME field has variable length. Therefore.5 shows the format. the QUERY DOMAIN NAME field may contain an arbitrary number of octets. Each resource record describes one name. What is meant by a domain name? What are the difficulties in working with IP addresses itself without mnemonic addresses? What are the limitations of flat naming space? Give examples for flat schemes and hierarchical schemes. NOTES Figure 3. The QUERY CLASS field allows domain names to be used for arbitrary objects because official Internet names are only one possible class. although the diagram in figure 3. The TIME TO LIVE field contains a 32 bit integer that specifies the number of seconds information in this resource record can be cached. No padding is used. messages to or from domain name servers may contain an odd number of octets. with the RESOURCE DATA LENGTH field specifying the count of octets in the RESOURCE DATA field. 2. The QUERY TYPE encodes the type of the question. 3. and ADDITIONAL INFORMATION SECTION consists of a set of resource records that describe domain names and mappings. Figure 3. the internal representation of domain names makes it possible for the receiver to know exact length. It should be noted that. It may be an arbitrary length. the CLASS field specifies the data’s class. The last two fields contains the results of the binding. In a domain name server message.4 follows our convention of showing formats in 32-bit multiples.

a single. Whole-file copying means that whenever a program wants to access a file. Instead the operating system provides access to remote. If the computers involved in file sharing are conventional desk top computers. 15. where they are stored in case of accidental loss. shared files exactly the same way it provides access to local files. it obtains a local copy. but if the file must be modified. Such machines communicate with the centralized server in a high speed wireless network.4 SHARED FILE ACCESS Many network systems provide computers with the ability to access files on remote machines. and that the entire file system provides transparent access to shared files. Examples of inexpensive computers are diskless machines. What is meant by an iterative query in resolving domain names? How does a recursive query resolves domain names? Mention the factors that affect the cost of lookup in resolving domain names. 8. We say that the remote file is integrated with local files. In other type of environments. centralized file server provides a secondary storage for a set of inexpensive computers that have no local disk storage. Shared on line access means allowing multiple programs to access a single file concurrently. hand-held device etc. The ability to access files remotely can be achieved in two different ways namely online shared access and sharing by file transfer. to divide that into further sub domains. then they send copies of files across a network to an archival facility. After getting a domain name from the higher authority. Copying is often used for read-only data. Anna University Chennai 132 . is it necessary to get permission from higher authorities? Mention the five tuples of a resource record of DNS. what are the other possible details that may be returned by the DNS server? 3. 12. the program makes changes to the local copy and transfers a copy of the modified file back to the original site. However. File sharing comes in two distinct forms: on line access and whole file copying. 10. multiple users or multiple sites. Changes to the file take effect immediately and are available to all programs that access the file. it may be necessary to share data cross multiple programs. A file system that provides shared. What are the mechanisms supported by DNS to make the mapping mechanism effective? Apart form the IP address of the specified domain name. 9. A user can execute any application program using a remote file as input or output. 11. many complications are involved in providing this facility to the users. Mention the original generic domains of DNS and the later additions to it. 7. 13.DIT 116 NETWORK PROTOCOLS NOTES 6. If cost is the important consideration in providing this facility. What does a type ‘A’ record indicate in resource records? Write short notes on ‘MX’ type records of resource records. on-line access for remote users does not necessarily require a user to invoke a special client program as a database system does. 14.

DIT 116 NETWORK PROTOCOLS The major advantage of transparent access is that remote file access occurs with no visible changes to application programs. Hence to meet the requirements of these two different types of application. In some applications the two computers involved may both be large servers each running different operating systems with a different file system and a different character set. therefore. one of the computers may be a server and the other an item of equipment such as a cable modem or a set top box which does not have a hard disk. The client contacts the server on the remote machine and requests a copy of the file. it differs from other applications in that it uses two connections 133 Anna University Chennai . Users can access both local and remote files. However. What are the challenges in sharing the files across systems and across networks? What are the two major types of shared file access? What are the limitations of on-line shared access of files? What are the advantages of file transfer method? NOTES 3. However. the file transfer protocol associated with the second type of application can be much simpler than the first. Have you understood? 1. 4. Accessing remote data with a transfer mechanism is a two step process: the user first obtains a local copy and then operates on the copy. FTP is also based on the client/server model like many other applications of TCP/IP. 2. TCP/IP protocol stack provides two different file transfer protocols namely FTP (File Transfer protocol) and TFTP (Trivial FTP). online shared access is difficult to implement in heterogeneous environments. Once the transfer is complete. transparent on-line access is file transfer. the user specifies a remote computer on which the desired file resides and possibly an authorization needed to obtain an access. A user must invoke a special purpose client program to transfer files. FTP is a standard application layer protocol provided by TCP/IP protocol stack for copying a file from one host to another host. However sharing by file transfer also has to face challenges in heterogeneous environments. 3. Give a sample application scenario where it may be necessary to share the files. allowing them to perform arbitrary computations on shared data.5 FILE TRANSFER PROTOCOL File transfer is among the most frequently used TCP/IP applications. In another application. The alternative to integrated. 5. When invoking the client. the user terminates the client and uses the application program on the local system to read or modify the local copy. Clearly. and it accounts for the major portion of the traffic in the Internet. Hence in this case all the data that is transferred must have been formatted specifically for running in the cable modem or set top box. Most transfer mechanisms operate outside the local file system.

FTP offers many facilities beyond the transfer function itself. The control connection carries commands that tell the server which file to transfer. but uses an additional process or processes to handle a separate data transfer connection. Interactive Access: Although FTP is designed to be used by programs. Format specification: FTP allows the client to specify the type and format of stored data. Two systems may use different naming conventions. the client usually response to the input “helps” by showing the user information about possible comments that can be invoked. In addition. FTP is a complex protocol due to many reasons. In this process model. 3. data connection.5. figure 3.5. Separation of control and data transfer makes FTP more efficient.6 illustrates the concept. For example. the user can specify whether a file contains text or binary integers and whether text files use the ASCII or EDBCDIC character sets. 3. Also. The data transfer connection. 1. FTP is discussed in terms of the process model. Two systems may have different ways to represent text and data. both the client and server create a separate process to handle the data transfer.DIT 116 NETWORK PROTOCOLS NOTES between the client and the server. Clients use TCP to connect to a server. For example. 2. most implementations provide an interactive interface that allows humans to easily interact with remote servers. Authentication control: FTP requires client to authorize themselves by sending a login name and password to the server before requesting file transfers. the slave accepts and handles control connection from the client. The server refuses access to clients that cannot supply a valid login and password. carries all data transfers. control connection and the communication between the client and server. a single master server process awaits connections and creates a slave process to handle each connection. most FTP server’s implementation allows concurrent access by multiple clients. 3. While the exact details of the process architecture depend on the operating system used. Anna University Chennai 134 .1 Features Although transferring files from one system to another in the presence of a TCP connection seems trivial. Usually. In turn. a user can ask for a listing of all files in a directory on a remote machine. Two systems may have different directory structures. One is used for data traffic and the other for the control traffic.2 Process Model Like other servers. which also uses TCP as the transport protocol.

as well as a new TCP connection. locally assigned.5. the protocol requires that such clients still use multiple TCP connections. the client uses a random. FTP establishes a new data transfer connection for each file transfer. A server that uses only one protocol port can accept connections 135 Anna University Chennai . protocol port number. Data transfer connection and the data transfer processes that use them can be created dynamically when needed. client implementations that execute on a computer without operating system support for multiple processes may have a less complex structure. while the associated data transfer process use their own TCP connections. However. In general. In fact.DIT 116 NETWORK PROTOCOLS NOTES Client system Server System Data Transfer Control process Control Process Data Transfer Operating System Operating System TCP/IP INTERNET Fig 3. the client control process connects to the server control process using one TCP connection. many implementations create a new pair of data transfer processes. However. one for control and the other(s) for data transfer. Once the control connection disappears the session is terminated and the software at both ends terminates all data transfer processes. the control process and the control connection remain alive as long as the user keeps the FTP session active.3 Control Connection and Data Connection When a client forms an initial connection to a server. but the control connection persists throughout a session. Such implementations of a sacrifice generality by using a single application program to perform both the data transfer and control function.6. FTP Client/Server Interaction As the figure shows. Of course. 3. but contacts the server at well-known port (port number 21). whenever the server needs to send information to the client.

Instead. Despite its limitations. which may or may not be followed by an argument. FTP does not allow option negotiation. which will be used for a TCP connection with the data transfer process on the server’s machine. The data transfer process on the server machine uses the well-known port reserved for FTP data transfer (port number 20). the commands are sent from the client to the server and the responses are sent from the server to the client. Hence it is necessary for FTP to make this heterogeneity compatible.4 Communication between Client and server The FTP client and the FTP server are running on different computers in the Internet. the client obtains an unused port on its machine. different file structures and different file formats. Obviously. which are sent from the FTP client control process.5. when it issues the TCP active open request. data formatting Anna University Chennai 136 .4. Unlike the full TELNET protocol. 3. management of an FTP control connection is much simpler than management of a standard TELNET connection. Instead.5.1 Communication over Control connection FTP uses the control connection between the client control process and the server control process. These two computers may use different operating systems. FTP has to achieve this in both control connection and data connection. a server specifies the port that will be used on the client machine as well as the local port. and then waits for the server to establish a TCP connection to the port. Thus. creates a transfer process on the client machine to listen at the port. the server side must not accept connections from an arbitrary process. it uses only the basic Network Virtual Terminal (NVT) definition. communicates the port number to the server over the control connection. We can see why the protocol uses two connections – the client control process obtains a local port to be used in ht file transfer. In addition to passing user command to the server. However. To ensure that a data transfer process on the server connects to the correct data transfer process on the client machine. 3. they cannot use the same pair of port numbers used in the control connection.DIT 116 NETWORK PROTOCOLS NOTES from many clients because TCP uses both endpoints to identify a connection. are in the form of ASCII uppercase. Commands. file management commands. The control commands are divided into six groups namely access commands. different character sets. FTP uses the control connection to allow client and server control process to coordinate their use of dynamically assigned TCP protocol ports and the creation of data transfer processes that use those ports. The designers of FTP allow FTP to use the TELNET network virtual terminal protocol. the issue arises when the control processes create a new TCP connection for a given data transfer. using the TELNET definition instead of investing a new one helps simplify FTP considerably. During this communication.

This can be done in two ways. FTP can transfer a file across the data connection using one of the three transmission modes. file type and transmission mode. create new directories. Image file is sent as continuous streams of bits without any interpretation or encoding. Page structure is used to divide the file into pages.5. FTP can transfer one of the following file types across the data connection. This is required to resolve the heterogeneity problem that may exist between the client and the server.DIT 116 NETWORK PROTOCOLS commands. with each page having a page number and a page header. and the transmission mode. account information etc. File transfer commands are used to actually transfer the files. Access commands are used to access the remote system. Port defining commands define the port number for the data connection on the client side. the data can be compressed. They allow the user to navigate through the directory structure. allocate storage space for the files at the server. The pages can be stored and accessed randomly or sequentially. File structure is the default structure. ASCII file is the default format for transferring test files. File management commands are used to access the file system on the remote computer. position the file marker at a specified data point etc. password. FTP can transfer a file across the data connection using any one of the interpretations about the structure of the data. Miscellaneous command helps the client to know the various details of the server. file transferring commands. and miscellaneous commands. The client can choose an ephemeral port number and send it to the server or the client asks the server to first choose a port number. Image file is the default format for transferring binary files.4. The 137 NOTES Anna University Chennai . data can be delivered from FTP to TCP in blocks. If one or both ends of the connection use EBCDIC encoding. Access commands are used to provide the details like user information. This is mostly used to transfer binary files such as compiled programs. The data formatting commands allow the user to define the data structure. store files. Stream mode is the default mode and in this mode data are delivered from FTP to TCP as a continuous stream of bytes. if the file is big. We want to transfer files through the data connection. port defining commands. and delete files and so on. In this file has no structure and considered as a continuous stream of bytes.2 Communication over Data Connection The purpose and implementation of the data connection are different from that of the control connection. In record structure. the structure of the data. In block mode. In compressed mode. The client must define the type of file to be transferred. TCP is responsible for chopping data into segments of appropriate size. These commands are used to retrieve files. the file is divided into records. the file can be transferred using EBCDIC encoding. 3.

5. 3. parse the line to extract a command and its arguments. Anna University Chennai 138 . ftp> help Commands may be abbreviated. and executed the command with the specified arguments. the user can issue commands like help. Following the prompt. to initiate the version of FTP available under UNIX. the client performs the following operations repeatedly: read a line of input. the user types the command name: ftp> bell Bell mode on. For example. Commands are: ! cr macdef proxy $ delete mdelete sendport account debug mdir put append dir mget pwd ascii disconnect mkkir quit bell form mls quote binary get mode recv bye glob mput remotehelp case hash nmap rename cd help ntrans reset cdup lcd open rm close ls prompt runique send status struct snique tenex trace type user verbose ? dir To obtain more information about a given command the user types help command as in the following example (output is shown in the format ftp produces): ftp> help is ls ftp> help cdup cdup ftp> help glob glob ftp> help bell bell list contents of remote directory change remote working directory to parent directory toggle metacharacter expansion of local file names beep when command completed To execute a command. the user invokes the ftp command: The local FTP client program begins and issues a prompt to the user.5 The User’s View of FTP Users view FTP as an interactive system. Once invoked.DIT 116 NETWORK PROTOCOLS NOTES compression method normally used is run-length encoding.

cs.cs.edu. To access information from this type of server. 226 Transfer Complete.purdue. a client is authenticated by the server before permitting the client user to transfer a file from the server. when prompted for a user name he or she enters anonymous and. 150 Opening ASCII mode data connection for tcpbook. before granting the user access. the user invokes anonymous FTP by specifying user name as anonymous and NOTES 139 Anna University Chennai .cs.cs. Although the IP address of the client host has not been formally sent at this point – this does not occur until the PORT command is sent – it is present in the (IP) source address field of each of the IP datagrams that have been used to set up the (TCP) control connection and to send the username and password. Hence before granting access.purdue. for the password. 9895469 bytes received in 22.edu:usera): anonymous 331 Guest login ok.edu as an argument to the FTP command and opens a TCP connection with the server. 220 lucan.purdue. Once the TCP connection is complete.tar bookfile 200 PORT command okay. A sample interaction between the client and the server in anonymous FTP is described by comer as follows. his or her e-mail address. send e-mail address as password.edu FTP server (Version wu-2.purdue.5. In an FTP session.76 seconds (4. This is not always the case since FTP is also used to access information from a server that allows unknown users to log on to it. however. Name (ftp. In some instances.3e+02 Kbytes/s) ftp>close 221 Goodbye ftp>quit The user specifies machine ftp. Password: guest 230 Guest login ok. ftp>get pub/comer/tcpbook.tar (9895469 bytes).cs.4. access restrictions apply.purdue. the user must know the DNS name of the server but.2-VR16(1) ready.6 Anonymous FTP Normal assumption in FTP is the client can access a file from a remote server only if the client has the access right. the control part in the server uses its own resolver to check that the IP address of the host is in the DNS database. % ftp ftp.DIT 116 NETWORK PROTOCOLS 3.edu Connected to lucan. the server carries out a rudimentary check that the client host has a valid domain name.

Along with the commands. Once the transfer completes. What are the issues involved in the data representation of FTP? What are the responsibilities of the FTP server? Under what conditions an FTP server closes the connection? What is meant by anonymous FTP? 3. Foe example. the user requests a copy of a file using the get command. The client sends the port information to the server over the control connection. and types quit to leave the client. The statistics that report the number of bytes received and the rate of transfer come from the client. If reliability is not the major issue or if the underlying network itself is reliable. data transfer processes at both ends use the new port number when forming a connection. the message that begins 220 comes from the server and contains the domain name of the machine on which the server executes. As a result. 2. 7. 5. The remote file name is pub/comer/tcpbook. 10. 4. unsoAnna University Chennai 140 .tar and the local copy will be placed in bookfile. 8. FTP becomes a heavyweight protocol. a sophisticated file transfer protocol like FTP may not be required. Most come from the server. The client PORT command reports that a new TCP port number has been obtained for use as a data connection. the interaction involves a lot of informational messages also. Hence the TCP/IP suite provides a second file transfer protocol that provides inexpensive. After the transfer completes. 9. In the example. the data transfer processes at each end close the connection. 6. to achieve the reliability FTP has to perform many additional functions apart from the core file transfer function. After typing a login and password. 3.6 TRIVIAL FILE TRANSFER PROTOCOL FTP is the most general file transfer protocol and it provides a reliable service to the users. Have you understood? 1. other output comes from the local client. What is the transport layer used by FTP? Apart from file transfer. what are the other functions provided by FTP? Why FTP is called an out of band protocol? How many processes should be active in an FTP client on the assumption that it interacts with only one FTP server? How many processes are active in an FTP server? Mention the usage of port numbers 20 and 21 in FTP. the get command is followed by two arguments that specify the remote file name and a name for the local copy. FTP messages always begin with a 3-digit number followed by text.DIT 116 NETWORK PROTOCOLS NOTES password as guest. However. the user types close to break the connection with the server. Another important point to be noted from the above session is FTP is an out of band protocol.

file not found. using timeout and retransmission to ensure that data arrives.. Thus.DIT 116 NETWORK PROTOCOLS phisticated service.1 Protocol Overview NOTES Any transfer begins with a request to read or write a file. The advantage of using TFTP is that it allows bootstrapping code to use the same underlying TCP/IP protocols that the operating system uses once it begins execution. Errors are caused by three types of events: not being able to satisfy the request (e.g. Unlike FTP. This packet is not acknowledged. thus causing the sender of the lost packet to retransmit that lost packet. Small size is important in many applications. Therefore timeouts are used to detect such a termination when the error packet has been lost. and not retransmitted (i. Each data packet contains one block of data. Most errors cause termination of the connection. and must be acknowledged by an acknowledgment packet before the next packet can be sent. TFTP does not need a reliable stream transport service.. 141 Anna University Chennai . the connection is opened and the file is sent in fixed length blocks of 512 bytes. which also serves to request a connection. You please notice that both machines involved in a transfer are considered senders and receivers. access violation. TFTP restricts operations to simple file transfers and do not provide authentications.. The program in ROM is called the system bootstrap.e. Because it is more restrictive. manufacturers of diskless services can import TFTP in read only memory (ROM) and used it to obtain an initial memory image when the machine is powered on. One sends data and receives acknowledgments. so the other end of the connection may not get it. It runs on top of UDP or any other unreliable packet delivery system.g. 3. The sender has to keep just one packet on hand for retransmission. If a packet gets lost in the network. or no such user). receiving a packet which cannot be explained by a delay or duplication in the network (e. the other sends acknowledgments and receives data. since the lock step acknowledgment guarantees that all older packets have been received.g. the intended recipient will timeout and may retransmit his last packet (which may be data or an acknowledgment). If the server grants the request.. Know as the Trivial File Transfer Protocol. disk full or access denied during a transfer). An error is signaled by sending an error packet. For example. and losing access to a necessary resource (e. A data packet of less than 512 bytes signals termination of a transfer. TFTP software is much smaller that FTP.6. connection protocol and transfer protocol. a TFTP server or user may terminate after sending an error message). it is intended for applications that do not need complex interactions between the client and server. or (TFTP). it is possible for a computer to bootstrap from a server on another physical network. We discuss TFTP in terms of overview. an incorrectly formed packet).

2. In the next step.) If the reply is an error packet. The TID’s chosen for a connection should be randomly chosen. Every packet has associated with it the two TID’s of the ends of the connection.DIT 116 NETWORK PROTOCOLS NOTES TFTP recognizes only one error condition that does not cause termination. Host A sends a “WRQ” to host B with source= A’s TID.6. Each data packet has associated with it a block number. an acknowledgment packet for write (ACK). the following shows the steps used to establish a connection to write a file. the source port of a received packet being incorrect. The two chosen TID’s are then used for the remainder of the transfer. At this point the connection has been established and the first data packet can be sent by Host A with a sequence number of 1. These TID’s are handed to the supporting UDP (or other datagram protocol) as the source and estination ports.2 Initial Connection Protocol A transfer is established by sending a write request (WRQ) to write onto a foreign file system or a read request (RRQ) to read from it. then the request has been denied. The response to the request. destination= 69. the source TID and the destination TID. block numbers are consecutive and begin with one. destination= A’s TID. 1. 3. and the lock step acknowledgement provides flow control and eliminates the need to reorder incoming data packets. the fixed length blocks make allocation straight forward. This protocol is very restrictive. an error packet is sent to the originating host. In general an acknowledgment packet will contain the block number of the data packet being acknowledged. each end of the connection chooses a terminal identifier (TID) for itself. ACK. Host B sends a “ACK” (with block number= 0) to host A with source= B’s TID. to be used for the duration of that connection. in this special case the block number will be zero. In order to create a connection. and data types of packets respectively. and DATA are the names of the write request. For example. Note that WRQ. the acknowledgment packet will contain the block number of the data packet being acknowledged. In this case. since an acknowledgment packet is acknowledging a data packet. A requesting host chooses its source TID as described above. As an example. or the first data packet (DATA) for read. and sends its initial request to the known TID 69 decimal (105 octal) on the serving host. (Normally. in order to simplify implementation. and in all succeeding Anna University Chennai 142 . uses a TID chosen by the server as its source TID and the TID chosen for the previous message by the requestor as its destination TID. under normal operation. so that the probability that the same number is chosen twice in immediate succession is very low. Since the positive response to a write request is an acknowledgment packet. acknowledgment.

the packet should be discarded as erroneously sent from somewhere else. The rules for TFTP are simple. The receiver acknowledges each block upon receipts. but there is no reason to terminate the first connection. NOTES 143 Anna University Chennai . A block of 512 bytes signals the end of file. Therefore. If a source TID does not match. if different TID’s are chosen for the two connections on host B and host A checks the source TID’s of the messages it receives. and as a result two acknowledgments are returned to host A. This can be done only if the TFTP in fact receives a packet with an incorrect TID. Each data packet contains a header that specifies the number of block it carries. Blocks of the file are numbered consecutively starting at 1. Host A sends a request to host B. this particular error condition will not arise. the hosts should make sure that the source TID matches the value that was agreed on in steps 1 and 2. the request packet is duplicated. Somewhere in the network. 3. The following example demonstrates a correct operation of the protocol in which the above situation can occur. If the supporting protocols do not allow it. An error packet should be sent to the source of the incorrect packet.3 Transfer Protocol The sending side transmits a file in fixed size (512 byte) blocks and awaits an acknowledgment for each block before sending the next.6. the first connection can be maintained while the second is rejected by returning an error packet. host A continues the connection. The first packet sent requests a file transfer and establishes the interaction between client and server – the packet specifies a file name and whether the file will be read (transferred to the client) or written (transferred to the server).DIT 116 NETWORK PROTOCOLS steps. while not disturbing the transfer. and each acknowledgement contains the number of the block being acknowledged. It is possible to send an error message either in the place of data or an acknowledgement: error terminates the transfer. with different TID’s chosen on host B in response to the two requests. When the second response to the request arrives. it should be rejected. When the first response arrives.

7 The five message types Once a read or write request has been made. Having both sides participate in retransmit ion helps ensure that transfer will not fail after a single packet loss. The receiver will acknowledge both copies of data packet k+1. neither data messages(the message that carry blocks from the file) nor ack messages (the messages that acknowledges data blocks) need to specify the file name. Both acknowledgments eventually arrive. and each triggers a transmission of data packet k+1. The problem.7 is used to report errors. The final message type illustrated in figure 3. While symmetric transmission guarantees robustness. but most other errors simply cause termination of the interaction. TFTP retransmission is unusual because it is symmetric. known as the Soccer’s Apprentice bug. (2) n octets FILENAME 1-octet 0 n octets MODE 1-octet 0 2-octet opcode DATA(3) 2-octets BLOCK # up to 512 octet DATA OCTETS… 2-octet opcode ACK(4) 2-octets BLOCK # 2-octet opcode ERROR(5) 2-octets ERROR CODE n octets ERROR MESSAGE 1-octet 0 Figure 3. it retransmits the last data block. If the side responsible for acknowledgement times out. Last messages can be retransmitted after a timeout. it retransmits the last acknowledgement. (1) n octets FILENAME 1-octet 0 n octets MODE 1-octet 0 2-octet opcode READ REQ. arises when an acknowledgement for data packet k is delayed.DIT 116 NETWORK PROTOCOLS NOTES 2-octet opcode READ REQ. Does. and the two acknowledgements will each cause Anna University Chennai 144 . Each side implements a timeout and retransmission. The sender retransmits the data packet which the receiver acknowledges. it can lead to excessive retransmissions. but not lost. If the side sending data times out. the server uses the IP address and UDP protocol port number of the client to identify subsequent operations.

7 NETWORK FILE SYSTEM Initially developed by Sun Microsystems Incorporated. The Sorcerer’s Apprentice Bug can also start if the underlying internet duplicates packets. NOTES 145 Anna University Chennai .1 RPC The remote procedure call model is similar to the local procedure call model. it does support multiple file types. 5. 3. for example. network architectures. TFTP plays a major role in configuring routers. It then transfers control to the procedure. 4. This portability is achieved through the use of Remote Procedure Call (RPC) primitives built on top of an eXternal Data Representation (XDR). From the user’s perspective. Although TFTP contains little expect the minimum needed for transfer. 3. the Network File System (NFS) provides on-line shared file access that is transparent and integrated. and eventually gains back control. Once started. many TCP/IP sites use NFS to interconnect their computer’s file systems. What is the transport layer used by TFTP? 2. and the caller continues execution. the results of the procedure are extracted from the well-specified location. from personal computers to supercomputers. It performs the operating system-specific functions that allow. NFS is almost invisible. What are the steps involved in the transfer of file in TFTP? 3. the cycle continues indefinitely with each data packet being transmitted exactly twice. Justify this statement. At that point. The NFS protocol is designed to be portable across different machines. and transport protocols. the caller places arguments to a procedure in some well-specified location (such as a result register).DIT 116 NETWORK PROTOCOLS the sender to transmit data packet k+2. Mention the steps involved in establishing a TFTP session. operating systems. The file names themselves do not show whether the files are local or remote. Implementations already exist for a variety of machines. One interesting aspect of TFTP allows it to be integrated with electronic mail. attaching remote directory trees to some local file system. Have you understood? 1.7. In the local case. A user can execute an arbitrary application program and use arbitrary files for input or output. Mention the circumstances in which TFTP is preferred over FTP. The supporting mount protocol allows the server to hand out remote access privileges to a restricted set of clients. A client can specify to the server that it will send a file that should be treated as mail with the FILENAME field taken to be the name of the mailbox to which the server should deliver the message.

The call message contains the procedure’s parameters. the only thing it can infer if it receives no reply is that the procedure was executed zero or more times. On the other hand. the results of the procedure are extracted. and caller’s execution is resumed.DIT 116 NETWORK PROTOCOLS NOTES The remote procedure call is similar. The reply message contains the procedure’s results. then most of the work is already done for it.7. the caller process sends a call message to the server process and waits (blocks) for a reply message. the server process extracts the procedure’s parameters. If an application retransmits RPC messages after short time-outs. It is important to point out that RPC does not try to implement any kind of reliability and that the application must be aware of the type of transport protocol underneath RPC. so that the server can be free to receive other requests. if it is running on top of an unreliable transport such as UDP. RPC does not care how a message is passed from one process to another.1. and then awaits the next call message. and others are possible. If it knows it is running on top of a reliable transport such as TCP. a process is dormant awaiting the arrival of a call message. only one of the two processes is active at any given time. then it can infer that the procedure was executed at least once. On the server side. among other things. Note that in this model. A server may wish to remember previously granted requests from a client and not regrant them in order to insure some degree of execute-at-most-once semantics. consider RPC running on top of an unreliable transport such as UDP. The main use of this transaction is by the client RPC layer in matching replies to Anna University Chennai 146 . That is. an implementation may choose to have RPC calls be asynchronous. this model is only given as an example. it must implement its own retransmission and time-out policy as the RPC layer does not provide this service. When one arrives. For example. If it does receive a reply. the RPC protocol does not attach specific semantics to the remote procedures or their execution. Because of transport independence. ends a reply message. The RPC protocol makes no restrictions on the concurrency model implemented. A server can do this by taking advantage of the transaction ID that is packaged with every RPC request.1 Transports and Semantics The RPC protocol is independent of transport protocols. However. in that one thread of control logically winds through two processes — one is the caller’s process. so that the client may do useful work while waiting for the reply from the server. For example. That is. 3. Another possibility is to have the server create a task to process an incoming request. the other is a server’s process. computes the results. Semantics can be inferred from (but should be explicitly specified by) the underlying transport protocol. among other things. The protocol deals only with specification and interpretation of messages. Once the reply message is received.

On the other hand. an application still needs time-outs and reconnection to handle server crashes.2 Protocol Requirements The RPC protocol must provide for the following: (1) (2) (3) Unique specification of a procedure to be called. Version numbers make speaking old and new protocols through the same server process possible. Remote program protocol version mismatches. and network administration: (1) (2) (3) (4) (5) RPC protocol mismatches. stable. NOTES Besides these requirements. For ex147 Anna University Chennai . and mature protocols. Provisions for matching response messages to request messages. it cannot assume the remote procedure was not executed. remote program version number. There are other possibilities for transports besides datagram. Protocol errors (such as misspecification of a procedure’s parameters).1. features that detect the following are worth supporting because of protocol roll-over errors. if using a reliable transport such as TCP. Any other reasons why the desired procedure was not called. user error.or connection-oriented protocols. the first implementation would most likely have the version number of 1.DIT 116 NETWORK PROTOCOLS requests.once semantics.1. but if it receives no reply message. he can implement his remote program. the application can infer from a reply message that the procedure was executed exactly once. Program numbers are administered by some central authority (like Sun). Provisions for authenticating the caller to service and vice-versa. 3. 3. Note that even if a connection-oriented protocol like TCP is used. a version field of the call message identifies which version of the protocol the caller is using.7.Because most new protocols evolve into better. may choose to remember this ID after granting a request and not regrant requests with the same ID in order to achieve some degree of execute-at-most. and remote procedure number. These numbers are documented in the specific program’s protocol specification. knowing this fact. a client application may choose to reuse its previous transaction ID when retransmitting a request. Once an implementor has a program number. The three fields uniquely identify the procedure to be called. The server is not allowed to examine this ID in any other way except as a test for equality. implementation bugs.3 RPC Programs and Procedures The RPC call message has three unsigned fields: remote program number. The procedure number identifies the procedure to be called. The server application. Reasons why remote authentication failed. However.7.

the call message also has in it the RPC version number. VAX. Protocols such as ONC RPC (Remote Procedure Call) and the NFS (Network File System) use XDR to describe the format of their data. The remote program is not available on the remote system. the Ethernet standard suggests that bytes be encoded in “little-endian” style.) XDR 3. which is always equal to two for the version of RPC described here. This language allows one to describe intricate data formats in a concise manner.) The parameters to the remote procedure appear to be garbage from the server’s point of view.409. a file service’s protocol specification may state that its procedure number 5 is “read” and procedure number 12 is “write”. this is usually caused by a disagreement about the protocol between client and service. The XDR language itself is similar to the C language. The remote program does not support the requested version number. or least significant bit first. The lowest and highest supported RPC version numbers are returned.409 uses explicit typing. The requested procedure number does not exist. The lowest and highest supported remote program version numbers are returned. It is useful for transferring data between different computer architectures. The language can only be used only to describe data. it is not a programming language. Anna University Chennai 148 .2 XDR is a standard for the description and encoding of data. Just as remote program protocols may change over several versions.DIT 116 NETWORK PROTOCOLS NOTES ample. XDR uses a language to describe data formats. the actual RPC message protocol could also change. ISO Abstract Syntax Notation.7. The XDR standard makes the following assumption: that bytes (or octets) are portable. The major difference between these two is that XDR uses implicit typing. IBMPC. and has been used to communicate data between such diverse machines as the SUN WORKSTATION. just as Courier is similar to Mesa. (Again. A given hardware device should encode the bytes onto the various media in such a way that other hardware devices may decode the bytes without loss of meaning. while X. and is roughly analogous in purpose to X. For example. The reply message to a request message has enough information to distinguish the following error conditions: (1) (2) (3) (4) (5) The remote implementation of RPC does speak protocol version 2. Therefore. XDR fits into the ISO presentation layer. The alternative of using graphical representations (itself an informal language) quickly becomes incomprehensible when faced with complexity. and Cray. where a byte is defined to be 8 bits of data. (This is usually a caller side protocol or programming error.

device. Stateless servers have a distinct advantage over stateful servers in the event of a failure. needs to either detect a server failure and rebuild the server’s state when it comes back up. We feel that it may be worth a bit of extra complexity in the protocol to be able to write very simple servers that do not require fancy crash recovery. not between the receipt of an operation and the response. although actual server failures may be rare. With stateless servers.7.) has a string name. Also. The basic way to simplify recovery was to make operations as “idempotent” as possible (so that they can potentially be repeated). with directories as all but the bottom level of files. which is the concatenation of all the “components” (directory and file names) in the name. directory. a server should not need to maintain any protocol state information about any of its clients in order to function correctly. failures of any network. That is. The client of a stateful server. On the other hand. Some operations in this version of the protocol did not attain this goal. Files NOTES 149 Anna University Chennai .4 File System Model NFS assumes a file system that is hierarchical. a client need only retry a request until the server responds. and remote execution. it does not even need to know that the server has crashed. luckily most of the operations (such as Read and Write) are idempotent. A “file system” is a tree on a single server (usually a single disk or physical partition) with a specified “root”. 3. but it affects the protocol in some unexpected ways. Some operating systems provide a “mount” operation to make all file systems appear as a single tree. a stateless protocol may actually simplify the implementation. Inherently stateful operations such as file or record locking. router.7. or cause client operations to fail. are implemented as separate services. as well as using different syntax to represent the “pathname”. This may not sound like an important issue. Each entry in a directory (file. the client must still be able to handle interruptions of service by re-opening connections when they time out. on the other hand.DIT 116 NETWORK PROTOCOLS 3. while others maintain a “forest” of file systems. or bridge may be indistinguishable from a server failure. etc. Different operating systems may have restrictions on the depth of the tree or the names used. NFS deals with objects such as files and directories that inherently have state — what good would a file be if it did not keep its contents intact? The goal was to not introduce any extra state in the protocol itself. most server failures occur between operations. Note that even if a so-called “reliable” transport protocol such as TCP is used. or the network temporarily went down.3 Stateless Servers The NFS protocol was intended to be as stateless as possible. in complex networks. Finally. Thus.

and different operating systems use different separators. and return a file handle when it is done. This provides a network standard format for representing directories. or to store and retrieve data in files. First.8 NFS Code in an OS Anna University Chennai 150 . We could define a Network Standard Pathname Representation. and a remote call to return each would be just too slow. different procedures are used to read directories and files. The same argument as above could have been used to justify a procedure that returns only one directory entry per call. It may not be obvious why it does not just take the whole pathname. Version 3 of NFS uses slightly more general file system model. The file access mechanism accepts the request and automatically passes it to either the local file system software or to the NFS client. When it receives a request. When an application program executes.7. pathnames need separators between the directory components. 3. traipse down the directories. but then every pathname would have to be parsed and converted at each end.DIT 116 NETWORK PROTOCOLS NOTES are unstructured streams of uninterrupted bytes. it calls the operating system to open a file. There are several good reasons not to do this. the client software returns the results to the application program. When the remote server replies. the client software uses the NFS protocol to contact the appropriate server on a remote machine and perform the requested operation.5 Implementation Figure 3. NFS looks up one component of a pathname at a time. The problem is efficiency. Although files and directories are similar objects in many ways. depending on whether the file is on the local disk or on a remote machine. application local file system NFS client local disk Internet connection to NFS server Figure 3.8 illustrates how NFS is embedded in an operating system. Directories can contain many entries.

they are built to use the standard interface. and then passes keystrokes from the user’s keyboard directly to the remote computer as if they had been typed on a keyboard attached to the remote machine.DIT 116 NETWORK PROTOCOLS Have you understood? 1. Instead of having a hard-wired terminal on each host. TELNET does not force client input to come 151 Anna University Chennai . Finally. Client programs do not have to understand the details of all possible remote systems. TELNET client software allows the user to specify a remote machine either by giving its domain name or IP address. TELNET includes a mechanism that allow the client and the server to negotiate options.8. 10.8 What is meant by transparent file access? What are the building blocks of NFS? What are the actual steps that take place in RPC while a client calls the functions of a remote server? What are the advantages provided by RPC? What is the standard used to encode the values in the RPC call and reply messages? In which layer of ISO/OSI reference model XDR fits in? What is the advantage of stateless servers? What is the file system model followed in NFS? What is the relationship between NFS and the operating system? How is mount protocol related to NFS? TELNET PROTOCOL NOTES Remote login is one of the most popular Internet applications. TELNET also carries output from the remote machine back to the user’s screen. Because it accepts IP addresses. The service is called transparent because it gives the appearance that the user’s keyboard and display attach directly to the remote machine. 6. and it provides a set of standard options (e. 3. TELNET establishes a TCP connection. Usually. 3.g. 5. 2. one of the options controls whether data passed across the connection uses the standard 7-bit ASCII character set or an 8-bit character set).g. 4. First. it is widely available.1 Protocol Overview TELNET offers three basic services. 3. Second. TELNET can be used with hosts even if a name-to-address binding cannot be established (e. 9. it defines a network virtual terminal that provides a standard interface to remote systems. when domain naming software is being debugged). 8. In particular. 7. The TCP/IP suite includes a simple remote terminal protocol called TELNET that allows a user to log into a computer across an internet. TELNET treats both ends of the connection symmetrically. Although TELNET is not as sophisticated as some remote terminal protocols. we can login to one host and then remote login across the network to any other host.

Thus. Figure 3. Thus. an application program on the user’s machine becomes the client. the ‘TELNET server’ shown in figure 1. either end can negotiate options. concurrent connections. nor does it show the slaves handling other connections. In practice. Furthermore.9 illustrates how application programs implement a TELNET client and server. TELNET allows an arbitrary program to become a client. the TELNET server can be implemented with application proAnna University Chennai 152 . If the system supports a pseudo terminal abstraction. represents the slave that handles one particular connection. The server must accept a TCP connection from the client.9 Path of data in a TELNET session As the figure shows. the server is more complex than the figure shows because it must handle multiple. when a user invokes TELNET. a master server process waits for new connections and creates a new slave to handle each connection. Figure 3. It is impossible to build a TELNET server unless the operating system supplies such a facility. We use the term pseudo terminal to describe the operating system entry point that allows a running program like the TELNET server to transfer characters to the operating system as if they came from a keyboard.DIT 116 NETWORK PROTOCOLS NOTES from a keyboard. Once the connection has been established. The figure does not show the master server that listens for new request. the client accepts keystrokes from the user’s keyboard and sends them to the server. while it concurrently accepts character that the server sends back and display them on the user’s screen. and then relay data between the TCP connection and the local operating system. Usually. nor does it force the client to display output on a screen. The client establishes a TCP connection on the server over which they will communicate.

A specific example is. most interactive systems provide a way for a user to enter a key that interrupts a running program. the scheme is practical because user do not type at high speed. The most obvious advantage is that it makes modification and control of the server easier than if the code were embedded in the operating system. the data must travel up through the server’s operating system to the server application program. 3. Finally. the client TELNET translates characters (data or commands) that come from the local terminal into NVT form and delivers them to the network. it must accommodate the details of heterogeneous computer and operating systems.8.g. the end-of-file token in disk operating system (DOS) is Ctrl+z. The obvious disadvantage is inefficiency.2 Network Virtual Terminal To make TELNET interoperate between as many systems as possible. Via this interface.10. every keystroke requires computers to switch process context several times. Each slave server connects a TCP stream from one client to a particular pseudo terminal. Others require the ASCII linefeed (LF) character. the remote operating system delivers the character to the application program the user is running. In most systems. To accommodate heterogeneity. Arranging for the TELNET server to be an application level program has advantages and disadvantages. Meanwhile. on the other hand. The definition is known as the network virtual terminal (NVT). These are illustrated in figure 3. The server TELNET.DIT 116 NETWORK PROTOCOLS grams. However. while others use ESCAPE). a command interpreter). output (including remote character echo if that option has been selected) travels back from the server to the client over the same path. Readers who understand operating systems will appreciate that for the implementation shown in figure 1. In addition. the specific keystroke used to interrupt a program varies from system to system (e. 153 NOTES Anna University Chennai . translates data and commands from NVT form into the form acceptable by the remote computer. NVT is an universal interface. some systems use Control-C. and from the server application program back into the server’s operating system at a pseudo terminal entry point.g. Although context switching is expensive. TELNET defines how data sequences are sent across the Internet. After reaching the destination machine. an additional context switch is required because the operating system on the server’s machine must pas characters from the pseudo terminal back to another application program (e. Still other requires the two-character sequence of CR-LF. Each keystroke travels from the user’s keyboard through the operating system and across the internet to the server machine. For example. some system requires lines of text to be terminated by the ASCII carriage control character (CR). where as in UNIX it is Ctrl+d.

digits. NVT uses the standard 7-bit USASCII representation for data and reserves bytes with the high order bit set for command sequences. All communication involves 8-bit bytes. ASCII Control Code NUL BEL BS HT LF VT FF CR Other Control Decimal Value 0 7 8 9 10 11 12 13 - Assigned Meaning No operation (has no effect on output) Sound audiable/visible signal (no motion) Move left one character position Move right to the next horizontal tab stop Move down (vertically) to the next line Move down to the next vertical tab stop Move down to the top of the next page Move to the left margin on the current line No operation (has no effect on output) Figure 3. The NVT standard defines interpretations for control characters as shown in figure 3. When a user presses the key that corresponds to end-of-line on the local terminal (e. The TELNET server translates CR-LF into the appropriate end-of-line character sequence for the remote machine. and punctuation marks) as well as 33 “control” codes. NVT defines the standard line transmission to be a two-character sequence CR-LF. letters. the local operating system binds such mechanisms to a parAnna University Chennai 154 .g. the TELNET client must map it into CR-LF for transmission. Usually. 3.g. At startup. The USASCII character set includes 95 characters that have “printable” graphics (e.3 Controlling the Server We said that most systems provide a mechanism that allows users to terminate a running program.8.11. All printable characters are assigned the same meaning as in the standard USASCII character set. ENTER or RETURN).DIT 116 NETWORK PROTOCOLS NOTES Client System format used NVT format used Server Systems format used Figure 3.10 NVT format in TELNET The definition of NVT format is fairly straightforward.11 TELNET NVT interpretations of ASCII Control Characters In addition to the control character interpretations in Figure 3.

We assume input from a keyboard has virtual (imaginary) keys that correspond to the functions typically used to control processing. by separating signals from normal data. For example. Conceptually. The system may reserve other character or character sequences for other control functions. Instead. the operating system takes the appropriate action instead of accepting the character as input. individual operating systems or command interpreters have a variety of ways to generate them.12 Control Functions of TELNET NVT In practice. We already mentioned the most common technique: binding an individual ASCII character to a control functions so when the user passes the key. TELNET NVT accommodates control functions by defining how they are passed from the client to the server. but no interpret commands) Break (break key or attention signal) NOTES Figure 3. TELNET encodes them using an escape sequence. most keyboards do not provide extra keys for commands. Depressing CONTROL-C causes UNIX to terminate the executing program. the program does not receive CONTOL-C as input. It can transfer all possible ASCII character sequences between client and server as well as all possible control functions.DIT 116 NETWORK PROTOCOLS ticular key or keystroke sequence. Second. An escape sequence uses a reserved octet to indicate that a control code octet follows. Signal IP AO AYT EC EL SYNCH BRK Meaning Interrupt Process (terminate running program) Abort Output (discard any buffered output) Are You There (test if server is responding) Erase Character (delete the previous character) Erase Line (delete the entire current line) Synchronize (cleat data path until TCP urgent data point. we think of NVT as accepting input from a keyboard that can generate more than 128 possible characters.12 lists the control functions that NVT allows. unless the user specifies otherwise. NVT allows the client to specify signals unambiguously – there is never confusion about whether an input character should be treated as data or as a control function. In TELNET. To pass control functions across the TCP connection. the reserved octet that starts an escape 155 Anna University Chennai . Figure 3. many UNIX systems reserve the character generated by CONTROL-C as the interrupt key. For example. First. defining the control functions separately means TELNET has greater flexibility. The NVT designers chose to keep commands separate from the normal ASCII character set for two reasons. NVT defines a conceptual “interrupt” key that requests program termination.

Usually. TCP on the server machine will begin advertising a zero window size. Figure 3. Additional commands allow the client and server to negotiate which options they will use and to synchronize communication.4 Out-of-band Signaling Sending control functions along with normal data is not always sufficient to guarantee the desired results. preventing data from flowing across the connection. consider the situation under which a user might send the interrupt process control function to the server. to request that the server interrupt the executing program. For example. the sender doubles it and sends the 2-octet sequence IAC-IAC) 254 Denial of request to perform specified option 253 Approval to allow specified option 252 Refusal to perform specified option 251 Agreement to perform specified option 250 Start of option sub-negotiation 249 The “go ahead” signal 248 The “erase line” signal 247 The “erase character” signal 246 The “are you there” signal 245 The “abort output” signal 244 The “interrupt process” signal 243 The “break” signal 242 The data stream portion of a SYNCH (always accompanied by TCP Urgent notification) 241 No operation 240 End of option sub-negotiation 239 End of record Figure 3. Eventually. causing its buffers to fill. the program might be executing an endless loop without reading input or generating output. To see why. For example. Command IAC DON’T DO WON’T WILL SB GA EL EC AYT AO IP BRK DMARK NOP SE EOR Decimal Meaning Encoding 255 Interpret next octet as command (when the IAC octet appears as data. if the application at the server’s site stop reading input.13 TELNET Commands and encoding for each As the figure shows. such control is only needed when the program executing on the remote machine is misbehaving and the user wants the server to terminate the program.13 lists the possible commands and the decimal coding used for each. 3.DIT 116 NETWORK PROTOCOLS NOTES sequence is known as the interpreter as command (IAC) octet. the client must send the 2-octet sequence IAC IP (255 followed by 244). Unfortunately.8. operating system buffers will eventually fill and the server will and the server will be unable to write more data from the TCP connection. the signal generated by conceptual keys on an NVT keyboard each have a corresponding command. Anna University Chennai 156 .

Segments carrying urgent data bypass flow control and reach the server immediately. 3. the protocol is designed to allow either end to make a request. the original protocol was designed for a half-duplex environment where it was necessary to tell the other end to “go ahead” before it would send more data. However. The server returns to normal processing when it encounters the data mark. That is. The client and server must negotiate. making it possible for the client and the server to reconfigure their connection. Whenever it places a control function in the data stream. the protocol is said to be symmetric with respect 157 NOTES Anna University Chennai . In response to an urgent signal. a full screen editor executing on a remote machine). the client can form the command sequence IAC IP and write it to the TCP connection. the reserved octet IAC must still be doubled if it appears in the data). and both must agree to pass 8-bit data before such transfers are possible. Because it sometimes makes sense for the server to initiate a particular option. TELNET also provides an option that allows the client and server to pass 8-bit data (when passing 8-bit data. To solve the problem.DIT 116 NETWORK PROTOCOLS If the user generates as interrupt control function when buffers are filled.8. TELNET then appends a reserved octet called the data mark. but because TCP has stopped sending to the server’s machine. Thus. the server reads and discards all data until it finds the data mark.5 TELNET Options and Negotiation Our simple description of TELNET omits one of the most complex aspects: options. In TELNET. the server will not read the control sequence. Figure 3. and causes TCP to signal the server by sending a segment with the URGENT DATA bit set. For example. TELNET uses an out of band signal.g. options are negotiable. TCP implements out of band signaling with the urgent data mechanism. TELNET cannot rely on the conventional data stream alone to carry control sequence between client and server. because a misbehaving application that needs to be controlled might inadvertently block the data stream. we said that usually the data stream passes 7-bit data and uses octets with the eighth bit set to pass control information like the Interrupt Process Command. Another option allows the server on a remote machine to determine the user’s terminal type. The way TELNET negotiates options is interesting. TELNET also sends a SYNCH command. the control function will never reach the server. One of the options control whether TELNET operates in half-or full-duplex mode. The range of TELNET options is wide: some extended the capabilities in major ways while other deal with minor details.14 lists several of the most commonly implemented TELNET options. For example. The terminal type is important for software that generates cursor positioning sequences (e.

It allows system administration to choose a set of machines over which login names and file access protections are shared and to establish equivalences among user logins. it is possible to interoperate newer.9 RLOGIN (BSD UNIX) Operating Systems derived from BSD UNIX include a remote login service. If not. If both the client and the server understand the new options. less sophisticated versions. TELNET uses a symmetric option negotiation mechanism to allow clients and servers to reconfigure the parameters controlling their interactions. the request is WILL X. 3.14 Commonly used TELNET options Another interesting negotiation concept arises because both ends are required to run an unenhanced NVT implementation (i. they may be able to improve interaction. The receiving end either responds to a request with a positive acceptance or a rejection. rlogin that supports trusted hosts. Because all TELNET software understands a basic NVT protocol.DIT 116 NETWORK PROTOCOLS NOTES to option processing. Users can control access to their accounts by authorizing remote login based on remote host and remote user name. it is possible for a user to have login name X on one machine and Y on another. meaning I do agree to let you use option X or I don’t agree to let you use option X. Thus. In TELNET terminology. The symmetry arises because DO X requests that the receiving party begins using option X. If one side tries to negotiate an option that the other does not understand.e. more sophisticated versions of TELNET clients and servers (i. and still be able to remotely login from one of the machines to the other without typing a password each time. software that understands more options) with older. clients and servers can interoperate even if one understands options another does not. but workable style. and WILL X or WON’T X means I will start using option X or I won’t start using it. and the response is either DO X or DON’T X. Thus. Anna University Chennai 158 .e. Name Transmit Binary Echo Suppress-GA Status Timing-Mark Terminal-Type Code 0 1 3 5 6 24 RFC 856 857 858 859 860 884 Meaning Change transmission to 8-bit binary Allow one side to echo data it receives Suppress (no longer send) Go-ahead signal after data Request for status of a TELNET option from remote site Request timing mark be inserted in return stream to synchronize two ends of a connection Exchange information about the make and model of a terminal being used (allows programs to tailor output like cursor positioning sequences for the user’s terminal) Terminate data sent with EOR code Use local editing and send complete lines instead of individual characters End-of-Record Linemode 25 34 885 1116 Figure 3. they will revert to a less efficient. the side receiving the request can simply decline. one without any options turned on). meaning will you agree to let me use option X.

e. Rlogin also understands terminal control functions like flow control characters (typically Control-S and Control-Q). The first is an empty string (i. the server username. More explicitly: <null> client-user-name<null> server-user-name<null> terminal-type/speed<null> 159 NOTES Anna University Chennai . Thus.. with UNIX’s standard input and standard output connected across the network to the user’s keyboard and display. the client sends four null-terminated strings to the server.DIT 116 NETWORK PROTOCOLS Having automatic authorization makes remote login facilities useful for general purpose programs as well as human interaction. rlogin understands the UNIX notions of standard input. rsh. it is possible to type rsh merlin ps > filename and have output from the remote command redirected into file filename. As a result. typing rsh merlin ps on any of the machines in the Computer Science Department at Purdue university executes the ps command on machine merlin. they communicate better than general purpose remote login protocols like TELNET. For example. skipping the login step completely. it can be used in programs as well as from the keyboard. a remote login session appears to behave almost exactly like a local login session. the user sees the output as if he or she were logged into machine merlin. Because the user can arrange to have rsh invoke remote commands without prompting for a password.e. It arranges to stop output immediately without waiting for the delay required to send them across the network to the remote host. invokes a command interpreter on the remote UNIX machine and passes the command line arguments to the command interpreter.1 Connection Establishment Upon connection establishment. Finally rlogin exports part of the user’s environment to the remote machine. and uses TCP to connect them to the remote machine. it consists solely of a single zero byte). and the terminal type and speed. and standard error. Because protocols like rlogin understand both the local and remote computing environments. standard output. followed by three non-null strings: the client username.9. the TERM variable). One variant of the rlogin command. including information like the user’s terminal type (i. The format of a command invocation using rsh is: rsh machine command Thus. 3.

then 8 bytes containing the 16-bit values for the number of character rows. consisting of a magic cookie (two consecutive bytes of hex FF). the number of characters per row. followed by two bytes containing lowercase ASCII “s”. the START and STOP characters are not processed locally. If the remote server has indicated that it can accept client window size changes and the size of the client’s window or screen dimensions changes. The client should reply to this request with the current window size. they may be used for flow control or have quite different meanings independent of their ordinary usage on the client. Screen/Window Size The remote server indicates to the client that it can accept window size change information by requesting a window size message just after connection establishment and user identification exchange. DC3) characters are intercepted and interpreted by the client to start and stop output from the remote server to the local terminal. in network byte order. The window change control sequence is 12 bytes in length. Window size negotiation may follow this initial exchange From Client to Server (and Flow Control) Initially. Thus: FF FF s s rr cc xp yp Anna University Chennai 160 . the client begins operation in “cooked” (as opposed to “raw”) mode. the number of pixels in the X direction. In “raw” mode. should the user process running on the server care to make use of that information. the START and STOP (usually ASCII DC1. In this mode. a 12-byte special sequence is sent to the remote server to indicate the current dimensions of the client’s window. whereas all other characters are transmitted to the remote host as they are received. but are sent as any other character to the remote server. The server thus determines the semantics of the START and STOP characters when in “raw” mode.DIT 116 NETWORK PROTOCOLS NOTES For example: <null> bostic<null> kbostic<null> vt100/9600<null> The server returns a zero byte to indicate that it has received these strings and is now in data transfer mode. and the number of pixels in the Y direction.

Normal data is simply sent to the client’s display. but may be processed before actual display (tabs expanded. etc. What is the importance of window size changes in Rlogin? 10. the client or server process which notices the close should perform an orderly shut-down. When a TCP urgent-data pointer is received by the client.DIT 116 NETWORK PROTOCOLS Other flags than “ss” may be used in future for other in-band control messages. A control byte of hex 20 commands the client to resume interception and local processing of START and STOP flow control characters. What are the various options provided by TELNET? 7. The server can imbed single-byte control messages in the data stream by inserting the control byte in the stream of data and pointing the TCP “urgentdata” pointer at the control byte. None are currently defined. What are the three basic services provided by TELNET? 4. What are the two popular applications provided by TCP/IP for remote login? 3. Justify this statement. What is the necessity of remote login? 2.2 Connection Closure When the TCP connection closes in either direction. 9. What are the control functions supported by NVT? 6. From Server to Client Data from the remote server is sent to the client as a stream of characters. and the control byte pointed to is received and interpreted as follows: 02 10 A control byte of hex 02 causes the client to discard all buffered data received from the server that has not yet been written to the client user’s screen. A control byte of hex 10 commands the client to switch to “raw” mode. Rlogin is a simple protocol than TELNET. Have you understood? 1. How is flow control done in Rlogin? 161 Anna University Chennai . but are instead treated as plain data. restoring terminal modes and notifying the user or processes of the close before it closes the connection in the other direction.). 3. the byte pointed to by the urgent data pointer is NOT written to the client user’s display. In all cases. NOTES 20 All other values of the urgent-data control byte are ignored. What is meant by pseudo terminal in TELNET? 5. where the START and STOP characters are no longer handled by the client. data in the TCP stream up to the urgent byte is buffered for possible display after the control byte is handled. What are the circumstances under which TELNET goes for out of band signaling? 8.9.

One important feature of DNS is the delegation of responsibility within the DNS. then reports back. Distributed refers to the fact no single site on the Internet knows all the information. 6. where a group of related users are working. A zone is a subtree of the DNS tree that is administered separately. but the name of the next server along the line to try is returned. Hence TCP/IP introduced an application layer protocol by name Domain Name System that enables the users to work with mnemonic addresses instead of dotted decimal notation of IP addresses. 9. NIC maintains a portion of the tree (top level domains) and delegates the responsibility to others for specific zones. 2. Organizational scheme divide the Internet according to the type of the organization to which the machines belong. DNS provides other services like mail address aliasing.DIT 116 NETWORK PROTOCOLS NOTES Summary 1. HTTP. the query fails. each site maintains its own database of information. it is up to the person responsible for the zone to provide multiple name servers for that zone. In DNS. DNS is an indirect application used by other application layer protocols or applications like SMTP. each server that does not have the requested information goes and finds it somewhere. DNS is a distributed database that is used by TCP/IP applications to map between hostnames and IP addresses and to provide electronic mail routing information. 7. The geographic scheme divides the universe of machines by country. The DNS provides the protocol that allows the clients and servers to communicate with each other. No single entity manages every label in the DNS tree. 10. In a networked environment. Two methods are used to share the files between the systems of a network by name file access and file transfer. 3. In recursive query. and TELNET etc in resolving the mapping between a domain name (mnemonic address) and its equivalent IP address. 5. It is very difficult for the end users to work with IP addresses itself in communicating with remote machines in the network because remembering IP addresses is cumbersome and error prone. canonical name aliasing etc and hence DNS maintains different type of resource records. DNS may work with two different types of queries namely recursive query and iterative query. when a query cannot be satisfied locally. it becomes necessary for one user to access or modify the files that are present in other systems. 11. and runs a server program that other systems across the Internet (clients) can query. 8. A common zone is a second level domain and the second level domains divide their zone into smaller zones. The top level domains of the DNS form two completely different naming hierarchies: geographic and organizational. Apart from the basic mapping of domain name into its equivalent IP address. 4. Anna University Chennai 162 . In iterative query. Once the authority for a zone is delegated.

17. Although FTP is highly reliable. In RPC the client stub packages the procedure arguments into a network message. NFS clients access files on an NFS server by sending RPC requests to the server. The kernel determine this when the file is opened. 14. File access provides only the portions of a file that a process references and the goal of file access is to make the access transparent.. The NFS protocol is designed to be portable across different machines. Servers run always and wait for the client’s request. operating systems. network architectures. 19. 22.g. File Transfer Protocol is an out of band protocol that maintains two different connections for control information and data. Remote Procedure Call (RPC) is a different way of doing network network programming. clients and servers are developed using socket programming. A server stub on the server host receives the network message. NFS is a client/server application built using Sun RPC. 13. Often it is necessary to perform certain transformations on the data because data storage representations in the two systems are different. Internet) FTP permits a client to transfer a file from the remote server only if the client is an authenticate user and have the access rights for a particular file. Client sends the request and gets the response from the server. A client program is written that just calls functions in the server program. 21. data is transferred from a storage device in the sending host to a storage device in the receiving host. 163 NOTES Anna University Chennai . When reliability is not a major issue and if the client and server are on the same Local area Network. TFTP uses UDP at the transport layer. A different problem in representation arises when transmitting binary data (not character codes) between host systems with different word lengths. Hence FTP is required only if the client and server requires reliability of very high degree and the reliability of the network is less (e. With file transfer a complete copy of the file transferred to the client side. Initially the control processes running in the client and server machines establish a TCP connection at port number 21 for control information and then the data connection is established at port number 20. and sends this message to the server. and transport protocols. it is heavy weight protocol and the overheads involve din the process of file transfer is heavy. 18. A user can execute an arbitrary application program and use arbitrary files for input or output. In FTP. 20. Usually in networked environment. The file names themselves do not show whether the files are local or remote.DIT 116 NETWORK PROTOCOLS 12. a simple version of file transfer protocol by name TFTP (Trivial FTP) is sufficient. In NFS it is transparent to the client whether it’s accessing a local file or an NFS file. Anonymous FTP is another version of FTP where every one can transfer a file in the guest account itself. 16. It takes the arguments from the network message and calls the server procedure that the application programmer wrote. 15.

Unfortunately system administrators do not update their DNS files whenever changes are made. $ ftp voyager. 5. server.18. Anna University Chennai 164 .edu:forouzan): forouzan 331 Please specify the password Password: 230 Login Successful Remote system type is UNIX Using binary mode to transfer files ftp>ls reports 227 Entering Passive Mode (153. there is no automatic recovery.fhda. 4.169) 150 Here comes the directory listing. If a DNS packet is lost. The TCP/IP suite includes a simple remote terminal protocol called TELNET that allows a user to log into a computer across an internet. Exercises 1.edu.2) 530 Please login with USER and PASS Name (voyager.11.edu. 3. Remote login is one of the most popular Internet applications that enables us to login to one host and then remote login across the network to any other host instead of having a hard-wired terminal on each host.DIT 116 NETWORK PROTOCOLS NOTES 23. Connected to voyager.fhda.17.deanza. and having a stateless resolver? Consider the following ftp session.fhda. 220 (vsFTPd 1. 2. 6. How do you think the DNS handles this? What is the problem with maintaining the cache in the name server.deanza. DNS uses UDP instead of TCP. and if so. Give an example for anonymous FTP session. Does this cause a problem. Changes are made in the list of root servers in DNS.deanze. or both. how is it solved? Classify a DNS resolver and a DNS name server as either client.238.2. drwxr-xr-x 2 3027 411 4096 Sep 24 2002 business drwxr-xr-x 2 3027 411 4096 Sep 24 2002 personal drwxr-xr-x 2 3027 411 4096 Sep 24 2002 school 226 Directory send OK ftp> quit 221 Goodbye Explain this ftp session.

When a name server receives a request either from a resolver or from another name server. v. The packet loss rate and variability in round-trip times are normally higher on a WAN than a LAN. Minimally this requires one of the root server entries in the start-up disk file to be current. password is required) The client sends the PASS command. This can often lead to timeouts for resolver queries that are too short. which operate mostly on local area networks. ii. unlike many other Inetrnet applications that use UDP (TFTP. 8. requesting the name server records (a query type of NS) for the root domain. it functions like a client. Since the resolver comes and goes. Also. the disk file may have the out of date entries also. DNS queries and responses often traverse wide area networks. the FTP server sends the 220 (service ready) response on the control connection. BOOTP and SNMP). 10. The issue is. vi.DIT 116 NETWORK PROTOCOLS 7. A resolver cannot function like a server. causing unnecessary retransmissions. iv. The client sends the USER command. This returns the current up-to-date list of root servers. It then tries to contact one of these root servers. . When a name server starts. 5. iii. The server responds with 331 (user name is OK. the resolver cannot keep track of the round-trip times to its various name servers. 9. 165 Anna University Chennai 2. After the control connection to port 21 is created. The server responds with 230 (user login is OK) The client issues a passive open on an ephemeral port for the data connection and sends the PORT command to give this port number to the server. 4. A name server can function like a server as well as client.i. it may be necessary for it to forward the request to some other name server. both the resolver and the name server must perform their own timeout and retransmission. increasing the importance of a good retransmission and timeout algorithm for DNS clients. A resolver is always a client. TFTP sender performs the timeout and retransmission to handle lost packets. it functions like a server. How does this affect the use of TFTP when it’s being used as a part of the bootstrap process? What is the limiting factor in time required to transfer a file using TFTP? What is the master-slave relationships among the server processes running in a TELNET server? What are the four options that may be exchanged by either side in a TELNET session? NOTES Answers 1. Suppose if the name server does not have the required mapping. Since the DNS primarily uses UDP. as applications come and go. it normally reads the list of root servers from a disk file. if the system is configured to use multiple name servers and the resolver maintains no state. In the later case. 3.

With its stop and wait protocol. 8. It sends response 150 (data connection will open shortly) viii. the client sends a QUIT command. ….. ftp>close 221 Goodbye ftp>quit 7. xii. x. The maximum throughput of TFTP is then 512 bytes divided by the round-trip time between the client and the server. the server responds with 226 (closing data connection) over the control connection. In our example. TFTP can transfer a maximum amount of 512 bytes per client-server round trip.net 220 Server ready Name: anonymous 331 Guest login OK. The server then sends the list of files or directories (as a file) on the data connection. When the whole list (file) is sent. $ftp internic. On an 166 Anna University Chennai . send “guest” as password Password:guest ftp>pwd 257 ‘/’ is current directory ftp>ls 200 OK 150 Operating ASCII mode bin …. the server responds with 221 (server closing) and then closes the control connection.net Connected to internic. The client now has two choices. After receiving the QUIT command. ….. xi. because the server is the sender of the bootstrap files. ix. but it prepares itself for issuing an active open on the data connection between port 20 (server side) and the ephemeral port received from the client. It can use the QUIT command to request the closing of the control connection or it can send another command to start another activity (and eventually open another data connection). This simplifies coding a TFTP client to fit in read-only memory. The client sends the LIST message. 6. Now the server responds with 125 and opens the data connection.DIT 116 NETWORK PROTOCOLS NOTES vii.. The server does not open the connection at this time. so the server must implement the timeout and retransmission.

concurrent connections. 10. iv. i. In its simple form the TELNET server accepts a TCP connection from the client. a master server process waits for a new connection and creates a new slave to handle the connection.DIT 116 NETWORK PROTOCOLS 9. Usually. because it must handle multiple. WILL – The sender wants to enable the option itsef DO – The sender wants the receiver to enable the option WONT – The sender wants to disable the option itself DONT – The sender wants the receiver to disable the option NOTES 167 Anna University Chennai . iii. In practice.000 bytes/sec. ii. the maximum throughput is around 170. Ethernet. and then relay data between the TCP connection and the local operating system. assuming a round-trip time of 3ms. the server is more complex.

DIT 116 NETWORK PROTOCOLS NOTES Anna University Chennai 168 .

4.1 INTRODUCTION This unit introduces two most popular applications of the Internet namely World Wide Web (WWW) and Electronic Mail (E-Mail).4 NOTES 4. World Wide Web is an open ended information retrieval system that enables to access the documents (web pages) that are available in various servers that are situated in various parts of the world. WWW is very popular to the extent that layman to computing and communication and many end users think that both WWW and the Internet are one and the same.2            LEARNING OBJECTIVES To understand the framework of World Wide web (WWW) To learn the functions of the client side in WWW To know the details of the server side of WWW To have an exposure to the browsers and their interfaces To study about plug-ins. RTP is an effort to accommodate multimedia applications in the Internet by providing the required information along with the packets so that applications running in the end systems are able to interpret the headers and try to satisfy the timing requirements of the multimedia applications. Electronic mail provides a lot of features and advantages when compared to conventional postal mail (called as snail mail now days) and telephone systems. Now days. helper applications and their interaction with the browsers To learn the protocol specifications of Hyper Text Transfer Protocol (HTTP) To discuss about the various methods supported by HTTP To understand the architecture of Electronic Mail (E-Mail) system To study about the functions of User Agent and Mail Transfer Agent of E-Mail To know the message types supported by E-Mail To study about Multipurpose Internet Mail Extension (MIME) standard 169 Anna University Chennai . The Internet is based on best-effort model and hence it is not able to support real time applications and multimedia applications. The third protocol we introduce in this unit is Real Time Protocol (RTP). it is very difficult to find people who do not use electronic mail service of the Internet to send and receive the messages. But the fact is WWW is just one among the many services provided on the Internet.DIT 116 NETWORK PROTOCOLS UNIT .

DIT 116

NETWORK PROTOCOLS

NOTES

      4.3

To learn the Simple Mail Transfer Protocol (SMTP), the heart of an e-mail system To know the details of the final delivery of mail to the users To learn the basics of audio and video transmission To learn about the Quality of Service (QoS) metrics To study the details of Real-Time Transport Protocol (RTP) encapsulation To understand RTP Control Protocol, an adjunct protocol of RTP WORLD WIDE WEB

The World Wide Web (WWW) is an open ended information retrieval system for accessing linked documents spread out over millions of machines all over the Internet. It is a distributed client-server system, in which a client using a browser can access a service using a server. However a single server is not able to provide all the services and the services are distributed over many locations called sites. Client is popularly known as browser. Today’s browsers with excellent and user friendly interface have made the WWW accessible for every one. WWW provides an enormous wealth of information on different subjects. 4.3.1 Architecture of the Web

The WWW is based on the client/server architecture. A web client (that is, a browser such as Netscape Navigator, or Microsoft Internet Explorer) sends request for information to any web server. A web server is a program which upon receipt of the request sends the requested document (or an error message if needed) to the requesting client. Typically the browser runs on a separate machine from that of the server. The server takes care of all the issues related to document storage, whereas the task of presenting the information to the user is taken care by the client program. The web client and the web server communicate with each other using the HyperText Transfer Protocol (HTTP). The protocol transfers data in the form of plain text, hypertext, audio, video and so on. However, it is called hypertext transfer protocol because it allows its use in hypertext environment where there are rapid jumps from one document to another. Web servers maintain a vast, worldwide collection of documents or Web pages, often just called pages for short. The web is a hypermedia system that supports interactive access. A hypermedia system provides a straightforward extension of traditional hypertext system. In either system, information is stored as a set of documents. Besides the basic information, each page may contain links to other pages anywhere in the world. Users can follow a link by clicking on it, which then takes them to the pages pointed to. This process can be repeated indefinitely. A page that has links that point to other pages is said to have hypertext. The hypermedia information available on the web is called a page. An example of the web page is given in figure 4.1a. This page starts
Anna University Chennai 170

DIT 116

NETWORK PROTOCOLS

with a title, contains some information, and ends with the e-mail address of the page’s maintainer. Strings of text that are links to other pages, called hyperlinks, are often highlighted, by underlining, displaying them in a special color, or both. To follow a link, the user places the mouse cursor on the highlighted area, which causes the cursor to change, and clicks on it. Theoretically speaking, a browser can exist without any graphical user interface (e.g., Lynx). However, only browsers with user-friendly graphical user interface were able to survive in the market. As the next stage in the development of the browsers, voice-based browsers are also being developed. Users who are curious about the Department of Computer Science and engineering can learn more about it by clicking on its (underlined) name. The browser then fetches the page to which the name is linked and displays it, as shown in figure 4.1b.

NOTES

WELCOME TO ANNA UNIVERSITY’S HOME PAGE  Campus Information  Admission Information  Campus Map  Directions to campus  The Student body Academic Departments  Department of Computer Science And Engineering  Department of Electronics And Communication Engineering  Department of Mechanical Engineering  Department of Civil Engineering  Department of Management studies  Department of Science And Humanities webmaster@annauniv.edu

Figure 4.1 (a) A web page

171

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES
THE DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING  Information of courses  Personnel  Faculty members  Research Scholars  Post graduate students  Under graduate students  Research Projects  Positions available  Curriculum and Syllabi  Placement records  Publications  Seminars and conferences webmaster@cs.annauniv.edu

Figure 4.1 (b) The page reached by clicking on Department of Computer Science and Engineering

The underlined items here can also be clicked on to fetch other page, and so on. The new page can be on the same machine itself or in some other machine in the same network or in a machine in a different network. These details are transparent to the users and the web is able to fetch the pointed page irrespective of its physical location. Page fetching is done by the browser, without any help from the user. If the user ever returns to the main page, the links that have already been followed may be shown with a dotted underline and possibly a different color to distinguish them from links that have not been followed. Clicking on the Campus Information line in the main page does nothing. It is not underlined, which means that it is just text and not a hyper text. The client-server model of the Web is shown in Figure 4.2. The browser is displaying a web page with many links to other pages on the client machine. When the user clicks on a link that is linked to a page on the first.com server, the browser follows the hyperlink by sending a message to the first.com server asking for it for the page. When the page arrives, it is displayed. If this page contains a hyperlink to a page on the second.com server that is clicked on, the browser then sends a request to that machine for the page, and so on indefinitely.

Anna University Chennai

172

DIT 116

NETWORK PROTOCOLS

NOTES
Server first.com Server second.com Current page displayed by browser

client

Hyperlink to first.com Hyperlink to second.com

Browser program

disc Web server

disc

Web server TCP connection

The internet

Figure 4.2 The parts of the web

4.3.2 The Client Side The client side of the web is the browser program. From the user’s point of view, browser is a program that is used to fetch and display the web pages. In addition to fetching and displaying web pages, the browser has to catch mouse clicks to items on the displayed page. It is necessary for the web to have an addressing scheme or a naming mechanism for the web pages so that the browser can establish the TCP connection with the appropriate server in the Internet. Then only the hyperlink on a page can point to the correct page on the web. Pages are named using URLs (Uniform Resource Locators). A typical URL is http://www.annauniv.edu/research/index.html A URL has three parts: the name of the protocol (http), the DNS name of the machine where the page is located (www.annauniv.edu), and (usually) the name of the file containing the page (/research/index.html). When a user clicks on a hyperlink, the browser carries out a series of steps in order to fetch the page pointed to. Suppose that a user is browsing the web and finds a link on Internet telephony those points to Anna University’s home page, which is http:/ /www.annauniv.edu/. The following steps take place in the process of fetching and displaying the web page.

173

Anna University Chennai

DIT 116

NETWORK PROTOCOLS

NOTES

1. 2. 3. 4. 5. 6. 7. 8. 9.

The browser determines the URL (by seeing what was selected). The browser asks DNS for the IP address of www.annauniv.edu DNS replies with 156.106.192.32 The browser makes a TCP connection to port on 156.106.192.32. It then sends over a request asking for file /research/index.html The www.annauniv.edu server sends the file /research/index.html The TCP connection is released The browser displays all the text in file /research/index.html The browser fetches and displays all images in this file.

All of the above steps take place using the application layer protocol Hypertext Transfer Protocol (HTTP). Hence the browser is considered as the HTTP client or web client. To be able to display the new page (or any page), all browser has to understand its format. To allow all browsers to understand all web pages, web pages are written in a standardized language called Hypertext Markup Language (HTML), which describes web pages. From this view point, a browser is considered as an HTML interpreter. Although a browser is basically an HTML interpreter, most browsers have numerous buttons and features to make it easier to navigate the Web. This is the major difference between text based browsers like Lynx and commercially successful browsers like Netscape Navigator and Internet Explorer. Many graphical browsers display which step they are currently executing in a status line at the bottom of the screen. In this way, when the performance is poor, the user can see if it is due to DNS not responding, the server not responding, or simply network congestion during page transmission. Most have a button for going back to the previous page, a button for going forward to the next page, and a button for going straight to the user’s own start page. Most browsers have a button or menu item to set a bookmark on a given page and another one to display the list of book marks, making it possible to revisit any of them with only a few mouse clicks. Pages can also be saved to disk or printed. Numerous options are generally available for controlling the screen layout and setting various user preferences. 4.3.3 The Server Side In this section we are going to discuss about the functional requirements of a web server. When the user types in a URL or clicks on a line of hypertext, the browser passes the URL and interprets the part between http:// and the next slash as a DNS name to look up. It sends the request to the DNS server and gets the equivalent IP address. Once the browser gets the IP address it establishes a TCP connection to port 80 on that sever. Then it sends over a command containing the rest of the URL, which
Anna University Chennai 174

Because of this bottleneck. One obvious improvement is to maintain a cache in memory of the n most recently used files. the server checks the cache.      Accept a TCP connection from a client (a browser) Get the name of the file requested Get the file (from disk) Return the file to the client Release the TCP connection. However. Fetch the requested page from disk. For a major web site provider with a large customer base. 7. NOTES In the above sequence of steps third step (Get the file (from disk)) becomes the bottleneck in fetching the web page since it involves the secondary storage devices. For example. less if large files have to be read often. Once the request is made by the client. 3. Just like any other server. Typically a web server performs the following functions in its main loop. The data rate at which the secondary storage devices (disks) operate is considerably less than that of the rate at which the processor operates. which limits the server to at most 200 request/sec. Authenticate the client Perform access control on the client. 4. A better solution is to build a faster server based on multithreading. Perform access control on the Web page. The server then returns the file for the browser to display. modern commercial web servers have to perform many additional steps to make the applications like electronic commerce a reality. 6. The five steps we have discussed earlier are the bare minimum steps required in supplying the requested web page to the client. 2.DIT 116 NETWORK PROTOCOLS is the name of a file on that server. the web server is also expected to wait round the clock for the client request. 5. the web server cannot serve more request per second than it can make disk accesses. Before going to disk to get a file. this figure is too low. a high-end SCSI disk has an average access time of around 5 msec. 175 Anna University Chennai . Even though caching requires extra space and extra overhead the benefits obtained out of caching outweigh these limitations. 1. it can be served directly from memory and the disk is eliminated in the process of fetching the web page. Check the cache. Resolve the name of that Web page requested. the server has to perform a set of functions to supply the requested web page to the client. A modern web server performs the following set of functions. Determine the MIME type to include in the response. If the file is there.

When a web server has to perform all of the above steps for each and every transaction for every client request. a server responds.4 Statelessness and Cookies The World Wide Web was developed as a stateless entity. 11. 5. 3. Certain web sites are being used as electronic stores that allow users to browse through the store. 10. Take care of miscellaneous odds and ends. 4. 12. 10. Justify this statement. Hence the designers of the web servers decided to use a set of CPUs in the web servers to satisfy the user’s request in a better way. What is the information present in the MIME type of a web page? What is the role of a plug-in in displaying a web page? Differentiate between a plug-in and helper application. 7. 8. The original design of WWW is to retrieve publicly available documents in the Internet. What are the minimal functions to be performed by the web server? Which step is the bottleneck in accessing the web pages? List down the various functions to be performed by a web server in an e-commerce application. 13. select wanted items. What is World Wide Web? What is meant by a home page? What are the minimal functions to be performed by the browser? List down the steps required in fetching and displaying a web page. Make an entry in the server log. the original stateless approach is not sufficient and hence cookies were introduced by Netscape. Anna University Chennai 176 . For web sites like these. For this original design. Have you understood? 1. Some web sites are used as portals: the user selects the web pages he wants to see. put them in an electronic cart. A client sends a request. However. 4. 9. Their relationship is over. What is the necessity of multithreading in a web server? What is meant by a server farm? What is meant by TCP handoff in a web server? What are the different ways in which a cache can be maintained by the web servers? WWW is stateless. 2. Return the reply to the client. and pay at the end with a credit card. 14. 9.3. 6. 15. In this scenario. a single processor with multiple disks and multiple threads may not be sufficient when the web server receives too many requests in each second. some web sites need to allow access to registered clients only.DIT 116 NETWORK PROTOCOLS NOTES 8. the stateless approach is suitable. now a days the WWW is considered as an effective medium to carry out business.

the contents of the cookie (information the server has gathered about the client such as name. 177 Anna University Chennai . You please note that the contents of the cookie are never read by the browser or disclosed to the user. a cookie that contains information about the item such as its number and unit price is sent to the browser. 5. The information may include the domain name of the client. The specification of HTTP discusses about the methods that are used by the client and the server through which various types of requests are made and the responses are obtained. not a new one. If the site is accessed again. the cookie is included in the request. All clients and all servers must obey this protocol. When the server receives the request. When the client receives the response.DIT 116 NETWORK PROTOCOLS When a server receives a request from a client. 4. only those clients that send the appropriate cookie are allowed. the cookie is sent to the server to show what the client is looking for. The server includes the cookie in the response that it sends to the client. 2. If the client selects a second item. A web portal uses a cookie in a similar way. An electronic store can use a cookie for its client shoppers. When a client selects an item and inserts it into a cart. When a client sends a request to the server. which is stored by the domain server name. it stores information about the client in a file or a string. This is repeated till the client finishes shopping. 3. the browser stores the cookie in the cookie directory.4 Why web has been designed as stateless? What are the limitations of the web being stateless? What are the problems in keeping track of the clients in terms of their IP addresses? What is meant by a cookie? What are the security risks in using cookies? HYPER TEXT TRANSFER PROTOCOL NOTES The protocol used by the client and the server in the process of transferring the web documents or pages is Hyper Text Transfer Protocol (HTTP). the browser looks in the cookie directory to see if it can find a cookie sent by the server. a timestamp. followed by one RFC 822 MIME-like response. If found. 4. the cookie is updated with the new selection information. registration number. Have you understood? 1. and other information depending on the implementation. a cookie is made and sent. it knows that this is an old client. The site that restricts access to registered clients only sends a cookie to the client when the client registers for the first time. and so on). For any repeated access. It is defined in RFC 2616. When a user selects her favorite pages. It is a cookie made by the server and used by the server. Each interaction consists of one ASCII request.

2 Methods HTTP has been designed in such a way that it can be used for other types of object-oriented applications also apart from fetching and displaying the web pages. In persistent connection without pipeline. the relative overhead due to TCP is much less per request. the web client (the browser) establishes a connection with the web server and makes a single request and the server sends the single response over the established connection. In HTTP 1.3.0.1 Connections The usual way for a browser to contact a server is to establish a TCP connection to port 80 on the server’s machine. For accessing general objects. or acknowledgements.4.1 was released. However. with the first word on the first line being the name of the method requested.4. images. The GET method requests the server to send the page (by which we mean object. duplicate messages. The vast majority of requests to Web servers are GETs. in the most general case. By amortizing the TCP setup and release over multiple requests. In pipelined requests. The names are case sensitive. Otherwise either the application layer protocol or the application has to take care of these issues. so establishing a TCP connection to transport a single icon became a very expensive way to operate. When WWW was confined to documents with HTML text alone. Hence HTTP supports a variety of methods instead of just supporting the methods for web page request and response. The built-in methods are listed in figure 4. Each request consists of one or more lines of ASCII text. so GET is a legal method but get is not. The page is suitably encoded in MIME. additional object-specific methods may also be available. and other eye candy.1 supports persistent connections.DIT 116 NETWORK PROTOCOLS NOTES 4. the above mode of communication between the client and the sender was adequate.1 supports two type of persistent connections namely persistent connection with pipeline and without pipeline.0 and its next version by name HTTP 1. Persistent connections refer to the ability to send additional requests and get additional responses over the same TCP connection. Once the reply is sent the connection is released. WWW in its present status contains pages that have many other things apart from the HTML text such as icons. but in practice normally just a file). However. 4. it is possible for the client to make use of UDP or some other unreliable transport layer protocol also to communicate with the server. TCP is preferred since it takes care of the problems like lost messages. client issues new request only when previous response has been received. Hence many modifications were done in HTTP 1. it is possible to send request 2 before the response to request 1 has arrived. HTTP 1. HTTP 1. This means that one RTT for each referenced object. The usual form of GET is Anna University Chennai 178 .

This method is useful when requests are not being processed correctly and the client wants to know what request the server has actually got. bears the URL. In particular neither PUT nor POST is used very much. authentication and permission play a major role here. DELETE does what you might expect: it removes the page. but instead of replacing the existing data. It may be encoded using MIME.1 is the protocol version being used).g. There is no guarantee that DELETE succeeds.DIT 116 NETWORK PROTOCOLS GET filename HTTP/1.3 The built-in HTTP request methods The PUT method is the reverse of GET: Instead of reading the page. 179 Anna University Chennai . This method makes it possible to build a collection of web pages on a remote server. As with PUT.. too. It instructs the server to send back the request. it writes the page. Somewhat similar to PUT is the POST method. NOTES Method GET HEAD PUT POST DELETE TRACE CONNECT OPTIONS Description Request to read a web page Request to read a web page’s header Request to store a web page Append to a named resource(e. or just to test a URL for validity. in which case the lines following the PUT might include Content-Type: and authentication headers to prove that the caller indeed has permission to perform the requested operation. the underlying file may have a mode that forbids the HTTP server from modifying or removing it. without the actual page. The HEAD method just asks for the message header. to collect information for indexing purposes. the new data is “appended” to it in some generalized sense. since even if the remote HTTP server is willing to delete the page. The TRACE method is for debugging. The body of the request contains the page. This method can be used to get a page’s time of last modification. It.1 Where filename names the resource (file to be fetched and 1. Posting a message to a newsgroup or adding a file to a bullet-in-board system are examples of appending in this context. a Web page) Remove the Web page Echo the incoming request Reserved for future use Query certain options Figure 4.

If Anna University Chennai 180 .. In addition to the actual method.g. This header is used by the client to provide the server with the information. all are part of a web page). The first digit is used to divide the responses into five major groups as shown in figure 4..g. The 4xx codes means the request failed due to a client error such as invalid request or a nonexistent page. The status code response groups The 1xx codes are rarely used in practice.. and if not.4. why not. HTTP messages are to be provided with the required additional information called headers. Every request gets a response consisting of a status line. The User-Agent header allows the client to inform the server about its browser. Spanish). The 3xx codes tell the client to look elsewhere. Some of them are used as request headers and some of them are used as response headers. Additional information present in the response lines is called response headers. The 2xx codes mean that the request was handled successfully and the content (if any) is being returned..g.4.4. operating system and other properties. It is reserved for future use. A selection of the most important ones is given in figure 4. text/html). 503=try again later Figure 4. 304= cached page still valid 403 = forbidden page. The request line followed by additional lines with more information is called request headers.g. Few headers can be used as both request as well as response headers. Finally.DIT 116 NETWORK PROTOCOLS NOTES The CONNECT method is not currently used. gzip). either due to an error in its code or to a temporary overload. The third deals with compression methods (e. Code 1xx 2xx 3xx 4xx 5xx Meaning Information Success Redirection Client error Server error Examples 100=server agrees to handle client’s request 200=request succeeded. The fourth indicates a natural language (e. The four Accept headers tell the server what the client is willing to accept in the event that it has a limited repertoire of what is acceptable.204=no content present 301=page moved.3 Message Headers HTTP is basically a request/response scheme. The OPTIONS method provides a way for the client to query the server about is properties or those of a specific file.5. 404=page not found 500=internal server error.. The status line contains the 3 digit status code telling whether the request was satisfied. ISO-8859-5 or Unicode-1-1). The second gives the character set (e. and possibly additional information (e. The first header specifies the MIME types that are welcome (e. 4. the 5xx errors mean the server itself has the problem.g. either using a different URL or in its own cache.

. This header is mandatory. This header is used for that case. It is used because some IP addresses may serve multiple DNS names and the server needs some way to tell which host to hand the request to.DIT 116 NETWORK PROTOCOLS the server has a choice of pages. If it is unable to satisfy the request. The Authorization header is needed for pages that are protected. The Date header can be used in both directions and contains the time and date the message was sent. they also have two headers. gzip) The natural language used in the page The page’s length in bytes The page’s MIME type Time and date the page was last changed A command to the client to send its request elsewhere The server will accept byte range requests The server wants the client to save a cookie Figure 4. NOTES Header User-Agent Accept Accept-Charset Accept-Encoding Accept-Language Host Authorization Cookie Date Upgrade Server Content-Encoding Content-language Content-Length Content-Type Last-Modified Location Accept-Ranges Set-Cookie Type Request Request Request Request Request Request Request Request Both Both Response Response Response Response Response Response Response Response Response Contents Information about the browser and its platform The type of pages the client can handle The character sets that are acceptable to the client The page encodings the client can handle The natural languages the client can handle The server’s DNS name A list of the client’s credentials Sends a previously set cookie back to the server Date and time the message was sent The protocol the sender wants to switch on Information about the server How the content is encoded (e. It allows the client to announce what it can support and the server to asset what it is using. Although cookies are dealt with in RFC 2109. The Cookie header is used by client to return to the server a cookie that was previously sent by some machine in the server’s domain. it can use this information to supply the one the client is looking for. 181 Anna University Chennai . rather than RFC 2616. the client may have to prove it has a right to see the page requested. an error code is written and the request fails. It is taken from the URL. The Upgrade header is used to make it easier to make the transition to a future (possibly incompatible) version of the HTTP protocol.5 Some HTTP message headers The Host header names the server.g. In this case.

and some of its properties if it wishes. but which redirect clients to a national or regional page based on their IP addresses or preferred languages.com domain. 7. 3. Server. The second cookie header. 8.5 What is the application layer protocol of the web? What is meant by a hypertext? What are the limitations of HTTP 1. The Location header is used by the server to inform the client that it should try a different URL. so the page can be fetched in multiple small units. Some servers will accept request for byte ranges.0? What is meant by a persistent connection in HTTP? Differentiate between the persistent connection without pipeline and persistent connection without pipeline. Set-Cookie. 2. E-mail is one of the most widely used application services. 4. 6. Anna University Chennai 182 . E-mail accommodates small notes or large voluminous memos with a single mechanism. Have you understood? 1. What is meant by Response Message header? ELECTRONIC MAIL The electronic mail (e-mail) service of the Internet allows users to send memos or messages or mails across the Internet. If a page is very large. Indeed. convenient method of transferring information. The Accept-Ranges header announces the server’s willingness to handle this type of partial page request. 4. is how servers send cookies to clients. The client is expected to save the cookie and return it on subsequent requests to the server. What is the purpose of GET method of HTTP? Differentiate between PUT and POST methods of HTTP.DIT 116 NETWORK PROTOCOLS NOTES The first one. all starting with Content-. The next four headers. This can be used if the page has moved or to allow multiple URLs to refer to the same page (possibly on different servers). some users rely on e-mail for normal business activity. allows the server to tell who it is. 5. This header plays an important role in page caching. allow the server to describe properties of the page it is sending. 10. E-mail is also popular because it offers a fast. a small client may not want it all at once. 9. What is the purpose of status response code? Give examples for Request type HTTP message headers. It is also used for companies that have a main web page in the . The Last-Modified header tells when the page was last modified.

If it cannot form a TCP connection or if the connection fails. Whenever it finds a message or whenever user deposits new outgoing mail.6 illustrates the concept. the mail software returns the message to the sender. the system places a copy in its private storage (spool) area along with identification of the sender. and time of deposit. When the user sends a mail message. the transfer process passes a copy of the message to the remote server. the application should be able to deliver the message even if the recipient is not on line. The system then initiates the transfer to the remote machine as a background activity.lient (backgroun d transfer) NOTES user sends mail for outgoing mail User reads mail Mailboxes for incoming mail Server ( to accept mail) TCP connection for incoming mail Figure 4.g. Since e-mail has to support off-line delivery also. which stores the copy in the remote system’s spool area. To handle delay delivery mail system uses a technique known as spooling. Figure 4. Once the client and server agree that the copy has been accepted and stored. using timeout and retransmission for individual segments if no acknowledgement returns. and then attempts to form a TCP connection to the mail server on the destination machine. If it succeeds. If it finds that a mail message cannot be delivered after an extended time (e. network protocols send packets directly to destinations. the background process attempts delivery. allowing the sender to proceed with other computational activities. typically once every 30 minutes. 3 days). recipient. TCP Connection Outgoing mail spool area User interface C. In other applications of the Internet.DIT 116 NETWORK PROTOCOLS Mail delivery is a new concept because it differs fundamentally from other services of the Internet. the client removes the local copy. destination machine.. 183 Anna University Chennai . the transfer process records the time delivery was attempted and terminates. checking for undelivered mail. A sender does not want to wait for the remote machine to respond before continuing work nor does the user want the transfer to abort to merely because the destination is temporarily unavailable. It first uses the domain name system to map the destination machine name to an IP address.6 Conceptual components of an e-mail system The background mail transfer process becomes a client. The background transfer process sweeps through the spool area periodically.

Disposition This is the final step to be done in the e-mail system. Second. Transfer This refers to moving messages from the sender to the recipient. The e-mail system should provide an editing facility to compose a mail and to make changes in it (if required). This requires establishing connection to the destination (in TCP/IP based e-mail systems) or to the intermediate machines (in Application Gateway approach). Reporting This has to do with telling the originator what happened to the message. Displaying This function is required to enable the users to read their e-mail. a mailbox address is same as a user’s login id.1 Basic Functions of an E-mail System An e-mail system has to support five basic functions. saving it and so on. but that is not necessary.edu always refer to the present vice-chancellor of Anna University and not confined to an indiAnna University Chennai 184 . Sometimes the e-mail system itself may not be able to display the message (the message is a postscript file or digitized voice) and it may seek the help of special viewer applications. It is possible to assign a mailbox to a position of employment (e. users specify recipients by giving pair of strings that identify the mail destination machine name and a mailbox address on that machine. outputting the message and releasing the connection. First. Usually.2 Mailbox Names and Aliases There are three important ideas hidden in our simplistic description of mail delivery. the composition facility should provide addressing fields and many header fields to convey additional meaning. However modern e-mail systems have added more sophisticated functions. Composition This refers to the process of creating messages and answers. and a destination machine name is same as the machine’s domain name.5.. Possibilities include throwing it away before reading. In addition to the functions of an ordinary editor.DIT 116 NETWORK PROTOCOLS NOTES 4. It may be necessary to answer questions like was it delivered? Was it lost etc. the mailbox vc in the mail-id vc@annauniv. the names used in such specifications are independent of other names assigned to machines.5.g. throwing it after reading. This step deals with what the recipient does with the message after receiving it. 4.

For example.5. 4. In mathematical terms.3 Alias Expansion and Mail Forwarding Most systems provide mail forwarding software that includes a mail alias expansion mechanism. it is possible to decouple mail destination names from the usual domain names assigned to machines.DIT 116 NETWORK PROTOCOLS vidual). NOTES alias database User sends mail Alias expansion and forwarding User interfa ces Mailboxes for incoming mail User reads mail Server (to accept mail) outgoing mail spool area Client (background transfer) Figure 4. alias mappings can be many-one or one-many. including nicknames and positions. Also. Thus. by mapping a set of identifiers to a single person. Recipients for whom no mapping has been specified remain unchanged.com may go to a different machine than a telnet connection to the same name. the aliases system allows a single user to have multiple mail identifiers.7 An extension of the mail system shown in figure 4. Similarly. and mail that arrives on a machine but which should be forwarded to another machine. after a user composes a message and names a recipient. Using aliases that map an identifier to a list of identifiers makes it possible to establish a mail exploder that accepts 185 Anna University Chennai . A mail forwarder allows the local site to map identifiers used in mail addresses to a set of one or new mail addresses. The system also allows a site to associate groups to recipients with a single identifier. mail sent to a user at example. Third. the mail interface program consults the local aliases to replace the recipient with the mapped version before passing the message to the delivery system. Usually. our simplistic diagram fails to account for mail processing and mail forwarding. because the domain name system includes a separate query type for mail destinations. the underling mail system uses the aliases to map incoming recipient addresses.6 Aliases increase mail system functionality and convenience substantially. which include mail sent from one user to another on the same machine.

That is. while site B maps mail address y into address x at site A. expanding a mail alias into a large set of recipients is a popular technique used widely. The key idea behind TCP/IP e-mail systems is that TCP provides end-to-end connectivity.7 illustrates the components of a mail system that supports mail aliases and list expansion. With such systems. The mail may go to another user or. There are two crucial differences between these services and TCP/IP e-mail system.13 shows. Suppose two sites establish conflicting aliases. TCP/IP makes possible universal mail delivery because it provides universal interconnection among machines. First. incoming and outgoing mail passes through the mail forwarder that expands aliases. devising a standard mail exchange protocol becomes easier. Thus. if alias database specifies that mail address x maps to replacement y. electronic mail systems built on TCP/IP are inherently more reliable than those systems built from arbitrary networks. The message is transferred through a series of mail gateways. Only after the client successfully transfers a mail message to the server does it remove the message from the local machine. if the alias specifies an illegal address. contacting a server on the ultimate destination. As figure 4. alias expansion will rewrite destination address x. it is possible to have a mailing list at site. The set of recipients associated with an identifier is called an electronic mailing list. the user will be unable to receive mail. A mail message sent to address x at site A could bounce forever between the two sites. With the basic network services in place. the alias expansion program then determines whether y specifies a local or remote address. with none of the recipients from the list located at Q. Not all the recipients on a list need to be local.DIT 116 NETWORK PROTOCOLS NOTES one incoming message and sends it to a large set of recipients. changing it to y.4 Two different Approaches of providing E-Mail Commercial services exist that can forward electronic mail among computers without using TCP/IP and without having the computers connected to the global internet. if the manager at site A accidentally maps a user’s login name at that site to an address at another site. Mail alias expansion can be dangerous. Second. Similarly. so it knows whether to place the message in the incoming mail queue or outing mail queue. 4. a TCP/IP internet makes possible universal delivery service. In essence. mail software on the sending machine acts as a client. Q. Although it is uncommon. the sender can always determine the exact status of a message by checking the local mail spool area. vendor independent network. For example. Figure 4. all machines attached to an internet behave as if attached to a single. sometimes called Anna University Chennai 186 . The alternative form of electronic mail delivery uses the application gateway approach.5. assume site A maps mail address x into mail address y at site B. senders will receive error messages.

electronic mail has become such an important tool that users who do not have Internet access depend on the gateways. Failures at intermediate machines may result in message loss without either the sender or the receiver being informed. it can be difficult to determine a correct electronic mail address. but that the network software does not support TCP/IP. or even to understand a sender’s intentions. and local-part is the address of a mailbox on that machine. hours or even days if it can not forward them on to the next machine. Although it may be infeasible to make the company’s network part of the global Internet. The important point is that the sender and recipient must depend on computers over which they may have no control. an electronic mail address is: NOTES 187 Anna University Chennai . as well as between TCP/IP internets and networks that do not support Internet protocols. a complete mail message is sent from the original sender to the first gateway. although gateway service is not reliable or convenient as end-to-end delivery. Message loss can also result if the mail gateways route mail incorrectly. within the internet. Thus.5. For example. while the message is in transit. addresses have a simple. easy to remember form: local-part @ domain-name where domain-name is the domain name of a mail destination to which the mail should be delivered. that company X has a large internal network and that the employees use electronic mail. it might be easy to place a mail gateway between the company’s private network and the Internet and to devise software that accepts mail messages from the local network and forwards them to the Internet. Mail gateways provide connections among standard TCP/IP mail systems and other mail systems. Neither the sender nor receiver can determine where a message has been delayed. Instead. The main disadvantage of using mail gateways is that they introduce unreliability. for example. While the idea of mail gateways may seem somewhat awkward. why are they used? The chief advantage of mail-gateways is interoperability. Within the global internet. A mail gateway can hold messages for minutes. Once it transfers a message to the first intermediate machine. the sender’s machine does not contact the recipient’s machine directly. neither the sender nor the recipient has a copy. or how long the delays will last.5 Electronic Mail Addresses A user familiar with electronic mail knows that mail address formats vary among e-mail systems. the sender’s computer discards the local copy. it can still be useful. Another disadvantage of mail gateways is that they introduce delay. Thus. 4. If e-mail gateways are less reliable than end-to-end delivery. mail relays or intermediate mail stops. Thus.DIT 116 NETWORK PROTOCOLS mail bridges. why it has not arrived. In such systems. Suppose.

The reason addresses become complex when they include non-internet sites is that the mail address mapping function is local to each machine. How is e-mail different from other applications of the Internet? What are the advantages of e-mail over postal system and telephone system? What is meant by spooling in an e-mail system? 188 Anna University Chennai .net Once the mail reached machine vsnl.edu @ vsnl. changed the percent sign (%) into an at sign (@).edu” (the local part).net. “send the mail to user ramesh at the site given by the remainder of the address. In essence. “send the message to mail exchanger vsnl.net mentioned earlier. mail gateways make addresses complex. consider the electronic mail address: ramesh % annauniv.DIT 116 NETWORK PROTOCOLS NOTES ramesh @ annauniv. making it impossible for a user to guarantee how addresses will be interpreted.net) Have you understood? 1. the site acts as if the address were parenthesized: (ramesh % annauniv.net) At a site that uses % to separate user names from destination machines.edu @ vsnl. electronic mail systems do not usually agree on conventions for precedence or quoting. someone with access to the gateway might have used the following address to reach the recipient: ramesh%annauniv.net and let that mail exchanger decide how to interpret ramesh % annauniv. More important. and used the result as a destination address to forward the mail. Someone outside the internet must either address the mail to the nearest mail gateway that connected between outside networks and the internet.. A site using the TCP/IP standard for mail would interpret the address to mean. such sites act as if the address were parenthesized: (ramesh) % (annauniv. the mail gateway software extracted local-part.edu) @ (vsnl.edu However. Thus. 3. For example. 2. some mail gateways require the local part to contain addresses of the form: user % domain-name while others require: user : domain .name and still others use completely different forms.” That is.edu @ vsnl. the same address might mean.

6. waits for the receiving machine (the server) to talk first. Usually the sequences of events that take place in SMTP are 1. What is meant by a mail box in an e-mail system? What are the advantages of aliases in e-mail systems? What are the two popular mechanisms of providing e-mail facility? What are the limitations of application-gateway approach in e-mail systems? Mention the various parts of an e-mail address with an example. Apart from the protocol used to transfer the messages between machines. additional protocols are required to enable the end users to retrieve the mail from the mailboxes.6. 4. 189 Anna University Chennai . SMTP does not specify how mail is stored or how frequently the mail system attempts to send messages. The SMTP protocol focuses specifically on how the underlying mail delivery system passes messages across an internet from one machine to another. 9. If the server is willing to accept the e-mail. 6.1 Simple Mail Transfer Protocol The standard transfer protocol is known as Simple Mail Transfer Protocol (SMTP).6 What is the transport layer protocol used by e-mail systems? List down the basic functions to be performed by an e-mail system. 4. If the message cannot be delivered. 2. (The process that waits at this port no is e-mail daemon that speaks SMTP). It does not specify how the mail system accepts mail from a user or how the user interface presents the user with incoming mail. an error report containing the first part of the undeliverable message is sent to the client. This section introduces the various types of protocols involved in sending and delivering messages. After establishing a TCP connection at port number 25. the TCP/IP protocol suite specifies a standard for the exchange of mail between machines. SMTP has been named so since it is than the earlier Mail Transfer Protocol (MTP).DIT 116 NETWORK PROTOCOLS 4. the standard specifies the exact format of messages a client on one machine uses to transfer mail to a server on another. The server starts by sending a line of text giving its identity and telling whether it is prepared to receive the mail. the sending machine. That is. 7. 3. PROTOCOLS OF E-MAIL SYSTEM NOTES In addition to message formats. 4. 8. 5. operating as the client. SMTP daemon accepts incoming connections and copies messages from them into the appropriate mailboxes. the client announces whom the e-mail is coming from and whom it is going to. 10. Also. Source machine establishes a TCP connection to port 25 of the destination machine. 5.

mail server user agent user agent SMTP SMTP \ mail server mail server user agent SMTP user agent user agent user agent Figure 4. humans can easily read a transcript of interactions between a client and server.8 SMTP Protocol Anna University Chennai 190 . programs read the abbreviated commands and 3-digit numbers at the beginning of lines the remaining text is intended to help humans debug mail software. A recipient prepares its data structures to receive a new mail message. The full response consists of the text 250 OK. As with other application protocols. the sender can transmit one or more mail messages. and replies to a MAIL command by sending the response 250.DIT 116 NETWORK PROTOCOLS NOTES These steps are depicted in figure 4.8. The end of a line marks the end of a command. the client establishes a reliable stream connection to the server and waits for the server to send a 220 READY FOR MAIL message. the client sends a HELLO command. or request the server to exchange the roles of sender and receiver so messages can flow in the opposite direction. The server responds by identifying itself. Mail transactions begin with a MAIL command that gives the sender identification as well as a FROM: field that contains the address to which errors should be reported. Upon receipt of the 220 messages. The receiver must acknowledge each message. Initially. (If the server is overloaded. it may delay sending the 220 message temporarily). Although SMTP rigidly defines the command format. It can also abort the entire connection or abort the current message transfer. Response 250 means that all is well. Communication between a client and server consists of readable ASCII text. Once communication has been established. terminate the connection.

EDU sends a message to users Jones.GOV Service closing transmission channel Figure 4. the sender issues a series of RCPT commands that identify recipients of the mail message. After all RCPT commands have been acknowledged. line feed.<CR><LF> S: 250 OK C: QUIT S: 221 Beta. The receiver must acknowledge each RCPT command by sending 250 OK or by sending the error message 550 No such user here. The receiver responds with message 354 Start mail input and specifies the sequence of characters used to terminate the mail message. Green.GOV and begins the exchange as shown in figure 4.DIT 116 NETWORK PROTOCOLS After a successful MAIL command. a DATA command informs the receiver that the sender is ready to transfer a complete mail message. The 191 Anna University Chennai .EDU S: 250 Beta. and Brown at host Beta.GOV C: MAIL FROM : < Smith @ Alpha.GOV> S: 250 OK C: DATA S: 354 Start mail input. period. and line feed. Suppose user Smith at host Alpha.9.. the server rejects recipient Green because it does not recognize the name as a valid mail destination (i.EDU> S: 250 OK C: RCPT TO : < Jones @ Beta.GOV Simple Mail Transfer Service Ready C: Hello Alpha. An example will clarify the SMTP exchange. it is neither a user nor a mailing list).GOV> S: 550 No such user here C: RCPT TO : < Brown @ Beta.e.EDU contacts the SMTP server software on host Beta. carriage return.GOV> S: 250 OK C: RCPT TO : < Green @ Beta.<CR><LF> C: … sends body of mail message… C: … continues for as many lines as message contains C: <CR><LF>. The termination sequence consists of 5 characters: carriage return. end with <CR><LF>. S: 220 Beta .9 Example of SMTP transfer NOTES In the example. the sender issues a DATA command. the SMTP client software on host Alpha. In essence.GOV.

in SMTP. most clients do not. the final delivery of the mail needs a pull protocol.10. On the other hand. the server may choose forward the mail triggered the message. they continue delivery to all valid recipients and then report problems to the original sender.2 Final Delivery SMTP is not involved in the final delivery of the mail to the recipient.DIT 116 NETWORK PROTOCOLS NOTES SMTP protocol does not specify the details of how a client handles such errors – the client must decide. the server may know the user’s new mailbox address. the client may issue the TURN command to turn the connection around. With the roles reversed the side that was originally a server sends back any waiting mail messages. to do so. If it does. SMTP is a push protocol. The other side responds with command 221. For the final delivery. The required direction for the bulk data is from the client to the server. When informing the client about the new address. Although clients can abort the delivery completely if an error occurs. Usually. Instead. In other words. SMTP allows the server to inform the client about the new address so the client can use it in the future. Whichever side controls the interaction can choose to terminate the session. the client reports errors using electronic mail. SMTP user agent SMTP access protocol user agent sender’s mail server receiver’s mail server Figure 4. the client must pull messages from the server. if a user has moved. it issues a QUIT command.10 Mail access protocol Anna University Chennai 192 . 4. The error message contains a summary of the error as well as the header of the mail message that caused the problem. For example. which means it agrees to terminate. SMTP is much more complex than we have outlined here. it pushes the message from the client to the server. Once the client has finished sending all the mail messages it has for a particular destination. currently two message access protocols are available: Post Office Protocol (POP) and Internet Mail Access Protocol (IMAP).6. the direction of bulk data (messages) is from the client to the server. or it may request that the client take responsibility for forwarding. the receiver responds 250 OK and assumes control of the connection. Both sides then close the TCP connection gracefully. The scenario is as depicted in figure 4.

3 POP3 NOTES The final delivery can be achieved with the help of a pull protocol that allows user transfer agents (on client PCs) to contact the message transfer agent (on the ISP’s machine) and allow e-mail to be copied from the ISP to the user.11a and 4. Receiver with a dial-up connection to an ISP 193 Anna University Chennai .DIT 116 NETWORK PROTOCOLS 4. Receiver with a Permanent Internet Connection POP 3 POP3 Server UA MTA SMTP Internet Sending host Mail Box ISP’s machine Dial-up Connection User’s PC Figure 4. MTA SMTP Internet UA Permanent Connection Sending host Mailbox Receiving Host Figure 4. POP3 is simple and limited in functionality. POP3 (Post Office Protocol.11a. The situations of both the sender and receiver are available on line and only the sender is on line are depicted in figures 4.6. version 3) and it is described in RFC 1939. The client POP3 software is installed on the recipient computer and the server POP3 software is installed on the mail server.11b.11b.

Upon accepting the TCP connection. As before. It then sends its user name and password to access the mailbox.isp. the server sends an ASCII message announcing that is present. The update state actually causes the e-mails to be deleted. Once the connection has been established. the POP3 protocol goes through three states in sequence: 1.DIT 116 NETWORK PROTOCOLS NOTES Mail access starts with the client when the user needs to download its e-mail from the mailbox on the mail server.Update. POP3 begins when the user starts the mail reader.12 starting after the TCP connection has been established. the lines marked C: are from the client (user) and those marked S: are from the server (message transfer agent on the ISP’s machine). it begins with +OK followed by a comment. This behavior can be observed by typing something like telnet mail.com 110 where mail. An example of the scenario is shown in figure 4. The client opens a connection to the server on TCP port 110. Transactions 3. C:RETR 1 S: (sends message 1) C:DELE 1 C:RETR 2 S: (sends message 2) C:DELE 2 C:RETR 3 S: (sends message 3) Anna University Chennai 194 .isp. Authorization 2. The transaction state deals with the user collecting the e-mails and marking them for deletion from the mail box. Usually. Telnet establishes a TCP connection to port no 110. S:+OK POP3 server ready C:USER Carolyn S:+OK C:PASS Vegetables S:+OK login successful C:LIST S:1 2505 S:2 14302 S:3 8122 S:. The authorization state deals with having the user log in. on which the POP3 server listens.com represents the DNS name of your ISP’s mail server. The user can then list and retrieve the messages one by one. The mail reader calls up the ISP (unless there is already a connection) and establishes a TCP connection with the message transfer agent at port 110.

A comparison of POP3 and IMAP is given in figure 4.13. A user can search the contents of the email for a specific string of characters prior to downloading. 195 Anna University Chennai . IMAP4 is more powerful and more complex. Then the client and retrieve messages using the RETR command and marks them for deletion with DELE. The IMAP server listens to port 143. It should be noted. that not every ISP supports both protocols. the client can then send over the LIST command.12 Interaction between the user and server using POP3 NOTES During the authorization state. After a successful login. It does not allow the user to organize her mail on the server. the client gives the QUIT command to terminate the transaction state and enter the update state. Thus. A user can create. In addition POP3 does not allow the user to partially check the contents of the mail before downloading.4 IMAP Another mail access protocol is Internet Mail access Protocol. A user can create a hierarchy of mailboxes in a folder for email storage. version 4 (IMAP4). which causes the server to list the contents of the mail box.DIT 116 NETWORK PROTOCOLS C:DELE 3 C:Quit S:+OK POP# server disconnecting Figure 4. The general style of the IMAP protocol is similar to that of POP3 as shown in Figure 4. POP3 has many limitations. IMAP4 is similar to POP3. IMPA4 provides many extra functions.6. delete or rename mailboxes. the user cannot have different folders on the server. giving the length of that message. it is important to find out which protocol(s) it supports and make sure the ISP supports at least one of them. it sends a reply and breaks the TCP connection. 4. but it has more features.19. however. Then all messages have been retrieved (and possibly marked for deletion). A user can partially download email. The list is terminated by a period. except that are there dozens of commands. This is especially useful if bandwidth is limited and the email contains multimedia with high bandwidth requirements. the client sends over its user name and then its password. A user can check the email header prior to downloading. one message per line. when choosing an e-mail program. When the server has deleted all the messages.

13 POP3 Vs IMAP Have you understood? 1. How is 24-hours delivery ensured in e-mail systems? 8. What is the necessity of off-line delivery in SMTP? 7. List down the steps involved in sending the mail by TCP. What does the code 250 indicate in SMTP? 4. a blank line. What are the limitations of SMTP? 6.1 MESSAGE FORMATS RFC 822 Messages consist of a primitive envelope. How is the word Simple justified in SMTP? 3. and for most fields. Although it was revised in RFC 2822. RFC 822 was designed decades ago and does not clearly distinguish the envelope fields from the header fields. What are the limitations of POP3? 10.7. completely redoing it was not Anna University Chennai 196 . What are the various fields present in the headers sent by the client to the server in SMTP interaction? 5. What is the sequence of states followed by POP3? 9. 2. a value. Each header field (logically) consists of a single line of ASCII text containing the field name. some number of header fields. and then the message body.DIT 116 NETWORK PROTOCOLS NOTES Feature Where is protocol defined TCP port used Where e-mail is stored Where is e-mail read Connect time required Use of server resources Multiple mailboxes Who backs up mailboxes Good for mobile users User control over downloading Partial Message downloads Are disk quotas a problem Simple to implement Widespread support POP3 RFC 1939 110 User’s PC Off-line Little Minimal No User No Little No No Yes Yes IMAP RFC 2060 143 Server On-line Much Extensive Yes ISP Yes Great Yes Yes No Growing Figure 4.7 4. a colon. Where e-mail is stored in POP3 and IMAP? 4.

In theory.14. These need not be the same. The From: field is required. The Cc: field gives the addresses of any secondary storage recipients. A line containing Received: is added by each message transfer agent along the way. The To: field gives the DNS address of the primary recipient. The Bcc: (Blind Carbon Copy) field is like the Cc: field. the date and time the message was received and other information that can be used for finding bugs in the routing system. respectively. a some what old fashioned mixing of message and envelope. The Return path: field is added by the final message transfer agent and was intended to tell how to get back to the sender. In this case. The principal header fields related to the message transport are listed in figure 4. this information.14 RFC 822 header fields related to message transport The next two fields. but it is well established. there is no distinction between the primary and secondary recipients. RFC 822 messages may also contain a variety of header fields used by the user agents or human recipients. can be gathered from all the Received: headers (except for the name of the sender’s mail box). NOTES Header To: Cc: Bcc: From: Sender: Received: Return-Path: Meaning E-mail address(es) of primary recipient(s) E-mail address(es) of secondary recipient(s) E-mail address(es) for blind carbon copies Person or people who created the message E-mail address of the actual sender Line added by each transfer agent along the route Can be used to identify a path back to the sender Figure 4. a business executive may write a message. but her secretary may be the one who actually transmits it. but the Sender: field may be omitted if it is the same as the From: field. except that this line is deleted from all copies sent to the primary and secondary recipients. These fields are needed in case the message is undeliverable and must be returned to the sender. In terms of delivery. since computers do not use carbon paper. the executive would be listed in the From: field and the secretary in the Sender: field. The line contains the agent’s identity. from: and Sender:. which then uses some of the header fields to construct the actual envelope. This feature allows people to send copies to third parties without the primary and secondary recipients knowing this. 197 Anna University Chennai . Having multiple recipients is also allowed. tell who wrote and sent the message. but it is rarely filled in as such and typically just contains the sender’s address.15.20. The most common ones are listed in figure 4.DIT 116 NETWORK PROTOCOLS possible due to its widespread usage. The term Cc: (Carbon copy) is a bit dated. In normal usage. It is entirely a psychological difference that may be important to the people involved but is not important to the mail system. the user agent builds a message and passes it to the message transfer agent. For example. In addition to the fields of figure 4.

to avoid conflicts between official and private headers.The Multipurpose Internet Mail Extension In the early days of the ARPANET. The messages sent by a secretary. quotations from greater and lesser authorities. 3. e-mail consisted exclusively of text messages written in English and expressed in ASCII. political statements and disclaimers of all kinds.15 Some fields used in the RFC 822 message header The Reply-To: field is sometimes used when neither the person composing the message nor the person sending the message wants to see the reply. who can answer questions and take orders. Users can put whatever they want here. After the headers comes the message body. 4. The field is also useful when the sender has two e-mail accounts and wants the reply to go to the other one. 2.7. on the world wide internet. The problems includes sending and receiving 1. For example.DIT 116 NETWORK PROTOCOLS NOTES Header Date: Reply-To: Message-Id: In-Reply-To: References: Keywords: Subject: Meaning The date and time the message was sent E-mail address to which replies should be sent Unique number for referencing this message later Message-Id of the message to which this is a reply Other relevant Message_Ids User-chosen keywords Short summary of the message for the one-line display Figure 4. For this environment. it is guaranteed that no future headers will use names starting with X. provided that these headers start with string X. a marketing manager writes an e-mail message telling customers about a new product. which are legal. The RFC 822 document explicitly says that the users are allowed to invent new headers for their own private use. Now a days. RFC 822 did the job completely: it specified the headers but left the content entirely upto the users. including simple ASCII cartoons. but the Reply-To: field lists the head of the sales of the department. this approach is no longer adequate. Some people terminate their messages with elaborate signatures.2 MIME. Sometimes Wiseguy undergraduates’ makeup fields like X-Fruit-of-the-Day: or X-Disease-of-the-Week:. Messages in language with accents Messages in non Latin alphabets Messages in languages without alphabets Messages not containing text at all Anna University Chennai 198 . although not always illuminating. 4.

In this scheme. While declaring the encoding does not make it legal. which users can do for themselves. The correct way to encode binary messages is to use base64 encoding. All that has to be changed are the sending and receiving programs. called MIME is now widely used. This solution. that is. The next simplest scheme is the same thing. This encoding scheme violates the (original) internet e-mail protocol but is used by some parts of the Internet that implement some extensions to the original protocol. MIME messages can be sent using the existing mail programs and protocols. The simplest scheme is just the ASCII text. but was structured to the message body and defined encoding rules for non ASCII messages. The first of these simply tells the user agent receiving the message that it is dealing with the MIME message. ASCII characters use just 7 bits and can be carried directly by the email protocol provided that no line exceeds 1000 characters. all values from 0 up to and including 255. sometimes called ASCII armor. The Content-Id: header identifies the content. having it explicit may at least explain things when something goes wrong.16 RFC 822 headers added by MIME The Content-Description: header is an ASCII string telling what is in the message. Any message not containing a MIME version header is assumed to be an English prime text message and is processed as such. MIME defines file new message headers as shown in figure 4. The basic idea of the MIME is to continue to use the RFC 822 format. This header is needs so the recipient will know whether is worth decoding and reading the message. Messages using the 8-bit encoding must still adhere to the standard maximum line length. groups of 24 bits are broken up into four 6199 Anna University Chennai .16. Five schemes are provided. and which version of MIME it uses. It also uses the same format as the standard Message-Id: header. By not deviating from RFC 822. Header MIME-Version: Content-Description: Content-Id: Content-transfer-Encoding: Content-Type: Meaning Identifies the MIME version Human-readable string telling what is in the message Unique identifier How the body is wrapped for transmission Type and format of the content NOTES Figure 4. but using 8-bit characters. The Content-Transfer-Encoding: header tells how the body is wrapped for transmission through a network that may object to most characters other than letters. If the string says “Photo of Barbara’s Hamster” and the person getting the message is not a big Hamster fan. numbers and punctuation marks.DIT 116 NETWORK PROTOCOLS A solution was proposed in RFC 1341 and updated in RFCs 2045-2049. the message will probably discarded rather than decoded into a high resolution color photograph.

The text/plain combination is for ordinary messages that can be displayed as received. The initial list of types and subtypes specified in RFC 2045 is given in Figure 4. with each unit being sent as a legal ASCII character. Content-Type: The last header shown in figure 4.23. respectively. Carriage returns and line feeds are ignored. base64 encoding is somewhat inefficient. as in Content-Type: video/mpeg The subtype must be given explicitly in the header. Let us now go briefly through the list of types. Type Text Subtype Plain Enriched Image Gif Jpeg Audio Basic Video Mpeg Application Octet-stream Postscript Message Rfc822 Partial External-body Multipart Mixed Alternative Parallel Digest Description Unformatted text Text including simple formatting commands Still picture in GIF format Still picture in JPEG format Audible sound Movie in MPEG format An uninterrupted byte sequence A printable document in PostScript A MIME RFC 822 message Message has been split for transmission Message itself must be fetched over the net Independent parts in the specified order Same message in different formats Parts must be viewed simultaneously Each part is a complete RFC 822 message Figure 4. followed by the 26 lower-case letters. the ten digits. and additional entries are being added all the time as the need arises. It specifies the nature of the message body.17 is really the most interesting one. For messages that are entirely ASCII but with a few non-ASCII characters. Instead an encoding known as quoted-printable encoding is used. The == and = sequences indicate that the last group contained only 8 or 16 bits. so they can be inserted at will to keep the lines short enough. respectively. with no encoding and no further processing. each of which has one or more subtypes.DIT 116 NETWORK PROTOCOLS NOTES bit units. This is just 7-bit ASCII. The text type is for straight ASCII text. This option allows ordinary messages to be transported in MIME with only a few extra headers. and finally + and / for 62 and 63. Arbitrary binary text can be sent safely using this scheme. “B” for 1. The coding is “A” for 0. and so on. The type and subtype are separated by a slash. Many new ones have been added since then. Seven types are defined in RFC 2045. no defaults are provided.17 The MIME types and subtypes defined in RFC 2045 Anna University Chennai 200 . with all the characters above 127 encoded as an equal sign followed by the character’s value as two hexadecimal digits.

The other defined subtype is postscript. and do. underlining. The application type is a catchall for formats that require external processing not covered by one of the other types. make different choices. the Standard Generalized Markup Language also used as the basis for the World Wide Web’s HTML. reverse video. not the soundtrack. is defined in RFC 3023. otherwise. but many others exist as well and have been added to the original list. If a movie with sound is to be transmitted separately. Many formats are widely used for storing and transmitting images now a day. Two of these GIF and JPEG are built into nearly all browsers. sub. The markup language is based on SGML. doing so is not without some danger. a suffi201 NOTES Anna University Chennai . Please note that video includes only the visual information. colors. Although a user agent can just call an external PostScript interpreter to display incoming PostScript files. smaller and larger point sizes. text/xml. If boldface and italics are available. a new audio type. Upon receiving such a stream. but others have been added since. etc can be used for emphasis. depending on the encoding system used. a new subtype text/html was added (in RFC 2854) to allow web pages to be sent in RFC 822 e-mail. they can be used. both with and without compression.DIT 116 NETWORK PROTOCOLS The text/enriched subtype allow a simple markup language to be included in the text. Given enough time. which is used to transmit still pictures. For example. italics. In addition to audio/basic. a user agent should probably display it by suggesting to the user that it be copied to a file and prompting for a file name. An octet-stream is just a sequence of uninterrupted bytes. blinking. When the web become popular. This language provides a system independent way to express boldface. and simple page layout. justification. respectively. The audio and video types are for sound and moving pictures. Many printers have built-in PostScript interpreters.and super-scripting. which refers to the PostScript language defined by Adobe Systems and widely used for describing printed pages. A subtype for the extension markup language. Different systems can. PostScript is a full-blown programming language. Subsequent processing is then up to the user. audio/mpeg was added in RFC 3003 to allow people to e-mail MP3 audio files. The next MIME type is image. Would be displayed as The time has come to the walrus said … It is up to the receiving system to choose the appropriate rendition. indentation. the message The <bold> time </bold> has come to the <italic> walrus </italic> said …. The first video format defined was the one devised by the modestly-named Moving Pictures Experts Group (MPEG).

which allows a message to contain more than one part. for example.. this program can read. In contrast to multipart.g. the RFC822 subtype should be used. If not. The message type allows one message to be fully encapsulated inside another.18. A properlydesigned user agent getting such a message would display it in PostScript if possible. the external-body subtype can be used for very long messages (e. Here a birthday greeting is transmitted both as text and a song. the alternative subtype. Parameters make it possible to reassemble all parts at the destination in the correct order. The mixed subtype allows each par to be different. video films). These attachments are sent using the multipart type.DIT 116 NETWORK PROTOCOLS NOTES ciently masochistic person could write a C compiler or a database management system in PostScript. This facility is especially useful when sending a movie to a mailing list of people. and have other nasty side effects. with no additional structure imposed.snd.g. birthday. in enriched text. and play it. with the beginning and end of each part being clearly delimited. Anna University Chennai 202 . The parts should be ordered from simplest to most complex to help recipients with pre-MIME user agents make some sense of the message(e. Displaying an incoming PostScript message is done by executing the PostScript program contained in it. allows the same message to be included multiple times but expressed in two or more different media. When a complete RFC 822 message is encapsulated inside an outer message. The final type is multipart. A multimedia is shown in figure 4. the flat ASCII text would be displayed.. a message could be sent in plain ASCII. even a pre-MIME user can read flat ASCII text). modify. only a few of whom are expected to view it (think about electronic junk mail containing advertising videos). the lyrics are displayed on the screen in story silence. Second choice would be enriched text. an FTP address is given and the receiver’s user agent can fetch it over the network at the time it is needed. Instead of including the MPEG file in the message. and in PostScript. the user agent there will fetch the sound file. Finally. If the receiver has an audio capability. For example. In addition to displaying some text. This scheme is useful for forwarding e-mail. If neither of these were possible. The parts are delimited by two hyphens followed by a (software-generated) string in the boundary parameter. Many e-mail programs allow the user to provide one or more attachments to a text message. The partial subtype makes it possible to break an encapsulated message into pieces and send them separately (for example if the encapsulated message is too long). or delete the user’s files.

The user agent ignores it. Have a nice day. movies often have an audio channel and video channel.com”. although all headers are case insensitive. some discussion groups on the internet collect messages from subscribers and then out to the group as a single multipart/digest message From: elinor@abcd. Finally.com MIME-Version:1. Movies are more effective if these two channels are played back in parallel.snd” NOTES 203 Anna University Chennai . directory=”pub”. The content-transfer-encoding is similarly required for an external body that is not encoded as 7-bit ASCII. site=”bicycle. For example.AA00747@abcd.com To: Carolyn@xyz. access-type=”anon-ftp”.com Content-Type: multipart/alternative. To indicate this slight difference in usage. instead of consecutively.DIT 116 NETWORK PROTOCOLS Note that the Content-Type header occurs in three positions within this example. The parallel subtype is used when all parts must be “viewed” simultaneously. At the top level. boundary=qwertyuiopasdfghjklzxcvbnm Subject: Earth orbits sun integral number of times This is the preamble. For example.abcd. two more possibilities exist. we have used lower case letters here. —qwertyuiopasdfghjklzxcvbnm Content-Type:text/enriched Happy birthday to you Happy birthday to you Happy birthday to dear <bold>Carolyn</bold> Happy birthday to you —qwertyuiopasdfghjklzxcvbnm Content-Type: message/external-body. the digit subtype is used when many messages are packed together into a composite message. it is required to tell the user agent what kind of an external file it is to fetch. Getting back to the subtypes for multipart messages. it indicates that the message has multiple parts.0 Message-Id:0704760941. Within each part. name=”birthday.

the device can convert in either direction between an analog audio signal and an equivalent digital representation. Thus. What is the necessity of MIME standard? 5. it examines the question of how routers in an IP network can guarantee sufficient service to provide high-quality video and audio reproduction.DIT 116 NETWORK PROTOCOLS NOTES Content-type: audio/basic Content-transfer-encoding: base64 —qwertyuiopasdfghjklzxcvbnm— Figure 4. and then decoding the digital file to reproduce the original analog signal.8. What is the multimedia support provided by MIME standard? 4.8 MULTIMEDIA APPLICATIONS This section focuses on the transfer of real-time data such as voice and video over an IP network. In addition to discussing the protocols used to transport such data.18 A multipart message containing enriched and audio alternatives Have you understood? 1. the technique does not work well for interactive exchange because placing coded audio in a file and transferring the file introduces a long delay. The most common type of codec. and software was available that allowed an individual to send audio across the internet or to the standard telephone network. Second. IP has successfully carried audio and video since its inception. Special hardware is used to form high-quality digitized audio. First. this section considers two broader issues. Known as a coder/ decoder (codec). Commercial telephone companies also began using IP technology internally to carry voice. a Anna University Chennai 204 . Although it was designed and optimized to transport data. using a conventional protocol to transfer the file.1 Audio Clips and Encoding Standards The simplest way to transfer audio across an IP network consists of digitizing an analog audio signal to produce a data file. In fact. which are known as audio clips. By the 1990s. commercial radio stations were sending audio across the internet. What is the purpose of Reply-To header? 3. file transfer is typically used to send short audio recordings. researchers began to experiment with audio transmission across the ARPANET before the internet was in place. Of course. What is the difference between Cc: and Bcc: headers of RFC 422? 2. What type of messages can’t be interpreted by RFC 422 properly? 4. it examines the question of how IP can be used to provide commercial telephone service. 4.

For example. when the output from a codec is being stored in a file). a digitized telephone call produces data at a rate of 64 Kbps. Thus. How can a network guarantee that the stream is delivered at exactly the same rate the sender used? The conventional telephone system introduced one answer: an isochronous architecture. However. with the main tradeoff being between quality of reproduction and the size of digital representation. must be engineered to deliver output with exactly the same timing as was used to generate input.2 Audio and Video Transmission and Reproduction NOTES Many audio and video applications are classified as real-time because they require timely transmission and delivery.DIT 116 NETWORK PROTOCOLS waveform coder. or use a digital compression scheme to reduce the size of the resulting output. Thus. 8000 times per second). 4. an interactive telephone call is a real-time exchange because audio must be delivered without significant delay or users find the system unsatisfactory.. The chief disadvantage of taking fewer samples or using fewer bits to encode a sample is lower quality audio – the system cannot reproduce as large a range of sounds. and with exactly the same timing. making it possible to find products that produce encoded audio at a rate of only 2. compression is most useful when delay is important (e.8. The chief disadvantage of compression is delay – digitized output must be held while it is compressed.g. For example. use fewer bits to encode each sample. he best compression either requires a fast CPU or introduces longer delay. the receiver must convert digital values to analog at exactly the same rate. Timely transfer means more than low delay because the resulting signal is unintelligible unless it is presented in exactly the same order as the original. Various systems exist that use one or more of the techniques. the conventional telephone system uses the Pulse Code Modulation (PCM) standard that specifies taking an 8-bit sample every 125 µ seconds (i. The PCM encoding produces a surprising amount of output – storing a 128 second audio clip requires one megabyte of memory.2 Kbps. because greater reduction in size requires more processing. measures the amplitude of the input signal at regular intervals and consequence of integers as input and recreates the continuous analog signal that matches the digital values. Thus. There are three ways to reduce the amount of data generated by digital encoding: take efwer samples per second. including the digital circuits.. Furthermore. Isochronous design means that the entire system.e. an isochronous system that has multiple paths between any two points must be engineered so all paths have exactly the same delay. Several digital encoding standards exist. if a sender takes a sample every 125 µ seconds. each technique has disadvantages. 205 Anna University Chennai . As a result.

19 The conceptual organization of a playback buffer When a session begins. delayed. The playback point. each transmission must contain a sequence number. is measured in time units of data to be played. Separating sequence and timing information allows a receiver to reconstruct the signal accurately independent of how the packets arrive. datagrams continue to arrive. output begins. a playback buffer cannot compensate for datagram loss. The buffer size decreases steadily as data is extracted. We have already seen datagrams can be duplicated. As playback proceeds. labeled K in the figure. the choice of K is a compromise between loss and delay.DIT 116 NETWORK PROTOCOLS NOTES An IP internet is not isochronous. the buffer is refilled. additional protocol support is required. In such cases. new data will arrive at exactly the same rate old data is being extracted and played. each transmission must contain a timestamp that tells the receiver at which time the data in the packet should be played back.19 illustrates. If K is too large. To handle jitter. Thus. Variance in delay is called jitter. Items inserted at a variable rate Items extracted at a fixed rate K Figure 4. it allows the receiver to pause during playback the amount of time specified by the timestamps. and played continues uninterrupted for K time units. and is especially pervasive in IP networks. To allow meaningful transmission and reproduction of digitized signals across a network with IP semantics. the sysAnna University Chennai 206 . playback eventually reaches an unfilled position in that buffer. the receiver delays playback and places incoming data in the buffer. If K is too small amount of jitter causes the system to exhaust the playback buffer before the needed data arrives. playback begins when a receiver has accumulated K time unit’s worth of data. Such timing information is especially critical when a datagram is lost or if the sender stops encoding during periods of silence. meaning the buffer will always contain exactly K time units of unplayed data. To handle datagram duplication and out-of-order delivery. playback is unaffected. When a delay datagram arrives. known as the playback point. If a datagram experiences a small delay. Furthermore. and output pauses for a time period corresponding to the missing data. When data in the buffer reaches a predetermined threshold. or arrive out of order. A Jitter and Playback Delay How can a receiver recreate a signal accurately if the network introduces jitter? The receiver must implement a playback buffer as figure 4. If there is no jitter. Of course.

but the extra delay. Have you understood? 1. Instead. when added to the transmission delay in the underlying network. Figure: 4. The sixteen-bit SEQUENCE NUM field contains a sequence number for the packet. most applications that send real-time data across an IP internet depend on playback buffering as the primary solution for jitter. Despite the disadvantages.DIT 116 NETWORK PROTOCOLS tem remains immune to jitter. 5. What is the limitation of basic digitization technique in interactive exchange between the client and server? 2. VER P X CC M PTYPE SEQUENCE NUM TIMESTAMP SYNCHRONIZATION SOURCE IDENTIFIER CONTRIBUTING SOURCE ID …. Define jitter. RTP provides two key facilities: a sequence number in each packet that allows a receiver to detect out-of-order delivery or loss. Instead. The first sequence number in a particular session is chosen at random.. including both audio and video. What is meant by a playback application? 4. such guarantees must be made by the underlying system. the X bit is used to specify whether the extension is present in the packet. the current version is 2. Because RTP is designed to carry a wide variety of real-time data. each packet begins with a fixed header. RTP does not contain mechanisms that ensure timely delivery. Interestingly. Figure 4.. RTP does not enforce a uniform interpretation of semantics. If the application type allows an extension.20 Illustration of the fixed header used in RTP. and a timestamp that allows a receiver to control playback. As the figure shows. Mention the sampling rate and data rate of PCM. each packet begins with a two-bit RTP version number in field VER.20 illustrates the format of RTP’s fixed header. 4. The interpretation of most of the remaining fields in the header depends on the seven-bit PTYPE 207 Anna University Chennai . fields in the header specify how to interpret remaining header files and how to interpret the payload. may be noticeable to users. Some applications define an optional header extension to be placed between the fixed header and the payload.9 REAL-TIME TRANSPORT PROTOCOL (RTP) NOTES The protocol used to transmit digitized audio or video signals over an IP internet is known as the Real-Time Transport Protocol (RTP). What is the function of a codec? 3.

The four-bit CC field gives a count of contributing sources. The mixer combines the audio streams (possibly by converting them back to analog and resampling the resulting signal). imagine that individuals at multiple sites participate in a conference call using IP. the standard allows the timestamp in two packets to be identical. if video data is being transmitted. Each source must choose a unique 32-bit identifier. the timestamp granularity needs to be higher than one tick per frame to achieve smooth playback. and sends the result as a single digital stream. a maximum of 15 sources can be listed. 4.. And Multicasting A key part of RTP is its support for translation (i. The field labeled SYNCHRONIZATION SOURCE IDENTIFIER specifies the source of a stream. Instead. changing the encoding of a stream at an intermediate station) or mixing (i. the protocol includes a mechanism for resolving conflicts if they arise. receiving streams of data from multiple sources. Interpretation of the M (“marker”) bit also depends on the application. The payload type also affects the interpretation of the TIMESTAMP field. if a stream of audio data is being transmitted over RTP. which means that each application can choose a clock granularity that allows a receiver to position item in the output with accuracy appropriate to the application. if the data in the two packets was sampled at the same time. The P bit specifies whether zero padding follows the payload. and sending the result).g. The standard specifies that the timestamp for a session chosen at random. with the initial timestamp for a session chosen at random. even during periods when no signal is detected and no values are sent.9..DIT 116 NETWORK PROTOCOLS NOTES field that specifies the payload type. but it does not specify the exact granularity. Fields in the RTP header identify the sender and indicate whether mixing occurred. In any case. the beginning of each frame when sending video). the group can designate a mixer. combining them into a single stream.1 Streams. To minimize the number of RTP streams. it is used by applications that need to mark points in the data stream (e. it is used with encryption that requires data to be allocated in fixed-size blocks. However. a logical timestamp granularity of one clock tick per sample is appropriate. When a mixer combines multiple streams. For example. the mixer becomes the synchronization source for the new stream. Information about the original sources is not lost. the granularity is determined by the payload type.e.. however. Anna University Chennai 208 . To understand the need for mixing. The standard specifies that the timestamp is incremented continuously. because the mixer uses the variable-size CINTRIBUTING SOURCE ID field to provide the synchronization IDs of streams that were mixed together.e. Mixing. A timestamp is a 32-bit value that gives the time at which the first octet of digitized data was sampled. and arrange for each site to establish an RTP session to the mixer.

4. Thus.. if it functioned like a conventional transport protocol. however. imagine a teleconference that includes many participants.9. Furthermore. although is allowed. A companion protocol and integral part of RTP. captions to accompany a video stream). However. Instead. Indeed. Unicasting requires a station to send a copy of each outgoing RTP packet to each participant. RTP chooses an even numbered UDP port. RTCP. 4.3 RTP Control Protocol So far. provides the needed control functionality. The chief advantage of using UDP is concurrency – a single computer can have multiple applications using RTP without interference. meaning that each RTP message is encapsulated in a UDP datagram. the combination of mixing and multicast results in substantially fewer datagrams being delivered too each participating host. and the remote application must be informed about the port number.g. a port is allocated for use with each session. an application might choose a lower-bandwidth encoding when the underlying network becomes congested. Finally. Instead. In fact. With multicasting. By convention. known as the RTP Control Protocol (RTCP). To understand why. RTP runs over UDP. RTP does not function like a transport protocol. another aspect of real-time transmission is equally important: monitoring of the underlying network during the session and providing out of band communication between the end points.2 RTP Encapsulation NOTES Its name implies that RTP is a transport-level protocol.9. which combines them into a single stream before multicasting. For example. the following section explains that a companion protocol.DIT 116 NETWORK PROTOCOLS RTP is designed to work with IP multicasting. RTCP mes- 209 Anna University Chennai . uses the next port number. Unlike many of the application protocols we have seen. all sources can unicast to a mixer. our description of real-time transmission has focused on the protocol mechanisms that allow a receiver to reproduce content. RTP would require each message to be encapsulated directly in an IP datagram. direct encapsulation in IP does not occur in practice. if mixing is used. and mixing is especially attractive in a multicast environment. Such a mechanism is especially important in cases where adaptive schemes are used. RTCP allows senders and receivers to transmit a series of reports to one another that contain additional information about the data being transferred and the performance of the network. or a receiver might vary the size of its playback buffer when network delay or jitter changes. RTP does not use a reserved UDP port number. an out-of-band mechanism can be used to send information in parallel with the real-time data (e. which will be delivered to al participants. a station to send one copy of the packet.

21 The five RTCP message types The bye and application specific messages are the most straight forward. Receiver reports are important for two reasons. First. The adaptive scheme guarantees that the total control traffic will remain less than 5% of the real time data traffic. the cumulative and percentage packet loss experienced. Anna University Chennai 210 . because RTP requires a separate stream for each media type. and the inter-arrival jitter. Senders periodically transmit a sender report message that provides an absolute timestamp. Figure 4. A sender transmits a bye message when shutting down a stream. time since the last RTCP report arrived from the source. A section specifies the highest sequence number packet received from the source. and are sent using a protocol number one greater than the port number of the RTP stream to which they pertain.21 lists the types. and that receiver reports generate less than 75% of the control traffic.DIT 116 NETWORK PROTOCOLS NOTES sages are encapsulated in UDP for the transmission. Each receiver report identifies one or more synchronization sources and contains a separate section for each. RTCP uses five basic message types to allow senders and receivers to exchange information about a session. they allow all receivers participating in a session as well as a sender to learn about rereporting to avoid using excessive bandwidth and overwhelming the sender. To understand the need for a timestamp. In particular. Receivers periodically transmit receiver report messages that inform the source about conditions of reception. The absolute timestamp in a sender report is essential because it provides the only mechanism a receiver has to synchronize multiple streams. The absolute timestamp information allows a receiver to play the two streams simultaneously. recall that RTP allows each stream to choose a granularity for its timestamp and that the first timestamp is chosen t random. the transmission of video and accompanying audio requires two streams. For example. Type 200 201 202 203 204 Meaning Sender report Receiver report Source description message Bye message Application specific message Figure 4. an application that sends a closed caption to accompany a video stream might choose to define an RTCP messages that supports closed captioning. The application specific message type provides an extension of the basic facility to allow the application to define a message type.

and user is a login name. Third. a mechanism is needed to establish and terminate telephone calls. a character string in the form. the only required field consists of a canonical name for the stream owner. or other textual notes about the source. researchers are exploring ways an IP internet can be made to function like an isochronous network. telephone number. Have you understood? 1. “what additional technologies are needed before IP can be used in place of the existing isochronous telephone system?” although no simple answer exists. researchers are investigating three components. The question arises. optional fields in the source description contain further details such as the user’s e0-mail address (which may differ from the canonical name). Given a telephone number. Whether RTP itself has any mechanism to ensure timely delivery? Justify your answer. What is RTP? 2. Specifically. What is the purpose of SEQUENCENUM field in RTP header? 4. SS7 performs call routing before any audio is sent. 6. 3.DIT 116 NETWORK PROTOCOLS In addition to the periodic sender report messages. the signaling mechanism used in the conventional Public Switched Telephone Network (PSTN) is signaling system 7 (SS7). Whether RTCP is an independent protocol or not? Justify your answer. Second. What type of QoS report is provided by RTCP? 4. it forms a circuit through 211 Anna University Chennai . we have seen that a protocol like RTP is needed to transfer a digitized signal across an IP internet correctly.10 IP TELEPHONY AND SIGNALING NOTES One aspect of real-time transmission stands out as especially important: the use of IP as the foundation for telephone service. For example. the geographical location of the site. What is the purpose of TIMESTAMP field in RTP header? 5. What are the five message types of RTCP? 8. senders also transmit source description messages which provide general information about the user who owns or controls the source. user@host where host is either the domain name of the computer or its IP address in dotted decimal form. the contents are intended for humans to read. Known as IP telephony or voice over IP. Each message contains one section for each outgoing RTP stream. The telephone industry uses the term signaling to refer to the process of establishing a telephone call. the idea is endorsed by many telephone companies. Whether RTP is a transport layer protocol or application layer protocol? Justify your answer. 7. the application program or tool used to create the stream. First.

DIT 116 NETWORK PROTOCOLS NOTES the network. or exchange copies of documents. To obtain permission to place outgoing calls and enable the phone system to correctly route incoming calls. A call can be initiated on either side of the gateway. it specifies how multiple protocols can be combined to form a functional IP telephony system. H.10. in addition to gateways. SS& also handles details such as call forwarding and error conditions such as the destination phone being busy.1 H. signaling functionality must be available. rings the designated telephone. The standard has been extended to allow transmission of voice over IP internets. For example. Thus. after signaling is complete and a call has been established. it must be possible to translate between the signaling used with IP and standard PCM encoding.323 is not a single protocol. Furthermore. H. Before IP can be used make phone calls. Instead. the gateway translates and forwards the request.323 Standards The ITU originally created H. Thus. the two signaling mechanisms will have equivalent functionality.323. and the IETF has proposed a signaling protocol known as the Session Initiation Protocol (SIP). In addition to specifying a protocol for the transmission of real-time voice and video. H. The next sections summarize the two approaches. translating from the encoding used on one side to the encoding used on the other. 4. As a consequence.22.323 defines devices known as gatekeepers that each provides a contact point for telephones using IP. each IP telephone must register with a gatekeeper.323 to allow the transmission of voice over local area network technologies.323 framework allows participants to transfer data. the H. and connects the circuit when the phone is answered. Two groups have proposed standards for IP telephony. send still images. and telephone companies are expected to adopt it. H. the gateway must forward voice in both directions. the gateway must also translate and forward the response.323 relies on the four major protocols listed in figure 4. Anna University Chennai 212 . When a signaling request arrives. IP telephony must be compatible with extant telephone standards – it must be possible for the IP telephony system to interoperate with the conventional phone system at all levels.323 includes the necessary protocols. a pair of users engaged in an audio-video conference can also share an on-screen whiteboard. The general approach to interoperability uses a gateway between the IP phone system and the conventional phone system. Finally. The ITU has defined a suite of protocols known as H. to enable adoption by the phone companies.

and control. Signaling IP h. SDP is especially important in a conference call. real-time data encoding and transfer (both voice and video). signaling. protocol port number. The protocols used by H. the suite of protocols covers all aspects of IP telephony.323 for IP telephony Together. and can receive incoming calls. with servers being divided into two types. because participants join and leave the call dynamically. SDP specifies details such as the media encoding. or as a redirect server that tells a caller how to reach the destination.23 Relationship among protocols of H. user @ site). including phone registration.245 Control TCP Data applications T.323 4.120 data Figure 4. the Session Description Protocol (SDP). It is assigned an identifier (e.0 H.g..323 called the Session Initiation Protocol (SIP).323 functionality. An intermediate server functions as a proxy server that can forward an incoming call request to the next proxy server along the path to the phone.10.22. Thus.245 RTP T. that only covers signaling.. To provide information about a call. Sip uses client-server interaction.225 Registr. The second type of server is intermediate (i. the entire suite ultimately depends on UDP and TCP running over IP. as the figure shows..2 Session Initiation protocol (SIP) The IETF has proposed an alternate to H. 213 Anna University Chennai . SIP relies on a companion protocol.120 Purpose Signaling used to establish a call Control and feedback during the call Real-time data transfer(sequence and timing) Exchange of data associated with a call NOTES Figure 4.225. Audio/video applications Video codec Audio codec RTP UDP RTCP Signaling and control H. SIP does not supply all of H. between two SIP telephones) and handles tasks such as call set up and call forwarding. Figure 4. it does not recommend specific codecs nor does it require the use of RTP for real-time transfer. and multicast address.DIT 116 NETWORK PROTOCOLS Protocol H. A user agent server runs in a SIP telephone.e.225 H.23 illustrates relationships among the protocols that comprise H.323.

how should it be implemented? A major controversy surrounds the two questions. On one hand. implementations. Technologies like ATM that were derived from the telephone system model provide QoS guarantees for each individual connection. On the other hand.10. The differentiated services scheme sacrifices fine grain control for less complex forwarding. by dividing the existing resources among more users.10. However.3 Resource Reservation and Quality Of Service The term Quality of Service (QoS) refers to statistical performance guarantees that a network system can make regarding loss. a network with 1% utilization does not need QoS. and Capacity The debate over QoS is reminiscent of earlier debates on resource allocation such as those waged over operating system policies for memory allocation and processor scheduling. First. The QoS controversy has produced many proposals. An isochronous network that is engineered to meet strict performance bounds is said to provide QoS guarantees. Anna University Chennai 214 . Finally. QoS may become an economic issue – by associating higher prices with higher levels of service. Is guaranteed QoS needed for real-time transfer of voice and video over IP? If so. One of the major arguments against complicated QoS mechanisms arises from improvements in the performance of underlying networks. As long as rapid increases in capacity continue. Second. while a packet switched network that uses best effort delivery is said to provide no QoS guarantee.DIT 116 NETWORK PROTOCOLS NOTES 4. the internet is already used to send audio. Network capacity has increased dramatically. by shaping the traffic from each user. engineers who designed the telephone system insist that toll-quality voice reproduction requires the underlying system to provide QoS guarantees about delay and loss for each phone call. they make the system more “fair”. and a network with 101% utilization will fail under any QoS mechanisms achieve two goals. QoS mechanisms merely represent unnecessary overhead. and experiments. The central issue is utilization: when a network has sufficient resources for all traffic. throughput. ISPs can use cost to ration capacity. Utilization. That is. delay. Although it operates without QoS. QoS constraints are unnecessary.4 QoS. if demand rises more rapidly than capacity. engineers who designed IP insist that the Internet works reasonably well without QoS guarantees and that adding per-flow QoS is infeasible because routers will make the system both expensive and slow. while a packet switched network that uses best effort delivery is said to provide no QoS guarantees. they allow the network to run at higher utilization without danger of collapse. the IETF adopts a conservative differentiated services approach that divides traffic into separate QoS classes. no QoS system can satisfy all user’s demands. when traffic exceeds network capacity. 4. and jitter.

as datagrams traverse the flow. the endpoint sends a request message to reserve resources for the flow. the procedure can be viewed as a form of signaling. and all routers along the path must agree to supply the resources. Second.4. The latter is sometimes referred to as traffic shaping. QoS cannot be added to IP at the application layer. Instead.e. RSVP operates before any data is sent. There are two aspects.1 RSVP If QoS is needed. the basic infrastructure must change – routers must agree to reserve resources (e. Control of queuing and forwarding is needed for two reasons.. nor does approval of a flow in one direction imply approval in the other. First. The work produced a pair of protocols: the Resource Reservation Protocol (RSVP) and the Common Open Policy Services (COPS) protocol.10. Because RSVP uses existing routing. NOTES 215 Anna University Chennai . before data is sent. each endpoint must use RSVP to request a flow. the datagram carrying the message uses the router alert option to guarantee that routers examine the message. RSVP handles reservation requests and replies. the endpoints must send a request that specifies the resources needed. is needed to ensure that the traffic sent on a flow does not exceed the specified bounds. bandwidth) for each flow between a pair of endpoints. unidirectional). To initiate an end-to-end flow. how can an IP network provide it? Before announcing the differentiated services solution. If all systems along the path agree to honor the request. The router must implement a queuing policy that meets the guaranteed bounds on delay. routers need to monitor and control traffic forwarding. After it receives a reply to its path message. nor does it enforce policies once a flow has been established. there is no guarantee that the two flows will pass through the same routers. Monitoring. For example. RSVP returns a positive reply. If an application requires QoS guarantees in two directions. Instead. If any router along to the path denies the request. and is necessary because network traffic is often bursty.g. an endpoint first sends an RSVP path message to determine the path to the destination. the IETF worked on a scheme that can be used to provide QoS in an IP environment. It is not a routing protocol.DIT 116 NETWORK PROTOCOLS 4. sometimes called traffic policing. a flow that specifies an average throughput of 1 Mbps may have 2 Mbps of traffic for a millisecond followed by no traffic for a millisecond. Each RSVP flow is simplex (i. each router that forwards the request along to the destination must agree to reserve the resources the request specifies. the router uses RSVP to send a negative reply back to the source. The request specifies QoS bounds desired.. A router can reshape the burst by temporarily queuing incoming datagrams and sending them at a steady rate of 1 Mbps. and the router smooth packet bursts.

e. When a router receives a RSVP request. when a router receives an RSVP request. 216 2.10. whether the request lies within policy constraints). 3.323 is a single protocol or not? Justify your answer.DIT 116 NETWORK PROTOCOLS NOTES 4. 2. and processing power that is routers must agree to the same set of policies. Although COPS defines its own message header. What are the two standards available for voice traffic in IP networks? Whether H. 4. Each page may contain links to other pages anywhere in the world. What is SIP? What is RSVP? What is COPS? Summary 1. and send the result to a PDP. whether the router has the resource to satisfy the request) and policies (i. a router must evaluate two aspects: feasibility (i. COPS uses the same format as RSVP for individual items in a request message.e. place them in a COPS message. In addition to fetching and displaying web pages. often just called pages for short. The COPS protocol defines the client-server interaction between a router and a PDP (or between a router and a local PDP if the organization has multiple levels of policy servers). the router must operate as a Policy Enforcement Point PEP to ensure traffic does not exceed the approved policy. with client-server interaction between the levels. the underlying format shares many details with RSVP. The client side of the web is the browser program.. In particular. To implement global policies.2 COPS When an RSVP request arrives. the browser has to catch mouse clicks to items on the displayed page. browser is a program that is used to fetch and display the web pages. worldwide collection of documents or Web pages. Web is one of the services provided by the Internet and is composed of a vast. The World Wide Web (WWW) is an open ended information retrieval system for accessing linked documents spread out over millions of machines all over the Internet. the IETF architecture uses a two-level model. it can extract items related to policy.. If a PDP approves a request. it merely evaluates requests to see if they satisfy global policies. Anna University Chennai . 5.4. The PDP does not handle traffic. From the user’s point of view. Thus. 3. Feasibility as a local decision – a router can decide how to manage the bandwidth. it becomes a client that consults a server known as a Policy Decision Point (PDP) to determine whether the request meets policy constraints. Have you understood? 1. memory.

The web has been made as a stateless one intentionally to follow the design philosophy ‘Keep It as Simple as Possible’. a TCP connection is established at port number 80. e-mail and telnet as well. The plug-in runs as a part of the browser. Some mechanisms to improve the capability of web servers is to maintain a cache in memory of the n most recently used files. getting the file from disk becomes the bottleneck in fetching the web page since it involves the secondary storage devices. but to deal with FTP. A helper application is a complete program and runs as a separate process. 10. Most browsers have numerous buttons and features to make it easier to navigate the Web. the stateless approach 217 NOTES Anna University Chennai . This is the major difference between text based browsers like Lynx and commercially successful browsers like Netscape Navigator and Internet Explorer. opens the file. With such improvements only web servers in e-commerce and e-business applications can cope up with the demand. returns the file to the client and releases the TCP connection Among the various operations performed by the web server. To fetch a web page. 11. Technically a browser is a HTTP client and HTML interpreter. 8. 6. A plug-in is a code module that the browser fetches from a special directory on the disk and installs as an extension to itself. Fetching a web page requires three questions to be answered namely What is the page called? Where is the page located? How can the page be accessed? The addressing scheme of the web by name Uniform Resource Locator (URL) is composed of three parts namely protocol (How can the page be accessed?).DIT 116 NETWORK PROTOCOLS 4. many improvements are required in the basic design of a web server. news. If the web server has a very large client base (with more probability for simultaneous requests). However. Then it gets the name of the file requested. and displays the contents. making the server multithreaded with or without a front end and using a set of CPUs to create a server farm. A web server accepts a TCP connection from a client (a browser). It accepts the name of a scratch file where the content file has been stored. making all the specialized user interface programs for those other services unnecessary and thus integrating nearly all the Internet access into a single program. The server actually retrieves the file from the disk. 9. After the plug-in has done its job. 14. Helper applications are alternate to plug-ins in supporting the file types that can’t be interpreted by the browser. the domain name part of the URL is mapped into its equivalent IP address with the help of DNS. the plug-in is removed from the browser’s memory. 15. 13. URLs have been designed to not only allow users to navigate the web. 7. 16. domain name (Where is the page located?) and the file name (What is the page called?). The data rate at which the secondary storage devices operate is considerably less than that of the rate at which the processor operates. the request is made and the response is obtained. Gopher. the Web browser. 12. 5.

The protocol used by the client and the server in the process of transferring the web documents or pages is Hyper Text Transfer Protocol (HTTP). An e-mail system has to support off-line delivery also and hence the application should be able to deliver the message even if the recipient is not on line. 18. By amortizing the TCP setup and release over multiple requests. the relative overhead due to TCP is much less per request. 21. Electronic mail is one of the services provided by the Internet to the users who have an e-mail account to exchange the messages among themselves. 20. Basic functions of an e-mail system are composition of messages. The specification of HTTP discusses about the methods that are used by the client and the server through which various types of requests are made and the responses are obtained. allowing the sender to proceed with other computational activities. Cookies are just files or strings. Persistent connections refer to the ability to send additional requests and get additional responses over the same TCP connection. HTTP 1. Some of them are used as request headers and some of them are used as response headers. not executable programs. IMAP etc. To overcome the limitation of the stateless nature of the web.0 does not support persistent connections. To support the off-line delivery the mail system uses a technique known as spooling. Mail delivery is a new concept because it differs fundamentally from other services of the Internet. the system places a copy of the mail in its private storage (spool) area then initiates the transfer to the remote machine as a background activity. HTTP 1. reporting of messages. Browsers store these cookies in a cookie directory on the client’s hard disk. 22. That is. In this technique. Few headers can be used as both request as well as response headers. 19. suffers from many limitations in the context of e-commerce and e-business applications. 23. 26. 25. In addition to the actual method. Netscape came up with the idea of cookies. The greatest advantage of e-mail is that it reaches the recipient anywhere in the world within few minutes.0. HTTP messages are to be provided with the required additional information called headers. HTTP is basically a request/response scheme. Once the reply is sent the connection is released. In HTTP 1. 218 Anna University Chennai . the web client (the browser) establishes a connection with the web server and makes a single request and the server sends the single response over the established connection. displaying of messages and disposing of messages. 24. SMTP is the protocol used by the mail servers to transfer the messages among themselves and the end delivery of message sis provided by protocols like POP#. which is additional information sent along with the requested page. transfer of messages.DIT 116 NETWORK PROTOCOLS NOTES 17.1 supports persistent connections.

ii. yet SMTP uses TCP in a half-duplex fashion. what is the minimum number of network round trips to send a small message? TCP is a full duplex protocol. i. How do Windows and UNIX handle helper applications? What are the functions of a proxy server? 5. RFC 822 standard supports only ASCII messages and do not support nonASCII messages like multimedia applications and messages of non-Latin alphabets. 2. a blank line. Sender and receiver are in the same system (shared system) Sender and receiver are on two different systems One of the user is separated from his system (Connected through a network to the mail server) Both the users are connected to their mail servers through networks. Each header field consists of a single line of ASCII text containing the field name. The basic idea of the MIME is to continue to use the RFC 822 format. for example. NOTES Exercises 1. and then the message body. 29. a single write that contains the HELO. but was structured to the message body and defined encoding rules for non ASCII messages. 7. a colon. Write short notes on web based e-mail. 6. known as the RTP Control Protocol (RTCP). The protocol used to transmit digitized audio or video signals over an IP internet is known as the Real-Time Transport Protocol (RTP). a value. The client sends a command then stops and waits for the reply. RTP does not contain mechanisms that ensure timely delivery. RTCP allows senders and receivers to transmit a series of reports to one another that contain additional information about the data being transferred and the performance of the network. provides the needed control functionality. 30. Interestingly.DIT 116 NETWORK PROTOCOLS 27. iv. Messages of e-mail systems consist of a primitive envelope. 8. RCPT. 219 Anna University Chennai . some number of header fields. The basic RFC was revised and the revised standard is called MIME. 3. 28. MAIL. and for most fields. such guarantees must be made by the underlying system. A companion protocol and integral part of RTP. iii. Excluding the connection establishment and termination. Why doesn’t the client send multiple commands at once. DATA and QUIT commands? How can the half-duplex operation of SMTP fool the slow start mechanism when the network is running near capacity? Explain the steps involved in displaying the web pages that have other file types apart from HTML. 4. Explain the transfer of mail in the following scenarios.

iv. If this technique is used. the message from the receiving server (the web server) to B’s browser is done through HTTP. Six round trips: the HELO command. If the log-in name and password match. ii. body of the message and QUIT. Two common sites are Hotmail and Yahoo. Mail transfer from A’s browser to his mail box is done through HTTP. HTTP is used. When B needs to retrieve his mail. He then needs to send the message through the LAN or WAN. What are the built-in short cuts supported by certain sites in the usage of URLs? Mention the major characteristic features of HTTP. A needs to use the UA to send his message to the system at his own site. The system receives the message and reads it. This is legal and is called pipelining. iii. which includes the log-in name and the password. The MTA client establishes a connection with the MTA server on the system. The client sends a request to the MAA server. RCPT. he sends a message to the website. Anna University Chennai 220 . Answers 1. The system (sometimes called the mail server) at his site uses a queue to store messages waiting to be sent. The messages need to be sent over the Internet. Unfortunately there exist brain-damaged SMTP receiver implementations that clear their input buffer after each command is processed. B can retrieve and read the contents of his mailbox at his convenience using the UA. B need to retrieve it. MAIL. and requests the transfer of the messages. When A needs to send a message to B. which is running all the time. Instead of POP3 or IMAP. which is running all the time. A needs a UA to prepare his message. Whenever A has a message to send. 10. causing this technique to fail. we need another set of client-server agents. The system at A’s site queues all messages received. After the message has arrived at B’s mail server. naturally the client cannot discard the message until all the replies have been checked to verify that the message was accepted by the server. 2. 3. The idea is very simple. he runs a User Agent (UA) program to prepare the message and store it in B’s mailbox. This can be done through a pair of MTAs (client and server). Finally. in turn calls the MTA client. Note that we need two pairs of MTA client-server programs. Here we need UAs and Mail Transfer Agents (MTAs).DIT 116 NETWORK PROTOCOLS NOTES 9. It then uses an MTA client to send the messages to the system at B’s site. DATA. The website sends a form to be filled in by B. The transfer of the message from the sending mail server to the receiving mail server is still through SMTP. B also needs a UA program to retrieve messages stored in the mailbox of the system at his site. Electronic mail is such a common application that some websites today provide this service to anyone who accesses the site. B uses an MAA client to retrieve his messages. i. 4. the e-mail is transferred from the web server to B’s browser in HTML format. which we call Message Access Agents (MAAs). she calls the UA which. Here.

which the network might not be able to handle. as are pages in a few other built-intypes. When a web server returns a web page. the registration process is completely automatic in Windows operating system. and improves latency. when the file named is a directory. the client must be configured to access the proxy instead of the target server. one side (usually a browser) must send an HTTP request to which the other side responds.html in that directory. helper application) associations. the proxy server sends the request to the corresponding server.html. It assumes a reliable. connection-oriented transport protocol such as TCP. Another frequently used shortcut is ~user/ might be mapped onto the user’s WWW directory and then onto the file index. a null file name defaults to the organization’s main home page. 9. If all five make it through to the server without retransmission. On UNIX. However. such as video/mpg. If the body is large. The user must manually update certain configuration files. Consider the round trips because of HELO. Pages of type text/html are just displayed directly. 8.DIT 116 NETWORK PROTOCOLS 5. Once a transport section has been established. If the MIME type is not one of the built-in ones. to use the proxy server. iii. 6. NOTES 221 Anna University Chennai . the browser consults its table of MIME types to tell it how to display the page. MAIL. Typically. RCPT. The server does not keep a history of previous requests or previous sessions. 7. The HTTP client sends a request to the proxy server. it registers the MIME types it wants to handle. capturing the type for itself. The proxy server checks its cache. As a consequence. Each is a small command (probably a single segment) that places little load on the network. decreases traffic. Each HTTP request is self-contained. At many sites. On Windows. Many sites have built-in shortcuts for file names. the congestion window could be six segments when the body is sent. What happens is that the last program to register overwrites (MIME type. ii. the registration process is generally not automatic. the client could send the first six segments at once. Hence in UNIX. but does not provide reliability or retransmission itself. this implies a file named index. the administrators have better control over plug-ins and helper applications. Incoming responses are sent to the proxy server and stored for future requests from other clients. installing a new program may change the way a browser handles existing types. That is. If the response is not stored in the cache. it also returns some additional information about the page. This table associates a MIME type with a viewer. A proxy server is a computer that keeps copies of responses to recent requests. when a program is installed on the computer. This mechanism leads to conflict when multiple viewers are available for some subtype. 10. This information includes the MIME type of the page. DATA and body of the message. The proxy server reduces the load on the original server. HTTP supports proxy servers.i. HTTP operates at the application level.

a browser caches a copy of each web page it retrieves. vii. A sender can specify the capabilities it offers and a receiver can specify the capabilities it accepts. HTTP allows a machine along the path between a browser and a server to act as a proxy server that caches web pages and answers a browser’s request from its cache. HTTP also allows transfer from a browser to a server (e. vi.. iv. HTTP allows browsers and servers to negotiate details such as the character set to be used during transfers.DIT 116 NETWORK PROTOCOLS NOTES In most cases. To improve response time. and the server transfers a copy to the browser. when a user submits a so-called “form”). Anna University Chennai 222 . a browser requests a web page. If a user requests a page again. HTTP allows the browser to interrogate the server to determine whether the contents of the page has changed since the copy was cached. v.g.

we are going to discuss a protocol by name Simple Network Management protocol (SNMP) that is exclusively meant for network management. A small network can be effectively managed using the routine network administration and ICMP protocol. This unit also discusses about firewalls that block all unauthorized communication between computers in the organization and computers outside the organization. collectively known as IP Security (IPsec) that provides the secure communication in the network. This unit introduces the various features and issues of the next generation IP by name IPv6.DIT 116 NETWORK PROTOCOLS UNIT . Moreover.1 INTRODUCTION All the applications we have discussed in the previous sections work properly only if the underlying network is managed effectively. Another feature we discuss in this unit is the future of TCP/IP protocol stack. In this unit. a subset of ASN. Regarding network security. This becomes necessary since IPv4 suffers from the major limitations of exhaustion of address space and inability to support applications that are delay sensitive.5 NOTES 5. When the size of a network is small exclusive software for network management may not be required.2            LEARNING OBJECTIVES To understand the necessity for exclusive software for network management To learn the functional modules of network management To study about the basic components of SNMP To study about the Abstract Syntax Notation To learn about Structure of Management Information. However. we are going to discuss a collection of protocols. in a large network (especially internetworks) ICMP alone is not sufficient to manage the network. we can expect the optimal performance from these applications only if the security is ensured in the network. 5.1 To discuss about the Management Information Base To study about the interaction between the NMS and the Agent To understand the various message types supported by SNMP To understand the possible security breaches in a network To understand the features of IPsec To study about the implementation of firewalls 223 Anna University Chennai .

network management is a service that employs a variety of tools. As companies realized the cost benefits and productivity gains created by network technology. and devices to assist human network managers in monitoring and maintaining networks. and accounting management. applications. and monitoring the resources of a network. In some cases. and high-end workstations generating real-time graphical views of network topology changes and traffic. it involves a solitary network consultant monitoring network activity with an outdated protocol analyzer. fault management. By the mid-1980s. planning. In the early 1980s. Each new network technology requires its own set of experts. Network management refers to the maintenance and administration of large-scale computer networks and telecommunications networks at the top level. Network management is the execution of the set of functions required for controlling. The problems associated with network expansion affect both day-to-day network operation management and strategic network growth planning. An urgent need arose for automated network management (including Anna University Chennai 224 . frequency allocation. it is necessary to monitor the behavior of the various devices in the network in order to utilize the resources of the network optimally and to achieve the maximum performance. Network management means different things to different people. performance management. the staffing requirements alone for managing large. cryptographic key distribution authorization. autopolling of network devices. including performing functions such as initial network planning. allocating. However. bandwidth management. In general. predetermined traffic routing to support load balancing.3 To understand the limitations of IPv4 To study about the basic IPv6 header To study about the extension header of IPv6 To understand about the various addressing schemes supported by IPv6 To have an exposure to the features of IPv6 that are debatable NETWORK MANAGEMENT In small to medium sized networks. deploying. network management involves a distributed database. as the size of the network increases apart from the routine administration. the need for explicit network management does not arise. security management. In other cases. The early 1980s saw tremendous expansion in the area of network deployment. heterogeneous networks created a crisis for many organizations. configuration management.DIT 116 NETWORK PROTOCOLS NOTES      5. coordinating. they began to add networks and expand existing networks almost as rapidly as new network technologies and products were introduced. certain companies were experiencing growing pains from deploying many different (and sometimes incompatible) network technologies.

Well-known network management protocols include the Simple Network Management Protocol (SNMP) and Common Management Information Protocol (CMIP).1 Network Management Architecture NOTES Most network management architectures use the same basic structure and set of relationships.1 depicts a typical network management architecture. Managed devices. Figure 5. Figure 5. several. system shutdown. Agents are software modules that first compile information about the managed devices in which they reside. management entities are programmed to react by executing one. but agents in the managed devices respond to all polls. run software that enables them to send alerts to the managing devices when they recognize problems.1 A Typical Network Management Architecture Maintains Many Relationships 225 Anna University Chennai . Polling can be automatic or user-initiated. and automatic attempts at system repair.DIT 116 NETWORK PROTOCOLS what is typically called network capacity planning) integrated across diverse environments. or a group of actions. 5. including operator notification. Any Network Management System (NMS) has two basic entities namely managing device and managed device. Upon receiving these alerts. Management proxies are entities that provide management information on behalf of other entities. Management entities also can poll end stations to check the values of certain variables.3. event logging. and finally provide it (proactively or reactively) to management entities within NMSs via a network management protocol. then store this information in a management database. such as computer systems and other network devices.

3. Finally.DIT 116 NETWORK PROTOCOLS NOTES 5. network simulation can be used to project how network growth will affect performance metrics. Version 4. Configuration Management The goal of configuration management is to monitor network and system configuration information so that the effects on network operation of various versions of hardware and software elements can be tracked and managed. for example.2 ISO Network Management Model The ISO has contributed a great deal to network standardization. When performance becomes unacceptable because of an exceeded user-defined threshold.2 Ethernet interface. performance data is gathered on variables of interest to network administrators.1 226 Anna University Chennai . Version 5.4 TCP/IP software. Version 2. Performance management also permits proactive methods: For example. Performance Management The goal of performance management is to measure and make available various aspects of network performance so that internetwork performance can be maintained at an acceptable level. Examples of performance variables that might be provided include network throughput. Such simulation can alert administrators to impending problems so that counteractive measures can be taken. user response times. Each of the steps just described is part of the process to set up a reactive system. the system reacts by sending a message. the data is analyzed to determine normal (baseline) levels. Its network management model is the primary means for understanding the major functions of network management systems. Performance management involves three main steps. Version 1. Management entities continually monitor performance variables. may be configured as follows:       Operating system. appropriate performance thresholds are determined for each important variable so that exceeding these thresholds indicates a network problem worthy of attention.0 NetWare software. Version 5. and line utilization. When a performance threshold is exceeded. This model consists of the following five conceptual areas. An engineering workstation. Version 3. Each network device has a variety of version information associated with it. Second. an alert is generated and sent to the network management system. First.1 Serial communications controller.1 NFS software.

notify users of. Then the problem is fixed and the solution is tested on all-important subsystems. From this point. Some correction. Version 3. ongoing measurement of resource use can yield billing information as well as information used to assess continued fair and optimal resource utilization. For some users. Fault Management The goal of fault management is to detect. for example. Fault management involves first determining symptoms and isolating the problem. As with performance management. and usage quotas can be set at this point. Such regulation minimizes network problems (because network resources can be apportioned based on resource capacities) and maximizes the fairness of network access across all users. 227 Anna University Chennai . A security management subsystem. Because faults can cause downtime or unacceptable network degradation. the detection and resolution of the problem is recorded. access to information originating from a particular department is inappropriate. Version 1. the first step toward appropriate accounting management is to measure utilization of all important network resources. Security management subsystems work by partitioning network resources into authorized and unauthorized areas. For other (internal) network users.25 software. Access to Human Resource files. for example. can monitor users logging on to a network resource and can refuse access to those who enter inappropriate access codes. When a problem occurs. fault management is perhaps the most widely implemented of the ISO network management elements. will be required to reach optimal access practices. Analysis of the results provides insight into current usage patterns.1 NOTES Configuration management subsystems store this information in a database for easy access. is inappropriate for most users outside the Human Resources department. log. Accounting Management The goal of accounting management is to measure network utilization parameters so that individual or group uses on the network can be regulated appropriately. and to the extent possible automatically fix network problems to keep the network running effectively. Security Management The goal of security management is to control access to network resources according to local guidelines so that the network cannot be sabotaged (intentionally or unintentionally) and sensitive information cannot be accessed by those without appropriate authorization.DIT 116 NETWORK PROTOCOLS   X.0 SNMP software. Finally. mostly because such users are usually company outsiders. of course. access to any network resource is inappropriate. this database can be searched for clues that may help solve the problem.

files. Give some examples for the metrics that are used to measure the performance of a network. Have you understood? 1. 5. They identify sensitive network resources (including systems. SNMP enables network administrators to manage network performance. They also monitor access points to sensitive network resources and log inappropriate access to sensitive network resources. and plan for network growth. The architecture of SNMP is shown in figure 5. Like ISO/OSI which never became popular.4 SIMPLE NETWORK MANAGEMENT PROTOCOL The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. What are the functional areas of management according to ISO/OSI reference model? 4.1 Basic Components An SNMP-managed network consists of five key components: managed devices. find and solve network problems. 5. management information and a management protocol. Please note the word ‘simple’ in SNMP. What are the two basic entities of a Network Management System? 3. and other entities) and determine mappings between sensitive network resources and user sets. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. What is the necessity of network management in large networks? 2. agents. CMIP is a full fledged network management system aimed at designing and implementing a network management protocol through which networks based on ISO/ OSI reference model. What is the purpose of the network management protocol in NMS? 5.4. This implies that this network management is simple in comparison with CMIP.2 Anna University Chennai 228 . it is enough to design and implement a Simple Network Management Protocol that suits TCP/IP networks. network-management systems (NMSs) (or management stations).DIT 116 NETWORK PROTOCOLS NOTES Security management subsystems perform several functions. Researchers of networks realized the fact that instead of trying to design a full fledged network management protocol like CMIP. CMIP also never became popular.

DIT 116 NETWORK PROTOCOLS NOTES Figure 5. or printers. called an SNMP agent. Network management is done from management stations. general-purpose computers running special management software. hubs. which are. switches and bridges. Managed devices collect and store management information and make this information available to NMSs using SNMP. An agent is a network-management software module that resides in a managed device. Managed devices. can be routers and access servers. issuing commands and getting responses. sometimes called network elements. The management stations contain one or more processes that communicate with agents over the network. To be managed directly by SNMP. An agent has local knowledge of management information and translates that information into a form compatible with SNMP. computer hosts. a node must be capable of running an SNMP management process.2 SNMP Architecture A managed device is a network node that contains an SNMP agent and that resides on a managed network. in fact. all the intelligence is in the Anna University Chennai 229 . In this design.

1 is a formal notation used for describing data transmitted by telecommunications protocols. 230 Anna University Chennai .DIT 116 NETWORK PROTOCOLS NOTES management stations. whether complex or very simple. bit strings (BIT STRING). whatever the application. This protocol allows the management stations to query the state of an agent’s local objects. each device maintains one or more variables that describe its state. Many management stations have a graphical user interface to allow the network manager to inspect the status of the network and take action when required. To make multivendor communication possible. While definitions in C would satisfy the first requirement. The heart of the SNMP model is the set of objects managed by the agents and read and written by management station..4. The one used by SNMP is taken from OSI and called ASN.2 Abstract Syntax Notation In SNMP. character strings (IA5String. it is essential that these objects be defined in a standard and vendor-neutral way. The management station interacts with the agents using a management protocol (SNMP). booleans (BOOLEAN). Therefore. In order to allow a management station to talk to the diverse components of the network. Most of SNMP consists of this queryresponse type communication. and change them if necessary. a standard way is needed to encode them for transfer over a network. a network management system has to describe the exact information each kind of agent has to maintain and the format it has to supply it in. but the term is misleading because they are not objects in the sense of an object oriented language because they have just state and no methods.1 (Abstract Syntax Notation One). ASN. in order to keep the agents as simple as possible and minimize their impact on the devices they are running on. Furthermore. The notation provides a certain number of pre-defined basic types such as:     integers (INTEGER). along with encoding rules. regardless of language implementation and physical representation of these data. a standard object definition language. 5. these variables are called objects. Having the management station ask a router what its packet loss rate is of no use if the router does not keep track of its loss rate. is needed. For this reason. UniversalString. In the SNMP literature. the nature of the information maintained by all the devices must be rigidly specified.).. such definitions do not define a bit encoding on the wire in such a way that a 32bit 2’s complement little-endian management station can exchange information unambiguously with an agent on a 16-bit one’s complement big-endian CPU.

1 should be encoded for transmission (i.1 is that this notation is associated with several standardized encoding rules such as the BER (Basic Encoding Rules).1 definition can be contrasted to the concept in ABNF (Augmented BackusNaur Form) of “valid syntax”. enabling rapid and reliable transmission of extensible messages which is a notable advantage in wireless broadband. regardless of machine. data. or in XSD (XML Schema Definition) of a “valid document”.1 has been an international standard since 1984. which prove useful for applications that undergo restrictions in terms of bandwidth. That is. ASN. choice between types (CHOICE). ASN. C and C++. without any of the necessary semantic linkages. lists (SEQUENCE OF).e. or a very compact packed encoding format. programming language.1 also supports popular programming languages such as Java. etc. and supported by run-time libraries providing encoding and decoding of representations in either an XML (Extensible Markup Language) or a TLV (Type Length Value) format. An ASN. and provides support for. One of the main reasons for the success of ASN.1 offers extensibility which addresses the problem of. ASN. etc.1 only covers the structural aspects of information (there are no operators to handle the values once these are defined or to make calculations with).. or more recently the PER (Packed Encoding Rules). and makes it possible to define constructed types such as: structures (SEQUENCE). ASN. ASN. or how it is represented in an application program. Tools on almost all operating systems support ASN. its encoding rules are mature and have a long track record of reliability and interoperability.. These encoding rules describe how the values defined in ASN.1 type in order to restrict its set of values. Unlike many other syntaxes which claim to be extensible.1.1 sends information in any form (audio. where the focus is entirely on what are valid encodings of data. NOTES Subtyping constraints can be also applied on any ASN. without concern with any meaning that might be attached to such encodings. Because ASN.1’s encodings are more streamlined than many competing notations. how they can be translated into the bytes ‘over the wire’ and reverse). Therefore it is not a programming language. the interworking between previously deployed systems and newer. updated versions designed years apart. video.1 definition can be readily mapped (by a pre-run-time processor) into a C or C++ or Java data structure that can be used by application code.) anywhere it needs to be communicated digitally. ASN.DIT 116 NETWORK PROTOCOLS    etc. as well as older ones including 231 Anna University Chennai .

Anna University Chennai 232 .1 tools that have been used for a long time. As an example of ASN.1 is widely used in industry sectors where efficient (low-bandwidth. date Date.1’s universality. There are a lot of well-tested ASN. items SEQUENCE OF Order-line} Order-header ::= SEQUENCE { number Order-number. client Client. there are less likely to be costly delays in bringing new products to market or. The company requires that its protocol have the following features:    The orders are collected locally at the sales outlets They are transmitted to the warehouse. recalling products based on new code that hasn’t been sufficiently tested for flaws. there are tools that have been ported to over 150 different computing platforms. payment Payment-method } Order-number ::= NumericString (SIZE (12)) Date ::= NumericString (SIZE (8)) — MMDDYYYY Client ::= SEQUENCE { name PrintableString (SIZE (1. transfer of biometric information). but is also being used in sectors where XML-encoded data is required (for example. ASN.20)). where the delivery procedure should be managed An account of the delivery must be sent back to the sales outlets through the client’s order This protocol can be specified with the two following ASN..1 modules: Module-order DEFINITIONS AUTOMATIC TAGS ::= BEGIN Order ::= SEQUENCE { header Order-header. lowtransaction-cost) computer communications are needed.DIT 116 NETWORK PROTOCOLS NOTES COBOL. even worse. Suppose a company owns several sales outlets linked to a central warehouse where stocks are maintained and deliveries start from. Using such tools.

visa(1). quantity Quantity. millimetres INTEGER.50)) OPTIONAL. price Cents } Item-code ::= NumericString (SIZE (7)) Label ::= PrintableString (SIZE (1. american-express(4) } Order-line ::= SEQUENCE { item-code Item-code. country PrintableString (SIZE (1. diners(3).DIT 116 NETWORK PROTOCOLS street PrintableString (SIZE (1. delivery SEQUENCE OF Delivery-line } Delivery-line ::= SEQUENCE { item Item-code.30)) Quantity ::= CHOICE { unites INTEGER. credit-card Credit-card. quantity Quantity } END 233 NOTES Anna University Chennai .30)). milligrammes INTEGER } Cents ::= INTEGER Delivery-report ::= SEQUENCE { order-code Order-number.. number NumericString (SIZE (20)). expiry-date NumericString (SIZE (6)) — MMYYYY — } Card-type ::= ENUMERATED { cb(0). eurocard(2). cash NULL } Credit-card ::= SEQUENCE { type Card-type... postcode NumericString (SIZE (5)). town PrintableString (SIZE (1.20)) DEFAULT default-country } default-country PrintableString ::= “France” Payment-method ::= CHOICE { check NumericString (SIZE (15)). label Label..

1 types are unambiguously converted to a sequence of bytes for transmission. H.1 transfer syntax defines how values of ASN. It is also necessary the converted bytes should be properly decoded on the receiver side. Item-code. Application layer protocols such as X.1 encoding rules facilitates the exchange of structured data especially between application programs over networks by describing data structures in a way that is independent of machine architecture and implementation language. It is also extensively used in the Access and Non-Access Strata of UMTS. question3 Order-number. X. Order-number FROM Module-order . Quantity. question2 Item-code.1 Anna University Chennai 234 ..400 electronic mail. }.1 to describe the PDUs they exchange.500 and LDAP directory services.1 defines the abstract syntax of information but does not restrict the way the information is encoded.DIT 116 NETWORK PROTOCOLS NOTES Protocol DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS Order.1 encoding rules include:  Basic Encoding Rules (BER)  Canonical Encoding Rules (CER)  Distinguished Encoding Rules (DER)  XML Encoding Rules (XER)  Packed Encoding Rules (PER)  Generic String Encoding Rules (GSER) ASN. Delivery-report.1 encoding rules provide the transfer syntax (a concrete representation) of the data values whose abstract syntax is described in ASN. }} END ASN.. Various ASN. answer2 Quantity. The standard ASN.323 VoIP and SNMP use ASN. answer CHOICE { answer1 Delivery-report. ASN. . There are many other application domains of ASN.1 together with specific ASN. answer3 Delivery-report. .1.. PDU ::= CHOICE { question CHOICE { question1 Order..

“Alternative encodings are permitted by the basic encoding rules as a sender’s option. such as the XML Encoding Rules and ASN. and where necessary.1 document series. The key difference between the BER format and the CER or DER formats is the flexibility provided by the Basic Encoding Rules. This format allows a receiver to decode the ASN. Other alternative formatting rules. Each data element is encoded as a type identifier. content. which attempt to improve on BER performance and size. The BER syntax. a value that is made up of multiple smaller. without requiring any pre-knowledge of the size. such as the Packed Encoding Rules. both CER and DER restrict the available length specifications to a single option.690 standard. For example. Receivers who claim conformance to the basic encoding rules shall support all alternatives”. an end-of-content marker.DIT 116 NETWORK PROTOCOLS Among the above set of transfer syntaxes BER is the most popular one and used by SNMP. the structure of length information. are defined by the ITU-T’s X. These types of encodings are commonly called type-length-value or TLV encodings.1 parlance. There is a common perception of BER as being “inefficient” compared to alternative encoding rules. In NOTES 235 Anna University Chennai . the actual data elements. specify the exact octet sequences which are used to encode a given data item. along with two subsets of BER (the Canonical Encoding Rules and the Distinguished Encoding Rules).1 data structures.1 standard for encoding abstract information into a concrete data stream. The rules. which is part of the ASN. but results in a larger encoded data stream than necessary. The BER format specifies a self-describing and self-delimiting format to encoding the ASN. By contrast. which still provide the flexibility of BER but use alternative encoding schemes. These implementations rely on the flexibility that BER provides to use encoding logic that is easier to implement. The most popular of these are XML-based alternatives. or semantic meaning of the data. It has been argued by some that this perception is primarily due to poor implementations.1 SOAP. when encoding a constructed value (that is. are also being developed. and the means for defining complex or compound types based on more primitive types. already-encoded values). The syntax defines such elements as: the representations for basic data types. collectively referred to as a transfer syntax in ASN.1 information from an incomplete stream. not necessarily any inherent flaw in the encoding rules.690 standards document. it has led to a number of alternative encoding schemes. the sender can use one of three different forms to specify the length of the data. a length description. Whether this inefficiency is reality or perception. The Basic Encoding Rules were the original rules laid out by the ASN. A receiver must be prepared to accept all legal encodings in order to legitimately claim BER-compliance. As stated in the X.

a low-end router might not support the TCP group.1. there is a standard mapping to convert an XML Schema to an ASN. and most cellular phone services use ASN. which can then be encoded using BER. which goes by the ungainly name of Structure of Management Information (SMI) that is really used to define the SNMP data structures. since not all may be applicable to the device.1 with BER to encode encrypted messages and their digital signature or digital envelope. SNMP variables are defined as individual objects. Despite its perceived problems.3 Structure of Management Information RFC 1422 first says that ASN. a vendor supporting a module need not support all of its groups.1) that are needed. the revision history. such as ISDN. On the other hand. It is this sub-super-set of ASN.1 standard that does not want and adding new definitions (in ASN. Many telecommunication systems. LDAP messages are encoded using BER. this call is followed by an invocation of the OBJECT-IDENTITY macro. then it goes on for 57 pages scratching out parts of the ASN. which tells where the module fits in the naming tree as shown in the figure.4. there are no BEGIN-GROUP and END-GROUP statements in ASN. Anna University Chennai 236 . BER is a popular format for transmitting data.1 schema. Later on come one or more invocations of the OBJECT-TYPE macro. For example. Related objects are collected together into groups. Its parameters provide the name and address of the implementer. and other administrative information. A router might support the IP group. RFC 1442 defines four key macros and eight new data types that are heavily used throughout SNMP. The OBJECT-TYPE macro has four required parameters and four optional ones.1 will be used to describe SNMP data structures. groups exist for IP objects and TCP objects. The SNMP protocol specifies ASN. The first required parameter is SYNTAX and defines the variable’s data type from among the following types. The digital signature standard PKCS #7 also specifies ASN. and groups are assembled into modules.1 with BER to some degree for transmitting control messages over the network. particularly in systems with different native data encodings. All MIB modules start with an invocation of the MODULE_IDENTITY macro. At the lowest level. However.DIT 116 NETWORK PROTOCOLS NOTES addition. 5. which name the actual variables being managed and specify their properties. Typically. toll-free call routing. since it need not use TCP to perform its routing functions. In particular. since its manager cares about how many packets it has lost. It is the intention that vendors supporting a group support all the objects in that group.1 with BER as its required encoding scheme.1 or SMI. Grouping variables into groups is done by convention.

These integers traverse a tree structure. and then wraps back to 0. Each byte has a value between 0 and 255.3. In the BER encoding used for this data type and the next. similar to the DNS or a UNIX file system.. but are allocated by some organization that has responsibility for a group of identifiers. since the values are being queried. with 1 byte foe each byte of the IP address.1. By “authoritative” we mean that these identifiers are not assigned randomly. 32 NOTES Gauge: A nonnegative integer between 0 and 232-1. UDP and TCP port numbers are between 0 and 65535). Figure 5.294. a count of number of bytes in the string precedes the string.967. not set. An object identifier is a sequence of integers separated by decimal points. (A 0-length string is OK).g. OCTET STRING: A string of 0 or more 8-bit bytes. but latches at its maximum value. OBJECT IDENTIFIER: An object identifier is a data type specifying an authoritatively named object. It is used. some are defined as taking on specific values (e. These strings are not null-terminated strings. All variables of this type in the MIB-II must contain no more than 255 characters. it stays there until reset. PhysAddress: An OCTET STRING specifying a physical address (e. DisplayString: A string of 0 or more 8-bit bytes. and others are defined with a minimum and maximum value (e. the MTU of an interface). the IP forwarding flag is 1 if forwarding is enabled or 2 if forwarding is disabled). if the value increments to 232-1. All variables in the MIB start with the object identifier 1. a 6-byte Ethernet address). as the value of all the variables in a get or get-next request.6. That is. whose value can increase or decrease.g. 237 Anna University Chennai . IpAddress: An OCTET STRING of length 4. There is an unnamed root at the top of the tree where the object identifiers start.1.. for example.g. (This is the same direction of tree traversal that’s used with a UNIX file system).295)..3 shows the structure of this tree when used with SNMP..2. Counter: A nonnegative integer whose value increases monotonically from 0 to 2 -1 (4.DIT 116 NETWORK PROTOCOLS INTEGER: Some variable are declared as an integer with no restrictions (e. NULL: This indicates that the corresponding variable has no value. The MIB variable tcpCurrEstab is an example: it is the number of TCP connections currently in the ESTABLISHED or CLOSE_WAIT state.g. but each byte must be a character from the NVT ASCII set.

udpLocalPort. then we have a simple vector (a one-dimensional array). For example. (By “active” we mean ports currently in use by an application. containing the local IP address. in the range 0 through 65535. with all elements having the same data type. Different variables can specify this counter from a different epoch.3  Part  of ASN. We can think of it as a two-dimensional array or table.1  object  naming  tree Anna University Chennai 238 . such as an integer. specifying the local port number. Figure 5. we will see that the MIB defines a SEQUENCE named UdpEntry containing information about an agent’s active UDP end points.) Two entries are in the structure:   udpLocalAddress. For example. of type INTEGER. SEQUENCE OF: This is the definition of a vector. If each element has a simple data type. the variable sysUpTime is the number of hundredths of a second that the agent has been up. so the epoch used for each variable of this type is specified when the variable is declared in the MIB.DIT 116 NETWORK PROTOCOLS NOTES TimeTicks: A counter that counts the time in hundredths of a second since some epoch. SEQUENCE: This is similar to a structure in the C programming language. of type IpAddress. But we will see that SNMP uses this data type with each element of the vector being a SEUQENCE (structure).

DIT 116 NETWORK PROTOCOLS 5.1.4 Management Information Base From the perspective of a network manager. encoded representations of the names. called a protocol. These branches and those that fall below each category have short text strings and integers to identify them. and joint ISO/CCITT.4. Text strings describe object names. or network components such as routers or intelligent repeaters.1. called managed systems. servers.1. called managing systems. most of the computer processing burden is assumed by the NMS.6. To promote interoperability. The object identifier in the Internet MIB hierarchy is the sequence of numeric labels on the nodes along a path from the root to the object. The exchange of information between managed network devices and a robust NMS is essential for reliable performance of a managed network. NOTES 239 Anna University Chennai . For example.org. the Cisco MIB variable authAddr is an object name and is denoted by number 5. The root of the tree is unnamed and splits into three main branches: Consultative Committee for International Telegraph and Telephone (CCITT).2. cooperating systems must adhere to a common framework and a common language. The NMS runs the network management applications that present management information to network managers and other users.9. The Internet standard MIB is represented by the object identifier 1.internet.mgmt. that protocol is the Simple Network Management Protocol (SNMP).3. It also can be expressed as iso. as shown in figure 5. and those observed and controlled. Because some devices have a limited ability to run management software.1. The most common managing system is called a network management system (NMS).dod. Managed systems can include hosts.6.1.5. In the Internet Network Management Framework. while integers allow computer software to create compact.4.3.4. which is listed at the end of its object identifier number 1. International Organization for Standardization (ISO). network management takes place between two major types of systems: those in control.2.mib. The MIB structure is logically represented by a tree hierarchy as shown in figure 5.4a.

4a  Internet  MIB  Hierarchy The collection of objects managed by SNMP is defined in the MIB. (Note that mib-2 corresponds to SNMPv2 and that object 9 is no longer present) Anna University Chennai 240 . For convenience.DIT 116 NETWORK PROTOCOLS NOTES Figure 5. which correspond to the ten nodes under mib-2 in figure 5. these objects are (currently) grouped into ten categories.4b.

4b The object groups of the internet MIB-II The ten categories are intended to provide a basis of what a management station should understand. Although space limitations prevent us from delving into the details of all 175 objects defined in MIB-II. and vendors are free to define additional objects for their products. The AT group was present in MIB-I and provided information about address mapping (e..4b. no known route to the destination or lack of resources). It keeps track of the number of packets and bytes sent and received from the network.g. New categories and objects will certainly be added in the future. and the current output queue size. This information was moved to protocolspecific MIBs in SNMPv2. The IP group deals with IP traffic into and out of the node. and description of the equipment Network interfaces and their measured traffic Address translation (deprecated) IP packet statistics Statistics about ICMP messages received TCP algorithms.DIT 116 NETWORK PROTOCOLS Group System Interfaces AT IP ICMP TCP UDP EGP Transmission SNMP # Objects 7 23 3 42 26 19 6 20 0 29 Description Name. a few comments may be helpful. All these items are particular important for managing routers. the number of broadcasts. Statistics about datagram fragmentation and reassembly are also available. and what it is supposed to do. The time of the last boot and the name and address of the contact person are also provided. The ten categories are summarized in figure 5. parameters. location. This information means that a company can contact our system management to another company In a distant city and have the latter be able to easily figure out what the configuration being managed actually is who should be contacted if there are problems with various devices.. I is especially rich in counters keeping track of the number of packets discarded for each of a variety of reasons (e. Ethernet to IP addresses). 241 Anna University Chennai . where it is located. and statistics UDP traffic statistics Exterior gateway protocol traffic statistics Reserved for media-specific MIBs SNMP traffic statistics NOTES Figure 5. who made it. The system group allows the manager to find out what the device is called. the number of discards. The interfaces group deals with the network adapters.g. what hardware and software it contains.

segments sent and received. The Set operation is used by the NMS to set the values of object instances within an agent. 5. with comments delineating the ten groups. The Get operation is used by the NMS to retrieve the value of one or more object instances from an agent. How many messages are being sent. GetNext. it does not provide any values. The purpose of including an empty group in MIB-II is to reserve the identifier {internet 2 1 9} for such purposes. If the agent responding to the Get operation cannot provide values for all the object instances in a list. the data type is given along with an English text description of what the variable is used for. it has a counter for each ICMP message that records how many of that type have been seen. The GetNext operation is used by the NMS to retrieve the value of the next object instance in a table or a list within an agent. came in and were forwarded correctly. Basically. Ethernet-specific statistics can be kept here. and came in and were discarded. Anna University Chennai 242 . and managed devices return responses.5 Protocol Operations SNMP is a simple request/response protocol. The interaction between the managing device and managed device is illustrated in figure 5.DIT 116 NETWORK PROTOCOLS NOTES The ICMP group is about IP error messages. This behavior is implemented by using one of four protocol operations: Get. The UDP group logs the number of UDP datagrams sent and received. Set. The bulk of RFC 1213 consists of 175 macro calls similar to those of figure 7-36. It keeps tack of how many packets of what kind went out. The transmission group is a place holder for media-specific MIBs. MIB-II is formally defined in RFC 1213. The Trap operation is used by agents to asynchronously inform the NMS of a significant event. For example. The network-management system issues a request. For each of the 175 objects defined. what kind of messages are they. and various error statistics.4. The TCP group monitors the current and cumulative number of connections opened. and so on. and Trap.5. the reader is referred to this RFC. and how many of the latter were undeliverable due to an unknown port or some other reasons. The EGP group is used for routers that support the exterior gateway protocol. The last group is for collecting statistics about the operation of SNMP itself. For further information about MIB-II.

Manager-to-manager capability.DIT 116 NETWORK PROTOCOLS NOTES Figure 5.4. and protocol operations. Message Get-request Get-next-request Get-bulk-request Set-request Inform-request SnmpV2-trap Description Requests the value of one or more variables Requests the variable following this one Fetches a large table Uploads one or more variables Manager-to-manager message describing local MIB Agent-to-manager trap report Figure 5.6. The SNMPv2c combined the community-based approach of SNMPv1 with the protocol operation of SNMPv2 and omitted all SNMPv2 security features.6 Versions of SNMP SNMPv1 was the standard version of SNMP.5 Interaction between Managing device and Managed device in SNMP The important types of SNMP messages are summarized in figure 5. One notable deficiency in SNMP was the difficulty in monitoring networks.6 SNMP Message Types 5. Another major deficiency in SNMP was the 243 Anna University Chennai . The SNMPv2 was created as an update of SNMPv1 with several features. A substantial functional enhancement to SNMP was achieved by the definition of a set of standardized management objects referred to as the Remote Network Monitoring MIB (RMON MIB) objects. as opposed to nodes on networks. The key enhancements of SNMPv2 are focused on the SMI.

The SNMPv1 framework distinguishes between application entities and protocol entities. 15. 12. improved sets. SNMPv2c have expanded data types of 64-bit counter. 13. the concept of an authentication service is expanded to include other services. What is the purpose of Set-request message of SNMP? Anna University Chennai 244 . 9.1 used for network management. Have you understood? 1. 4. SNMPv3 defines two security-related capabilities. 3. 7. these are renamed as applications and engines respectively. 2. SNMPv3 was formed mainly to address the deficiencies related to security and administration. In SNMPv3. authorization and access control and remote configuration and administration capabilities. In SNMPv3. 10. What are the functions of an agent in a managed device? What are the functions of an NMS in a managing device? Give some examples for the type of information to be maintained by the agents.DIT 116 NETWORK PROTOCOLS NOTES complete lack of security facilities. Justify this statement. The SNMPv1 framework also introduces the concept of an authentication service supporting one or more authentication schemes. namely USM (Universal subscription Module) and VACM (View based Access Control Model). The SNMPv1 framework introduces access control based on a concept called an SNMP MIB view. SNMPv2c provides several advantages over SNMPv1.1? Mention the advantages of BER over other transfer syntax rules? SMI is a subset of ASN. 6. 8. such as privacy. It calls for improved efficiency and performance by introducing the GETBULK operation. The development of SNMPv3 was based on the security issues. and a fine tuned Data Definition Language are some of the advantages of SNMPv2c over the SNMPv1. Both the versions v1 and v2c lack the security-related features like authentication. 5. Confirmed event notification is sought by the introduction of the Inform operator. privacy. The SNMPv3 framework specifies a fundamentally similar concept called view-based access control. Enhanced error handling approach. 11. What is the necessity of ASN in SNMP? Why is ASN preferred in representing the information by the agents? How many layers form the application component of a network reference model? What are the layers present in the transport component of a protocol stack? What are the various types of transfer syntaxes supported by ASN. Differentiate between Get-request and Get-next-request message types of SNMP. 14. What is an object identifier in SMI? What is meant by a Management Information Base? Mention the ten categories of objects maintained by MIB.

physical security extends to the cables. Perimeter security allows an organization to determine the services and networks it will make available to outsiders and the extent to which outsiders can use resources. it is very difficult to formulate the security policies so that everyone’s need is satisfied. services. Security is required on every computer and every node of the network. Even if one of the nodes of the network is compromised. Providing security in a networked system is more difficult than providing security in a stand alone system since systems can’t function in isolation in a network.DIT 116 NETWORK PROTOCOLS 5. and routers that comprise the network 245 Anna University Chennai . including assurance of data integrity. the network has to provide really useful services to its users. Of course.5. if at all. bridges. the whole network may become insecure. 5. we will not permit the external data to enter the network. no network is completely secure. It is important because information has significant value – information can be bought and sold directly or used indirectly to create new products and services that yield high profits. Perimeter security solves the problem only up to certain extend because to carry out the business transactions it becomes necessary to permit the external traffic to enter the network. and freedom from disruption of service. Security implies safety. In the first approach. freedom from snooping or wiretapping. There are two basic approaches to network security. Providing security for information requires protecting both physical and abstract resources.5 NETWORK SECURITY NOTES Providing the information security is the basic requirement of a computer network. they will not be able to interpret it. Organizations make an effort to secure networks for the same reason they make an effort to secure buildings and offices. and networks can trust one another as well as understanding the technical details of network hardware and protocols. Physical resources include passive storage devices such as disks and CDROMs as well as active devices such as users’ computers.1 Aspects of Information Security The terms network security and information security refer in a broad sense to confidence that information and services available on a network cannot be accessed by unauthorized users. Another type of security is encrypting the information so that even if unauthorized users get the information. basic security measures can discourage crime by making it significantly more difficult. Security in an internet is difficult because security involves understanding when and how participating users. computers. Security in an internet environment is even more important and difficult. In a network environment. just as no physical property is absolutely secure against crime. Since various organizations with different interests constitute the internet. freedom from unauthorized access of computational resources. This approach is called perimeter security.

Authentication: The system must allow two communicating entities to validate each other’s identity. This should not permit masquerading. others are available only to the employee’s boss. and a statement of how the organization will react to violations. the rules an individual must follow in disseminating the information to others.5. Indeed. or unaware of an organization’s information policy can compromise the best security.g.. some part of an employee’s record are available only to the personnel office. although physical security is seldom mentioned.DIT 116 NETWORK PROTOCOLS NOTES infrastructure. physical security can prevent wiretapping. A worker who is malicious.2 Security Policy Before an organization can enforce network security.5. since it may be too costly. disabling a router to cause packets to be routed through an alternative. Information security encompasses many aspects of protection: Data Integrity: Protection of information from unauthorized change Data Availability: Data should be always available for authenticate and legitimate users Privacy or Confidentiality: The system must prevent outsiders from making copies of data as it passes across a network or understanding the contents if copies are made. Protecting an abstract resource such as information is usually difficult than providing physical security because information is elusive. security for information usually needs to be more restrictive (e. less secure path). Good physical security can also eliminate sabotage (e. it is not always possible for the sender and the receiver to communicate through their own network. Obviously. 5. and others are available to the payroll office). However.) is easy to implement since the entire network comes under a single authority. 5. Corporate networks etc. Humans are usually the most susceptible point in any security scheme. the organization must assess risks and develop a clear policy regarding information access and protection. careless. the system must prevent a retransmitted copy of a packet from being accepted. it often plays an important role in an overall security plan. Hence it becomes necessary for the sender and the recipient Anna University Chennai 246 .g.3 Internet Security Security in a private network (LANs. Replay Avoidance: To prevent outsiders from capturing copies of packets and using them later. The policy specifies who will be granted access to each piece of information. As the size of the network (in terms of the number of users and services offered) devising the information security is the most challenging area of information security.. Authorization: Although physical security often classifies people and resources into broad categories.

Why is it difficult to provide security in public networks? IP SECURITY (IPSEC) NOTES The Internet should be provided security features if it is to be used as a medium for serious applications like e-commerce. This need is accepted by every one. Source authentication requires the server to examine the source IP address on each incoming datagram. Thus. But the issue is where to put these security features. Provision of security is very difficult in an internet because datagrams traveling from source to destination often pass across many intermediate networks and through routers that are not owned or controlled by either the sender or the recipient. 4. video on demand etc. In particular.DIT 116 NETWORK PROTOCOLS to make use of public networks like PSTN (Public Switched telephone Network) or the Internet. The receiver uses another mathematical function to decrypt the message. because datagrams can be intercepted or compromised. Initially everyone thought of leaving the security to the application layer. Source authentication is weak because it can be broken easily. Stronger authentication requires encryption. An authorization scheme that uses a remote machine’s IP address to authenticate its identity does not suffice in an unsecured internet. consider a server that attempts to use source authentication to verify that requests originated from valid customers. An imposer who gains control of an intermediate router can obtain access by impersonating an authorized client. 3. Both encryption and decryption takes place in the application layer. As an example. 5. 5.6 What is the necessity of providing security mechanism in networks? What is the difference between network security and information security? What is meant by perimeter security? Define encryption. the sender encrypts the information and the receiver decrypts the information. To encrypt a message. Careful choices of an encryption algorithm. an intermediate router can watch traffic traveling to and from the server. the contents cannot be trusted. Two obvious choices are end-to-end solution and the network layer solution. Later the intermediate router can manufacture a request that has the same source address (and intercept the reply). Another solution was also proposed which said that 247 Anna University Chennai . the sender applies a mathematical function that rearranges the bits according to a key which is known only to the sender. The limitation of this approach is that all the applications should be security aware. a key and the contents of messages can make it virtually impossible for intermediate machines to decode messages or manufacture messages that are valid. Have you understood? 1. and only accept requests from computers on an authorized list. and record the IP address of a valid customer. 2. In this approach.

finally the idea of making the network layer itself secure got the recognition. 5. key size). The normal process of data flow is as follows. the source addresses and protocol type). When we choose IPSec an additional step is done.g. IPsec only authenticates immutable fields (e. This set of protocols is collectively known as IPsec (short for IP security) and these protocols offer authentication and privacy services at the IP layer. such a guarantee is impossible to make. The process of forming the datagram in the absence and presence of IPsec is shown in figure 5. To understand. The transport layer hands over the segment to the Internet layer. To prevent such changes causing authentication errors. However. when a datagram arrives. In short. recall that IP is a machine-to-machine layer. 1. we can say that IPsec is not a single security protocol.1 Datagrams with IPsec IPsec has chosen the idea of using a separate header for security. The transport layer adds its own header to the data and creates the TCP segment. each intermediate router decrements the time-to-live field and recomputes the checksum. However. an Authentication Header (AH) is added to the segment. 2. Anna University Chennai 248 . and can be used with both IPv4 and IPv6.7a anf figure 5.DIT 116 NETWORK PROTOCOLS NOTES all the security issues should be taken care by a separate layer (between transport layer and application layer). IETF has devised a set of protocols that provide secure Internet communication.6. provides a general framework that allows each pair of communicating endpoints to choose algorithms and parameters (e. Thus. Instead. IPsec does include a set of encryption algorithms that all implementation must recognize. Before forming the datagram.g. This solution is also end-to-end but does not require the applications to be security aware. In particular. The application generates the data and hands over to transport layer. meaning that the layering principle only applies across one hop. 3. IPsec specifically omits such fields from the authentication computation. As a result.7b. IPsec uses the term mutable fields to refer to IP header fields that are changed in transit. To guarantee interoperability.. The Internet layer adds its own header and creates the datagram. The major advantage of IPsec is it does not restrict the users to implement a particular encryption or authentication algorithm. 4.. IPsec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Instead. The IPsec authentication mechanism is designed to ensure that an arriving datagram is identical to the datagram sent by the source.

and uses the NEXT HEADER value to further demultiplex the datagram. the receiver uses security information from the authentication header to verify the sender. through which it is identified.7a Illustration of an IPv4 datagram IPv4 AUTHENTICATION TCP HEADER HEADER HEADER TCP DATA Figure 5. The SECURITY PARAMETERS INDEX field specifies the security scheme used. The number starts at zero when a particular security algorithm is selected and increases monotonically. Each SA is given a number. The PAYLOAD LEN field does not specify the size of the data area in the datagram. the PROTOCOL field in the IP header is changed to value 51 to indicate the presence of an authentication header.7b Datagram after an IPsec authentication header has been added As the figure shows. To save space in the header. Instead.DIT 116 NETWORK PROTOCOLS IPv4 HEADER TCP HEADER TCP DATA NOTES Figure 5. known as a security parameter index. it specifies the length of the authentication header. The SEQUENCE NUMBER contains a unique sequence number for each packet sent. Index values are not globally specified. When a datagram arrives.8 The IPsec authentication header format. each destination creates as many SAs as it 249 Anna University Chennai . but before the transport header. Now the issue is if IPsec modifies the PROTOCOL field in the IP header. Figure 5.8 illlustrates the header format. Instead. how does a receiver determine the type of information carried in the datagram? The authentication header has a NEXT HEADER field that specifies the type – IPsec records the original PROTOCOL value in the NEXT HEADER field. Before a sender can use IPsec to communicate with a receiver. the sender must know the index value for a particular SA. IPsec inserts the authentication header immediately after the original IP header. IPsec arranges for each receiver to collect all the destination about a security scheme into an abstraction known as a security association (SA). Furthermore. The sender then places all the value in the field SECURITY PARAMETERS INDEX of each outgoing datagram. Figure 5.

23 bit 24 .2 Encapsulating Security Payload (ESP) The alternate IPSec header is ESP (Encapsulating Security Payload). 0 . ESP adds three additional areas to the datagram. integrity.7 bit 8 .DIT 116 NETWORK PROTOCOLS NOTES needs.10 ESP Header Anna University Chennai 250 . IPv4 TCP TCP DATA HEADER HEADER Figure 5.31 bit Figure 5. the index cannot be interpreted without consulting the destination The AUTHENTICATION DATA field contains data for the selected security scheme. The destination can specify a lifetime for each SA. The ESP TRAILER is encrypted along with the payload. and assigns an index value to each. Consequently.6.9a A datagram Authenticated Encrypted IPv4 ESP TCP HEADER HEADER HEADER TCP DATA ESP ESP TRAILER AUTH Figure 5. but using encryption without authentication is strongly discouraged. 5. a variable-size ESP AUTH field follows the encrypted section.15 bit Security Parameters Index (SPI) Sequence Number Payload Data (variable) Padding (0-255 bytes) Pad Length Authentication Data (variable) Next Header 16 . and reuse index values once an SA becomes invalid. The ESP HEADER immediately follows the IP header and precedes the encrypted payload. The Encapsulating Security Payload (ESP) extension header provides origin authenticity. The conceptual idea of ESP is shown in figure 5.9. ESP also supports encryption-only and authentication-only configurations.9b Datagram using IPsec ESP As the figure shows. The ESP is more complex than the authentication header and is able to handle privacy as well as authentication. and confidentiality protection of a packet.

5. Security Parameters Index (SPI) identifies the security parameters in combination with IP address Sequence Number is a monotonically increasing number.DIT 116 NETWORK PROTOCOLS Unlike the AH header. PAD LENGTH. and a NEXT HEADER field that is followed by a variable amount of authentication data. In particular. Authentication Data contains the data used to authenticate the packet. The alignment is important because IPsec requires the authentication data that follows the trailer to be aligned at the start of a 4-octet boundary.6. The trailer is shown in figure 5. Pad Length is the size of padding in bytes. a padding length field. used to prevent replay attacks. Payload Data is The data to be transferred. Padding is used with some block ciphers to pad the data to the full length of a block. IPsec is specifically designed to accommodate an encrypted tunnel. NOTES Figure 5. Second.11. ESP operates directly on top of IP using IP protocol number 50.10. some decryption algorithms require zeroes following an encrypted message. Third. Thus. An ESP packet diagram is shown in figure 5. Next Header identifies the protocol of the transferred data. padding may be needed to ensure alignment. Various fields of an ESP packet is explained as follows. note that the NEXT HEADER field is shown right-justified within a 4-octet field.3 Advanced Features of IPsec VPN technology uses encryption along with IP-in-IP tunneling to keep inter-site transfers private.11 ESP Trailer Padding is optional. it may be present for three reasons. First. The ESP TRAILER consists of optional padding. the standard defines tunneled versions of both the authentication header 251 Anna University Chennai . the IP packet header is not accounted for. some sites may choose to add random amounts of padding to each datagram so eavesdroppers at intermediate points along the path cannot use the size of a datagram to guess its purpose.

13 lists the required algorithms. the technology was originally developed by Netscape. one of the proposals has become a de facto standard. SSL resides at the same layer as the socket authenticate itself to the other.12a Illustration of IPsec tunneling mode for authentication Authenticated Encrypted OUTER IP ESP HEADER HEADER INNER IP DATAGRAM (INCLUDING IP HEADER) ESP TRAILER ESP AUTH Figure 5. OUTER IP HEADER AUTHENTICATION INNER IP DATAGRAM HEADER (INCLUDING IP HEADER) Figure 5. Figure 5. Known as the Secure Sockets Layer (SSL). In each case. Although not formally adopted by the IETF.DIT 116 NETWORK PROTOCOLS NOTES and the encapsulating security payload.12b Illustration of IPsec tunneling mode for ESP IPsec defines a minimal set of algorithms that are mandatory (i. that all implementations must supply).. Authentication HMAC with MD5 RFC 2403 HMAC with SHA-1 RFC 2404 Encapsulating Security Payload DES in CBC mode HMAC with MD5 HMAC with SHA-1 Null Authentication Null Encryption RFC 2405 RFC 2403 RFC 2404 Figure 5. Figure 5. the standard defines specific uses.13 The security algorithms that are mandatory for IPsec. By the mid 1990s when it became evident that security was important for internet commerce. As the name implies.e. several groups proposed security mechanisms for use with the web. The two sides then negotiate to select an encrypAnna University Chennai 252 . Inc.12 illustrates the layout of datagrams in tunneling mode.

1 What are the limitations of providing security in the application layer level? What are the advantages of providing security in the network layer? What is the difference in the structure of a datagram when we apply IPsec? What is meant by security association in IPsec? What are the limitations of Authentication Header? What are the advantages of ESP? What is meant by IPsec tunneling? Whether the set of security algorithms are prescribed by IPsec? Justify your answer. a set of authentication protocols like Needham-Schroedar. a variety of security mechanisms already exists. AES (Advanced Encryption Standard). a connection that uses the chosen encryption algorithm to guarantee privacy). In addition to these encryption algorithms. So firewalls are used as a stopgap measure till standards and algorithms for other security techniques become popular. marketing strategies. RSA (Rivest. Another important issue to be considered is that for the purpose of network security. Consequently. In spite of the availability of all these techniques. Even in the 253 Anna University Chennai . Shamir. 5. 10. 8. SSL allows the two sides to establish an encrypted connection (i. IPsec provides the security at the network layer itself. firewalls are used by many organizations due to the fact that getting security algorithms and right protocols is a very difficult task. Leak in refers to the entry of viruses. What is meant by SSL? Why does IPsec not include mutable header fields in authentication computation? FIREWALLS AND INTERNET ACCESS Need for Firewalls NOTES A network is subjected to two types of information leakage namely leak in and leak out. Finally. financial analysis etc. Leak out refers to the disclosure of confidential information like trade secrets. product development plans. 4. worms and other digital pests that can breach the security. 7.7 5. 5. 3. 9. Disclosure of this information to competitors may affect the viability of the organization in the market.. destroy valuable data and waste large amounts of administrator’s time trying to cleanup the mess they leave. mechanisms are needed to keep good information in and bad information out. Encryption schemes like DES (Data Encryption Standard). Otway-Rees and Kerberos exist. MD5 (Message Digest 5) and their corresponding decryption algorithms can be used. Have you understood? 1.e.7. Adleman). Firewalls are one such mechanism used to provide security to the network.DIT 116 NETWORK PROTOCOLS tion algorithm that they both support. 6. 2.

The most sophisticated arrangement involves a number of separate machines and is known as a perimeter network. Many cases of computer crime occur from within an organization. 5. This configuration can be very safe and easily allows quite a great range of control over who can connect both from the inside to the outside. while choosing to route other datagrams to their destination. unless every single system runs IPsec or some similar end-to-end security mechanism. a firewall allows the system administrator to implement a security policy in one centralized place. block) all datagrams that come from a particular source or those used by a particular application. you may even find a firewall located inside their corporate network to segregate sensitive areas of the organization from other employees. If the filter rejects the datagram. To operate at network speeds..3 Packet Level Filters Many commercial routers offer a mechanism that augments normal routing and permits a manager to further control packet processing.e. Because TCP/IP doses not dictate a standard for packet filters. and between these chokes reside network servers such as a mail gateway or a World Wide Web proxy server. called a packet filter. Firewalls can be constructed in quite a variety of ways. not just from outside. the mechanism requires the manager to specify how the router should dispose of each datagram. it seems likely that the network administrators will continue to depend on firewalls. The term packet filter arises because the filtering mechanism does not keep record of interaction or a history of previous datagrams. Instead. For example. the router passes the datagram through its packet filter before performing any other processing. Informally. the manager might choose to filter (i. When a datagram first arrives. each router vendor is free choose the capabilities of their packet filter as well as the interface a manager Anna University Chennai 254 . 5. a firewall must have hardware and software optimized for the task. and from the outside to the inside. The firewall machine is configured with a set of rules that determine which network traffic will be allowed to pass and which will be blocked or refused. Two machines act as “filters” called chokes to allow only certain types of network traffic to pass. Moreover. most commercial routers include a high-speed filtering mechanisms that can be used to perform much of the necessary work. This sort of configuration might be used by large organizations. Fortunately.DIT 116 NETWORK PROTOCOLS NOTES long term. In some large organizations.7. the filter considers each datagram separately.7. the router drops it immediately.2 Implementation of Firewalls A firewall is a secure and trusted machine that sits between a private network and a public network.

listing ports of well-known services leaves the firewall vulnerable to tunneling. figure 5. In addition to programmers who can choose port numbers for their private client-server applications.14 illustrates a filter specification. and destination protocol port number. Second. The filter also blocks incoming datagrams destined for FTP (TCP port 21).0. 255 Anna University Chennai .14 A router with two interfaces and an example datagram filter specification 5. a manger can list any number. Tunneling can circumvent security if a host or router on the inside agrees to accept encapsulated datagram from an outsider. NOTES Arrives On Interface 2 2 1 2 2 2 Ip Source * * 128. when specifying datagrams that the filter should block.7.5. while others have a single configuration for all interfaces.DIT 116 NETWORK PROTOCOLS uses to configure the filter. the manager has chosen to block incoming datagrams destined for a few well-known services and to block one case of outgoing daatagrams. Third. much of the traffic on an internet does not travel to or from a well-known port. Usually. Some routers permit a manager to configure separate filter actions for each interface. services like Remote Procedure Call (RPC) assign ports dynamically.0. TELNET (TCP port 23). For example. or FINGER (TCP port 79). the number of well-known ports is large and growing rapidly.5. listing each service requires a manager to update the list continually. and forward the datagram on to the service that would otherwise be restricted by the firewall.0/16 * * * Ip Destination * * * * * * Protocol TCP TCP TCP UDP UDP TCP Source Port * * * * * * Destination Port 21 23 25 43 69 79 Figure 5. WHOIS (UDP port 43). remove one layer of encapsulation. The filter blocks all outgoing datagrams that originate from any host address matching the 16-bit prefix of 128. such an approach does not work well for an effective firewall.. In the example. an error of omission can leave the firewall vulnerable.4 Security and Packet Filter Specification Although the example filter configuration in figure 32-6 specifies a small list of services that should be blocked. First. TFTP (UDP port 69). Thus.0 that are destined for a remote e-mail server (TCP port 25). There are three reasons.

6 Proxy Access through a Firewall Of course. and services the organization explicitly decides to make available externally. it requests the operating system to select a protocol port number that is neither among the well-known ports nor currently in use on the client’s computer. and protocol ports except those computers. it also prevents an arbitrary computer inside the firewall from becoming a client that assesses a service outside the firewall. a firewall should be configured to block all datagrams except those destined for specific networks. IP destinations.. 5. it will be blocked because the destination port is not approved. networks. the server reverses the protocol ports. To be effective. In fact. A packet filter that allows a manager to specify which datagrams to admit instead of which datagrams to block can make such restrictions easy to specify. 5. The firewall will not block such datagrams as they leave. When a client program begins execution. and then must examine the organization’s information policy carefully before enabling the port.7. and protocol ports for which external communication has been approved.DIT 116 NETWORK PROTOCOLS NOTES How can firewall use a packet filter effectively? The answer lies in reversing the idea of a filter.5 The Consequence of Restricted Access for Clients A blanket prohibition on datagrams arriving for an unknown protocol port seems to solve many potential security problems by preventing outsiders from accessing arbitrary servers in the organization. hosts. not all organizations configure their firewalls to block datagrams destined for unknown protocol ports.7. a firewall that uses datagram filtering should restrict to all IP sources. Such a firewall has an interesting consequence. In cases where a secure firewall is needed to prevent Anna University Chennai 256 . many packet filters allow a manager to specify a set of datagrams to admit instead of a set of datagrams to block. a client will generate one or more datagrams and send them to the server. we can see an important idea: If an organization’s firewall restricts incoming datagrams except for ports that correspond to services the organization makes available externally. Thus. recall that although each server operates at a well –known port. protocols. When it attempts to communicate with a server outside the organization. Each outgoing datagram has the client’s protocol port as the source port and server’s well=known protocol port as the destination port. When it generates a response. a client does not. To understand why. The client’s port becomes the destination port and the server’s port becomes the source port. a manager begins with the assumption that communication is not allowed. When the datagram carrying the response reaches the firewall. instead of specifying the datagrams that should be filtered. an arbitrary application inside the organization cannot become a client of a server outside the organization. Thus.

and (2) datagrams destined for clients on the bastion host. the firewall has two conceptual barriers. however. and installs a set of application gateways on that computer.15 The conceptual organization of a bastion host embedded in a firewall To understand how a bastion host operates. it is often called a bastion host. Figure 5. Instead.g.. The inner barrier blocks incoming traffic except datagrams that originate on the bastion host. Whenever a user selects a link or enters a URL. As the figure shows. Because the computer must be strongly fortified to serve a secure communication channel. an organization can only provide safe access to outside services through a secure computer. Because the firewall prevents the user’s computer from receiving incoming datagrams. an organization usually associates one secure computer with each firewall. Inside the organization. The outer barrier blocks all incoming traffic except (1) datagrams destined for services on the bastion host that the organization chooses to make available externally. for testing or debugging the network).DIT 116 NETWORK PROTOCOLS unwanted access. Most firewalls also include a manual bypass that enables managers to temporarily pass some or all traffic between a host inside the organization and a host outside (e. The proxy contacts the server.15 illustrates the concept. 257 Anna University Chennai . their browser contacts the proxy. consider web access. Instead of trying to make all computer systems in the organization secure (a daunting task). In general. users on the inside need a safe mechanism that provides access to services outside. the user cannot use a browser for direct access. and then delivers it internally. each browser is configuring to use the proxy. That mechanism forms the second major piece of firewall architecture. the organization arranges a proxy server on the bastion host. NOTES Figure 5. obtains the specified page.

16 shows. Figure 5. An intruder who exploits a security can assess to hosts inside the firewall. it filters all traffic except datagrams destined for the bastion host. If an intruder can gain access to the computer system running on the bastion host. they will gain access to the entire inside Internet. Hence the fact is although a bastion host is essential for communication through a firewall. an intruder can exploit security flaws in either the operating system on the bastion host or the network applications it runs.DIT 116 NETWORK PROTOCOLS NOTES 5. each of the barriers shown in figure 5. As the figure 5. router R1 implements the inner barrier that isolates the rest of the corporate intranet from outsiders. the security of the firewall depends on the safety of the bastion host. an organization that connects to the global Internet might choose to implement a firewall as figure 5. Moreover.7 The Details of Firewall Architecture Now that we understand the basic firewall concept. H.7.14 requires a router that has a packet filter.16 shows.16 A firewall implemented with two routers and a bastion host. the safety of an entire firewall depends on the safety of the bastion host. Anna University Chennai 258 . Conceptually. the implementation should appear straightforward. For example. Networks interconnect the routers and a bastion host. it blocks all incoming datagrams except those that originate on the bastion host. managers must be particularly careful when choosing and configuring software for a bastion host. Thus. router R2 implements the router barrier. Of course.

The stub network isolates the organization from incoming datagram traffic.17 illustrates one possible firewall architecture that accommodates multiple external connections. because router R2 admits all datagrams destined for the bastion host.. a separate physical wire may be unnecessary. an outsider can send an arbitrary number of such datagrams across the stub network.17 contains a superfluous network that connects the two routers and then the bastion host. Such a network is often called a stub network because it is small (i. but allow connections to multiple sites. However.7. The company wishes to have a single firewall. the alternative extends a firewall by providing an outer network at which external connections terminate.17 An alternate firewall architecture that permits multiple external connections through a single firewall. If an eternal connection is slow relative to the capacity of a stub network.15 works well for an organization that has a single serial connection to the rest of the global Internet.8 Stub Network It may seem that figure 5.7. Some sites have a different interconnection topology.9 An Alternative Firewall Implementation The firewall implementation in figure 5.DIT 116 NETWORK PROTOCOLS 5. a stub network is usually an inexpensive way for an organization to protect itself against disruption of service on an internal production network.e. suppose a company has three or four large customers who each need to deposit or extract large volumes of information. The question arises. In particular. NOTES Figure 5. Figure 5. “Is the stub network necessary or could a site place the bastion host on one of its production networks?” The answer depends on the traffic expected from the outside. 5. Using one firewall for multiple connections can reduce the cost As the figure shows. For example.15 to 259 Anna University Chennai . Router R1 acts as in figure 5. stubby).

the organization running the firewall can assure customers that it is safe to connect..7. authentication etc exist? 260 Anna University Chennai . In active monitoring. Thus. The network manager responsible for a firewall needs to be aware of attempt to bypass security.10 Monitoring and Logging Monitoring is one of the most important aspects of a firewall design. A manager can access the log at any time. The chief advantage of passive monitoring rises from its record of events – a manager can consult the log to observe trends and when a security problem does occur. review the history of events that led to the problem.DIT 116 NETWORK PROTOCOLS NOTES protect the site by restricting incoming datagrams to those sent from the bastion host. More important. The chief disadvantage is that active monitors often produce so much information that a manager cannot comprehend it or notice problems. most managers prefer passive monitoring. common network. The packet filter in a router on a given external connection can be configured to restrict traffic on that particular connection. 5. A passive monitor usually records information about normal traffic (e. no datagram from one external connection will pass to another. To understand why firewalls with multiple connections often use a router per connection.g.g. Have you understood? 1. Unless a firewall reports incidents. Thus. simple statistics) as well as datagrams that are filtered. a firewall logs a record of each incident in a file on disk. or a combination of passive monitoring with a few high-risk incidents also reported by an active monitor. Monitoring can be active or passive. firewall notifies a manager whenever an incident occurs. In passive monitoring. daily) to determine whether attempts to assess the organization increase or decrease over time. 2. an architecture that has a router per external connection can prevent unwanted packet flow from one external site to another. a manager may be unaware of problems. the organization running the firewall does not trust any of the external organizations completely. What is the need for firewalls in the network? What is the necessity of the firewall when many other security mechanisms like encryption. Routers R2 each connect one external site to the firewall. most managers use a computer program. the owner of the firewall can guarantee that although all external connections share a single. and none of the external organizations trust one another completely. a manager can analyze the log periodically (e. recall that all sites mistrust one another. That is. As a result. The chief advantage of active monitoring is speed – a manager finds out about a potential problem immediately.. Hence we can summarize that when multiple external sites connect through a single firewall.

Second. and entered a stage in which few users understand the technology. 9.1 Limitations of IPv4 Version 4 of the Internet Protocol (IPv4) provides the basic communication mechanisms of the TCP/IP suite and the global internet. In short.DIT 116 NETWORK PROTOCOLS 3. it will have a major impact on TCP/IP and the global internet. We have passed the early stage of development in which every user was also an expert.8. 4. processor performance has increased over two orders of magnitude. Groups discover new ways to use the technology. 5. however neither the internet nor the TCP/IP protocol suite is static. First. typical memory sizes have increased by over 261 Anna University Chennai . Despite appearances. it has remained almost unchanged since its inception in the late 1970s. The purpose of this chapter is to consider the ongoing evolutionary process and examine one of the most significant engineering efforts: a proposed revision of IP. With millions of users at tens of thousands of sites around the world depending on the global internet as part of their daily work environment. funding for TCP/IP research and engineering comes from companies and government agencies that use the operational internet. Third. 10. so they tend to fund projects that impact the internet. The longevity of version 4 shows that the design is flexible and powerful. and engineers improve the underlying mechanisms. Researchers solve new networking problems. the internet is the largest installed TCP/IP internet. the technology continues to evolve.8 What are the various ways of implementing the firewalls? What is meant by a packet level filter? What are the consequences of restricted access for clients? What are the functions of a bastion host? What is meant by a stub network? What is the role of a router in the configuration of firewalls? Mention the activities involved in monitoring and logging. 7. When the proposal is adopted by vendors. because most researchers use the global internet daily. 5. What are the factors to be considered in the selection of a particular type of firewall? THE FUTURE OF TCP/IP NOTES Evolution of TCP/IP technology is intertwined with evolution of the global internet for several reasons. they have immediate motivation to solve problems that will improve service and extend functionality. Since the time IPv4 was designed. it might appear that the internet is a completely stable production facility. 6. so many problems related to scale arise in the internet before they surface on other TCP/IP internets. 5. 8.

other factors contributed to the new design. and the number of hosts on the internet has risen from a handful to over 56 million. Now. became the basis for an extended proposal that included ideas from other proposals. adapting to them has been a continual process. Computer manufacturers. Another design proposed retaining most of the ideas in IP. The design. a 32-bit address space was more than sufficient. 5. The extended version was named Simple IP Plus (SIPP). and most large organizations have a corporate WAN. managers. Although the need for a larger address space is the most immediate motivation. Anna University Chennai 262 . LAN technologies have emerged. To make electronic commerce safer. and the cable television industry all specified their requirements for the next version of IP. and hope that the new versions of IP will help them gain an edge over the competition. In particular. personalities have been involved – some individuals hold strong technical opinions. IPv4 must be replaced soon. In addition. and eventually emerged as the design selected as a basis for the next IP. programmers. the current 32-bit IP address space cannot accommodate projected growth of the global internet beyond the year 2020. fewer had a corporate WAN. One of the major proposals would have made IP more sophisticated at the cost of increased complexity and processing overhead. even with careful assignment and NAT technology.2 Efforts of IETF It took many years for the IETF to formulate a new version of IP. telephone companies. network bandwidth of the internet backbone has risen by a factor of 7000. however most medium-sized corporations have multiple LANs. others see active participation as a path to a promotion. Consequently. users. the next version of IP is designed to include support for security features such as authentication. When IP was designed. Because the IETF produces open standards. Consequently. it invited the entire community to participate in the process. Only a handful of organizations used a LAN. to make IP better suited to real-time applications.DIT 116 NETWORK PROTOCOLS NOTES a factor of 100. but making simple extensions to accommodate larger addresses. Despite its sound design. The popularity of the internet means that the market for IP products around the world is staggering. hardware and software vendors. Furthermore. because the changes did not occur simultaneously. Many designs were proposed to serve a particular purpose or a particular community. thought was given to supporting systems that associate a datagram with a pre-assigned resource reservation. the discussions generated heated arguments. Many groups see the economic opportunity. known as SIP (Simple IP).8. and all commented on specific proposals. Choosing a new version of IP was not easy.

host mobility.. This was done to facilitate migration of these internet protocols to IPv6.g. provides a flexible transition mechanism for the current Internet. This includes support for real-time flows. It does this in an evolutionary way which reduces the risk of architectural problems. Specific mechanisms (embedded IPv4 addresses. It solves the Internet scaling problem.DIT 116 NETWORK PROTOCOLS The IETF decided to assign the revision of IP version number 6 and to name it IPv6. ATM) and at the same time is still efficient for low bandwidth networks (e. and auto-reconfiguration. It is not something was added in at the end. provider selection. and device control. the IAB caused widespread confusion by inadvertently publishing a policy statement that referred to the next version of the IP as IP version 7. an experimental protocol led some to conclude that ST had been selected as the replacement of IP. IPv6 is designed to run well on high performance networks (e. end-to. Its deployment strategy was designed to not have any “flag” days.3 Why IPv6? There are a number of reasons why IPv6 is appropriate for the next generation of the Internet Protocol. Ease of transition is a key point in the design of IPv6. 5.8. It can be installed as a normal software upgrade in internet devices. networked entertainment. and was designed to meet the needs of new markets such as nomadic personal computing devices. auto-configuration. IPv6 supports large hierarchical addresses which will allow the Internet to continue to grow and provide new routing capabilities not built into IPv4. In addition. In one mistake. pseudo.checksum rules etc.. In summary. 263 NOTES Anna University Chennai . The choice to skip version number 5 arose after a series of mistakes and misunderstandings. to distinguish it from the current IPv4. In the end. In a misunderstanding.) were built into IPv6 to support transition and compatibility with IPv4. IPv6g is designed to interoperate with IPv4. it provides a platform for new internet functionality that will be required in the near future.g. The address structure of IPv6g was also designed to support carrying the addresses of other internet protocol suites. It was designed to permit a gradual and piecemeal deployment with a minimum of dependencies. It also has local use address mechanisms which provide the ability for “plug and play” installation.end security. It has anycast addresses which can be used for policy route selection and has scoped multicast addresses which provide improved scalability over IPv4 multicast. the IETF chose 6 because doing so eliminated confusion. wireless). IPv6 is a new version of IP. It is interoperable with the current IPv4. IPv6 provides a platform for new Internet functionality. Space was allocated in the addressing plan for IPX and NSAP addresses.

We will examine details after considering major changes and the underlying motivation for each. The extension capability has the potential to allow the IETF to adapt to changes in underlying network hardware or to new applications. IPv6 changes most of the protocol details. the designers have characterized IPv6 as being basically the same as IPv4 with a few modifications. Despite many conceptual similarities. In particular. allows the sender to choose the size of a datagram. and adds a few features.DIT 116 NETWORK PROTOCOLS NOTES 5. Unlike the IPv4 fixed-format header. including facilities for fragmentation and source routing. The protocol also includes a facility that permits a manager to renumber networks dynamically. IPv6 quadruples the size of an IPv4 address from 32bits to 128 bits. Anna University Chennai 264 . In fact. IPv6 can define a hierarchy of ISPs as well as hierarchical structure within a given site. Provision for Protocol Extension: Perhaps the most significant change in IPv6 is a move away from a protocol that fully specifies all details to a protocol that can permit additional features. IPv6 also retains most of the concepts provided by IPv4 options. IPv6 uses larger addresses. IPv6 allows a datagram to include optional control information. IPv6 still supports connectionless delivery (i. Flexible Header Format: IPv6 uses an entirely new and incompatible datagram format. The IPv6 address space is so large that it cannot be exhausted in the foreseeable future. More important. each datagram is routed independently). Improved Options: Like IPv4.4 Features of IPv6 The proposed IPv6 protocol retains many of the features that contributed to the success of IPv4. Extended Address Hierarchy: Ipv6 uses the larger address space to create additional levels of addressing hierarchy. For example. For example. IPv6 includes new options that provide additional facilities not available in IPv4. IPv6 defines a set of optional headers.8. IPv6 completely revises the datagram format by replacing IPv4’s variable length options filed by a series of fixed-format headers. Support for Auto configuration and Renumbering: IPv6 provides facilities that allow computers on an isolated network to assign themselves addresses and begin communicating without depending on a router or manual configuration.e. As we will see. The changes introduced by IPv6 can be grouped into seven categories: Larger Addresses: The new address size is the most noticeable change. and require the sender to specify the maximum number of hops a datagram can make before being terminated..

although it must accommodate larger addresses. Fragmentation information has been moved out of fixed fields in the base header into an extension header. The header length field has been eliminated.18 A general format of an IPv6 datagram with multiple headers.5 General Form of an IPv6 Datagram IPv6 completely changes the datagram format. Several fields in an IPv6 base header correspond directly to fields in an IPv4 header. As in IPv4. and the datagram length field has been replaced by a PAYLOAD LENGTH field. As figure 5.8. 5. NOTES Figure 5. The latter will use the same approach as IPv4’s differentiated services. an IPv6 base header contains less information than an IPv4 datagram header. the initial 4-bit VERS field specifies the version of the protocol.19 shows the contents and format of an IPv6 base header. Figure 5. VERS always contains 6 in 265 Anna University Chennai . Options and some of the fixed fields that appear in an IPv4 datagram header have been moved to extension headers in IPv6. the changes in the datagram header reflect changes in the protocol: Alignment has been changed from 32-bit to 64-bit multiples. The SERVICE TYPE is renamed to be a TRAFFIC CLASS field.18 shows. followed by data. The TIME-TO-LIVE field has been replaced by a HOP LIMIT field. In general. and extended with a FLOW LABEL field. Interestingly. The size of source and destination address fields has been increased to 16 octets each.DIT 116 NETWORK PROTOCOLS Support for Resource Allocation: IPv6 has two facilities that permit pre allocation of network resources: a flow abstraction and a differentiated service specification. an IPv6 datagram has a fixed-size base header followed by zero or more extension headers. The PROTOCOL field has been replaced by a field that specifies the type of the next header.

because the size of the base header is fixed at 40-octets. To summarize: Anna University Chennai 266 . Second. The underlying abstraction. IPv6 replaces IPv4’s datagram length field by a 16-bit PAYLOAD LENGTH field that specifies the number of octets carried in the datagram excluding the header itself. Alternatively. a new mechanism in IPv6 supports resource reservation and allows a router to associate each datagram with a given resource allocation. the SOURCE ADDRESS and DESTINATION ADDRESS fields specify the addresses of the sender and intended recipient. the base header does not include a field for the header length. First. For example. The HOP LIMIT field corresponds to the IPv4 TIME-TO-LIVE field.19 The format of the 40-octet IPv6 base header. two applications that need to send video can establish a flow on which the delay and bandwidth is guaranteed. a network provider may require a subscriber to specify the quality of service desired. however. As in IPv4. each address require 16 octets. Two fields in the base header are used in making forwarding decisions. Field FLOW LABEL in the base header contains information that routers use to associate a datagram with a specific flow and priority. an IPv6 datagram can contain 64K octets of data. Unlike IPv4. Ipv6 handles datagram length specifications in a new way. Note that flows can also be used within a given organization to manage network resources and ensure that all applications receive a fair share. Thus. and then use a flow to limit the traffic a specific computer or a specific application sends. In addition. consists of a path through an internet along which intermediate routers guarantee a specific quality of service.DIT 116 NETWORK PROTOCOLS NOTES an IPv6 datagram. Figure 5. a flow. In IPv6. A router uses the combination of datagram source address and flow identifier when associating a datagram with a specific flow. which interprets the value as giving a strict bound on the maximum number of hops a datagram can make before being discarded. The IPv4 SERVICE CLASS field has been renamed TRAFFIC CLASS.

The IPv6 extension headers which are currently defined are: Routing Extended Routing (like IPv4 loose source route). the flow label. In order to improve the performance when handling subsequent option headers and the transport protocol which follows. The other improvement is that unlike IPv4 options. 5. A good example of this is the IPv6 Authentication and Security Encapsulation options. IPv6 options are placed in separate extension headers that are located between the IPv6 header and the transport-layer header in a packet. Fragmentation Fragmentation and Reassembly. the traffic class. 267 Anna University Chennai .DIT 116 NETWORK PROTOCOLS Each IPv6 datagram begins with a 40-octet base header that includes fields for the source and destination addresses.6 Extension Headers IPv6 includes an improved option mechanism over IPv4. not nodes. Most IPv6 extension headers are not examined or processed by any router along a packet’s delivery path until it arrives at its final destination. permits IPv6 options to be used for functions which were not practical in IPv4.8. IPv6 Addresses of all types are assigned to interfaces. in order to retain this alignment for subsequent headers. Destination Options Optional information to be examined by the destination node. 5. Thus. IPv6 options are always an integer multiple of 8 octets long. an IPv6 datagram must contain at least 40 octets in addition to the data. Security Encapsulation Confidentiality. and the type of the next header. This feature plus the manner in which they are processed. IPv6 extension headers can be of arbitrary length and the total amount of options carried in a packet is not limited to 40 bytes.7 IPv6 Addressing NOTES IPv6 addresses are 128-bits long and are identifiers for individual interfaces and sets of interfaces. Authentication Integrity and Authentication. Hop-by-Hop Option Special options which require hop by hop processing. the maximum hop limit. This facilitates a major improvement in router performance for packets containing options.8. In IPv4 the presence of any options requires the router to examine all options.

943. IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs. Multicast addresses identify a group of interfaces. He concluded that 128bit IPv6 addresses could accommodate between 8x10^^17 to 2x10^^33 nodes assuming efficiency in the same ranges as the other addressing architecture’s.938. and multicast.463.348. their function being superseded by multicast addresses.911. These are unicast.920.607. USA telephone systems.282. 32).102 addresses for each square meter of the surface of the planet Earth.431.793.456 This is an extremely large address space. current internet using IPv4.971. any of that node’s interfaces’ unicast addresses may be used as an identifier for the node. The variable-length field comprising these leading bits is called the Format Prefix (FP). This works out to be: 340.873. The initial allocation of these prefixes is as follows: Allocation Reserved Unassigned Reserved for NSAP Allocation Reserved for IPX Allocation Prefix(binary) 0000 0000 0000 0001 0000 001 0000 010 268 Fraction of Address Space 1/256 1/256 1/128 1/128 Anna University Chennai . This is 4 Billion times 4 Billion times 4 Billion (2^^96) times the size of the IPv4 address space (2^^32).506.DIT 116 NETWORK PROTOCOLS NOTES Since each interface belongs to a single node. and IEEE 802 nodes).768. The optimistic estimate would allow for 3.263. The specific type of IPv6 address is indicated by the leading bits in the address. Christian Huitema performed an analysis in which evaluated the efficiency of other addressing architecture’s (including the French telephone system. Even his most pessimistic estimate this would provide 1.463.599 addresses per square meter of the surface of the planet Earth (assuming the earth surface is 511. In a theoretical sense this is approximately 665.538.564 addresses for each square meter of the surface of the planet Earth.990 square meters). There are no broadcast addresses in IPv6. Unicast addresses identify a single interface.269.866. A single interface may be assigned multiple IPv6 addresses of any type.366. There are three types of IPv6 addresses. such that a packet sent to a multicast address is delivered to all of the interfaces in the group. anycast. In more practical terms the assignment and routing of addresses requires the creation of hierarchies which reduces the efficiency of the usage of the address space.374.197.570. Anycast addresses identify a set of interfaces such that a packet sent to a anycast address will be delivered to one member of the set.211.898.

This can be used for expansion of existing use (e. the IPX hierarchical address. Additional address types can be defined in the future.g. the neutral-interconnect unicast address. and the IPv4-capable host address. IPX addresses. separate locators and identifiers). 269 Anna University Chennai . These are the global provider based unicast address. Note that Anycast addresses are not shown here because they are allocated out of the unicast address space.DIT 116 NETWORK PROTOCOLS Unassigned Unassigned Unassigned Unassigned Provider-Based Unicast Address Unassigned Reserved for Neutral-Interconnect-Based Unicast Addresses Unassigned Unassigned Unassigned Unassigned Unassigned Unassigned Unassigned Link Local Use Addresses Site Local Use Addresses Multicast Addresses 0000 011 0000 1 0001 001 010 011 1/128 1/32 1/16 1/8 1/8 1/8 NOTES 100 101 110 1110 1111 0 1111 10 1111 110 1111 1110 0 1111 1110 10 1111 1110 11 1111 1111 1/8 1/8 1/8 1/16 1/32 1/64 1/128 1/512 1/1024 1/1024 1/256 This allocation supports the direct allocation of provider addresses. and neutral-interconnect addresses. and multicast addresses. Space is reserved for NSAP addresses.g.. the link-local-use address. the NSAP address. Unicast Addresses There are several forms of unicast address assignment in IPv6. Approximately fifteen percent of the address space is initially allocated.. the site-local-use address.) or new uses (e. etc. local use addresses. The remainder of the address space is unassigned for future use. The remaining 85% is reserved for future use. additional provider addresses.

DIT 116 NETWORK PROTOCOLS NOTES Provider Based Unicast Addresses Provider based unicast addresses are used for global communication. The SUBSCRIBER ID distinguishes among multiple subscribers attached to the internet service provider identified by the PROVIDER ID. A specific subnet can not span multiple physical links. The INTERFACE ID identifies a single interface among the group of interfaces identified by the subnet prefix. The next field (REGISTRY ID) identifies the internet address registry which assigns provider identifiers (PROVIDER ID) to internet service providers. This usage is similar to assignment of IP addresses under CIDR.oriented unicast address. They are intended for use inside of a site for “plug and play” local communication and for bootstrapping up to the use of global addresses. The Link-Local-Use is for use on a single link and the Site-Local-Use is for use in a single site. These are Link-Local and Site-Local. Link-Local. The SUBNET ID identifies a specific physical link. They are similar in function to IPv4 addresses under CIDR. There can be multiple subnets on the same physical link. The first 3 bits identify the address as a provider. The format of assignment plan for unicast is shown as follows.Use addresses have the following format Link-Local-Use addresses are designed to be used for addressing on a single link for purposes such as auto-address configuration. There are two types of local-use unicast addresses defined. and may have local or global uniqueness scope. which then assign portions of the address space to subscribers. Anna University Chennai 270 . Local-Use Addresses A local-use address is a unicast address that has only local routability scope (within the subnet or within a subscriber network).

. it can use its SUBNET ID and INTERFACE ID in combination with a global prefix (e.DIT 116 NETWORK PROTOCOLS Site-Local-Use addresses have the following format: NOTES For both types of local use addresses the INTERFACE ID is an identifier which much be unique in the domain in which it is being used. IPv6 Addresses with Embedded IPV4 Addresses The IPv6 transition mechanisms include a technique for hosts and routers to dynamically tunnel IPv6 packets over IPv4 routing infrastructure. with the property that a packet sent to an anycast address is routed to the “nearest” interface having that address. IPv6 does the renumbering automatically. according to the routing protocols’ measure of distance. REGISTRY ID + PROVIDER ID + SUBSCRIBER ID) to create a global address. This is a significant improvement over IPv4 which requires sites which use private (non-global) IPv4 address to manually renumber when they connect to the Internet. This type of address is termed an “IPv4-compatible IPv6 address” and has the format: Anycast Addresses An IPv6 anycast address is an address that is assigned to more than one interfaces (typically belonging to different nodes). The SUBNET ID identifies a specific subnet in a site. 271 Anna University Chennai . Local-use addresses can be used instead. IPv6 nodes that utilize this technique are assigned special IPv6 unicast addresses that carry an IPv4 address in the low-order 32-bits. Local-use addresses allow organizations that are not (yet) connected to the global Internet to operate without the need to request an address prefix from the global Internet address space. If the organization later connects to the global Internet. The combination of the SUBNET ID and the INTERFACE ID to form a local use address allows a large private internet to be constructed without any other address allocation. In most cases these will use a node’s IEEE-802 48bit address.g.

assigned by the global internet numbering authority. or the set of routers providing entry into a particular routing domain. using any of the defined unicast address formats. Other possible uses of anycast addresses are to identify the set of routers attached to a particular subnet. Thus. A interface may belong to any number of multicast groups.g.. T=0 indicates a permanently assigned (“well-known”) multicast address. permits a node to select which of several internet service providers it wants to carry its traffic. Multicast addresses have the following format: 11111111 at the start of the address identifies the address as being a multicast address. +-+-+-+-+ FLGS is a set of 4 flags: |0|0|0|T| +-+-+-+-+ The high-order 3 flags are reserved. anycast addresses are syntactically indistinguishable from unicast addresses. thus turning it into an anycast address. SCOP is a 4-bit multicast scope value used to limit the scope of the multicast group. one anycast address per internet service provider). Multicast Addresses A IPv6 multicast address is an identifier for a group of interfaces. and must be initialized to 0. This capability is sometimes called “source selected policies”. These anycast addresses can be used as intermediate addresses in an IPv6 routing header. This would be implemented by configuring anycast addresses to identify the set of routers belonging to internet service providers (e. to cause a packet to be delivered via a particular provider or sequence of providers. The values are: 0 Reserved 1 Node-local scope Anna University Chennai 8 9 Organization-local scope (unassigned) 272 . the nodes to which the address is assigned must be explicitly configured to know that it is an anycast address. when used as part of an route sequence.DIT 116 NETWORK PROTOCOLS NOTES Anycast addresses. T=1 indicates a non-permanently assigned (“transient”) multicast address. Anycast addresses are allocated from the unicast address space. When a unicast address is assigned to more than one interface.

8. Individual IPv4 hosts and routers may be upgraded to IPv6 one at a time without requiring any other hosts or routers to be upgraded at the same time. designed to make transition the Internet to IPv6 work with as little disruption as possible. with few interdependencies. Administrators do not need to draft new addressing plans. Low start-up costs. within the given scope. and encodes other information used by the transition mechanisms.users. The IPv6 transition mechanisms provides a number of features. They do not need to be assigned new addresses. There are no pre-requisites to upgrading routers. New IPv6 hosts and routers can be installed one by one. or to deploy new IPv6 systems. Easy Addressing. The only prerequisite to upgrading hosts to IPv6 is that the DNS server must first be upgraded to handle IPv6 address records. system administrators. Minimal upgrade dependencies. along with some operational guidelines for addressing and deployment. A second objective is to allow IPv6 hosts and routers to be deployed in the Internet in a highly diffuse and incremental fashion. they may continue to use their existing address. The IPv6 transition mechanisms are a set of protocol mechanisms implemented in hosts and routers.DIT 116 NETWORK PROTOCOLS 2 3 4 5 6 7 Link-local scope (unassigned) (unassigned) Site-local scope (unassigned) (unassigned) A B C D E F (unassigned) (unassigned) (unassigned) (unassigned) Global scope Reserved NOTES GROUP ID identifies the multicast group.8 Transition Mechanisms The key transition objective is to allow IPv6 and IPv4 hosts to interoperate. When existing installed IPv4 hosts or routers are upgraded to IPv6. A third objective is that the transition should be as easy as possible for end. 273 Anna University Chennai . Little or no preparation work is needed in order to upgrade existing IPv4 systems to IPv6. The mechanisms employed by the IPv6 transition mechanisms include: An IPv6 addressing structure that embeds IPv4 addresses within IPv6 addresses. and network operators to understand and carry out. 5. including: Incremental upgrade and deployment. either permanent or transient.

One can felt strongly that limiting the maximum number of hops to 255 was a gross mistake. This feature protects the huge investment users have made in IPv4 and ensures that IPv6 does not render IPv4 obsolete. Hosts that need only a limited connectivity range (e. The incremental upgrade features of the IPv6 transition mechanisms allow the host and router vendors to integrate IPv6 into their product lines at their own pace.DIT 116 NETWORK PROTOCOLS NOTES A model of deployment where all hosts and routers upgraded to IPv6 in the early transition phase are “dual” capable (i. and would be used in the later phase of transition if it is used at all. whereas till others favoured using 20 byte addresses to be compatible with the OSI datagram protocol. When a supercomputer gets started transferring it really means business and does not want to be interrupted every 64 KB. Another issue is the length of the HOP LIMIT field. but during the review process many people felt that with 8 byte addresses IPv6 would run out of addresses within a few decades.8. and the deployment of hosts that support only IPv6. and ten years from now much longer paths may be common. whereas with 16 byte addresses it would never run out. These people argued that using a huge address size was far-sighted but using a tiny hop count was short sighted. printers) need never be upgraded to IPv6. After all. and allows the end users and network operators to deploy IPv6 on their own schedules. 5. paths of 32 hops are common now.g. Still another faction wanted variable sized addresses.. and allows IPv6 and IPv4 hosts within a limited scope to interoperate indefinitely after that. Use of this technique is optional.e. Another hot issue was the maximum packet size. The technique of encapsulating IPv6 packets within IPv4 headers to carry them over segments of the end-to-end path where the routers have not yet been upgraded to IPv6.9 Issues Deering’s original proposal used 8 byte addressees. implement complete IPv4 and IPv6 protocol stacks). The header translation technique to allow the eventual introduction of routing topologies that route only IPv6 traffic. it was decided that fixed length 16 byte addresses were the best compromise. Other people argued that 16 bytes was too lengthy. The IPv6 transition mechanisms ensures that IPv6 hosts can interoperate with IPv4 hosts anywhere in the Internet up until the time when IPv4 addresses run out. The argu- Anna University Chennai 274 . After much debate. The supercomputer community wanted packets in excess of 64 KB.

The response to this argument is that these applications can just refrain from the IP security features and do the job themselves. If a portable computer flies half way around the world. The argument for putting in the network layer is that it can become a standard service that all application can use without any advanced planning. an IPv6 does not have a checksum. A compromise was reached such that normal packets are limited to 64 KB. Doing so makes the car lighter. do not want to pay the price of slow. The war was about where and how.5 MBPS T1 line. What are the features of IPv4 retained by IPv6? Mention the features of IPv4 changed in IPv6. experience showed that computing the IP CHECK SUM was the major expense in IPv4. the user is at the mercy of the potentially buggy network layer implementations over which he has no control. Justify this statement.DIT 116 NETWORK PROTOCOLS ments against large packets is that if a 1 MB packets hits a 1. you have a problem. One more hot topic was removing the IPv4 CHECKSUM. producing a very noticeable delay for interactive users sharing the line. The argument against it is that really secured applications generally want nothing less than the end-to-end encryption. bulky IP implementations that have this capability. The antichecksum won this one. can it continue operating at the destination with the same IPv6 address. The rejoinder to that is that the people who do not trust to do it right. 2. Have you understood? 1. It may well be the case that. but the hop-by-hop extension header can be used to permit jumbograms. but the stationary router cannot hear the feeble signal put out by the mobile host. even if it is disabled. 3. Everyone agreed that it was essential. some people wanted to built explicit support for mobile hosts into IPv6. so having another one in IP is overkill. Mobile hosts were also a point of contention. Probably the biggest battle was about security. that packet will tie the line up for over 5 seconds. Furthermore. 275 NOTES Anna University Chennai . 4. but if an unexpected event happens. The argument against CHECK SUM was that any application that really cares about data integrity has to have a transport layer CHECK SUM anyway. consequently. With anything less. that effort failed when no consensus could be found for any specific proposal. Some people likened this move to removing the brakes from a car. where the source application does the encryption and the destination undoes it. a small mobile computer can easily hear the powerful signal put out by a large stationary router. so it can go faster. or does it have to use a scheme with home agents and foreign agents? Mobile hosts also introduced asymmetries into the routing system. What are the limitations of IPv4? IPv6 is an upgraded version of IPv4.

accounting management. planning. configuration management. network management involves a distributed database. system shutdown. Network management is the execution of the set of functions required for controlling. including operator notification. management entities are programmed to react by executing one. and monitoring the resources of a network. deploying. The ISO has contributed a great deal to network standardization. such as computer systems and other network devices. In some cases. Anna University Chennai 276 . 4. it is essential that these objects be defined in a standard and vendor- 2. In other cases. fault management and security management. each device maintains one or more variables that describe its state. To make multi-vendor communication possible. a manager needs to examine and control routers and other network devices. Because such devices attach to arbitrary networks. In a TCP/IP internet. An SNMP-managed network consists of five key components: managed devices. allocating. it involves a solitary network consultant monitoring network activity with an outdated protocol analyzer. Summary 1. Its network management model is the primary means for understanding the major functions of network management systems. Network management means different things to different people. Mention the seven categories of changes made in IPv6. and automatic attempts at system repair. Managed devices. 8. 10. coordinating.DIT 116 NETWORK PROTOCOLS NOTES 5. Network management refers to the maintenance and administration of largescale computer networks and telecommunications networks at the top level. management information and a management protocol. network-management systems (NMSs) (or management stations). This model consists of the following five conceptual areas namely performance management. agents. 3. autopolling of network devices. or a group of actions. protocols for internet management operate at the application level and communicate using TCP/IP transport-level protocols. run software that enables them to send alerts to the managing devices when they recognize problems. What are the headers present in the base header field of IPv6? What is the purpose of extension header of Ipv6? What are the features provided by IPv6 transition mechanism? What are the types of addressing schemes supported by IPv6? Mention the debatable features of Ipv6. 5. 7. 6. several. The heart of the SNMP model is the set of objects managed by the agents and read and written by management station. 7. event logging. Upon receiving these alerts. and high-end workstations generating real-time graphical views of network topology changes and traffic. 9. In SNMP. 6. Any Network Management System (NMS) has two basic entities namely managing device and managed device.

The terms network security and information security refer in a broad sense to confidence that information and services available on a network cannot be accessed by unauthorized users. the rules an individual must follow in disseminating the information to others. Structure of Management Information (SMI) is the sub-super-set of ASN.DIT 116 NETWORK PROTOCOLS 8. Set. which implement a MIB (Management Information Base) which allows for remote monitoring and management of network equipment. 11. The major advantage of IPsec is it does not restrict the users to implement a particular encryption or authentication algorithm. 9. It comprises a collection of objects in a database used to manage entities in a network. 10. provides a general frame277 NOTES Anna University Chennai . Two possibilities in providing the security in networks are end-to-end approach and the network layer solution. This is the relationship between ASN1 and SMI. Initially everyone thought of leaving the security to the application layer. programming language. and a statement of how the organization will react to violations. The security policy specifies who will be granted access to each piece of information. Objects in the MIB are defined using a subset of Abstract syntax Notation One called Structure of Management Information. These encoding rules describe how the values defined in ASN. or how it is represented in an application program. neutral way. SNMP is a simple request/response protocol. 16. IETF has devised a set of protocols that provide secure Internet communication. 12. freedom from unauthorized access of computational resources. A Management Information Base is a type of database used to manage the devices in a communication network. 14. Instead. The limitation of this approach is that all the applications should be security aware. Security implies safety. This set of protocols is collectively known as IPsec (short for IP security) and these protocols offer authentication and privacy services at the IP layer. in routers. The standard for object definition language chosen by SNMP is Abstract Syntax Notation One One of the main reasons for the success of ASN. RMON stands for Remote Monitoring. It is a standard used in telecommunications equipment e.1 is that this notation is associated with several standardized encoding rules such as the BER or more recently the PER. The network-management system issues a request. including assurance of data integrity. and can be used with both IPv4 and IPv6. GetNext. and managed devices return responses. and freedom from disruption of service. 15.1 that is used to define the data structures used in Simple Network Management Protocol. freedom from snooping or wiretapping. 13.1 should be encoded for transmission regardless of machine. 17. RMON uses an agent running on the device being monitored to supply information over SNMP to a management workstation (or some other system). Network layer solution eliminates this constraint.g. This behavior is implemented by using one of four protocol operations: Get. and Trap.

26. an architecture that has a router per external connection can prevent unwanted packet flow from one external site to another. Each datagram include extension headers for only those facilities that the datagram uses. If an organization’s firewall restricts incoming datagrams except for parts that correspond to services the organization makes available externally. an arbitrary application inside the organization cannot become a client of a server outside the organization. IP destinations. the maximum hop limit. 22. Thus. networks and services the organization explicitly decides to make available externally. An organization that has multiple external connections must install a firewall on each external connection and must coordinate all firewalls. and the type of the next header. and to fragment any outgoing 278 Anna University Chennai . IPSec is not a single security protocol. and protocol ports except those computers. 23. the traffic class. The values are not global.DIT 116 NETWORK PROTOCOLS NOTES 18. the flow label. Instead. When IP was designed. To be effective. most medium sized corporations have multiple LANs. When multiple external sites connect through a single firewall. A destination uses the security parameters index to identify the security association for a packet. fewer had a corporate WAN. Consequently. protocols. Now. a 32 bit address space was more than sufficient. An internet protocol that uses end-to-end fragmentation requires a sender to discover the path MTU to each destination. An intruder who exploits a security flow in the bastion host operating system can gain access to hosts inside the firewall. even with careful assignment and NAT technology. 20. a combination of destination address and security parameters index is needed to identify an SA. A packet filter that allows a manager to specify which datagrams to admit instead of which datagrams to block can make such restrictions easy to specify. 27. work that allows each pair of communicating endpoints to choose algorithms and parameters. an IPv6 datagram must contain at least 40 octets in addition to the data. Only a handful of organizations used a LAN. 24. 28. 19. 25. the security of the firewall depends on the safety of the bastion host. and most large corporations have a corporate WAN. IPsec provides a set of security algorithms plus a general framework that allows a pair of communicating entities to use whichever algorithms provide security appropriate for the communication. Although a bastion host is essential for communication through a firewall. IPv6 extension headers are similar to IPv4 options. a firewall that uses datagram filtering should restrict access to all IP sources. the current 32-bit IP address space cannot accommodate projected growth of the global Internet beyond the year 2020. 21. Failure to restrict access identically on all firewalls can leave the organization vulnerable. Each IPv6 datagram begins with a 40-octet base header that includes fields for the source and destination addresses.

How does a client can search the ipAddrTable without knowing which IP addresses are in the table on a given router? 10. 7. What would happen if the same port number were used for both? 8. along with some operational guidelines for addressing and deployment. It is composed of three subfields: class (2 bits). nor names the objects to be managed nor defines the association between the objects and their values. SMI defines the general rules for naming objects.3. How would you list an entire routing table using get-next? 9. and their relationship to each other in an entity to be managed. IPAddress 131. format (1 bit). the current proposal for IPv6 allows one to encode an IPv4 address inside an IPv6 address such that address translation does not change the pseudo header checksum. and showing how to encode objects and values. the IETF work on IPv6 has focused on finding a way to transition from the current protocol to the new protocol. Draw the format of various SNMP messages.DIT 116 NETWORK PROTOCOLS 29.6. In particular.8? 6. datagram that is larger than the path MTU to each destination. The class subfield de279 Anna University Chennai 2. What is the role of SMI in network management? 3. Tag is a 1 byte field that defines the type of data. ObjectIdentifier 1. . 4. What is the role of MIB in network management? 4. designed to make transition the Internet to IPv6 work with as little disruption as possible.21. 5. What is the difference in the way programmers use arrays and the way network management software uses tables in MIB? Answers 1. 3. In SNMP. their types.14. Explain the encoding format of BER. and number (5 bits). MIB creates a collection of named objects. NOTES Exercises 1. Define INTEGER 14. OCTET STRING “HI”. The IPv6 transition mechanisms are a set of protocol mechanisms implemented in hosts and routers. End-to-end fragmentation does not accommodate route changes. It reads and changes the status (values) of objects (variables) in SNMP packets. What is the role of SNMP in network management? 2. In addition to choosing technical details of a new Internet Protocol. 30. defining object types (including range and length). and to fragment any outgoing datagram that is larger than the path MTU. SMI defines neither the number of objects an entity should manage.1. SNMP defines the format of packets exchanged between a manager and an agent. using two different names allows a system to run both a manager and agent.

The universal data types are those taken from ASN. The number subfield further divides simple or structured data into subgroups. context-specific (10) and number (5 bits). The five context-specific datatypes have meanings that may change from one protocol to another.DIT 116 NETWORK PROTOCOLS NOTES fines the scope of the data. Counter. context specific (10). The other 7 bits define the length of the data. Data Type Integer Octet String Object Identifier Null Sequence. Four classes are defined: universal (00). Four classes are defined: universal (00). applicationwide (01). application wide (01). Gauge and TimeTicks). Sequence of Ipaddress Counter Gauge Timeticks Opaque Class 00 00 00 00 00 01 01 01 01 01 Format 0 0 0 0 1 0 0 0 0 0 Number 00010 00100 00110 00101 10000 00000 00001 00010 00011 00100 Tag (Binary) 00000010 00000100 00000110 00000101 00110000 01000000 01000001 01000010 01000011 01000100 Tag (Hex) 02 04 06 05 30 40 41 42 43 44 The length field is 1 or more bytes. the most significant bit of the first byte must be 1. The other 7 bits of the first byte define the number of bytes needed to define the length.1 (INTEGER. If it is 1 byte. The format subfield indicates whether the data is simple (0) or structured (1). The application-wide data types are those added by SMI (IPAddress. OCTET STRING and ObjectIdentifier). The private data types are vendor specific. and private (11). If it is more than 1 byte. Tag Length Value Class 2 bits Format 1 bit Number 5 bits The value field codes the value of the data according to the rules defined in BER. the most significant bit must be 0. The class subfield defines the scope of the data. The following table shows the codes for data types. Anna University Chennai 280 .

DIT 116 NETWORK PROTOCOLS 5. INTEGER 14 NOTES 6. 281 Anna University Chennai .

Protocols and Architectures.org. Using the get-next operator in this fashion.1 syntax does not use integer indices.ipAddrTable. The manager listens on UDP port 162 for traps. Another use of the operator is to iterate through tables.20. in numeric form. For our example of an IP address table.2.6.1.dod. one could imagine a manager with a loop that starts at the beginning of the MIB and queries the agent for every variable that the agent maintains. it provides a powerful tool that allows clients to search tables without knowing the number of items or the type of data used as an index. If the same port were used for both traps and requests. 2002.ip. becomes: 1. the client can still use the get-next-request operation to search the table by sending the prefix.3. the programmer might write xyz[3] to select the third element from array xyz. 9. the standard specifies theat the suffix used to select an item consists of an IP address. The operation of the get-next operator is based on the lexicographic ordering of the MIB.2.10.3 Which. and the agent listens on UDP port 161 for requests. A client that does not know which IP addresses to identify entries are in the table on a given router cannot form a complete object identifier. Syntactically. However.1. 8. 2006 3) Uyless Black. If a system is running both a manager and agent.DIT 116 NETWORK PROTOCOLS NOTES 7.1. ASN. 2002. TCP /IP protocol suite “ Third Edition Tata McGraw Hill Edition. one uses the name: iso. References 1) Dougles E Corner internet working with TCP / IP – Principles.mib. “Computer Networks – Protocols. Instead. Standards and Interfaces Second Edition.128.2.4.mgmt.128. they are probably different processes. MIB tables append a suffix onto the name to select a specific element in the table. to specify the network mask fiald in the IP address table entry corresponding to address 128.3.2. the IP address (in the dotted decimal notation) is concatenated onto the end of the object name to form the reference. Anna University Chennai 282 . separating the manager from the agent would be hard.ipAdEntNetMask.3 Although concatenating an index to the end of a name may seem awkward.ipAddrEntry.internet. Prentice Hall of India.3. 10. Thus.10. Programmers think of an array as a set of elements that have an index used to select a specific element. “ Fourth Edition. Prentice Hall of India. For example. 2) Behrouz A Forouzan.10.

DIT 116 NETWORK PROTOCOLS NOTES NOTES 283 Anna University Chennai .

DIT 116 NETWORK PROTOCOLS NOTES NOTES Anna University Chennai 284 .