This action might not be possible to undo. Are you sure you want to continue?
Ratnadeep Bhattacharya Deepak Shukla
We are going to talk about
Fundamentals of networking OSI layers TCP and UDP DNS Backbone and frontline networking technologies Routing concepts
Hardware addresses of physical network cards, hard coded into them. So they cannot be changed. They are globally unique. They are in hexadecimal format and 48 bits in length.
Can be divided into two parts: OUI and vendor code. Used in layer 2 communication. ARP, RARP and proxy ARP can be used by other devices to detect MAC addresses.
A 32 bit decimal representation. Can be divided into five classes A, B, C, D and E. There are approximately 4.2 billion IPv4 addresses (and Ripley s believe it or not they are almost out). Class A, B and C addresses are divided into public and private addresses.
Class A---------1.x.x.x to 128.x.x.x Private Range-------10.0.0.0 to 10.255.255.255 Class B---------128.x.x.x to 191.x.x.x Private Range-------172.16.0.0 to 172.31.255.255 Class C---------192.x.x.x to 223.x.x.x Private Range-------192.168.10.0 to 192.168.10.255 Class D---------224.x.x.x to 239.x.x.x Multicast Class E---------240.x.x.x to 254.x.x.x R&D
Reserved IP addresses 0.0.0.0-----------------Wildcard Mask Also refers to this computer or device 127.x.x.x---------------Loopback 255.255.255.255-----Broadcast Class D and Class E
Basics of IPv6
-128 bits -A total of 3.5 x 1038
(in IPv4 only 4.2 billion IP addresses are available)
-5 x 1028 per person -Hexadecimal Representation -No Classification -Still follow the rules of Private and Public
Example:2001:0000:0000:0000:0001:0000:0000:1578 Can be shrinked as:Same as-2001:0:0:0:1:0:0:1578 Same as-2001::1:0:0:1578
Function of switches
Replaces hubs, as they are: - Dumb devices - No understanding of MAC addresses - Causes broadcast storms - Bandwidth loss - Invention of bridges
Proprietary of CISCO It is very useful in understanding the physical network topology Can also be used to determine physical network faults
Intelligent devices Understands IP addresses Only device that can connect subnets, networks and VLANs.
OSI layer overview
Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Application Presentation Session Transport Network Data Link Physical
Overview of OSI
A layer is a collection of conceptually similar functions that provide services to the layer above it and receives service from the layer below it. On each layer an instance provides services to the instances at the layer above and requests service from the layer below. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of the path. Conceptually two instances at one layer are connected by a horizontal protocol connection on that layer.
The physical layer defines the electrical and physical specifications for devices like layout of pins, voltages, cables, hubs, NICs, HBAs and so on. Data is broken down to digital signals at this layer.
Data Link layer
The data link layer provides the functional and procedural means to transfer data between two network entities. It also provides means to detect and possibly correct errors that may come through the physical layer. Switches traditionally used to work at this layer as they had no understanding of IP addresses.
Manages movement of data between different networks and subnets. Protocols at this layer are responsible for finding devices for which the data is destined. Examples are IP, IPX and AppleTalk.
This layer s protocols ensure that data reaches the target machine in proper order and intact. The Transport Layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This means that the Transport Layer can keep track of the segments and retransmit those that fail. TCP and UDP are transport layer protocols. Ports also work at the transport layer.
Establishes and terminates connections and arranges sessions between two computers. RPC and LDAP are examples of session layer protocols.
Protocols in this layer format data for screen display or printing. This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer. Examples are Lightweight Presentation Protocol (LPP) and NetBIOS.
Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network or the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer. Some examples of application layer implementations include Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP) and X.400 Mail.
TCP AND UDP
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite (the other being Internet Protocol, or IP), so the entire suite is commonly referred to as TCP/IP. Whereas IP handles lower-level transmissions from computer to computer as a message makes its way across the Internet, TCP operates at a higher level, concerned only with the two end systems, for example a Web browser and a Web server. In particular, TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. Besides the Web, other common applications of TCP include e-mail and file transfer. Among its other management tasks, TCP controls segment size, flow control, the rate at which data is exchanged, and network traffic congestion.
TCP segment structure
TCP Header Bit off set 0 32 64 96 128 160 ... Data offset Reserved
C W R E C E U R G A C K P S H 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Source port Sequence number Acknowledgment number
R S T S Y N F I N
Window Size Urgent pointer
Checksum Options (if Data Offset > 5) ...
Source port (16 bits) identifies the sending port Destination port (16 bits) identifies the receiving port Sequence number (32 bits) has a dual role:
± If the SYN flag is set, then this is the initial sequence number. The sequence number of the actual first data byte (and the acknowledged number in the corresponding ACK) will then be this sequence number plus 1. ± If the SYN flag is clear, then this is the accumulated sequence number of the first data byte of this packet for the current session.
Acknowledgment number (32 bits) if the ACK flag is set then the value of this field is the next sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end's initial sequence number itself, but no data. Data offset (4 bits) specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data. Reserved (4 bits) for future use and should be set to zero
Flags (8 bits) (aka Control bits) contains 8 1-bit flags
± CWR (1 bit) Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism (added to header by RFC 3168). ± ECE (1 bit) ECN-Echo indicates
If the SYN flag is set, that the TCP peer is ECN capable. If the SYN flag is clear, that a packet with Congestion Experienced flag in IP header set is received during normal transmission(added to header by RFC 3168).
± URG (1 bit) indicates that the Urgent pointer field is significant ± ACK (1 bit) indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set. ± PSH (1 bit) Push function. Asks to push the buffered data to the receiving application. ± RST (1 bit) Reset the connection ± SYN (1 bit) Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags change meaning based on this flag, and some are only valid for when it is set, and others when it is clear. ± FIN (1 bit) No more data from sender
Window (16 bits) the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive (see Flow control and Window Scaling) Checksum (16 bits) The 16-bit checksum field is used for errorchecking of the header and data Urgent pointer (16 bits) if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte
Options (Variable 0-320 bits, divisible by 32) The length of this field is determined by the data offset field. Options 0 and 1 are a single byte (8 bits) in length. The remaining options indicate the total length of the option (expressed in bytes) in the second byte. Some options may only be sent when SYN is set; they are indicated below as [SYN]. ± 0 (8 bits) - End of options list ± 1 (8 bits) - No operation (NOP, Padding) This may be used to align option fields on 32-bit boundaries for better performance. ± 2,4,SS (32 bits) - Maximum segment size [SYN] ± 3,3,S (24 bits) - Window scale [SYN] ± 4,2 (16 bits) - Selective Acknowledgement permitted. [SYN] ± 5,N,BBBB,EEEE,... (variable bits, N is either 10, 18, 26, or 34)- Selective ACKnowlegement (SACK)These first two bytes are followed by a list of 1-4 blocks being selectively acknowledged, specified as 32-bit begin/end pointers. ± 8,10,TTTT,EEEE (80 bits)- Timestamp and echo of previous timestamp (see TCP Timestamps for details) ± 14,3,S (24 bits) - TCP Alternate Checksum Request. [SYN] ± 15,N,... (variable bits) - TCP Alternate Checksum Data. (The remaining options are obsolete, experimental, not yet standardized, or unassigned)
TCP protocol operations may be divided into three phases. Connections must be properly established in a multi-step handshake process (connection establishment) before entering the data transfer phase. After data transmission is completed, the connection termination closes established virtual circuits and releases all allocated resources.
A TCP connection is managed by an operating system through a programming interface that represents the local end-point for communications, the Internet socket. During the lifetime of a TCP connection it undergoes a series of state changes: LISTEN : In case of a server, waiting for a connection request from any remote client. SYN-SENT : waiting for the remote peer to send back a TCP segment with the SYN and ACK flags set. (usually set by TCP clients) SYN-RECEIVED : waiting for the remote peer to send back an acknowledgment after having sent back a connection acknowledgment to the remote peer. (usually set by TCP servers) ESTABLISHED : the port is ready to receive/send data from/to the remote peer. FIN-WAIT-1 FIN-WAIT-2 CLOSE-WAIT CLOSING LAST-ACK TIME-WAIT : represents waiting for enough time to pass to be sure the remote peer received the acknowledgment of its connection termination request. According to RFC 793 a connection can stay in TIME-WAIT for a maximum of four minutes. CLOSED
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
± The active open is performed by the client sending a SYN to the server. It sets the segment's sequence number to a random value A. ± In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number (A + 1), and the sequence number that the server chooses for the packet is another random number, B. ± Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A + 1, and the acknowledgement number is set to one more than the received sequence number i.e. B + 1.
At this point, both the client and server have received an acknowledgment of the connection
There are a few key features that set TCP apart from User Datagram Protocol: Ordered data transfer - the destination host rearranges according to sequence number Retransmission of lost packets - any cumulative stream not acknowledged will be retransmitted Discarding duplicate packets Error-free data transfer Flow control - limits the rate a sender transfers data to guarantee reliable delivery. The receiver continually hints the sender on how much data can be received (controlled by the sliding window). When the receiving host's buffer fills, the next acknowledgment contains a 0 in the window size, to stop transfer and allow the data in the buffer to be processed. Congestion control
TCP uses a sequence number to identify each byte of data. The sequence number identifies the order of the bytes sent from each computer so that the data can be reconstructed in order, regardless of any fragmentation, disordering, or packet loss that may occur during transmission. For every payload byte transmitted the sequence number must be incremented. In the first two steps of the 3-way handshake, both computers exchange an initial sequence number (ISN). This number can be arbitrary, and should in fact be unpredictable, in order to avoid a TCP Sequence Prediction Attack. TCP primarily uses a cumulative acknowledgment scheme, where the receiver sends an acknowledgment signifying that the receiver has received all data preceding the acknowledged sequence number. Essentially, the first byte in a segment's data field is assigned a sequence number, which is inserted in the sequence number field, and the receiver sends an acknowledgment specifying the sequence number of the next byte they expect to receive. For example, if computer A sends 4 bytes with a sequence number of 100 (conceptually, the four bytes would have a sequence number of 100, 101, 102, & 103 assigned) then the receiver would send back an acknowledgment of 104 since that is the next byte it expects to receive in the next packet. In addition to cumulative acknowledgments, TCP receivers can also send selective acknowledgments to provide further information (see selective acknowledgments). If the sender infers that data has been lost in the network, it retransmits the data.
Sequence numbers and acknowledgments cover discarding duplicate packets, retransmission of lost packets, and ordered-data transfer. To assure correctness a checksum field is included (see TCP segment structure for details on checksumming). The TCP checksum is a weak check by modern standards. Data Link Layers with high bit error rates may require additional link error correction/detection capabilities. The weak checksum is partially compensated for by the common use of a CRC or better integrity check at layer 2, below both TCP and IP, such as is used in PPP or the Ethernet frame. However, this does not mean that the 16-bit TCP checksum is redundant: remarkably, introduction of errors in packets between CRC-protected hops is common, but the end-toend 16-bit TCP checksum catches most of these simple errors. This is the end-to-end principle at work.
TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to receive and process it reliably. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, if a PC sends data to a hand-held PDA that is slowly processing received data, the PDA must regulate data flow so as not to be overwhelmed. TCP uses a sliding window flow control protocol. In each TCP segment, the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host.
TCP sequence numbers and receive windows behave very much like a clock. The receive window shifts each time the receiver receives and acknowledges a new segment of data. Once it runs out of sequence numbers, the sequence number loops back to 0. When a receiver advertises a window size of 0, the sender stops sending data and starts the persist timer. The persist timer is used to protect TCP from a deadlock situation that could arise if the window size update from the receiver is lost and the sender has no more data to send while the receiver is waiting for the new window size update. When the persist timer expires, the TCP sender sends a small packet so that the receiver sends an acknowledgement with the new window size. If a receiver is processing incoming data in small increments, it may repeatedly advertise a small receive window. This is referred to as the silly window syndrome, since it is inefficient to send only a few bytes of data in a TCP segment, given the relatively large overhead of the TCP header. TCP senders and receivers typically employ flow control logic to specifically avoid repeatedly sending small segments. The sender-side silly window syndrome avoidance logic is referred to as Nagle's algorithm.
The final main aspect of TCP is congestion control. TCP uses a number of mechanisms to achieve high performance and avoid 'congestion collapse', where network performance can fall by several orders of magnitude. These mechanisms control the rate of data entering the network, keeping the data flow below a rate that would trigger collapse. Acknowledgments for data sent, or lack of acknowledgments, are used by senders to infer network conditions between the TCP sender and receiver. Coupled with timers, TCP senders and receivers can alter the behavior of the flow of data. This is more generally referred to as congestion control and/or network congestion avoidance. Modern implementations of TCP contain four intertwined algorithms: Slow-start, congestion avoidance, fast retransmit, and fast recovery (RFC 2581).
In addition, senders employ a retransmission timeout (RTO) that is based on the estimated round-trip time (or RTT) between the sender and receiver, as well as the variance in this round trip time. The behavior of this timer is specified in RFC 2988. There are subtleties in the estimation of RTT. For example, senders must be careful when calculating RTT samples for retransmitted packets; typically they use Karn's Algorithm or TCP timestamps (see RFC 1323). These individual RTT samples are then averaged over time to create a Smoothed Round Trip Time (SRTT) using Jacobson's algorithm. This SRTT value is what is finally used as the round-trip time estimate. Enhancing TCP to reliably handle loss, minimize errors, manage congestion and go fast in very high-speed environments are ongoing areas of research and standards development. As a result, there are a number of TCP congestion avoidance algorithm variations.
Maximum segment size
The Maximum segment size (MSS) is the largest amount of data, specified in bytes, that TCP is willing to send in a single segment. For best performance, the MSS should be set small enough to avoid IP fragmentation, which can lead to excessive retransmissions if there is packet loss. To try to accomplish this, typically the MSS is negotiated using the MSS option when the TCP connection is established, in which case it is determined by the maximum transmission unit (MTU) size of the data link layer of the networks to which the sender and receiver are directly attached. Furthermore, TCP senders can use Path MTU discovery to infer the minimum MTU along the network path between the sender and receiver, and use this to dynamically adjust the MSS in order to avoid IP fragmentation within the network.
Relying purely on the cumulative acknowledgment scheme employed by the original TCP protocol can lead to inefficiencies when packets are lost. For example, suppose 10,000 bytes are sent in 10 different TCP packets, and the first packet is lost during transmission. In a pure cumulative acknowledgment protocol, the receiver cannot say that it received bytes 1,000 to 9,999 successfully, but failed to receive the first packet, containing bytes 0 to 999. Thus the sender may then have to resend all 10,000 bytes. In order to solve this problem TCP employs the selective acknowledgment (SACK) option, defined in RFC 2018, which allows the receiver to acknowledge discontinuous blocks of packets that were received correctly, in addition to the sequence number of the last contiguous byte received successively, as in the basic TCP acknowledgment. The acknowledgement can specify a number of SACK blocks, where each SACK block is conveyed by the starting and ending sequence numbers of a contiguous range that the receiver correctly received. In the example above, the receiver would send SACK with sequence numbers 1,000 and 9,999. The sender will thus retransmit only the first packet, bytes 0 to 999.
An extension to the SACK option is the "duplicate-SACK" option, defined in RFC 2883. An out-of-order packet delivery can often falsely indicate the TCP sender of lost packet and, in turn, the TCP sender retransmits the suspected-to-be-lost packet and slow down the data delivery to prevent network congestion. The TCP sender undoes the action of slow-down, that is a recovery of the original pace of data transmission, upon receiving a D-SACK which indicates the retransmitted packet is duplicate. The SACK option is not mandatory and it is used only if both parties support it. This is negotiated when connection is established. SACK uses the optional part of the TCP header (see TCP segment structure for details). The use of SACK is widespread - all popular TCP stacks support it. Selective acknowledgment is also used in Stream Control Transmission Protocol (SCTP).
For more efficient use of high bandwidth networks, a larger TCP window size may be used. The TCP window size field controls the flow of data and its value is limited to between 2 and 65,535 bytes. Since the size field cannot be expanded, a scaling factor is used. The TCP window scale option, as defined in RFC 1323, is an option used to increase the maximum window size from 65,535 bytes to 1 Gigabyte. Scaling up to larger window sizes is a part of what is necessary for TCP Tuning. The window scale option is used only during the TCP 3-way handshake. The window scale value represents the number of bits to left-shift the 16-bit window size field. The window scale value can be set from 0 (no shift) to 14 for each direction independently. Both sides must send the option in their SYN segments to enable window scaling in either direction. Some routers and packet firewalls rewrite the window scaling factor during a transmission. This causes sending and receiving sides to assume different TCP window sizes. The result is non-stable traffic that may be very slow. The problem is visible on some sending and receiving sites which are behind the path of defective routers
TCP timestamps, defined in RFC 1323, help TCP compute the roundtrip time between the sender and receiver. Timestamp options include a 4-byte timestamp value, where the sender inserts its current value of its timestamp clock, and a 4-byte echo reply timestamp value, where the receiver generally inserts the most recent timestamp value that it has received. The sender uses the echo reply timestamp in an acknowledgment to compute the total elapsed time since the acknowledged segment was sent. TCP timestamps are also used to help in the case where TCP sequence numbers encounter their 232 bound and "wrap around" the sequence number space. This scheme is known as Protect Against Wrapped Sequence numbers, or PAWS (see RFC 1323 for details). Furthermore, the Eifel detection algorithm, defined in RFC 3522, which detects unnecessary loss recovery requires TCP timestamps.
The connection termination phase uses, at most, a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. A connection can be "half-open", in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into or receive any data from the connection, but the other side can (but generally if it tries, this should result in no acknowledgment and therefore a timeout, or else result in a positive RST, and either way thereby the destruction of the half-open socket). It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK. This is perhaps the most common method.
It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions. Some host TCP stacks may implement a "half-duplex" close sequence, as Linux or HP-UX do. If such a host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host will send a RST instead of a FIN (Section 22.214.171.124 in RFC 1122). This allows a TCP application to be sure that the remote application has read all the data the former sent - waiting the FIN from the remote side when it will actively close the connection. Some application protocols may violate the OSI model layers, using the TCP open/close handshaking for the application protocol open/close handshaking - these may find the RST problem on active close.
The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. UDP is sometimes called the Universal Datagram Protocol.
UDP uses a simple transmission model without implicit hand-shaking dialogues for guaranteeing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose.
UDP's stateless nature is also useful for servers that answer small queries from huge numbers of clients. Unlike TCP, UDP is compatible with packet broadcast (sending to all on local network) and multicasting (send to all subscribers). Common network applications that use UDP include: the Domain Name System (DNS), streaming media applications such as IPTV, Voice over IP (VoIP), Trivial File Transfer Protocol(TFTP) and many online games.
UDP applications use datagram sockets to establish host-to-host communications. Sockets bind the application to service ports, that function as the endpoints of data transmission. A port is a software structure that is identified by the port number, a 16 bit integer value, allowing for port numbers between 0 and 65,535. Port 0 is reserved, but is a permissible source port value if the sending process does not expect messages in response. Ports 1 through 1023 (hexadecimal 0x3FF) are named "well-known" ports and on Unix-like operating systems, binding to one of these ports requires superuser (root) access. Ports 1024 through 49,151 (0xBFFF) are the registered ports. Ports 49,152 through 65,535 (0xFFFF) are used as temporary ports primarily by clients when communicating to servers.
b i t s 0 3 2 6 4 0 - 15 Source Port Length 16 - 31 Destination Port Checksum Data
UDP is a minimal message-oriented Transport Layer protocol that is documented in IETF RFC 768. UDP provides no guarantees to the upper layer protocol for message delivery and the UDP protocol layer retains no state of UDP messages once sent. For this reason, UDP is sometimes referred to as Unreliable Datagram Protocol. UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the header and payload. If transmission reliability is desired, it must be implemented in the user's application.
The UDP header consists of 4 fields. The use of two of those is optional in IPv4 (pink background in table). In IPv6 only the source port is optional. Source port This field identifies the sending port when meaningful and should be assumed to be the port to reply to if needed. If not used, then it should be zero. Destination port This field identifies the destination port and is required. Length A 16-bit field that specifies the length in bytes of the entire datagram: header and data. The minimum length is 8 bytes since that's the length of the header. The field size sets a theoretical limit of 65,535 bytes (8 byte header + 65527 bytes of data) for a UDP datagram. The practical limit for the data length which is imposed by the underlying IPv4 protocol is 65,507 bytes. Checksum The 16-bit checksum field is used for error-checking of the header and data. The algorithm for computing the checksum is different for transport over IPv4 and IPv6. If the checksum is omitted in IPv4, the field uses the value all-zeros. This field is not optional for IPv6.
Lacking reliability, UDP applications must generally be willing to accept some loss, errors or duplication. Some applications such as TFTP may add rudimentary reliability mechanisms into the application layer as needed. Most often, UDP applications do not require reliability mechanisms and may even be hindered by them. Streaming media, real-time multiplayer games and voice over IP (VoIP) are examples of applications that often use UDP. If an application requires a high degree of reliability, a protocol such as the Transmission Control Protocol or erasure codes may be used instead.
Lacking any congestion avoidance and control mechanisms, network-based mechanisms are required to minimize potential congestion collapse effects of uncontrolled, high rate UDP traffic loads. In other words, since UDP senders cannot detect congestion, network-based elements such as routers using packet queuing and dropping techniques will often be the only tool available to slow down excessive UDP traffic. The Datagram Congestion Control Protocol (DCCP) is being designed as a partial solution to this potential problem by adding end host TCP-friendly congestion control behavior to high-rate UDP streams such as streaming media.
Comparison of TCP and UDP
Transmission Control Protocol is a connection-oriented protocol, which means that it requires handshaking to set up end-to-end communications. Once a connection is set up user data may be sent bi-directionally over the connection. Reliable TCP manages message acknowledgment, retransmission and timeout. Multiple attempts to deliver the message are made. If it gets lost along the way, the server will re-request the lost part. In TCP, there's either no missing data, or, in case of multiple timeouts, the connection is dropped. Ordered if two messages are sent over a connection in sequence, the first message will reach the receiving application first. When data segments arrive in the wrong order, TCP buffers the out-of-order data until all data can be properly re-ordered and delivered to the application. Heavyweight TCP requires three packets to set up a socket connection, before any user data can be sent. TCP handles reliability and congestion control. Streaming Data is read as a byte stream, no distinguishing indications are transmitted to signal message (segment) boundaries.
UDP is a simpler message-based connectionless protocol. Connectionless protocols do not set up a dedicated end-to-end connection. Communication is achieved by transmitting information in one direction from source to destination without verifying the readiness or state of the receiver. Unreliable When a message is sent, it cannot be known if it will reach its destination; it could get lost along the way. There is no concept of acknowledgment, retransmission or timeout. Not ordered If two messages are sent to the same recipient, the order in which they arrive cannot be predicted. Lightweight There is no ordering of messages, no tracking connections, etc. It is a small transport layer designed on top of IP. Datagrams Packets are sent individually and are checked for integrity only if they arrive. Packets have definite boundaries which are honored upon receipt, meaning a read operation at the receiver socket will yield an entire message as it was originally sent.
It is simply a naming system for servers and other internet resources in a network. It also associates various attributes to each of the resources.
The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed, fault tolerant, and helped avoid the need for a single central register to be continually consulted and updated. In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
Domain name formulation
The definitive descriptions of the rules for forming domain names appear in RFC 1035, RFC 1123, and RFC 2181. A domain name consists of one or more parts, technically called labels, that are conventionally concatenated, and delimited by dots, such as example.com. The right-most label conveys the top-level domain; for example, the domain name www.example.combelongs to the top-level domain com. The hierarchy of domains descends from right to left; each label to the left specifies a subdivision, ors ubdomain of the domain to the right. For example: the label example specifies a subdomain of the com domain, and www is a subdomain of example.com. This tree of subdivisions may consist of 127 levels. Each label may contain up to 63 characters. The full domain name may not exceed a total length of 253 characters. In practice, some domain registries may have shorter limits. DNS names may technically consist of any character representable in an octet (RFC 3696). However, the allowed formulation of domain names in the DNS root zone, and most other sub-domains, uses a preferred format and character set. The characters allowed in a label are a subset of the ASCII character set, and includes the characters a through z, A through Z, digits 0 through 9, and the hyphen. This rule is known as the LDH rule (letters, digits, hyphen). Domain names are interpreted in case-independent manner. Labels may not start or end with a hyphen, nor may two hyphens occur in sequence. A hostname is a domain name that has at least one IP address associated. For example, the domain names www.example.com and example.com are also hostnames, whereas the com domain is not.
The Domain Name System is maintained by a distributed database system, which uses the client-server model. The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root nameservers, the servers to query when looking up (resolving) a top-level domain name (TLD).
Authoritative name servers
An authoritative name server is a name server that gives answers that have been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers that were obtained via a regular DNS query to another name server. An authoritative-only name server only returns answers to queries about domain names that have been specifically configured by the administrator. An authoritative name server can either be a master server or a slave server. A master server is a server that stores the original (master) copies of all zone records. A slave server uses an automatic updating mechanism of the DNS protocol in communication with its master to maintain an identical copy of the master records. Every DNS zone must be assigned a set of authoritative name servers that are installed in NS records in the parent zone.
Recursive or caching name servers
In principle, authoritative name servers are sufficient for the operation of the Internet. However, with only authoritative name servers operating, every DNS query must start with recursive queries at the root zone of the Domain Name System and each user system must implement resolver software capable of recursive operation To improve efficiency, reduce DNS traffic across the Internet, and increase performance in end-user applications, the Domain Name System supports DNS cache servers which store DNS query results for a period of time determined in the configuration (time-to-live) of the domain name record in question. Typically, such caching DNS servers, also called DNS caches, also implement the recursive algorithm necessary to resolve a given name starting with the DNS root through to the authoritative name servers of the queried domain. With this function implemented in the name server, user applications gain efficiency in design and operation. The combination of DNS caching and recursive functions in a name server is not mandatory, the functions can be implemented independently in servers for special purposes.
The client-side of the DNS is called a DNS resolver. It is responsible for initiating and sequencing the queries that ultimately lead to a full resolution (translation) of the resource sought, e.g., translation of a domain name into an IP address. A DNS query may be either a non-recursive query or a recursive query: A non-recursive query is one in which the DNS server provides a record for a domain for which it is authoritative itself, or it provides a partial result without querying other servers. A recursive query is one for which the DNS server will fully answer the query (or give an error) by querying other name servers as needed. DNS servers are not required to support recursive queries. The resolver, or another DNS server acting recursively on behalf of the resolver, negotiates use of recursive service using bits in the query headers. Resolving usually entails iterating through several name servers to find the needed information. However, some resolvers function simplistically and can communicate only with a single name server. These simple resolvers (called "stub resolvers") rely on a recursive name server to perform the work of finding information for them.
Address resolution mechanism
Domain name resolvers determine the appropriate domain name servers responsible for the domain name in question by a sequence of queries starting with the right-most (top-level) domain label. A DNS recursor consults three nameservers to resolve the address www.vmware.com. The process entails: A system that needs to use the DNS is configured with the known addresses of the root servers. This is often stored in a file of root hints, which are updated periodically by an administrator from a reliable source. Query one of the root servers to find the server authoritative for the toplevel domain. Query the obtained TLD DNS server for the address of a DNS server authoritative for the second-level domain. Repeating the previous step to process each domain name label in sequence, until the final step which would, rather than generating the address of the next DNS server, return the IP address of the host sought.
Circular dependencies and glue records
Name servers in delegations appear listed by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. Since this can introduce a circular dependency if the nameserver referred to is under the domain for which it is authoritative, it is occasionally necessary for the nameserver providing the delegation to also provide the IP address of the next nameserver. This record is called a glue record.
Because of the large volume of requests generated in the DNS for the public Internet, the designers wished to provide a mechanism to reduce the load on individual DNS servers. To this end, the DNS resolution process allows for caching of records for a period of time after an answer. This entails the local recording and subsequent consultation of the copy instead of initiating a new request upstream. The time for which a resolver caches a DNS response is determined by a value called the time to live (TTL) associated with every record. The TTL is set by the administrator of the DNS server handing out the authoritative response. The period of validity may vary from just seconds to days or even weeks. As a noteworthy consequence of this distributed and caching architecture, changes to DNS records do not propagate throughout the network immediately, but require all caches to expire and refresh after the TTL. RFC 1912 conveys basic rules for determining appropriate TTL values. Some resolvers may override TTL values, as the protocol supports caching for up to 68 years or no caching at all. Negative caching, i.e. the caching of the fact of nonexistence of a record, is determined by name servers authoritative for a zone which must include the Start of Authority (SOA) record when reporting no data of the requested type exists. The value of the MINIMUM field of the SOA record and the TTL of the SOA itself is used to establish the TTL for the negative answer.
The term reverse lookup refers to performing a DNS query to find one or more DNS names associated with a given IP address. The DNS stores IP addresses in form of specially formatted names as pointer (PTR) records using special domains. For IPv4, the domain is in-addr.arpa. For IPv6, the reverse lookup domain is ip6.arpa. The IP address is represented as a name in reverse-ordered octet representation for IPv4, and reverse-ordered nibble representation for IPv6. When performing a reverse lookup, the DNS client converts the address into these formats, and then queries the name for a PTR record following the delegation chain as for any DNS query. For example, the IPv4 address 126.96.36.199 is represented as a DNS name as 188.8.131.52.in-addr.arpa. The DNS resolver begins by querying the root servers, which point to ARIN's servers for the 208.in-addr.arpa zone. From there the designated servers that are assigned for 152.80.208.in-addr.arpa are reached, and the PTR lookup completes by querying the nameserver for 184.108.40.206.inaddr.arpa, which results in an authoritative response.
Users generally do not communicate directly with a DNS resolver. Instead DNS resolution takes place transparently in applications programs such as web browsers, e-mail clients, and other Internet applications. When an application makes a request that requires a domain name lookup, such programs send a resolution request to the DNS resolver in the local operating system, which in turn handles the communications required. The DNS resolver will almost invariably have a cache (see above) containing recent lookups. If the cache can provide the answer to the request, the resolver will return the value in the cache to the program that made the request. If the cache does not contain the answer, the resolver will send the request to one or more designated DNS servers. In the case of most home users, the Internet service provider to which the machine connects will usually supply this DNS server: such a user will either have configured that server's address manually or allowed DHCP to set it; however, where systems administrators have configured systems to use their own DNS servers, their DNS resolvers point to separately maintained nameservers of the organization. In any event, the name server thus queried will follow the process outlined above, until it either successfully finds a result or does not. It then returns its results to the DNS resolver; assuming it has found a result, the resolver duly caches that result for future use, and hands the result back to the software which initiated the request.
An additional level of complexity emerges when resolvers violate the rules of the DNS protocol. A number of large ISPs have configured their DNS servers to violate rules (presumably to allow them to run on less-expensive hardware than a fully compliant resolver), such as by disobeying TTLs, or by indicating that a domain name does not exist just because one of its name servers does not respond. As a final level of complexity, some applications (such as webbrowsers) also have their own DNS cache, in order to reduce the use of the DNS resolver library itself. This practice can add extra difficulty when debugging DNS issues, as it obscures the freshness of data, and/or what data comes from which cache. These caches typically use very short caching times on the order of one minute. Internet Explorer offers a notable exception: recent versions cache DNS records for half an hour.
DNS resource records
A Resource Record (RR) is the basic data element in the domain name system. Each record has a type (A, MX, etc.), an expiration time limit, a class, and some typespecific data. Resource records of the same type define a resource record set. The order of resource records in a set, returned by a resolver to an application, is undefined, but often servers implement round-robin ordering to achieve load balancing. DNSSEC, however, works on complete resource record sets in a canonical order. When sent over an IP network, all records use the common format specified in RFC 1035 and shown below.
Field NAME TYPE CLASS TTL RDLENGTH RDATA
Name of the node to which (variable) this record pertains. Type of RR. For example, MX is type 15. Class code. Unsigned time in seconds that RR stays valid, maximum is 2147483647. Length of RDATA field. 2 2 4 2
Additional RR-specific data. (variable)
NAME is the fully qualified domain name of the node in the tree. On the wire, the name may be shortened using label compression where ends of domain names mentioned earlier in the packet can be substituted for the end of the current domain name. TYPE is the record type. It indicates the format of the data and it gives a hint of its intended use. For example, the A record is used to translate from a domain name to an IPv4 address, the NS record lists which name servers can answer lookups on a DNS zone, and the MX record specifies the mail server used to handle mail for a domain specified in an e-mail address(see also List of DNS record types). RDATA is data of type-specific relevance, such as the IP address for address records, or the priority and hostname for MX records. Well known record types may use label compression in the RDATA field, but "unknown" record types must not (RFC 3597). The CLASS of a record is set to IN (for Internet) for common DNS records involving Internet hostnames, servers, or IP addresses. In addition, the classes CH (Chaos) and HS (Hesiod) exist. Each class is a completely independent tree with potentially different delegations of DNS zones. In addition to resource records defined in a zone file, the domain name system also defines several request types that are used only in communication with other DNS nodes (on the wire), such as when performing zone transfers (AXFR/IXFR) or for EDNS (OPT).
Wildcard DNS records
The domain name system supports wildcard domain names which are names that start with the asterisk label, '*', e.g., *.example. DNS records belonging to wildcard domain names specify rules for generating resource records within a single DNS zone by substituting whole labels with matching components of the query name, including any specified descendants. For example, in the DNS zone x.example, the following configuration specifies that all subdomains (including subdomains of subdomains) of x.example use the mail exchanger a.x.example. The records for a.x.example are needed to specify the mail exchanger. As this has the result of excluding this domain name and its subdomains from the wildcard matches, all subdomains of a.x.example must be defined in a separate wildcard statement.
Types of routing
Static in this case the routes are manually entered into the system by the administrator. The advantage of this routing type is maximum computing resources are saved but are conditioned. Networks have to be prepared for disaster, by additional planning. For larger networks, static routing is avoided. Dynamic routing software like OSPF, BGP are used to fill up the routing table. Default this is simply means providing a default route to each resource.
Three most important parameters of routing
Subnet mask of the destination network
IP address of the next hop
-Can be used as a trump Card -Destination network----0.0.0.0 Subnet Mask----0.0.0.0 ExampleDestination/Remote N/w 192.168.10.0 0.0.0.0 Subnet Mask 255.255.255.0 0.0.0.0 Next Hop 192.168.10.5 192.168.10.5
In computer networking, unicast transmission is the sending of messages to a single network destination host on a packet switching network. The term unicast is formed in analogy to the term broadcast which means transmitting the same data to all possible destinations. Another multidestination distribution method, multicasting, sends data only to interested destinations by using special address assignments. Unicast messaging is used for all network processes in which a private or unique resource is requested.
In computer networking, broadcasting refers to transmitting a packet that will be received (conceptually) by every device on the network. In practice, the scope of the broadcast is limited to a broadcast domain. Contrast unicasting and multicasting. Not all computer networks support broadcasting; for example, neither X.25 nor frame relay supply a broadcast capability, nor is there any form of Internet-wide broadcast. Broadcasting is largely confined to local area network (LAN) technologies, most notably Ethernet and Token Ring, where the performance impact of broadcasting is not as large as it would be in a wide area network. Both Ethernet and IPv4 use an all-ones (255.255.255.255) broadcast address to indicate a broadcast packet. Token Ring uses a special value in the IEEE 802.2 control field. Due to its "shotgun" approach to data distribution, broadcasting is being increasingly supplanted by multicasting. For example, IPv6 supports neither directed broadcasts nor local broadcasts.
Multicast addressing is a network technology for the delivery of information to a group of destinations simultaneously using the most efficient strategy to deliver the messages over each link of the network only once, creating copies only when the links to the multiple destinations split. The word "multicast" is typically used to refer to IP multicast which is often employed for streaming media and Internet television applications. In IP multicast the implementation of the multicast concept occurs at the IP routing level, where routers create optimal distribution paths for datagrams sent to a multicast destination address spanning tree in real-time. At the Data Link Layer, multicast describes one-to-many distribution such as Ethernet multicast addressing, Asynchronous Transfer Mode (ATM) point-to-multipoint virtual circuits or Infiniband multicast.
Anycast is a network addressing and routing scheme whereby data is routed to the "nearest" or "best" destination as viewed by the routing topology. The term is intended to echo the terms unicast, broadcast and multicast. In unicast, there is a one-to-one association between network address and network endpoint: each destination address uniquely identifies a single receiver endpoint. In broadcast and multicast, there is a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, to which all information is replicated. In anycast, there is also a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, but only one of them is chosen at any given time to receive information from any given sender.
Dynamic routing algorithms
Distance vector algorithm - This approach assigns a number, the cost, to each of the links between each node in the network. Nodes will send information from point A to point B via the path that results in the lowest total cost (i.e. the sum of the costs of the links between the nodes used). Link state algorithm Each router independently determines the path of least cost using a fundamental data map of the network. Path vector algorithm - Distance vector and link state routing are both intra-domain routing protocols. Path vector routing is used for inter-domain routing. It is similar to Distance vector routing.
BACKBONE AND FRONTLINE TECHNOLOGIES
Ethernet operates by contention. Device sharing an ethernet LAN listens for transmissions on the wire and waits before transmitting a message until the line is clear. If two stations transmit at the same time and the packets collide, then both transmissions are aborted and the stations wait for a random period of time before transmitting again. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the algorithm used to detect traffic, sense collisions and abort transmissions. It is like a traffic cop for what would otherwise have been random traffic.
Gigabit and 10 Gigabit Ethernet
Gigabit ethernet is a 1000 Mbps extension of the ethernet standard. It is also called the 1000BaseX in reference to the specification of the copper or fiber cabling. Gigabit ethernet is ATM s competitor to replace FDDI as the backbone network technology. Gigabit ethernet can also support WAN connection. And can use variable packet sizes ranging from 64 bytes to 1518 bytes per frame.
Token ring uses a token passing protocol to regulate flow of traffic in the network by passing a frame called a token around in a logical circle. Only the host in possession of the token can transmit data. In effect, Token Ring trades off wait time for collisions. Tests show that Token Ring can use upto 75% of the raw bandwidth as opposed to ethernet s theoretical maximum of 37%. However, Token Ring starts to pay off only at a high traffic volume.
Fiber Distributed Data Interface uses 100 Mbps optical cabling and a token passing architecture like Token Ring yielding very high effective bandwidth. FDDI has two logical rings one primary and a secondary. When the primary ring fails, the machines closest to the break point join the primary and the secondary ring to complete the logical circle, isolating the broken resource completely.
Asynchronous Transfer Mode is a cell based architecture dependent on virtual circuits. A cell is a fixed length message unit of 53 bytes unlike frames. The virtual circuit actually creates a virtual point-to-point connection to the receiving station which in turn knows about the transfer. A cell also ensures that the hardware involved exactly knows where the header ends reducing process overhead and increasing speed. ATM can run upto 40 Gbps. Predictable packet length and virtual circuits guarantee service levels to critical traffic.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.