Transport and Internetwork Layer Protocols and Architectures
TCP/IP Protocols and Architectures
IFN507 – Lecture 6
1
Outline
TCP/IP Architecture Model and the Transport Layer
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Address Resolution Protocol (ARP)
Internet Control Message Protocol (ICMP)
2
2
TCP/IP Architecture Model and the Transport Layer
3
Network Architecture Models
The Open System Interconnection (OSI) reference model
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite model
4
4
TCP/IP Architecture Model
The TCP/IP model with 4 layers was created by the Department of Defense of the US in 1970s.
The TCP/IP model describes general guidance for designs and implementations of specific networking protocols for intercommunications
TCP/IP specifies how data should be formatted, addressed, transmitted, routed and received at the destination for end-to-end connectivity.
5
TCP/IP’s Architecture Model
6
TCP/IP’s Layered Architecture
6
The TCP/IP Core Protocols
The core protocols in TCP/IP suite
TCP – Transmission Control Protocol
IP – Internet Protocol
Operate in Transport and Network layers of the OSI model
Provide basic services to protocols in other layers
7
7
8
8
Role of the Transport Layer
Responsible for end-to-end communications
Reliability
Interface between the application and the lower layers
Transport layer includes 2 protocols:
Transmission Control Protocol (TCP)
A connection-oriented protocol and is designed for reliable transfer of information
User Datagram Protocol (UDP)
A Connectionless protocol and is designed for efficient communication of generally small amounts of data
9
Working with Segments and Datagrams
10
Transport-layer protocols work with units of data called segments (TCP) or datagrams (UDP)
Both TCP and UDP add a header to payload
The Transport-layer protocol then passes the segment to the Internetwork protocol (IP)
With incoming data, the Transport-layer receives the segment from the Internetwork protocol, processes it, decapsulates it and sends the resulting data up to the Application layer
Identifying Source/Destination Processes/Applications
11
A port number is a way to identify a specific process/application to which an Internet or other network message is to be forwarded when it arrives at a server.
For TCP and UDP, a port number is a 16-bit integer that is put in the header appended to a message unit. TCP and UDP use port numbers to specify the source and destination Application-layer protocols
Detect Data integrity with
a Checksum mechanism
To protect data integrity, TCP and UDP provide a checksum like a cyclic redundancy check (CRC)
CRC is an error-detecting code
Intermediate nodes don’t recalculate the checksum in the Transport layer, so if data corruption occurs during transmission, the final receiving host detects the checksum error and discards the data
12
Process-to-Process Communications
IP is for host-to-host communications
Transport layer protocols such as TCP/UDP are for delivery of the message to the appropriate application program, i.e.,
process-to-process communications
A computer may be running several programs at the same time. To make every connection unique, we need to use
the IP address and the port number to establish a unique identifier on a machine,
i.e., to define a socket, end point or socket address
13
Socket Addresses – Unique Connections
14
Every connection has 2 sockets or endpoints:
Source IP: Source port, e.g.,
131.181.143.129:2525
Destination IP: Destination port e.g.,
131.181.118.220: 80
The connection creates a unique virtual channel.
The use of ports allow devices to run multiple services/applications
131.181.1.1:80
(Web services)
131.181.1.1:25
(Email services)
131.181.200.1:6000
(The client talks to the Web server)
131.181.200.1:8000
(The client talks to the Email server)
Client socket address
131.181.200.1: 6000
131.181.200.1: 8000
Server socket address
131.181.1.1: 80
131.181.1.1: 25
IP address + port number = Socket
An IP address alone is not sufficient for running network applications,
as a host can run multiple applications and/or services.
15
15
Port Numbers
Port number range: 0 to 65535
Three types
Well Known Ports
Range: 0 to 1023
Operating system or administrator use
Registered Ports
Range: 1024 to 49151
Network users, processes with no special privileges
Dynamic and/or Private Ports
Range: 49152 through 65535
Normally for a client use
No restrictions
16
16
Courtesy Course Technology/Cengage Learning
17
17
TCP
Transmission Control Protocol
18
TCP Features
19
19
Error Control
To retransmit lost segments, TCP uses retransmission timeout (RTO).
When TCP sends a segment the timer starts and stops when the acknowledgment is received.
Flow Control
Ensures destination doesn’t become overwhelmed.
Retry Mechanism
Can retransmit if no acknowledgment has been received.
Checksum to detect errors.
Only a certain amount of data can be sent at one time, controlled by a Sliding Window mechanism.
TCP features (cont.-)
20
TCP is a connection-oriented protocol
Before data transmission:
It establishes a three-way handshake process with the destination, then data is transferred
After data transmission:
The connection is terminated by a four-way handshake process
TCP offers full-duplex service
Data can be carried in both directions at the same time
Source port address
(16 bits) Destination port address
(16 bits)
Sequence number
(32 bits)
Acknowledgement number
(32 bits)
Data Offset
(4 bits) Reserved
(3 bits) NS CWR ECE URG ACK PSH RST SYN FIN Window size
Checksum
(16 bits) Urgent pointer
(If URG set, 16 bits)
Options and Padding
TCP header
TCP Header
21
TCP Header Fields
16-bit SOURCE PORT field
Identifies the sending port
16-bit DESTINATION PORT field
Identifies the receiving port
32-bit SEQUENCE NUMBER field
Defines the 1st byte number of this datagram
The numbering does not necessarily start from 0
32-bit ACKNOWLEDGEMENT NUMBER field
Indicates explicitly that a specific set of data received successfully
Indicates the next byte expected sequence number from the other side of the communication
22
TCP Header Fields (cont.-)
9-bit Control BITS field:
A set of 6 standard and 3 extended control flags
indicates the purpose and contents of the segment
(U) URG Informs the recipient that certain data within a segment is urgent and should be prioritized. The recipient evaluates the urgent pointer.
(A) ACK Indicates that the device sending the segment for an acknowledgment
(P) PSH Requests a push to send immediately
(R) RST Resets the connection
(S) SYN Indicates that the segment is being used to initialize a connection
(F) FIN Indicates no more data from sender
23
TCP Header Fields (cont.-)
16-bit WINDOW field –
Indicates the size of the TCP receiver buffer in bytes
CHECKSUM 16-bit checksum field:
For the integrity of the header and data
URGENT POINTER 16-bit field
It is used with the URGENT flag to point to the end of urgent data sent in a segment
24
The Three Stages of a TCP Connection
25
1. Connection establishment with a 3-way handshake
2. Data transfer
3. Connection termination with a 4-way handshake
Connection establishment with
a 3-way handshake
Because TCP is connection oriented, it needs to first initialise a virtual connection
TCP uses 3-way handshake to initialise and synchronise the connection
This connection remains open for the duration of the interaction between the two ends
26
Connection establishment with
a 3-way handshake (cont.-)
27
27
A client (A) sends a TCP synchronization (SYN) segment to the destination device (B), usually a server
A destination port is specified, and a source port is assigned dynamically
Use 3 segments establish a TCP connection
Segment 1: A issues a message to B for initialization
Segment 2: B sends a message to A for initialization and acknowledgement
Segment 3: A sends an acknowledgement to B
Connection establishment with
a 3-way handshake (cont.-)
Seq: 8000
S
Seq: 15000
Ack: 8001
A S
Seq: 8001
Ack: 15001
A
SYN
segment
Server
Client
(1) Request for
connection
(2) Response
(3) Connection
established
Time
Time
SYN-ACK
segment
ACK
segment
Simplified segment fields
28
Connection establishment with
a 3-way handshake (cont.-)
29
Handshake Message 1:
The client sends to the server the first segment – with a SYN segment
Only the SYN bit is set, ACK bit is NOT set
The value of the sequence number field in this segment is called the Initial Sequence Number (ISN)
The SYN segment is a control segment and carries no data
It consumes one sequence number data transfer from client to server start with sequence number ISN +1
Connection establishment with
a 3-way handshake (cont.-)
30
Handshake Message 2:
The server responds to the client with a SYN-ACK segment
Both the SYN and ACK bits are set
The segment serves the following functions
The segment provides the ISN for communications from server to client
ISN is incremented for the first data transfer
The segment provides acknowledgement of the receipt of the SYN segment sent by the client
Connection establishment with
a 3-way handshake (cont.-)
31
Handshake Message 3:
The client replies with an ACK segment
ACK bit set
The segment provides an acknowledgement to the servers’ SYN-ACK segment
The sequence number in this segment is the sequence number added by 1 that is in the client’s initial SYN segment (or as same as the acknowledgement number in the server’s SYN-ACK segment)
TCP Data Transfer
Receipt of data must be acknowledged with an ACK that specifies the byte number that the receiver is expecting to receive from the sender
To use sequence number tracking to identify the amount of data transferred and any out-of-order packets
Seq: 8001
Ack: 15001
A
Data
Byes: 8001-9000
Server
Client
Seq: 15001
Ack: 9001
A
Data
Byes: 15001-16000
Seq: 9001
Ack: 16001
A
Simplified segment fields
32
TCP Connection Termination:
4-Way Handshake
Four segments need to be exchanged to terminate a TCP connection
Since a TCP connection is full-duplex, data may flow independently in each direction
Each direction must shut down independently TCP half-close
Each half-close requires a FIN and ACK segment to be sent.
33
TCP Connection Termination:
4-Way Handshake
Seq: x
Ack: y
F
Seq: y
Ack: x +1
A
FIN
ACK
Server
Client
FIN
ACK
Seq
Ack
F
Seq
Ack
A
34
UDP
User Datagram Protocol
35
UDP (User Datagram Protocol)
Connectionless transport protocol
Data delivery services is unreliable
Simple
Useful situations
Great volume of data transferred quickly
36
36
Courtesy Course Technology/Cengage Learning
37
37
Features of UDP
No connection handling
Each datagram is an independent message that the sender transmits without UDP providing any way to establish, manage, or close a connection
No delivery guarantees
Datagrams are not sequenced and are not acknowledged
Datagrams are sent without any promise of delivery
Application layer must provide tracking and retransmission mechanisms
No error checking
No guarantee that packets are received at all
38
Format of UDP Messages
Each UDP message is called a user datagram
Has a fixed size header of 8 bytes
16-bit SOURCE / DESTINATION PORT fields
Port number (between 0 and 65535)
Well-known ports 0 ~1023
Client host’s operating system may randomly choose a port to communicate with a server
Checksum is optional for IPv4
Source port number
(16 bits) Destination port number
(16 bits) Total length
(16 bits) Checksum
(16 bits)
Payload
(data)
UDP header
39
39
Applications based on UDP
UDP is used while error checking and correction is performed by the application, such as
Domain Name System (DNS)
Dynamic Host Configuration Protocol (DHCP)
Trivial File Transfer Protocol (TFTP)
IPTV
Voice over IP (VoIP)
Real Time Streaming Protocol
Routing Information Protocol (RIP)
Simple Network Management Protocol (SNMP)
40
ARP
Address Resolution Protocol
41
41
What Does ARP Do?
ARP is used to resolve used to resolve a logical (IP) address to physical (MAC) address for local area network communication.
Operates at both layers 2 and 3 of the OSI model (Layer 2.5)
Every frame contains both physical (MAC) and logical (IP) source and destination addresses
When a packet is ready to be sent to the Network access layer, the destination device’s MAC address must be retrieved before the frame header can be constructed
The source device needs to obtain the MAC address of the destination device to deliver data.
42
What messages does ARP use?
An ARP is a request/reply pair of transmissions on the local network
The originator transmits a broadcast requesting the hardware address of the target host
The target host then replies unicast back to the originator with the hardware address of the target host
43
General operation of ARP
When an originator on an IP-based network has an IP datagram to send to a target host.
It will first check if the target host’s MAC address is in the ARP cache or not, then start the required address resolution process. If the target host is on the same network:
Then it will send a broadcast ARP request to the network and wait for the ARP reply
If the target host is NOT located on the same network
it will send the datagram to one of the default gateway (router) on the network for forwarding data
44
ARP Cache
To avoid sending an ARP request every time an IP packet is sent, devices store learned the mapping of the IP address-MAC address in an ARP cache, a temporary location in RAM.
ARP cache entries are not kept indefinitely. Most devices keep an ARP entry for only a few minutes after it is last used to avoid storing outdated information, which could result from a changed NIC or IP address.
An ARP request is sent as a broadcast message, so that every host on that network records the mapping of requesters’ IP and MAC addresses to its ARP cache table for future reference
45
ARP Frame Format
A MAC (hardware) address is 48 bits long, expressed as 12 hexadecimal digits
The 1st six hexadecimal digits assigned by IEEE to identify manufacturer or vendor, organizational Unique Identifier (OUI)
Remaining 6 hexadecimal digits are assigned by the specific vendor interface serial number
FF:FF:FF:FF:FF:FF is used as Broadcast MAC Address.
0 7 8 15 16 23 24 31
Hardware Type (e.g. Ethernet =1) Protocol Type (network layer protocol)
Hardware Address length Protocol length Operation (Request = 1, Reply = 2)
Sender Hardware Address (48 bits = 6 bytes)
Target Hardware Address (Empty in request)
Target IP address (32 bits)
46
ARP Request
ARP is a two-step process: a request and a reply.
Within a network, when a host (originator) – A, begins a conversation with a target host – B
A is aware of B’s IP address but does not have the B’s MAC address. A is unable to send a unicast frame to B.
A sends an ARP broadcast frame to request B’s MAC address. Since it is a broadcast, all hosts on the network receives the ARP request.
All hosts scan the content of the ARP request to determine if they are the intended target. The hosts which are not the intended target discard the broadcast frame.
47
ARP Reply
B is the target of the ARP Request. It sends an ARP Reply back to A. Since B knows who sent the initial ARP Request, it can send the ARP Response unicast, directly back to A.
48
ARP Capture
Request & Reply
Request
Reply
49
Direct delivery (A B)
A sends out a broadcast ARP request message
B, C, and D receive this broadcast message
Only B responds with a unique ARP reply message
A
B
Switch
C
D
50
Indirect delivery (A C)
A sends out a broadcast ARP request message to request the router’s MAC address
The router responds with an ARP reply message via unicast
The router upholds the received data and then processes the relay
The router sends out a broadcast ARP request to request for C’s MAC address
C responds with an ARP reply message via unicast
The router re-packages the data (Layers 3 and 2) and then forward the frame to C
A
B
Switch
C
Switch
2 x ARP processes
51
10.0.0.4
10.0.0.5
10.0.0.3
10.0.0.1
ARP message
ARP Broadcast
ARP Reply
ARP
Resolving the MAC Address from the IPv4 Address
A unicast reply message:
“My MAC is
0012 3122 56 77”
Not me!!
Not me!!
Not me!!
A broadcast request message “What is your MAC address, 10.0.0.5?”
10.0.0.2
52
ICMP
Internet Control Message Protocol
53
When Communications Go Wrong
The destination host is unreachable
the IP address is wrong, or the host does not exist
The destination port is unknown
There is no application that matches the TCP port number
The destination network is unknown
IP address is wrong
A datagram on the network is too long
Time to Live value expires
Congestion occurs at intermediate routers…
54
54
Character of ICMP
ICMP reports errors, but does not correct errors
ICMP always reports back to the originator
Generally, IP does not keep track of which routers have been
Error correction is left to high-level protocols
Value of protocol field is 1 for ICMP messages
ICMP messages include first 8 bytes (data area) of problem datagram to allow originator to identify the cause of the problem
55
55
Where is ICMP Positioned
ICMP is a network layer protocol
Companion to IP
ICMP
ARP
IP
56
56
ICMP Encapsulation
ICMP messages are encapsulated inside of IP datagrams before going down to the data link layer
IP Header
ICMP header + data = IP data
Frame Header
Frame data
Trailer
57
Types of ICMP
58
ICMP
Error
Reporting
Destination
Unreachable
Source
Quench
Time
Exceeded
Param
Problem
Redirect
Query
Echo
Timestamp
…
…
ICMP
Assists the diagnosis of some network problems
Often occurs in pairs: queries and replies
Assists in obtaining specific information from routers/hosts
Is used by routers and hosts
Performs error reporting and query/reply for the Internet Protocol
Returns error messages back to the originator
Reports errors
Invalid IP address
Invalid port address
TTL=0 of the packet
…
Applications
ping
tracert
59
59
Destination Unreachable
When a router cannot forward a datagram, it sends a destination unreachable message to the originator and then discards the datagram.
Code Meaning
0 Network is unreachable – possible hardware failure – generated by routers
1 Host is unreachable – possible hardware failure – generated by routers
2 Protocol is unreachable – upper layer protocol data is destined for cannot be reached for delivery – generated by destination host
3 Port is unreachable – application program process not currently running
4 Fragmentation required for routing but DF (do not fragment) bit is set by sender
60
60
If a router doesn’t know how to get to the final network
61
Time-Exceeded
Incorrect configurations can lead to packets traveling in endless loops (routing cycle)
The ICMP Time Exceeded message is issued:
When a packet is sent, its TTL is decremented by 1 at each hop. If the TTL reaches 0, the packet is dropped. The router that dropped the IP packet for which the TTL reached 0 sends a Time-Exceeded message to the originator
If destination does not receive all fragments in a set time, it drops any received fragments and sends a Time-Exceeded message back to the originator
62
62
Echo Request/Reply
A host or router that receives an echo-request message creates an echo-reply message and returns it to the originator
echo-request and echo-reply messages can be used to help diagnose some network problems
e.g., communication status between two devices
Testing destination reachability and providing status is achieved by invoking a ping command
Creates a series of echo-request and echo-reply messages providing statistical information
63
ICMP applications – ping and tracert utility
64
64
traceroute and tracert
65
65
Traceroute shows the path how a packet traverses to its destination
It provides names of all intermediate routers of the path
It determines the path by sending a series of packets with TTL fields of 1, 2, 3, 4 etc.
It causes each intermediate router on the path to send a Time-Exceeded message back to originator
Illustration: TTL=1
IP
TTL=1
IP
TTL=0
A
B
Router X
ICMP
Time Exceeded
Create a probe packet
Router Y
Router Z
Packet will be discarded
P7.66
Illustration: TTL=2
IP
TTL=2
IP
TTL=1
IP
TTL=0
A
B
ICMP
Router X
Router Y
Router Z
Create a probe packet
Packet will be discarded
P7.67
Illustration: TTL=3
IP
TTL=3
IP
TTL=2
IP
TTL=1
IP
TTL=0
A
B
ICMP
Router X
Router Y
Router Z
Create a probe packet
P7.68
Illustration: TTL=4
IP
Hop Limit=4
IP
Hop Limit =3
IP
Hop Limit=2
IP
TTL =1
A
B
Router X
Router Y
Router Z
Create a probe packet
P7.69
Summary – ICMP
ICMP provides a way to report errors to originator
ICMP provides:
Error information – delivery errors
IP routing behavior
Reachability
ICMP reports on errors, but it is up to the IP host that receives the incoming ICMP messages to act on the reported error
70
End of Lecture
.MsftOfcThm_Accent1_Fill_v2 {
fill:#4472C4;
}
.MsftOfcThm_Accent1_Stroke_v2 {
stroke:#4472C4;
}
.MsftOfcThm_Accent1_Fill_v2 {
fill:#4472C4;
}
.MsftOfcThm_Accent1_Stroke_v2 {
stroke:#4472C4;
}
.MsftOfcThm_Accent2_Fill {
fill:#333399;
}
/docProps/thumbnail.jpeg