Chapter 2 - TCPIP Communications

Chapter 2: TCP/IP Communications

Objectives

The objectives of this chapter are as follows:

Introduce the TCP/IP and OSI communication models.

Define the protocols of the TCP/IP protocol suite.

Explore the addressing schemes used by the different layers of the TCP/IP protocol suite.

Examine how the protocols and reference tables maintained by the protocols cooperate to transport a packet through an internetwork.

Serve as a technology primer. (Chapter 3 deals with the practical aspects of implementing the protocols discussed here on Cisco router equipment.)

What Is TCP/IP?

TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of network protocols. TCP and IP are only two of the protocols within this suite; they are, however, two of the most important. A protocol specification is comparable to a language. As with any spoken language, there are rules regarding the meaning of certain sounds, and which words signal the beginning or ending of a conversation.

TCP/IP is a set of rules that can be considered computer language, equivalent in human terms to English or French. Just as a human who speaks only English and a human who speaks only French will find it difficult to have a meaningful conversation, so a computer that speaks only TCP/IP will have difficulty exchanging information with a computer that speaks only Novell's IPX.

With TCP/IP enabled, computers using dissimilar operating systems are able to exchange data in an orderly fashion.

The most commonly quoted model for describing data communications is the Open Systems Interconnection (OSI) model. This seven-layer model was defined for the OSI set of protocols and gives us a framework for examining the roles and responsibilities of each protocol within the TCP/IP suite. Throughout the remainder of this book, protocols will be referred to as belonging to a specific OSI model layer, such as layer 2 or layer 3. The following gives a brief definition of the OSI model and then compares it to the Department of Defense four-layer data communications model that originally was used to classify protocols within the TCP/IP protocol suite. In order for you to communicate effectively with network engineers, you need at least a basic understanding of this OSI model.

The OSI Data Communications Model

The OSI Reference Model provides a model for computer networking. The OSI Reference Model was defined by the International Standards Organization (ISO) and consists of seven layers. Each layer has a task to perform. The layers are: Application, Presentation, Session, Transport, Network, Data Link, and Physical. The layers from Application through Network generally are implemented in software. The Data Link and Physical layers are implemented with both hardware and software. Table 2.1 outlines the responsibilities of these seven layers.

Table 2.1: OSI Reference Model Layer Definitions

Layer

Description

Layer 7: Application layer

The Application layer consists of application programs and the user interface. It is through features in this layer that all exchange of meaningful information occurs between users.

Layer 6: Presentation layer

The Presentation layer defines the representation of data, so that data is exchanged in an understandable format.

Layer 5: Session layer

The Session layer sets up and terminates communications on the network. It also manages the dialogue between users and systems. It is at this level that user and machine names are interpreted.

Layer 4: Transport layer

The Transport layer controls the quality and reliability of the data transmission. Packets are sequenced and acknowledged at this layer. An example of a layer 4 protocol is TCP.

Layer 3: Network layer

The Network layer routes data through the network. It allowsany properly configured pair of nodes on an internetwork to communicate. The Network layer calculates routes and controls congestion. An example of a layer 3 protocol is NetWare's IPX.

Layer 2: Data Link layer

The Data Link layer packages and unpackages data for transmission across a single link. It deals with data corruption (through checksumming) and coordination of shared media. An example of a layer 2 protocol is Ethernet.

Layer 1: Physical layer

The Physical layer establishes the physical connection betweena computer and the network. It also controls the transmission of information and specifies the mechanical and electrical characteristics of the protocol in terms of connector size, pin assignments, and voltage levels. An example of a layer 1 protocol is RS-232.

The concept behind this model of network computer communication is that, at the Application layer, an application will want to send some data to another application residing on another machine on the network. An example may be a workstation mail program wishing to send mail to another user via a mail server. The workstation mail application has to take the text of the message to be sent and package it in some way with an address of its destination. This information must somehow be encoded into electrical signals representing binary 1s and  0s that can be transmitted over a network cable.

In this example, the application at layer 7 will define what text has to be sent. To reach its destination on another machine, the message must descend through the layers of this model, through software layers, through the network card and cable hardware, across a network cable of some kind, and ascend through the corresponding layers on the destination machine to the destination application.

As the message descends through the layers, it looks less like human language and more like the 1s and 0s that a computer understands.

The terminology used by the ISO to describe this process is as precise and as abstract as one would expect of a large international committee. It will be used in this example for the sake of clarification.

The two key ideas to absorb from the following discussion are that each layer will only "talk" to its corresponding layer on another machine, and each layer encapsulates information from the layer above as the message descends through the layers for transmission.

The message that each layer on the sending machine will send to its corresponding layer on the receiving machine is termed a Protocol Data Unit (PDU). The message that passes between layers on the same machine is called a Service Data Unit (SDU). To make it clear about which type of data unit we are talking, each PDU and SDU has a prefix attached. For example, referring to Fig. 2-1, consider the Transport layer sending a Transport PDU from the sending to the receiving machine. To get the TPDU from the sending to the receiving machine, the sending machine's Transport layer sends a Network SDU to its Network layer. The Network layer passes an LSDU to the Data Link layer, which passes a PhSDU to the Physical layer for transmission on to the network cable.

At the receiving machine, the process is reversed, until the Network layer sends a Network SDU to the Transport layer, at which point we can say that the receiving machine's Transport layer has received a TPDU from the sending machine.

An important concept about this layered model is that as the information passes down through the layers, the software responsible for each layer will add its own header information. This concept is referred to as encapsulation; each layer is said to encapsulate the information from a higher layer.

Figure 2-1: Units of communication described in the OSI data communications model

Consider Fig. 2-2. Using the example of a mail message, "Hello Fred," that is sent from the sending machine to the receiving machine, we can describe the communications process as follows:

Figure 2-2: Encapsulation through the layers of the OSI model

The "Hello Fred" message, along with other Application data, will be delivered to the layer 6 protocol as a PSDU. The layer 6 protocol adds its header information and passes an SSDU down to the layer 5 protocol. The layer 5 protocol cannot interpret the layer 6 header or anything else in the SSDU, and treats all of the SSDU as user data. To pass a TSDU to the layer 4 protocol (the Transport layer), the layer 5 protocol adds a layer 5 header in front of the SSDU, and this process continues until a PhSDU is given to the Physical layer, where binary 1s and 0s are converted into electrical signals for transmission over the network media.

At the receiving machine, the electrical signals are translated into 1s and 0s by the Physical layer, and the layer 2 (Data Link) protocol interprets these 1s and 0s as frames, removes the layer 2 header generated by the sending machine's layer 2 protocol, and passes an LSDU up to its Network layer. Again, this process of each layer removing its own header and passing the information upwards continues until "Hello Fred" and the other Application data are delivered to the receiving machine's Application layer.

The ISO designed protocols for all layers in this model. These protocols, however, have not become as widely quoted or used as the model that defines their operation. The main reason for this is that the TCP/IP protocol suite was already defined, in widespread use, and proven to work well in many environments.

Next we look at how the Department of Defense in the United States defined a model for computer communications and implemented this model with the TCP/IP protocol suite.

Department of Defense Model

The Department of Defense (DoD) has defined a four-layer networking model. Each layer of this model consists of a number of protocols that are collectively referred to as the TCP/IP protocol suite.

The specifications for each protocol within the TCP/IP suite are defined within one or more Requests for Comments (RFC). The RFCs are submitted by various Internet users who are proposing new protocols, suggesting improvements of existing protocols, or even offering comments on the state of the network. These documents are online on various systems on the Internet, and are available to anyone.

Table 2.2 shows the DoD's four-layer model. You can see that the layers of the DoD model do not precisely match those of the OSI model. For example, in DoD terms IP is a layer 2 protocol, whereas in OSI terms it is a layer 3 protocol. Throughout the rest of this book, when a protocol function is referred to as belonging to a particular layer, it is the OSI layer definition that is used.

Table 2.2 : The DoD Data Communications Model

Layer

Description

Layer 4: Application layer

The Application layer consists of application programs and serves as the window, or network interface. It is through this window that all exchange of meaningful information occurs between communication users. Examples includes Telnet and SMTP.

Layer 3: Host-to-Host Transport layer

Provides end-to-end data delivery services. The

protocols at this layer are TCP and UDP.

Layer 2: Internet layer

Defines the datagram or frame format and handles

routing data through an internetwork. Examples

include IP and ICMP.

Layer 1: Network Access layer

Defines how to access a specific network topology such as Ethernet or Token-Ring.

Application Layer.     Several protocols make up the Application layer of the TCP/IP suite. This layer of the TCP/IP protocol suite corresponds roughly to the Application, Presentation, and Session layers of OSI Reference Model. The protocols implemented at the Application layer are:

Telnet  This a terminal emulation service that provides remote login over the network.

FTP  File Transfer Protocol is used for interactive file transfer.

NFS  The Network File System allows directories on a host computer to be shared by other machines on the network.

Each application normally requires two separate programs: a client program and a server program (often referred to as a daemon).

The daemon program runs in the background on the host server and may start when the system starts. More often, daemon programs are started by the INETD process, which starts and stops these programs as required by the system. A user, on the other hand, executes the client program to gain access to the server.

As we shall see, some Application layer protocols use different Transport layer protocols; for example, Telnet and SMTP rely on TCP, whereas RIP and DNS rely on UDP.

Host-to-Host Transport Layer.     The Host-to-Host Transport layer is often referred to simply as the Transport layer; for convenience, I will do this also. This layer is responsible for delivering packets between the Internet layer and an application. An important concept in the world of TCP/IP communications is that of port numbers (sometimes referred to as socket numbers). Each application running in the computer will be given a unique port number at the Transport layer.

This can be thought of as the application's address within the host machine. The most common port numbers assigned can be viewed on any Unix machine in the /etc/services file. This file lists common applications, and which Transport layer protocol and port number each application uses.

The network guarantees that all packets sent will be delivered in the correct order, without loss or duplication. If this is not possible, the network will terminate the call.

If a network becomes overly busy, future call requests are refused in order to preserve the integrity of existing calls.

Thus it is not possible to send a broadcast packet using a connection-oriented protocol. By definition, a broadcast packet is sent to multiple hosts on the same network. The first thing a connection-oriented protocol tries to do is contact the intended destination machine and see if it will accept new calls. In a properly designed network addressing scheme, no computer will claim to own a broadcast address.

The second type of protocol at the Transport layer is a connectionless protocol, which in the case of TCP/IP is the User Datagram Protocol (UDP). A connectionless protocol transmits its data onto the network with a destination address, and assumes that it will get there. This is similar to using the postal service. The network does its best to deliver the data intact and in the correct order, but if multiple paths exist between sender and receiver, out-of-sequence packet delivery is likely. Connectionless protocols assume that the application running in the Application layer takes care of these things.

The choice of using a connection-oriented or a connectionless protocol is not always as straightforward as it might seem. A connection-oriented protocol may seem attractive because of the guarantees it gives, but often the overhead (particularly in terms of packet acknowledgment) can make certain system implementations impossible. It is generally an application developer issue and will not be discussed further here.

Transmission Control Protocol (TCP).     The Transmission Control Protocol is the DoD's connection-oriented Transport layer protocol and provides a reliable connection for data exchange between different hosts. With this protocol, all packets are sequenced and acknowledged, and a virtual circuit is established for communications. Upper-level applications using TCP include the following:

Virtual Terminal Protocol (Telnet)

File Transfer Protocol (FTP)

Simple Mail Transfer Protocol (SMTP)

TCP provides reliability through the use of acknowledgments with retransmission. The idea of an acknowledgment is that the receiving machine has to reply to the sending machine that the message sent was received intact. If an acknowledgment is not received, the sending machine will assume that the message was not received and will retransmit it.

If the receiving machine had to reply to every packet, the result would be a lot of overhead on the network (assuming that most packets get through in a well-designed network). To reduce overhead, TCP employs a concept called windowing.

The window size advertised by a receiving machine tells the sending machine how many bytes it can accept essentially how much space is available in its receive buffer. The sending machine uses the window size to determine how much data can be sent before it must receive another acknowledgment. If an acknowledgment is not received within the specified window size, retransmission occurs beginning with the last acknowledged data. Typically, if the receiving machine's receive buffer is getting full, it will advertise a decreasing window size to slow the rate of incoming traffic. If a window size of zero is advertised, the sender will not send any further data until it receives an acknowledgment with a nonzero window value.

The window size normally is determined by an algorithm coded into the TCP protocol stack, and varies according to the characteristics of the host machines and network in use.

To establish a TCP connection, a three-step handshake is exchanged between sender and receiver to establish a dialogue before data is transmitted. This process is illustrated in Fig. 2-3.

Figure 2-3: The TCP three-way handshake to initiate a connection

To initiate communications, the sending machine transmits a Synchronize Sequence Numbers (SYN) packet to the receiving machine, to inform the receiving machine that a new connection is requested and to state which number will be used as the starting point for numbering the messages sent. These sequence numbers are used to ensure that packets received are processed in the order sent. For the process to continue, the receiving machine must acknowledge this SYN packet and tell the sender the sequence number at which it will start sending data. This is achieved by the receiving machine returning a SYN ACK packet to the sending machine. Finally, the sending machine sends an acknowledgment of the information sent by the receiving machine and sends the first data.

This process provides proof positive, before any message transmission occurs, that the receiving machine is alive and ready to receive data. To close the connection, a similar three-step handshake is exchanged, using the FIN packet.

TCP views the data sent as a continuous stream of information. Fragmenting information into discrete packets to be sent over a network is the responsibility of the DoD Internet layer.

User Datagram Protocol (UDP).     The User Datagram Protocol provides unreliable, connectionless delivery service. It lets the upper-level applications send sections of messages, or datagrams, without the overhead involved in acknowledging packets and maintaining a virtual connection. The one similarity between TCP and UDP is that UDP also uses port numbers to identify applications running in the sending and receiving machines.

With UDP you have no way of knowing whether or when the message arrives at its destination, or the order in which messages sent are received. Because there are no acknowledgments or three-step handshakes to begin data transmission with UDP, it is possible to use this protocol for broadcast messages that are sent to all hosts on a network.

Upper-level applications using UDP include the following:

Trivial File Transfer Protocol (TFTP)

Network File System (NFS)

Broadcasts

Internet Layer.     The Internet Protocol (IP) is the most important protocol of the Internet layer. All traffic, incoming and outgoing, goes through IP. The primary purpose of the Internet layer is to route packets between different hosts, which is accomplished by the addressing scheme of IP. The Internet layer consists of four protocols, as shown in Table 2.3.

Internet Protocol (IP).     IP is a connectionless protocol and does not guarantee delivery of packets across a network. IP relies on higher-layer protocols either in the Transport or Application layers to provide connection-oriented service if necessary. (In some older implementations, the Data Link layer is used; see the section on X.25 and LAPB in Chap. 6.) The IP header contains many fields, the most important of which are the Source Address, Destination Address, and Time To Live. The format of IP addresses is explained later in this chapter.

Table 2.3 : DoD Model Internet Layer Protocols

Protocol

Description

Internet Protocol

The Internet Protocol (IP) provides datagram service between hosts. It is responsible for addressing packets, packet routing, fragmentation, and reassembly, and moving data between the Transport and Network Access layers.

Internet Control Message Protocol

The Internet Control Message Protocol (ICMP) lets routers and hosts send error or control messages to other routers or hosts.

Address Resolution Protocol

The Address Resolution Protocol (ARP) translates a host's software address to a hardware address.

Reverse Address Resolution Protocol

The Reverse Address Resolution Protocol (RARP) determines a software address from a hardware address. Diskless workstations often use this proto-col when booting up, to find out what their IP address will be. DHCP, which is a superset of BOOTP, is more commonly deployed than RARP for this functionality these days.

Delivering a packet from one machine on the internetwork to another is handled by IP. Based on the network depicted in Fig. 2-4, we can examine the difference in IP operation when an application on PC1 needs to send data first to PC2, and then to PC3.

Figure 2-4: Delivering packets on the same segment and across routers

In the first instance, where PC1 needs to send to PC2, examination of the destination address tells IP that the destination is on the same network number. In this case, the packet is sent directly to PC2. In the case in which  PC1 needs to send a packet to PC3, examination of the destination address tells IP on PC1 that PC3 is on a different network. In this case, PC1 will examine its configuration and send the packet to its default gateway for routing to the final destination. The terms gateway and router are interchangeable in most TCP/IP documentation. A gateway or router (however one refers to it) is responsible for routing packets between different physical networks.

The Time To Live field is used to ensure that a packet caught in a routing loop (i.e., a packet circulating between routers and never reaching a destination) does not stay in the internetwork forever. Each time a packet travels through a router, its Time To Live field is reduced by one. If this value reaches zero, a router will discard the packet. Different routing protocols have different initial values for the Time To Live field. The initial value for the TTL field is usually 255. However, some IP stacks implement a value of 64. We will revisit this issue in Chapter 4.

ICMP.     The Internet Control Message Protocol performs four main functions, which are:

Flow control  When a receiving machine is too busy to accept the incoming stream of data from a sending machine, it sends a Source Quench Message to temporarily stop the stream of data.

Unreachable destination alerts  If a machine on the network detects that a destination is unreachable, either because the destination address does not match an operating machine on the network, or due to a link failure, it will send a Destination Unreachable message to the sending machine.

Redirecting routes  A gateway sends an ICMP redirect message to tell a sending machine to use another gateway. Consider an example in which a gateway receives from a sending machine a packet that is destined for a given network. If the gateway knows that the destination network can be reached more efficiently by the sending machine using a different gateway, it will tell the sending machine so, by issuing an ICMP redirect.

Checking remote hosts  ICMP echo messages are used to check the physical connectivity of machines on an internetwork. The ICMP echo packet is more commonly known as a ping packet.

ARP and RARP.     Spanning the Internet and Network Access layers are two protocols, the Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP). ARP is an Internet protocol used to associate an IP address to a physical address, typically Ethernet or Token-Ring 802.2 MAC addresses. (MAC addresses are discussed more fully in Chap. 3.) Each IP device on the network maintains an address resolution table. This table maps MAC addresses to IP addresses. When a computer that uses IP for network communication wants to deliver a message to another computer on the same network segment, the MAC address is responsible for getting the packet to the correct workstation.

RARP is used to supply an IP address to a diskless workstation at boot time. A diskless workstation will know its MAC address, and will request an IP address at boot time from a RARP server via a broadcast.

Network Access Layer.     The Network Access layer relates the Internet software layer to the hardware that carries the data, and it is the lowest layer in the DoD data communications model. The key point to understand is that network numbers are not understood at this layer; the addresses used at the Network Access layer have significance only for the network segment on which the packet is transmitted. The addresses at the Network Access layer do not traverse a router.

Unlike the other layers in the DoD model, the Network Access layer must know the details of the underlying network so that packets can be formed correctly and sent across the physical network in place.

The functions performed at this layer include forming network packets and using MAC addresses to deliver packets on a network segment. It is here that the protocols define those electrical and mechanical specifications of communication that allow a packet to be transported on a given network.

By means of a Frame Check Sequence (FCS), this layer ensures that packets that have been subjected to interference during transmission are not accepted at their layer 2 destination. The FCS is calculated by the sending machine and attached to the message sent. The receiving machine performs the same calculation and assumes that, if its FCS matches that received with the packet, that packet is okay. If the FCS values do not match, the packet is discarded. Typically, at this layer protocols do not re-request the transmission of damaged and discarded frames. (An exception is X.25's LAPB protocol, discussed in Chap. 6.)

The Network Access layer specifies the physical (hardware) medium for data transmission. The Institute of Electrical and Electronics Engineers (IEEE) Project 802 established standards that define interface and protocol specifications for various network topologies.

The people on Project 802 split the OSI Data Link layer in two. Project 802 created the Logical Link Control (LLC) sublayer and the Media Access Control (MAC) sublayer. The LLC sublayer defines how a receiving machine discards damaged packets. The MAC sublayer handles issues of supplying globally unique hardware addresses to device interfaces.The following sections list MAC specifications defined by the 802 committees. Each of these MAC standards defines a unique packet (or frame) format.

802.3 (Ethernet).     The following Ethernet protocols use a bus topology and the media types listed:

10Base5Thick Ethernet, 50-? coaxial, 10 Mbps

10Base2Thin Ethernet, 50-? coaxial, 10 Mbps

1Base5Twisted-pair, 1 Mbps

10Base-TTwisted-pair, 10 Mbps

802.4 (Token Bus).     Common token bus protocols include the following:

Carrierband 1 Mbps, phase continuous, FSK, 75-? coaxial

Carrierband 5-10 Mbps, phase coherent, FSK, 75-? coaxial

Broadband 1, 5, 10 Mbps, multilevel, duobinary, AM/PSK, 75-? coaxial

802.5 (Token Ring).     Token ring networks (such as IBM's Token-Ring) use the following protocols:

1 Mbps, shielded twisted-pair (IEEE)

4 Mbps, shielded twisted-pair (IEEE)

16 Mbps, shielded twisted-pair (IBM)

16 Mbps, early token release (IBM)

TCP/IP Addressing

As previously illustrated, when connecting two systems using TCP/IP, each protocol layer on one host communicates directly with the corresponding layer on the other host. For example, the DoD Network Access layer on one host communicates directly with the Network Access layer on another host. Each layer will use its own addressing scheme:

The Application layer uses a hostname.

The Transport layer uses a port number.

The Internet layer uses an IP address.

The Network Access layer uses a MAC address.

Now that all the terms we need to use have been introduced, we start to look at how things really work in an internetwork. The goal of the seven OSI layers of communication protocols is to form a packet that is correctly encoded for the network topology in use (such as Ethernet or Token-Ring), and to direct the packet to the correct destination or at least to the next router in sequence to reach the desired destination. Figure 2-5 shows how the various addresses have to be assembled before a packet can be transferred on a network.

Figure 2-5: Addresses used in a packet to deliver application data across a network

We will now examine in more detail the addressing used at each layer of the DoD model, and conclude the chapter with a summary that illustrates how all the addresses work together to deliver a packet.

Application Layer Addressing

The Application layer is the interface to the user. At this layer, computers are addressed by hostnames, as it is easier for humans to refer to computers by name rather than by IP address. For example, you could call the VAX system in the sales department Sales-VAX, or use any other name that is convenient.

In the case of the Internet, which contains thousands of systems, two different computers could well have the same name assigned by a local administrator. For example, two different companies might both choose to name the VAX system in their sales departments Sales-VAX. To avoid confusion, the Internet has a number of domains. Each domain has sub domains that can have further divisions as necessary. The Internet includes the following domains and usages:

MILUsed by the Department of Defense

EDUUsed by colleges and universities

COMUsed by corporations and other commercial entities

NETUsed by those managing the Internet

The domain name for a host consists of a set of subdomains separated by periods. For example, the computer Sales-VAX located at the Acme company might have a Sales-VAX.acme.com domain name. This is referred to as a fully qualified hostname. If one wishes to communicate with a host that is at another Internet site, the fully qualified hostname must be used.

Hostnames cannot be used as an address in forming a packet to be sent over a network, so they are converted to IP addresses, which are used in addressing a packet. To translate a hostname to an IP address, a computer typically will refer to a hosts file (normally stored locally in the /etc subdirectory) or a Domain Name Service server on the internetwork, which is, effectively, a centralized hosts file.

The hosts file contains three columns: hostname, IP address, and alias. (There can be multiple aliases.) Here's an example:

123.45.45.45Host1Host1.acme.com

345.12.12.12 Host2Host2.acme.com

173.23.6.4 Host3Host3.acme.com

127.0.0.1 localhost

Manually keeping all hosts files on all machines on an internetwork the same can become quite a headache. DNS enables you to point hosts to a DNS server on the network, which will resolve hostnames to IP addresses for many hosts. This reduces administration, as you only have to maintain one database, not multiple hosts files.

Transport Layer Addressing

The Transport layer addresses are quite simple: They consist of a destination and source port number. A portion of an /etc/services file from a Unix machine that lists certain well-known port numbers is shown below:

ftp

21/tcp

telnet

23/tcp

smtp

25/tcp

tftp

69/udp

snmp

161/udp

For each Application layer protocol, this tells us the port number and whether the Transport layer protocol is TCP or UDP. The port numbers given are destination port numbers. If, for example, a computer needs to establish a Telnet session to another computer, it will set a destination port address of 23 and pick a random source port address of value greater than 1023. Port numbers lower than 1023 are reserved as "well-known" destination port numbers.

Internet Layer Addressing

At the Internet layer, all hosts must have a software address. In TCP/IP the software address for a host is the Internet or IP address. This address identifies the network to which the host is attached. Routers use this address to forward messages to the correct destination. This layer of addressing is the most labor-intensive for network administrators, so we will  spend more time on this than any other layer.

The Internet address of a host consists of 4 bytes or octets, which contain both a network and a node address. For every computer, the network portion of its address must match the network address of every other computer on that network. The host portion, however, must be unique for that network number.

If a computer is on the Internet, it is using a network address assigned by the Network Information Center of Chantilly, VA, known as the InterNIC, which operates under the authority of the Internet Assigned Numbers Authority. Typically an Internet service provider assigns the numbers for organizations or individuals. Normally the address is in dotted decimal notation.

The Internet Protocol supports three classes of Internet network addresses: A, B, and C, as shown in the following table. The important point here is that the value of the first octet defines the class to which the address belongs. These classes are summarized in Table 2.4, and shown graphically in Fig. 2-6.

Examples of network numbers (in bold) followed by host addresses for each of the classes appear below.

Class A100.1.1.1

Class B165.8.1.1

Class C199.119.99.1

To keep track of all the network numbers on an internetwork, each machine maintains a routing table.

Table  2.4 : Internet Address Classes

Address Class

Characteristics

Class A Networks

In a class A network, the first byte is the network address and the final 3 bytes are for the host address. There are 126 Class A networks, each having up to 16,777,216 hosts. On the Internet, all Class A addresses have been assigned.

Class B Networks

In a class B network, the first byte is in the 128 to 191 range. The first 2 bytes identify the network and the last 2 bytes identify the host within that network.

Class C Networks

In a class C network, the first byte is in the 192 to 223 range. The first 3 bytes define the network and the last byte defines the host within that network.

Figure 2-6: Class A, B, and C network numbers

The Routing Table.     Each entry in a routing table provides a variety of information, including the ultimate destination network number, a metric, the IP address of the next router in sequence to get to the destination (if appropriate), and the interface through which to reach this destination. The metric is a measure of how good the route is basically, the lower the metric, the better the route. Other information can be present in routing tables, including various timers associated with the route. The routing table can have entries from the following sources:

RIP, IGRP, or some other routing protocol

Manual entries that can be default or static

Static routes are routes that are added manually; a destination and gateway address are specified for either a specific host (such as 193.1.1.1), or for an entire network (such as 193.1.1.0). A default route can be added by specifying a destination address of 0.0.0.0 when entering a static route. If a packet is destined for a network number not listed in the routing table, the default route entry tells the router to which IP address it should forward packets. It is assumed that the router to which the packet is forwarded will know how to get the packet to its ultimate destination.

Life gets more complicated when we use netmasks to split a network number into several subnets. A specific example of applying and changing subnet masks on a Cisco router is given in Chap. 3, but we will discuss the basic theory here. Most people new to the subject have some difficulty understanding how netmasks work. If the following discussion does not help you, don't panic. When we get to Chap. 3 and see the effect that changing netmasks has on a real network, things should become more clear.

Subnet Masks.     Netmasks are used to split a network into a collection of smaller subnetworks. This may be done to reduce network traffic on each subnetwork, or to make the internetwork more manageable. To all intents and purposes, each subnetwork functions as if it were an independent network.

Communication between a node on a local subnetwork and a node on a different subnetwork is like communication between nodes on two different networks. To a user, routing between subnetworks is transparent. Internally, however, the IP software recognizes any IP addresses that are destined for a subnetwork and sends those packets to the gateway for that subnetwork.

In an internetwork without netmasks, the routing table keeps track of network numbers. In an internetwork with netmasks, the routing table maintains a list of subnets and how to reach them. When netmasks are used, an IP address is interpreted as follows:

IP address = Network address.Subnetwork address.Host address

This shows that when a network is divided into subnetworks, the host address portion of the IP address is divided into two parts, the subnetwork address and the host address.

For example, if a network has the Class B IP network address portion 129.47, the remainder of the IP address can be divided into subnetwork addresses and host addresses. The network administrator controls this division to allow for maximum flexibility for network development at the site.

A subnet mask is the mechanism that defines how the host portion of the IP address is divided into subnetwork addresses and local host address portions. The subnet mask is a 32-bit (4-byte) number, just as an IP address is.

To understand the mechanics of the netmask, it is important to know a little binary arithmetic. We will go through the process of working out how netmasks work. Then I will show you a shortcut.

In binary, the only digits available are 0 and 1. This means that the rightmost digit of a binary number represents the amount of 1s in the number, either 0 or 1. The next digit represents the number of 2s the next digit the number of 4s, etc. To convert the 8-bit binary number 01101001 to the more familiar decimal, we need to use the map below:

128

64

32

16

8

4

2

1

0

1

1

0

1

0

0

1

This binary number is in fact 105 in the more familiar decimal. You can check this by using a scientific calculator. If you have eight 0s in a binary number, the decimal value is obviously 0. If you have eight ones, the decimal value is 255.

To see how a netmask splits up the host portion into subnet address and host address, it is necessary to convert both the IP address and the netmask to binary.

Once the IP address and netmask have been converted to binary, a logical AND is performed between the address and netmask (which means the resultant value is 1 if both IP and netmask value are a 1; otherwise the result is 0). Let's look at the example computation in Fig. 2-7.

IP address:

201.222.5.121

Subnet mask:

255.255.255.248

Network Number

Subnetwork Number

Host Address

201.222.5.121:

11001001

11011110

00000101

01111

001

255.255.255.248:

11111111

11111111

11111111

11111

000

Subnet:

11001001

11011110

00000101

01111

000

201

222

5

120

Figure 2-7: Calculating a subnet mask

Thus the resultant subnet address is 201.222.5.120. This netmask is said to have 5 bits in the subnet field, which leaves 3 bits to define hosts. Note that the last 3 bits of the fourth byte are separated off to show the effect of the netmask. With 3 binary bits, there are eight possible values (0 through 7). There are, however, only six of these addresses that can be used for hosts on this subnet. This is because the first and last values are reserved. The first is reserved for identifying the subnet number itself, and the last is the broadcast address for that subnet. This is shown for our example IP address and netmask below:

IP address

= 201.222.5.121

Subnet mask

= 255.255.255.248

Subnet address

= 201.222.5.120

Usable subnet host addresses

= 201.222.5.121 - 201.222.5.126

Subnet broadcast address

= 201.222.5.127

It is good to work through a few examples to understand how it works. Try to work out the subnet address, usable host addresses, and broadcast address for the following:

IP address

= 164.2.34.35

netmask

= 255.255.255.224

IP address

= 101.2.3.18

netmask

= 255.255.0.0

The answers are given at the end of this chapter.

A quicker way to work it out, which you can use once you are happy with what is going on, is as follows:

Write down the netmask in binary.

Look at the decimal value of the rightmost 1 in the netmask.

This decimal value tells you what increment in the IP address puts you into a new subnet.

This is best explained by using an example. Let's say we have a netmask of 255.255.255.224. Converting this to binary, we get:

11111111.11111111.11111111.11100000

We can see that the 1s end in the spot that represents the number of 32s we have in the number. This means that with every increment of 32 in the IP address, we go into a new subnet. We can illustrate this by applying this netmask to the following IP address:

150.2.3.56

With the 255.255.255.224 netmask, we get a new subnet every 32 addresses, so the subnets will start at:

150.2.3.0

150.2.3.32

150.2.3.64

150.2.3.96

150.2.3.128

150.2.3.160

150.2.3.192

150.2.3.224

So, for the address 150.2.3.56, with a netmask of 255.255.255.224, the subnet address is 150.2.3.32.

Tables 2.5 and 2.6 show how many hosts and subnets result when a range of subnet masks is applied to both class B and C networks. Always note that the first and last address for a host or a subnet cannot be used.

Network Access Layer Addressing

The Network Access layer addresses can be referred to by several names, which include MAC, hardware, and physical addresses. I refer to them as MAC addresses. A MAC address is used by one of the network types defined by the Project 802 committee, basically either an Ethernet or token-passing network.

A MAC address is a collection of 6 bytes of information, usually represented with hexadecimal numbers and looking something like this:

08:CA:00:12:34:56

Every MAC address in the world is unique. The way this is ensured is that a central body assigns the first 3 bytes to manufacturers as a prefix, and the manufacturer then numbers the devices with 3 additional bytes that are numbered sequentially. If a manufacturer runs out of numbers to assign, it can always get a new prefix. If you ever see a device on a network with a MAC address that begins with 00.00.0C, you know it is a Cisco device.

Table 2.5 : Class B Subnetting

Bits

Subnet Mask

Subnets

Hosts

2

255.255.192.0

2

16382

3

255.255.224.0

6

8190

4

255.255.240.0

14

4094

5

255.255.248.0

30

2046

6

255.255.252.0

62

1022

7

255.255.254.0

126

510

8

255.255.255.0

254

254

9

255.255.255.128

510

126

10

255.255.255.192

1022

62

11

255.255.255.224

2046

30

12

255.255.255.240

4094

14

13

255.255.255.248

8190

6

14

255.255.255.252

16382

2

Table 2.6 : Class C Subnetting

Bits

Subnet Mask

Subnets

Hosts

2

255.255.192

2

62

3

255.255.224

6

30

4

255.255.240

14

14

5

255.255.248

30

6

6

255.255.252

62

2

MAC addresses are used to deliver packets to their destination on one network. People often ask, "If there is a guaranteed-unique MAC address on the internetwork, why bother assigning IP addresses?"

The answer goes back to the analogy of delivering a letter via the postal service, discussed in Chap. 1. The postal service is efficient because it uses distribution points, generally located in each city. An internetwork is the same in that it uses a router as a distribution point for a network number. If there were no IP addresses, each router would have to keep track of the location of every MAC address on the internetwork. This soon becomes unwieldy in an internetwork of any size.

So, we have IP addresses that are responsible for getting a packet delivered to the correct network (or subnet if netmasks are used), and MAC addresses are then used to deliver the packet locally. What actually happens as a packet is transported through an internetwork is that the source and destination MAC addresses change each time the packet travels through a router, whereas the IP source and destination addresses remain constant. This is illustrated in Fig. 2-8.

This figure shows that when PC1 sends a packet to PC2 through the router, the source and destination IP addresses remain constant, but the MAC addresses change as the packet moves from one network segment to another through the router.

Figure 2-8: How the MAC addresses used in addressing a packet change as it traverses an internetwork

Putting It All Together

We have covered all the issues necessary to be able to explain how the TCP/IP protocols and reference tables (the routing and ARP tables) cooperate to transport a packet through an internetwork.

In the following explanation, we take the example of a PC trying to establish a Telnet session with a host machine that is located on the other side of a router.

Assuming the PC is running a Telnet client application, the command Telnet Sales-VAX is entered into the PC. By selecting the Telnet application, the destination port number is set to 23. Next, the hostname Sales-VAX needs to be resolved, meaning that its IP address needs to be found. This is done by either referencing Sales-VAX in the locally held hosts file, or requesting the IP address for Sales-VAX from a DNS server on the network.

Once the IP address has been determined, the PC looks to see if the destination IP address is on the same network (or subnet if netmasks are used). In this case it is not, so the PC will set the destination MAC address to that of its default gateway. The PC refers to its ARP table to determine the MAC address of the default gateway. If the IP address of the default gateway is not listed with a corresponding MAC address, the PC will issue an ARP broadcast to determine the MAC address. Once the MAC address of the default gateway is determined, all source and destination addresses are known and the packet is forwarded to the default gateway.

The default gateway will now receive the packet, examine the destination IP address and immediately look at its routing table. If the destination is on a directly connected segment, the default gateway will reference its ARP table, find the MAC address associated with the destination IP address of the Sales-VAX machine, and forward the packet to its final destination.

This process is re-examined in Chap. 3, when you will have a chance to see the previously described processes work in a Cisco router environment.

Summary

In this chapter we defined what a protocol is and explored two models for data communications, the OSI and TCP/IP (DoD) model. Specific protocols within the TCP/IP protocol stack were identified and the relevant addressing schemes used by each were explained. The discussion on addressing also introduced the concept of the subnet mask and how that can be used to divide a network into many subnetworks. Finally, we saw an overview of how TCP/IP protocols and reference tables cooperate to deliver a packet across an internetwork.

Answers to Netmask Questions

IP address

= 164.2.34.35

netmask

= 255.255.255.224

subnet address

= 162.2.34.32

usable host addresses

= 162.2.34.33 to 62

broadcast address

= 162.2.34.63

IP address

= 101.2.3.18

netmask

= 255.255.0.0

subnet address

= 101.2.0.0

usable host addresses

= 101.2.0.1 to 101.2.255.254

broadcast address

= 101.2..255.255