TCPIP Transmission Control Protocol Internet Protocol

1
TCP/IPTransmission Control Protocol / Internet
Protocol
2
TCP/IP OSI

• In OSI reference model terminology -the TCP/IP
  protocol suite covers the network and transport
  layers.
• TCP/IP can be used on many data-link layers (can
  support many network hardware implementations).

3
Ethernet - A Real Data-Link Layer

• It will be useful to discuss a real data-link
  layer.
• Ethernet (really IEEE 802.3) is widely used.
• Supported by a variety of physical layer
  implementations.

4
Ethernet

• Multi-access (shared medium).
• Every Ethernet interface has a unique 48 bit
  address (a.k.a. hardware address).
• Example C0B344172117
• The broadcast address is all 1s.
• Addresses are assigned to vendors by a central
  authority.

5
CSMA/CD Carrier Sense Multiple
AccesswithCollision Detection

• Carrier Sense can tell when another host is
  transmitting
• Multiple Access many hosts on 1 wire
• Collision Detection can tell when another host
  transmits at the same time.

6
An Ethernet Frame
8 bytes
6
6
2
0-1500
4

• The preamble is a sequence of alternating 1s and
  0s used for synchronization.
• CRC is Cyclic Redundency Check

7
Ethernet Addressing

• Each interface looks at every frame and inspects
  the destination address. If the address does not
  match the hardware address of the interface or
  the broadcast address, the frame is discarded.
• Some interfaces can also be programmed to
  recognize multicast addresses.

8
Internet ProtocolThe IP in TCP/IP

• IP is the network layer
• packet delivery service (host-to-host).
• translation between different data-link protocols.

9
IP Datagrams

• IP provides connectionless, unreliable delivery
  of IP datagrams.
• Connectionless each datagram is independent of
  all others.
• Unreliable there is no guarantee that datagrams
  are delivered correctly or at all.

10
IP Addresses

• IP addresses are not the same as the underlying
  data-link (MAC) addresses.
• Why ?

Rensselaer
11
IP Addresses

• IP is a network layer - it must be capable of
  providing communication between hosts on
  different kinds of networks (different data-link
  implementations).
• The address must include information about what
  network the receiving host is on. This makes
  routing feasible.

12
IP Addresses

• IP addresses are logical addresses (not physical)
• 32 bits.
• Includes a network ID and a host ID.
• Every host must have a unique IP address.
• IP addresses are assigned by a central authority
  (American Registry for Internet Numbers)

13
The four formats of IP Addresses
Class
A
0
HostID
NetID
B
10
NetID
HostID
C
110
HostID
NetID
D
1110
Multicast Address
8 bits
8 bits
8 bits
8 bits
14

• Class A
• 128 possible network IDs
• over 4 million host IDs per network ID

• Class B
• 16K possible network IDs
• 64K host IDs per network ID

• Class C
• over 2 million possible network IDs
• about 256 host IDs per network ID

15
Network and Host IDs

• A Network ID is assigned to an organization by a
  global authority.
• Host IDs are assigned locally by a system
  administrator.
• Both the Network ID and the Host ID are used for
  routing.

16
IP Addresses

• IP Addresses are usually shown in dotted decimal
  notation
• 1.2.3.4 00000001 00000010 00000011
  00000100
• cs.rpi.edu is 128.213.1.1
• 10000000 11010101 00000001 00000001

CS has a class B network
17
Host and Network Addresses

• A single network interface is assigned a single
  IP address called the host address.
• A host may have multiple interfaces, and
  therefore multiple host addresses.
• Hosts that share a network all have the same IP
  network address (the network ID).

18
IP Broadcast and Network Addresses

• An IP broadcast addresses has a host ID of all
  1s.
• IP broadcasting is not necessarily a true
  broadcast, it relies on the underlying hardware
  technology.
• An IP address that has a host ID of all 0s is
  called a network address and refers to an entire
  network.

19
Subnet Addresses

• An organization can subdivide its host address
  space into groups called subnets.
• The subnet ID is generally used to group hosts
  based on the physical network topology.

10
NetID
SubnetID
HostID
20
Subnetting
router
Subnet 1 128.213.1.x
Subnet 2 128.213.2.x
Subnet 3 128.213.3.x
21
Subnetting

• Subnets can simplify routing.
• IP subnet broadcasts have a hostID of all 1s.
• It is possible to have a single wire network with
  multiple subnets.

22
Mapping IP Addresses to Hardware Addresses

• IP Addresses are not recognized by hardware.
• If we know the IP address of a host, how do we
  find out the hardware address ?
• The process of finding the hardware address of a
  host given the IP address is called
• Address Resolution

23
Reverse Address Resolution

• The process of finding out the IP address of a
  host given a hardware address is called
• Reverse Address Resolution
• Reverse address resolution is needed by diskless
  workstations when booting.

24
ARP
Arp Arp!

• The Address Resolution Protocol is used by a
  sending host when it knows the IP address of
  the destination but needs the Ethernet address.
• ARP is a broadcast protocol - every host on the
  network receives the request.
• Each host checks the request against its IP
  address - the right one responds.

25
ARP (cont.)

• ARP does not need to be done every time an IP
  datagram is sent - hosts remember the hardware
  addresses of each other.
• Part of the ARP protocol specifies that the
  receiving host should also remember the IP and
  hardware addresses of the sending host.

26
ARP conversation
HEY - Everyone please listen! Will 128.213.1.5
please send me his/her Ethernet address?
not me
Hi Green! Im 128.213.1.5, and my Ethernet
address is 87A2153502C3
27
RARP conversation
HEY - Everyone please listen! My Ethernet
address is 22BC66170175. Does anyone know
my IP address ?
not me
Hi Green! Your IP address is 128.213.1.17.
28
Services provided by IP

• Connectionless Delivery (each datagram is treated
  individually).
• Unreliable (delivery is not guaranteed).
• Fragmentation / Reassembly (based on hardware
  MTU).
• Routing.
• Error detection.

29
IP Datagram
1 byte
1 byte
1 byte
1 byte
30
IP Datagram Fragmentation

• Each fragment (packet) has the same structure as
  the IP datagram.
• IP specifies that datagram reassembly is done
  only at the destination (not on a hop-by-hop
  basis).
• If any of the fragments are lost - the entire
  datagram is discarded (and an ICMP message is
  sent to the sender).

31
IP Flow Control Error Detection

• If packets arrive too fast - the receiver
  discards excessive packets and sends an ICMP
  message to the sender (SOURCE QUENCH).
• If an error is found (header checksum problem)
  the packet is discarded and an ICMP message is
  sent to the sender.

32
ICMPInternet Control Message Protocol

• ICMP is a protocol used for exchanging control
  messages.
• ICMP uses IP to deliver messages.
• ICMP messages are usually generated and processed
  by the IP software, not the user process.

33
ICMP Message Types

• Echo Request
• Echo Response
• Destination Unreachable
• Redirect
• Time Exceeded
• Redirect (route change)
• there are more ...

34
Transport Layer TCP/IP

• Q We know that IP is the network layer - so TCP
  must be the transport layer, right ?
• A No well, almost.
• TCP is only part of the TCP/IP transport layer -
  the other part is UDP (User Datagram Protocol).

35
Process
Process
Process Layer
TCP
UDP
Transport Layer
ICMP, ARP RARP
IP
Network Layer
802.3
Data-Link Layer
36
UDP User Datagram Protocol

• UDP is a transport protocol
• communication between processes
• UDP uses IP to deliver datagrams to the right
  host.
• UDP uses ports to provide communication services
  to individual processes.

37
Ports

• TCP/IP uses an abstract destination point called
  a protocol port.
• Ports are identified by a positive integer.
• Operating systems provide some mechanism that
  processes use to specify a port.

38
UDP

• Datagram Delivery
• Connectionless
• Unreliable
• Minimal

UDP Datagram Format
39
TCPTransmission Control Protocol

• TCP is an alternative transport layer protocol
  supported by TCP/IP.
• TCP provides
• Connection-oriented
• Reliable
• Full-duplex
• Byte-Stream

40
Connection-Oriented

• Connection oriented means that a virtual
  connection is established before any user data is
  transferred.
• If the connection cannot be established - the
  user program is notified.
• If the connection is ever interrupted - the user
  program(s) is notified.

41
Reliable

• Reliable means that every transmission of data is
  acknowledged by the receiver.
• If the sender does not receive acknowledgement
  within a specified amount of time, the sender
  retransmits the data.

42
Byte Stream

• Stream means that the connection is treated as a
  stream of bytes.
• The user application does not need to package
  data in individual datagrams (as with UDP).

43
Buffering

• TCP is responsible for buffering data and
  determining when it is time to send a datagram.
• It is possible for an application to tell TCP to
  send the data it has buffered without waiting for
  a buffer to fill up.

44
Full Duplex

• TCP provides transfer in both directions.
• Piggybacking

45
TCP Ports

• Interprocess communication via TCP is achieved
  with the use of ports (just like UDP).
• UDP ports have no relation to TCP ports
  (different name spaces).

46
TCP Segments

• The chunk of data that TCP asks IP to deliver is
  called a TCP segment.
• Each segment contains
• data bytes from the byte stream
• control information that identifies the data
  bytes

47
TCP Segment Format
1 byte
1 byte
1 byte
1 byte
Destination Port
Source Port
Sequence Number
Request Number
offset
Reser.
Control
Window
Checksum
Urgent Pointer
Options (if any)
Data
48
If the SYN flag is set, this is the initial
sequence number. The sequence number of the
actual first data byte will then be this sequence
number plus 1.
If the SYN flag is NOT set, this is the sequence
number of the first data byte
49
if the ACK flag is set then the value of this
field is the next expected sequence number that
the receiver is expecting.
50
The size of the TCP header in 32-bit words. The
minimum size header is 5 words and the maximum is
15 words thus giving the minimum size of 20 bytes
and maximum of 60 bytes. This field gets its name
from the fact that it is also the offset from the
start of the TCP segment to the actual data.
51
For future use and should be set to 0s.
52
Congestion Window Reduced (CWR) flag is set by
the sending host to indicate that it received a
TCP segment with the ECE flag set and had
responded in congestion control mechanism.
53
indicates (1) that the TCP peer is ECN capable
during 3-way handshake, and (2) that a packet
with Congestion Experienced flag in IP header set
is received during normal transmission.
54
indicates that the URGent pointer field is
significant.
55
indicates that the ACKnowledgment field is
significant.
56
Push function. The set ensures that data will be
delivered immediately to the application layer by
the receiving transport layer
57
Reset the connection. Tells receiver to tear down
connection immediately
58
Synchronize sequence numbers.
59
No more data from sender.
60
the size of the receive window, which specifies
the number of bytes (beyond the sequence number
in the acknowledgment field) that the receiver is
currently willing to receive .
61
The 16-bit checksum field is used for
error-checking of the header and data.
62
if the URG flag is set, then this 16-bit field is
an offset from the sequence number indicating the
last urgent data byte. The Urgent Pointer is used
when some information has to reach the server
ASAP. When the TCP/IP stack at the other end sees
a packet using the Urgent Pointer, it is duty
bound to stop all it's doing and immediately send
this packet to the relevant server
63
Example

• Lets assume we've got this data to send across to
  the guy at the other end.
• ABCDEFGHIJ
• Now for some reason or another, we're going
  to send the bytes across only four bytes at a
  time.
• The First Packet ABCD
• The Second Packet EFGH
• The Third Packet IJ

64
Example

• In the very first packet we send across we set
  the four byte sequence number to 1 i.e. the
  number of the first byte in the packet and the
  acknowledgement number as 0.
• ABCD 1 2 3 4
• The computer across the wire will respond
  with an ACK packet (an acknowledgement packet
  with the ACK flag on in the TCP header) holding
  an acknowledgement number of ?.

65
Example

• The next packet we send will have a sequence
  number of 5 i.e. the number of the first byte in
  the packet relative to the start of the data
  stream. The acknowledgment number will be the
  other guys sequence number 1.
• EFGH 5 6 7 8

66
Example

• We will then receive an ACK with the
  acknowledgement number set to 9 the byte we have
  to start our next packet with.
• We then shot off the last two bytes and wait
  for the ACK and when that comes, we know that all
  the bytes we've sent across has reached the
  computer at the other end.
• IJ 9 10

67
Three-way Handshake

• Before a client attempts to connect with a
  server, the server must first bind to a port to
  open it up for connections this is called a
  passive open. Once the passive open is
  established, a client may initiate an active
  open. To establish a connection, the three-way
  (or 3-step) handshake occurs
• The active open is performed by the client
  sending a SYN to the server. It sets the
  segment's sequence number to a random value.

68
Three-way Handshake

• In response, the server replies with a SYN-ACK.
  The acknowledgment number is set to one more than
  the received sequence number, and the sequence
  number is random.
• Finally, the client sends an ACK back to the
  server. The sequence number is set to the
  received acknowledgement value, and the
  acknowledgement number is set to one more than
  the received sequence number.

69
Three-way Handshake

• At this point, both the client and server have
  received an acknowledgment of the connection.

70
Connection Termination

• A four-way handshake, with each side of the
  connection terminating independently
• When an endpoint wishes to stop its half of the
  connection, it transmits a FIN packet, which the
  other end acknowledges with an ACK.
• A typical tear-down requires a pair of FIN and
  ACK segments from each TCP endpoint.

71
TCP Connection
Host
Client
Host
Client
Send SYN seqx
Send FIN seqx
Receive FIN segment Send ACK x1
Receive SYN segment Send SYN seqy, ACK x1
Receive ACK segment
Receive SYN ACK segment
Send FIN seqy, ACK x1
Receive FIN ACK segment Send ACK y1
Send ACK y1
Receive ACK segment
Receive ACK segment
Establishing a TCP Connection
Closing a TCP Connection
72
TCP Data transfer
Host
Client
Send Packet 1 Start Timer
Packet Lost
Packet should arrive ACK should be sent
Timer
ACK would normally Arrive at this time
Time Expires
Retransmit Packet1 Start Timer
Receive Packet 1 Send ACK 1
Timer
Receive ACK 1 Cancel Timer
73
TCP vs. UDP

• Q Which protocol is better ?
• A It depends on the application.
• TCP provides a connection-oriented, reliable byte
  stream service (lots of overhead).
• UDP offers minimal datagram delivery service (as
  little overhead as possible).

74
TCP/IP Summary

• IP network layer protocol
• unreliable datagram delivery between hosts.
• UDP transport layer protocol
• unreliable datagram delivery between processes.
• TCP transport layer protocol
• reliable, byte-stream delivery between processes.

75
Hmmmmm. TCP or UDP ?

• Internet commerce ?
• Video server?
• File transfer?
• Email ?
• Chat groups?
• Robotic surgery controlled remotely over a
  network?

76
Example 1 Server Sends IP datagram to PC

• How to routing, i e., why server knows to send
  the IP packet to the router first ?
• Look up routing table, in detail,
• by complete destination IP address, if not found
• by network ID of destination IP address, if not
  found
• the default router is selected. (In this example,
  we assume the router r is the default router).
• The IP address of a home computer connected to
  the Internet through modem is dynamically
  assigned (DHCP) .

77
S sends a packet to R

• Find Rs IP address by DNS.
• Check its routing table for R, if find (next
  hop), send to it.
• Otherwise, send to default router
• Needs to find the physical address of the next
  hop router.
• The router checks its routing table for the next
  hop and send to it.

s
net 3
G
net 1
G
G
G
net 5
net 2
net 4
G
R
6. continue until the packet reaches the router
in the same LAN with R. 7. The router finds Rs
physical address and sends to it.
Figure 2.8
78
Big picture web document browsing

• Suppose a user on PC clicks a link of a document
  contained in the server, and HTTP client passes a
  request to TCP layer asking for setting up a TCP
  connection, and the TCP connection between the PC
  and the server has been established .
• The http client then passes http request message
  (such as GET /.) to TCP layer.

79
Big picture HTTP request is passed down
c, 80
TCP Header
Header contains source and destination port
numbers
TCP
Header contains source and destination IP
addresses transport protocol type
IP Header
Header contains source and destination physical
addresses network protocol type
Frame Check Sequence
ppp Header
80
Big picture web document browsing

• The ppp driver (data link entity) in PC forms a
  PPP frame and sends the frame to the other end of
  the PPP link, i.e., router
• The router extracts IP packet (from the PPP
  frame), makes routing decision according on
  destination IP address, forms an Ethernet frame
  (encapsulating the IP packet) and broadcasts it
  onto Ethernet
• The server NIC captures the frame, extracts the
  IP packet and passes it to IP entity, then to TCP
  entity and then to HTTP server
• Finally the server retrieves the document and
  puts it in HTTP response packet and sends back to
  PC.

81
Sever processes multiple requests

• Q there is one http server, there may be several
  http clients which sends http requests to the
  http server simultaneously,so there are several
  connections at the same with the same destination
  IP address, same port number 80, and the same
  protocol type TCP. How does the server
  distinguish these connections and process them
  separately?

http client
http client
http server
http client
http client
82
Sever processes multiple requests

• Answer the way to specify the end-to-end
  process-to-process connection.
• Socket address port number IP address
  protocol type
• Sender socket address sender port number
  sender IP
  address protocol type
• Receiver socket address receiver port number
  receiver IP
  address protocol type.
• Connection sender socket address receiver
  socket address

http client
http client
http server
m2
c2,m1 s, 80, TCP
m1
http client
cc,m3 s, 80,TCP
http client
m3
c1,m1 s, 80, TCP
83
Application protocols and TCP/IP utilities

• telnet remote login. Also a tool to test other
  protocols.
• FTP File Transfer Protocols.
• Ping determine whether a host is reachable
• Traceroute determine the route that a packet
  will take to another host
• Netstate provide information about the network
  status of a local host
• TCPdump capture and observe packet exchange in a
  link.

84
A simple TCP/IP Example

• A user on host argon.tcpip-lab.edu (Argon)
  makes a web access to URL
• http//neon.tcpip-lab.edu/index.html.
• What actually happens in the network?

85
HTTP Request and HTTP response

• Web browser runs an HTTP client program
• Web server runs an HTTP server program
• HTTP client sends an HTTP request to HTTP server
• HTTP server responds with HTTP response

86
From HTTP to TCP

• To send request, HTTP client program establishes
  an TCP connection to the HTTP server Neon.
• The HTTP server at Neon has a TCP server running

87
Resolving hostnames and port numbers

• Since TCP does not work with hostnames and also
  would not know how to find the HTTP server
  program at Neon, two things must happen
• 1. The name neon.tcpip-lab.edu must be
  translated into a 32-bit IP address.
• 2. The HTTP server at Neon must be identified by
  a 16-bit port number.

88
Translating a hostname into an IP address

• The translation of the hostname
  neon.tcpip-lab.edu into an IP address is done via
  a database lookup
• The distributed database used is called the
  Domain Name System (DNS)
• All machines on the Internet have an IP
  address argon.tcpip-lab.edu 128.143.137.144 ne
  on.tcpip-lab.edu 128.143.71.21

89
Finding the port number

• Note Most services on the Internet are reachable
  via well-known ports. E.g. All HTTP servers on
  the Internet can be reached at port number 80.
• So Argon simply knows the port number of the
  HTTP server at a remote machine.
• The well-known port numbers of some of the most
  popular services are
• ftp 21 finger 79
• telnet 23 http 80
• smtp 25 nntp 119

90
Requesting a TCP Connection

• The HTTP client at argon.tcpip-lab.edu requests
  the TCP client to establish a connection to port
  80 of the machine with address 128.141.71.21

91
Invoking the IP Protocol

• The TCP client at Argon sends a request to
  establish a connection to port 80 at Neon
• This is done by asking its local IP module to
  send an IP datagram to 128.143.71.21

92
Sending the IP datagram to an IP router

• Argon (128.143.137.144) can deliver the IP
  datagram directly to Neon (128.143.71.21), only
  if it is on the same local network (subnet)
• But Argon and Neon are not on the same local
  network (Q How does Argon know this?)
• So, Argon sends the IP datagram to its default
  gateway
• The default gateway is an IP router
• The default gateway for Argon is
  Router137.tcpip-lab.edu (128.143.137.1).

93
The route from Argon to Neon

• Note that the gateway has a different name for
  each of its interfaces.

94
Finding the MAC address of the gateway

• To send an IP datagram to Router137, Argon puts
  the IP datagram in an Ethernet frame, and
  transmits the frame.
• However, Ethernet uses different addresses,
  so-called Media Access Control (MAC) addresses
  (also called physical address, hardware
  address).
• Therefore, Argon must first translate the IP
  address 128.143.137.1 into a MAC address.
• The translation of addressed is performed via
  the Address Resolution Protocol (ARP).

95
Address resolution with ARP
96
Invoking the device driver

• The IP module at Argon, tells its Ethernet device
  driver to send an Ethernet frame to address
  00e0f923a820

97
Sending an Ethernet frame

• The Ethernet device driver of Argon sends the
  Ethernet frame to the Ethernet network interface
  card (NIC)
• The NIC sends the frame onto the wire

98
Forwarding the IP datagram

• The IP router receives the Ethernet frame at
  interface 128.143.137.1, recovers the IP datagram
  and determines that the IP datagram should be
  forwarded to the interface with name 128.143.71.1
• The IP router determines that it can deliver the
  IP datagram directly

99
Another lookup of a MAC address

• The router needs to find the MAC address of Neon.
  
• Again, ARP is invoked, to translate the IP
  address of Neon (128.143.71.21) into the MAC
  address of neon (0020af039828).

100
Invoking the device driver at the router

• The IP protocol at Router71, tells its Ethernet
  device driver to send an Ethernet frame to
  address 0020af039828

101
Sending another Ethernet frame

• The Ethernet device driver of Router71 sends the
  Ethernet frame to the Ethernet NIC, which
  transmits the frame onto the wire.

102
Data has arrived at Neon

• Neon receives the Ethernet frame
• The payload of the Ethernet frame is an IP
  datagram which is passed to the IP protocol.
• The payload of the IP datagram is a TCP segment,
  which is passed to the TCP server
• Note Since the TCP segment is a connection
  request (SYN), the TCP protocol does not pass
  data to the HTTP program for this packet.
  Instead, the TCP protocol at neon will respond
  with a SYN segment to Argon.

103
Wrapping-up the example

• So far, Neon has only obtained a single packet
• Much more work is required to establish an actual
  TCP connection and the transfer of the HTTP
  Request
• The example was simplified in several ways
• No transmission errors
• The route between Argon and Neon is short (only
  one IP router)
• Argon knew how to contact the DNS server
  (without routing or address resolution)
• .

104
How many packets were really sent?

• tcpdump listening on fxp0
• 165451.340712 128.143.137.144.1555 gt
  128.143.137.11.53 1 A? neon.cs. (25)
• 165451.341749 128.143.137.11.53 gt
  128.143.137.144.1555 1 NXDomain 0/1/0 (98) (DF)
• 165451.342539 128.143.137.144.1556 gt
  128.143.137.11.53 2 (41)
• 165451.343436 128.143.137.11.53 gt
  128.143.137.144.1556 2 NXDomain 0/1/0 (109)
  (DF)
• 165451.344147 128.143.137.144.1557 gt
  128.143.137.11.53 3 (38)
• 165451.345220 128.143.137.11.53 gt
  128.143.137.144.1557 3 1/1/2 (122) (DF)
• 165451.350996 arp who-has 128.143.137.1 tell
  128.143.137.144
• 165451.351614 arp reply 128.143.137.1 is-at
  0e0f923a820
• 165451.351712 128.143.137.144.1558 gt
  128.143.71.21.21 S 607568607568(0) win 8192
• ltmss 1460gt (DF)
• 165451.352895 128.143.71.21.80 gt
  128.143.137.144.1558 S 39640106553964010655(0)
• ack 607569 win 17520 ltmss 1460gt (DF)
• 165451.353007 128.143.137.144.1558 gt
  128.143.71.21.80 . ack 1 win 8760 (DF)
• 165451.365603 128.143.71.21.80 gt
  128.143.137.144.1558 P 160(59)
• ack 1 win 17520 (DF) tos 0x10
• 165451.507399 128.143.137.144.1558 gt
  128.143.71.21.80 . ack 60 win 8701 (DF)