Basic IP PDF

TCP/IP protocols
Alcatel University - 8AS 90200 1124 VT ZZA Ed.02
1.1
Alcatel University 8AS 90200 1124 VH ZZA Ed.02
Page 1.1
Page intentionally left blank
Page 1.2
Objective: analyse IP messages coming from different applications and locate these messages within a procedure . program: 1 Introduction
TCP/IP protocols Session presentation
2 Physical and link layers 3 ARP protocol 5 IP protocol 4 Repeaters, Bridges and Switches 6 ICMP protocol 8 UDP protocol 9 TCP protocol
7 Client-Server model
3
Page 1.3
TCP/IP protocols Objectives By the end of this course, the participant will be able to : - Describe the Ethernet frame format - Describe the ARP protocol, analyse an ARP trace - Describe the operation of repeaters, bridges and switches - Describe IP addressing modes, handle the subnet masks - Describe the role of the various IP header fields - Analyze an ICMP message and explain the operation of the Ping and Trace_route programs - Describe the operation of the client/server model at the transport layer
List the characteristics of UDP transport layers protocol List the characteristics of TCP transport layer protocol
Page 1.4
1 2 3 4 5 6 7 8 9
Introduction Physical and link layers ARP protocol Repeaters, Bridges and Switches IP protocol ICMP protocol Client-Server model UDP protocol TCP protocol
1.5
Page 1.5
1 Introduction Network interconnection
LAN WAN
TCP/IP network interconnection

LAN LAN
6
The main design goal of TCP/IP was to build an interconnection of networks, referred to as an inter-network, or internet, that provided universal communication services over heterogeneous physical networks. The Internet consists of the following groups of networks: Backbones: Large networks that exist primarily to interconnect other networks. Currently the backbones are NSFNET in the US, EBONE in Europe, and large commercial backbones. Regional networks connecting, for example, universities and colleges.
Page 1.6
1 Introduction Communication needs
Many kinds of connections :
- Point-to-Point (leased lines, PSTN,
- Point-to-multipoint (Local Area Networks), Various Operating Systems DOS, UNIX, LINUX, . mail exchanges , surf on the Net , . - Virtual connections (Wide Area Networks),
Some rules are essential for communications The protocols Some additional softwares are offered The services
7
To facilitate the user tasks : file transfer
TCP/IP has been popular with developers and users alike because of its inherent openness and perpetual renewal.
Page 1.7
1 Introduction The TCP/IP model
Application Presentation Session Transport Network Link Physical

10 base 5
HTTP TELNET FTP SMTP DNS TCP IP

IEEE 802.2 (LLC) IEEE 802.3 (CSMA/CD) 10 base 2 10 base T FOIRL
TFTP UDP
SNMP
ICMP ARP
IEEE 802.5 Token Ring
100Mb/s
4Mb/s 16 Mb/s
FDDI, ATM, PPP ...
8
Like most networking software, TCP/IP is modelled in layers. OSI: In contrast to TCP/IP, the OSI approach started from a clean slate and defined standards, using a formal committee process without requiring implementations. The OSI protocols developed slowly, and because running the full protocol stack is resource intensive, they have not been widely deployed. The seven OSI layers are:
Application Network applications such as terminal emulation and file transfer Presentation Formatting of data and encryption Session Establishment and maintenance of sessions Transport Provision of reliable and unreliable end-to-end delivery Network Packet delivery, including routing Data Link Framing of units of information and error checking Physical Transmission of bits on the physical hardware
TCP/IP: Internet protocols use a less formal engineering approach, where anybody can propose and implementations are required to verify feasibility. TCP/IP and the Internet were developing rapidly, with deployment occurring at a very high rate. The TCP/IP protocol suite has become the de facto standard for computer communications in todays networked world. The mains services offered by TCP/IP are :
TELNET for interactive terminal access to remote internet hosts. FTP (file transfer protocol) for high-speed disk-to-disk file transfers. SMTP (simple mail transfer protocol) as an internet mailing system. TFTP is an extremely simple protocol to transfer files. SNMP: allows the management of IP units (bridges, routers) DNS: electronic directory book NFS: offers a direct access to remote file system HTTP: The hypertext transfer protocol is a protocol designed to allow the transfer of Hypertext Markup Language (HTML) documents.
Page 1.8
1 Introduction TCP/IP and Internet

1960 1967 new concept of packet switching ARPANET initial design ARPANET: first deployment (4 nodes, 50kb/s)
1969-1971 1973 1974
Connection to Europe ARPANET:First TCP implementation TELENET: New commercial packet network using X25
19781978-1981 1983 1986 1991 1995
ARPANET (600 nodes) splited into ARPANET and MILNET TCP/IP inclusion in UNIX BSD kernel NSFNET
New TCP and IP protocols
Commercial Internet backbone service

Prior to the 1960s, what little computer communication existed comprised simple text and binary data, carried by circuit switching. Because most data traffic is bursty in nature, circuit switching results in highly inefficient use of network resources. The fundamental technology that makes the Internet work is called packet switching, network communication resources appear to be dedicated to individual users but, in fact, statistical multiplexing. 1967. U.S. Department of Defense (DoD) funded experiment to interconnect DoD-funded research sites. The initial design for the so-called ARPANET named for the DoD's Advanced Research Projects Agency (ARPA) In September 1969, the first node of the ARPANET was installed at the University of California at Los Angeles (UCLA), followed monthly with nodes at Stanford Research Institute (SRI), the University of California at Santa Barbara (UCSB), and the University of Utah. With four nodes by the end of 1969, the ARPANET spanned the continental U.S. by 1971 and had connections to Europe by 1973. One of the most lasting results of the ARPANET was X25. Telenet, a commercial packet-switched data service, in 1974, a part of Sprint's X.25 service. In 1974, a new, more robust suite of communications protocols was proposed and implemented throughout the ARPANET, based upon the Transmission Control Protocol (TCP) in 1978 a new design split responsibilities between a pair of protocols; the new Internet Protocol (IP) for routing packets and device-to-device communication (i.e., host-to-gateway or gateway-to-gateway) and TCP for reliable, end-to-end host communication. The original versions of both TCP and IP that are in common use today were written in September 1981. In 1983, the ARPANET was split into two components. One component, still called ARPANET, was used to interconnect research/development and academic sites; the other, called MILNET, was used to carry military traffic. That year also saw a huge boost in the popularity of TCP/IP with its inclusion in the communications kernel for the University of California s UNIX implementation, 4.2BSD
IPv6
Page 1.9
1 Introduction Internet growth
10
The ARPANET started with four nodes in 1969 and grew to just under 600 nodes before it was split in 1983. The NSFNET also started with a modest number of sites in 1986. After that, the network has experienced literally exponential growth. Internet growth between 1981 and 1991 is documented in "Internet Growth (1981-1991)" (RFC 1296). Network Wizard's distributes a semi-annual Internet Domain Survey. According to them, the Internet had nearly 30 million reachable hosts by January 1998 and over 50 million by January 1999. Other sources estimate that the actual number is much higher (I have heard estimates as high as 200 million!) and dedicated residential access methods, such as cable modem and asymmetrical digital subscriber line (ADSL) technologies, will make the numbers grow even more. The Internet is growing at a rate of about a new network attachment every half-hour, interconnecting hundreds of thousands of networks. It is estimated that the Internet is doubling in size every ten to twelve months, and has been for the last several years; traffic is doubling every 100 days (for 1000% annual growth).
Page 1.10
1 Introduction Standardisation
ISOC
Internet Architecture Board
Internet Corporation for Assigned Names and Numbers
IAB
IESG Internet Engineering Steering Group

Area 1
WG Working Group WG Working Group
Internet Engineering Task Force
www.icann.org
Area 7
WG Working Group WG Working Group
IANA www.iana.org Internet Assigned Numbers Authority

http://www.rfc-editor.org/rfcsearch.html
11
RFC editor
The Internet Society (ISOC) is a non-profit, non-governmental, international, professional membership organization. Its more than 150 organizations and 11,000 individual members in over 180 nations world wide represent a veritable who's who of the Internet community. You should be a member, too. ISOC serves as the standardizing body for the Internet community. It is organized and managed by the Internet Architecture Board (IAB). The IAB itself relies on the Internet Engineering Task Force (IETF) for issuing new standards, and on the Internet Assigned Numbers Authority (IANA) for co-ordinating values shared among multiple protocols. 13 members for a 2 year term. The IETF itself is governed by the Internet Engineering Steering Group (IESG) and is further organised in the form of Areas and Working Groups (http://www.ietf.org/) - Applications: (FTP extensions, HTTP, Fax over Internet) - Internet: (encapsulations over physical medium, IPv6, L2TP extensions , PPP extensions, ...) - Operation and management (SNMP evolution, aaa) - Routing (rip, ospf, ) - Security (ciphering,, IPsec ) - Transport (voice over IP, performances, ) - Sub-IP (performances measurements, mpls, ) ICANN The Internet Corporation for Assigned Names and Numbers was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions previously performed under U.S. Government contract by IANA and other entities. IETF web site : http://www.ietf.org/ ETF RFC Editor web site : http://www.rfc-editor.org/overview.html IAB web site : http://www.iab.org
Page 1.11
Introduction Process of standardization New specification IESG

In t dr ern a f et t
xxxxxxxxx xxxxxxx
RFC yyyy Standard
RFC yyyy Draft standard

xxxxxxxxx xxxxxxx
RFC xxxx Proposed standard

xxxxxxxxx xxxxxxx
IETF
12
In order to have a new specification approved as a standard, applicants have to submit that specification to the IESG where it will be discussed and reviewed for technical merit and feasibility and also published Internet draft document. (The largest source of IDs is the IETF) An Internet draft is recommended to the Internet Engineering Taskforce (IETF) for inclusion into the standards track and for publication as a Request for Comment. Internet-Drafts are draft documents valid for a maximum of six months. Once published as an RFC, a contribution may advance in status : Proposed standard These are protocol proposals that may be considered by the IAB for standardisation in the future. Implementations and testing by several groups are desirable. Revision of the protocol is likely. Draft standard A specification from which at least two independent and interoperable implementations from different code bases have been developed, and for which sufficient successful operational experience has been obtained. The IAB is actively considering this protocol as a possible standard protocol. Substantial and widespread testing and comments are desired. Standard is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community.When a specification has been adopted as an Internet Standard, it is given the additional label "STDxxx", but it keeps its RFC number and its place in the RFC series. Other particular statuses of a RFC: Experimental A system should not implement an experimental protocol unless it is participating in the experiment and has co-ordinated its use of the protocol with the developer of the protocol. Informational Protocols developed by other standard organizations, Historic A specification that has been superseded by a more recent specification
Page 1.12
Introduction RFC: Request For Comments

Network Working Group Request for Comments: 951 Bill Croft (Stanford University) John Gilmore (Sun Microsystems) September 1985
BOOTSTRAP PROTOCOL (BOOTP) Network Working Group Request for Comments: 1532 Updates: 951 Category: Standards Track W. Wimer Carnegie Mellon University October 1993
Clarifications and Extensions for the Bootstrap Protocol
Network Working Group Request for Comments: 1542 Updates: 951 Obsoletes: 1532 Category: Standards Track
W. Wimer Carnegie Mellon University October 1993
Clarifications and Extensions for the Bootstrap Protocol 13

Once an RFC has been published, all revisions and replacements are published as new RFCs. A new RFC which revises or replaces an existing RFC is said to "update" or to "obsolete" that RFC. The existing RFC is said to be "updated by" or "obsoleted by" the new one. For example RFC 1542, which describes the BOOTP protocol, is a "second edition," being a revision of RFC 1532 and an amendment to RFC 951. RFC 1542 is therefore labelled like this: "Obsoletes RFC 1532; Updates RFC 951." Consequently, there is never any confusion over whether two people are referring to different versions of an RFC, since there is never more than one current version.
To get : RFC :
RFC index :
http://www.rfc-editor.org/rfcsearch.html http://www.ietf.org/iesg/1rfc_index.txt
Page 1.13
1 Introduction Main topologies
Bus
Star
Ring
Central
14
Topologies Bus Ring Star Tree main access methods : : Carrier Sense: example, CSMA/CD (listening the media, collision detection) Polling : A master host gives the right to speak. Example: SNA IBM. Token : a token travel the LAN given the authorisation to take the control of the LAN Examples: Token Ring, FDDI
Page 1.14
Host client
data Transport Port sd data IP@ sadb
1 Introduction The use of layers in a TCP/IP communication
IP Network
IP@ sadb Phys@ s4d15 Phys@ 7
Network @IPa IP@ sadb Link Phys@ s1d2
Phys@ s8d7 Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7
Phys@: 1 Phys@ s1d2 Phys@ 3
Phys@ Phys@: 15 4 Phys@ s4d15 Phys@ 34
Network @IPb IP@ sadb Link Phys@ s4d15
Transport Port sd data
Appli
Host server
Appli Appli
Phys@ 18
Host
Phys @ 9
Phys @ 12
Host
15
Application layer The application layer is provided by the program that uses TCP/IP for communication. An application is a user process cooperating with another process usually on a different host Transport layer The transport layer provides the end-to-end data transfer by delivering data from an application to its remote peer. Multiple applications can be supported simultaneously. Internetwork layer Internet Protocol (IP) is the most important protocol in this layer. It is a connectionless protocol that doesn't assume reliability from lower layers. IP does not provide reliability, flow control, or error recovery. These functions must be provided at a higher level. Network interface layer The network interface layer, also called the link layer or the data-link layer, is the interface to the actual network hardware. Router Interconnects networks at the internetwork layer level and routes packets between them.
Page 1.15
1- Among these protocols, which are level 4 protocols ?

ICMP ARP UDP FTP IP LLC
1 Introduction Exercise
TELNET TCP
2- Who is responsible for the number assignment in the Internet

IESG ICANN IANA IAB
IETF
3- What is first status given to a new RFC

Standard
4- Given these RFC header, which RFC have to be taken in account for a new DNS implementation ?
Network Working Group P. Mockapetris Request for Comments: 1034 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES - CONCEPTS AND FACILITIES
Proposed standard
Draft standard
Network Working Group P. Mockapetris Request for Comments: 1035 ISI Obsoletes: RFCs 882, 883, 973 November 1987 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
Network Working Group P. Mockapetris Request for Comments: 1101 ISI Updates: RFCs 1034, 1035 April 1989 DNS Encoding of Network Names and Other Types
882
883
973
1034
1035
1101
16
Page 1.16
1 2 3 4 5 6 7 8 9
1.17
Page 1.17
2 Physical and link layers
2.1 CSMA/CD 2.2 Cabling 2.3 MAC Addressing
2.4 Frame Ethernet V2
2.5 Frame IEEE 802.3 and associated protocols
1.18
Page 1.18
2 Physical and link layers 2.1 CSMA/CD CSMA/CD : Principle

Transmission
Yes
Media monitoring free ?

No
transmission
Yes Monitoring = transmission ? No
Transmission OK
Collision detection Jamming
delay (Backoff)
Failure
> maxi
Nb of retries
< maxi
19
CSMA/CD: Carrier Sense Multiple Access / Collision Detection The waiting delay is exponential Binary Exponential Backoff : Selection of a number among 2, then 4, then 8, .. Up to 216 Time between frame > 9.6us
Page 1.19
2.1 CSMA/CD Multiple access
Frame transmission + monitoring
no collision detection!!
Propagation time Frame transmission + monitoring
Collision detection!!
20
Note : propagation speed over cable 2/3 light speed A host wishes to send a message on the cable has to listen to if there is any traffic. The media being free, it can start the transmission. A second host located far from the first one could proceeds the same procedure, few microseconds later because the message of the first host has not yet reached the second host. As a consequence, there will be a collision. This collision will be detected by the second host because it is listening its transmitted message but not by the first one if its message was short.?
Page 1.20
2 Physical and link layers 2.1 CSMA/CD Collision detection
Minimum frame size
Propagation time
Collision domain
Collision detection Propagation time
Collision detection (distance)
Mini transmission time of the frame = 2 x propagation time minimum frame size = mini transmission time x 10Mbps
21
The solution is to impose a minimum time of transmission for any host. So, a minimum frame length is mandatory.
Page 1.21
2 Physical and link layers 2.1 CSMA/CD Minimum size of the frame 2.5km 10 Mb/s
minimum frame size
Propagation time Propagation time
25.6s
Collision
25.6s
mini transmission time of the frame = 51,2 s minimum frame size = (51.2s x 10-6) x (10 x 106) = 512bits = 64 bytes
22
If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short. On Ethernet, the maximum distance between 2 hosts is 2.5 km. Therefore, the minimum length frame should be 64 bytes. On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long
Page 1.22
1.23
Page 1.23
2 Physical and link layers 2.2 Cabling 10 base 5 : LAN constitution

repeater Segment 500m repeater
10 base 5
10 Mb/s
Segment 500m Maxi size size of segment : 500m Segment 500m repeater
2.5km
Base band
2.5m
Segment 500m
repeater
Segment 500m
100 hosts per segment

Cabling rules over 10 base 5 (yellow coaxial) :
No more than 4 repeaters

24
maximum distance between 2 hosts : 2.5km. Maximum size of a segment : 500m (maximum distance without repeater) No more than 4 repeaters (Round trip time = 49us. If 5 repeaters then 59.2us) 100 hosts per segment minimum 2.5m between 2 hosts
Page 1.24
2 Physical and link layers 2.2 Cabling 10 base 5 : Connection to medium
15 pins
AUI cable Transceiver

15 pins
Length 50m
2.5m
Coaxial 50
Manchester code
1 0 1 1 0 1 0 0 1
0 volt -2.05 volt
Center wire Braided metal shield Polyethylene filler
AUI: Attachment Unit Interface
25
10 base 5 or (yellow coaxial) : vampire connectors

AUI cable pin-out (In: transceiver to host, Out: host to transceiver) 3-10 DATA-OUT 11 DATA-OUT shield 5-12 DATA-IN 4 7-15 DATA-IN shield Control Out Idle: noise level. CS0: signal frequency = 1/2 bit frequency CS1: signal frequency = bit frequency Control Out shield
11 2-9:
1: 6
13 14
shield DC common shield + shield
Control In Idle: (Available) available Transceiver, CS0: (Signal Quality Error) error detection: collision, ... CS1: unavailable transceiver
Page 1.25
2 Physical and link layers 2.2 Cabling 10 base 2 : LAN constitution

repeater Segment 185m repeater
10 base 2
10 Mb/s
Segment 185m Maxi size size of segment : 200m Segment 185m repeater
925m
Base band
0.5m
Segment 185m
repeater
Segment 185m
30 hosts per segment

Cabling rules over 10Base2 (thin coaxial) :
No more than 4 repeaters

26
maximum distance between 2 hosts : 925m. Maximum size of a segment : 185m (maximum length without repeaters) 30 hosts per segment minimum 0.5m between 2 hosts
Page 1.26
2 Physical and link layers 2.2 Cabling 10 base 2 : Medium connection
Center wire Braided metal shield Polyethylene filler
Thin coaxial cable (5 mm) T Terminator

27
10Base2 (thin coaxial) : BNC connectors
Page 1.27
2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (1) hub R 1 T 2 HUB 4 ports 3 R T
Connector RJ45
R T <100m
R T
HUB= multiport repeater

28
HUB: functions Assure the frame broadcast towards all hosts oat the same level and towards the upper level such as a bus. Re-amplify the signals. Detects the collisions and informs all host. Supervises the status of the links (Link Test Pulse) thanks to the transmission of pulses (400ns) every 16ms when there is no traffic (idle). Could make unavailable a defective port.
Page 1.28
2 Physical and link layers 2.2 Cabling 10/100 base T : HUB purpose (2) hub R T HUB 4 ports R 6 5 T 4
R T
R T
29
Page 1.29
2 Physical and link layers 2.2 Cabling 10/100 base T : cables

10 Mb/s
10 base T 100 base T

Base band
100 Mb/s
Telephone wire
UTP category 5
STP category 5
RJ-45
UTP : Unshielded Twisted Pair STP : Shielded Twisted Pair
30
Cable categories : Unshielded Twisted Pair (UTP) and Shielded Twisted Pair (STP) category 3: Bp 16Mhz (not used anymore) cable and associated connecting hardware whose transmission characteristics are specified up to 16 MHz. It is used by 10BASE-T and 100BASE-T4 installations category 4: Bp 20Mhz cable and associated connecting hardware whose transmission characteristics are specified up to 20 MHz. It is used by 10BASE-T and 100BASE-T4 installations. The cable normally has four pairs of wire. This grade of UTP is not common. category 5: Bp 100Mhz cable and associated connecting hardware whose transmission characteristics are specified up to 100 MHz. It is used by 10BASE-T, 100BASE-T4, and 100BASE-TX installations. The cable normally has four pairs of copper wire. Category 5 is the most popular cable used in new installations today. 100BASE-T media specifications, which include 100BASE-TX, 100BASE-T4, and 100BASE-FX, allow Fast Ethernet to run on the most common Ethernet wiring, including Categories 3, 4, and 5 unshielded twisted-pair, shielded twisted-pair, and fiberoptic. 100BASE-TX designates the IEEE 802.3 specification for 100 Mbps Ethernet signaling with CSMA/CD over two pairs of Category 5 UTP or STP wire. The pairs of wires used for transmitting and receiving signals are the same as those used for 10BASE-T. Therefore, the same (Category 5 UTP or better) cable used for 10BASE-T can be used for 100BASE-TX with no change to cable termination. 100BASE-T4 is the IEEE 802.3u specification for 100 Mbps Ethernet signaling over four pairs of Category 3 or better UTP cable. This physical layer standard was specifically defined to allow 100BASE-T to be deployed over the large installed base of Category 3 voice-grade UTP. 100BASE-T4 uses four-pair Category 3, 4, or 5 UTP cable for distances of up to 100 meters. Transmission requires four pairs of cable to reduce electrical emissions and meet FCC requirements. 100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimode fiberoptic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference.
Page 1.30
2.2 Cabling Repeater
10baseT
10base2
AUI (10base5)
Signal amplifier media adaptation Repeater
Segment
Repeater: Located at the physical level, it acts at the electrical level: Amplifier media adapter
31
Page 1.31
2 Physical and link layers 2.2 Cabling 10/100 base T : Access control and collision detection Transmission
Media monitoring Yes transmission free ? No
Transmit Collision detection
Loopback
Yes Transmission OK
Monitoring = transmission ?
No Collision detection
Receive
32
On a half duplex channel : Looping back of transmitted data onto the receiver input, Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal. Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting.
Page 1.32
ter, u o (R DTE , ) PC
2 Physical and link layers 2.2 Cabling 10/100 base T : Connector RJ45
MDI
DCE w itch) b, S -X u H ( MDI

2 1 4 3 5 6 8 7
2 1 4 3 5 6 8 7
(Transmission and reception are crossed)
Pins 1 2 3 6
Function
Data Transmission Tx + Data Transmission Tx Data Reception Rx + Data Reception Rx MDI : Media-dependent interface
Pins 1 2 3 6
Function
Data Reception Rx+ Data Reception Rx -
Data Transmission Tx + Data Transmission Tx MDI-X : Media-dependent interface crossover
33
Connector RJ-45 hardware aspect : connector RJ 45 (ISO 8877) with 8 pins Two types of ports: MDI (on DTE like routers et hosts) MDI-X (on DCE like Hubs, switches), Transmission and reception pins are crossed. Note: Hubs and Switches have usually one MDI (not crossed) port among their ports in order to allow a connection between hubs or switches.
Page 1.33
2 Physical and link layers 2.2 Cabling 10/100 base T : Straight cable Port MDI host (DTE) 1 Tx
Rx 1 2 Tx 3 6
Ports MDI-X
1 Rx 2 3 Tx 6
Port MDI
Tx 1 2 3 Rx 6
host (DTE)
2 3 6 Rx
(DCE)
Hub/Switch
Port MDI-X
6 3 2 1 Rx T x
Straight cable (MDI-X to MDI)

Rx T x
Port MDI
6 3 2 1
Router (DTE)
34
Straight cables connection between DTE and DCE Usually between Hub (or switch) and host (or router)
Page 1.34
2 Physical and link layers 2.2 Cabling 10/100 base T : Crossover cable host (DTE) Port MDI
1 Tx 2 3 6 Rx
Port MDI
Tx 1 2 3 Rx 6 Crossover (DTE to DTE)
host (DTE)
Router (DTE)
Port MDI
1 Tx 2 3 6 Rx
Port MDI
Tx 1 2 3 Rx 6 Crossover(DTE to DTE)
host (DTE)
35
Crossover cables connection between two DTEs without using Hub or Switch
Page 1.35
2 Physical and link layers 2.2 Cabling 10/100 base T : How to recognise the cable types
Straight
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
Crossover
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6
Rolled over
7 8 1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
Tx+ Tx+ Rx+ TxTx-
Tx+ Tx+ Rx+ TxTx-
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8
Tx+ Tx+ Rx+ TxTx-
Tx+ Tx+
Rx+
TxTx-
1 2 3 4 5 7 8
1 2 3 4 5 6 7 8
8 7 6 5 4 3 2 1 36
RxRx-
RxRx-
RxRx-
RxRx- 6
Rolled over cable : used on Cisco in particular cases (console and auxiliary port).
Page 1.36
2 Physical and link layers 2.2 Cabling 10 base T : HUB connections

10baseT
100m
m 1 0 0
m 1 0 0
HUB
100m
100 m
10baseT
HUB
10baseT
HUB
10 0m
m 1 0 0
10baseT
1 0 0 m
HUB
500m 4 repeaters
1 0 0 m
m 100
100 m
10baseT
0 m 1 0
HUB
37
Ethernet 10 BaseT 2 unshielded twisted pairs (Rx, Tx) (UTP) category 3 or 5 4 HUBs at the maximum Maximum network diameter 500m Maximum segment length 100m Bw 20MHz, 10 Mbauds, Manchester Code
Page 1.37
2 Physical and link layers 2.2 Cabling 10/100 base T : Hub interconnection hub
1-2 3-6 1-2 3-6
Tx Rx Tx Rx Tx Rx
Rx Tx Rx Tx Rx Tx
Rx Tx
Tx
1-2
1-2 3-6
Rx 3-6 hub
1-2 3-6
1-2 3-6 1-2 1-2 3-6 3-6
Port MDI-X Tx Rx Port MDI Rx 1-2 Tx 3-6
1-2 3-6
Straight cable
Port MDI-X
1-2 3-6
Tx Rx
Rx Tx
1-2 3-6
38
Usually, a Hub has got at least one port MDI or a configurable port (MDI/MDI-X) by means of a switch. Therefore, the connection between two Hubs can be made by means of a straight cable connected to a MDI port at one end and to a MDI-X port at the other end. Another possibility consists of connecting two MDI-X ports but by means of crossover cable.
Page 1.38
2 Physical and link layers 2.2 Cabling 10/100 base T : HUB
MDI-X or MDI port function of switch position
MDI-X ports
39
Page 1.39
2.5km
2 Physical and link layers 2.2 Cabling FastEthernet 100Mb/s : what problem?
5.12s
64 bytes
100 Mb/s
Propagation time
25.6s
Collision detection!! no collision detection!! Bandwidth = 100 Mb/s Duration of the minimum size frame transmission : 64 Bytes x 8 bits / 100 x 106 = 5.12s
How to solve this problem?

If the bandwidth is multiplied per 10 (100Mb/s instead 10Mb/s) either : the minimum frame length should be multiply per 10 or, the maximum distance between 2 hosts must be divided per 10 (<250m) That is the second solution which has been chosen.
40
Page 1.40
2 Physical and link layers 2.2 Cabling FastEthernet 100Mb/s : LAN diameter reduction
250 m
100 Mb/s
minimum frame size: 64 bytes
Propagation time Propagation time
2.5s
5.12s
Collision
2.5s
41
If the network length is long => the minimum size of the frame should be long. This involves the transmitter to make padding if its message is short. On Ethernet, the maximum distance between 2 hosts is 2.5 km. Therefore, the minimum length frame should be 64 bytes. On Ethernet 10Mb/s : Time to transmit 1 bit : 0.1us 1 bit occupies 23 meters A short frame occupies 13.3km long
Page 1.41
2 Physical and link layers 2.2 Cabling FastEthernet 100 base T : Hub interconnection
100 m
1 0 0 m
100 base T
m 1 0 0
HUB
20m
1 0 0 m
10 0m
220m 2 repeaters
100 base T
10 0m
HUB
100m
Ethernet 100 Base T 2 shielded twisted pairs (Rx, Tx) (STP) category 5 Maximum 2 consecutive HUBs 20 m from each other Maximum network diameter 220m Maximum segment length 100m Bp 30MHz, 62,5 Mbauds, 4B/5T code or MLT3 (3 levels) or NRZI Ethernet 100 base T4 4 unshielded twisted pairs UTP (1 Rx, 1 Tx, 2 bi-directional ) category 3 per port Bp 20MHz, 25 Mbauds , 8B/6T code or MLT3 (3 levels) or NRZI
m 100
42
Page 1.42
2 Physical and link layers 2.2 Cabling 100 base Fx : Optical fibers
100 base Fx
100 Mb/s Base band
Fiber
Connector SC
Fiber
Connector ST
43
100BASE-FX is the IEEE 802.3 specification for 100 Mbps Ethernet signaling over two strands of multimode fiber-optic cable. 100BASE-FX is used for transmissions over extended distances, downlinks, and backbones, and is especially useful in any environment subject to electrical interference. ST (an AT&T Trademark) is the most popular connector for multimode networks, like most buildings and campuses. It has a bayonet mount and a long cylindrical ferrule to hold the fiber. Most ferrules are ceramic, but some are metal or plastic. And because they are spring-loaded, you have to make sure they are seated properly. SC is a snap-in connector that is widely used in singlemode systems for it's excellent performance. It's a snap-in connector that latches with a simple push-pull motion. It is also available in a duplex configuration. Besides the SC Duplex, you may occasionally see the FDDI and ESCON duplex connectors which mate to their specific networks. They are generally used to connect to the equipment from a wall outlet, but the rest of the network will have ST or SC connectors. FC/PC has been one of the most popular singlemode connectors for many years. It screws on firmly, but make sure you have the key aligned in the slot properly before tightening. It's being replaced by SCs and LCs LC is a new connector that uses a 1.25 mm ferrule, half the size of the ST. Otherwise, it's a standard ceramic ferrule connector, easily terminated with any adhesive. Good performance, highly favored for singlemode. MT-RJ is a duplex connector with both fibers in a single polymer ferrule. It uses pins for alignment and has male and female versions. Multimode only, field terminated only by prepolished/splice method.
Page 1.43
1.44
Page 1.44
2 Physical and link layers 2.3 MAC addressing Logical address and physical address
Alice
IP @ = logical address
xz
Bob
MAC @ = Physical address
IP: Internet Protocol MAC: Medium Access Control
45
IP addresses are logical addresses. IP address is assigned to each port. Therefore a host (especially routers) could get several IP addresses if it is connected to network(s) through several boards. MAC addresses are physical addresses At the Ethernet level, the frames are exchanged by means of physical addresses (called MAC address). So, it is essential to associate IP address and MAC address.
Page 1.45
2.3 MAC addressing unicast
MAC
00.80.9f.00.02.03
MAC
00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
Dest : 00.53.27.32.02.c8 ..
MAC
00.35.d6.39.cb .0a 00.35.d6.39.cb.0a
MAC
00.6f.66.32.0b.08
46
Ethernet MAC address is 6 bytes length Unicast address Address assigned to only one Ethernet board over the world. A unicast address identifies a single device or network interface. When frames are sent to an individual station on a LAN, the unicast identifier of the target is typically used as the destination address in all transmitted frames. The source address in transmitted frames (the identifier of the sender) is always unicast. Unicast addresses are sometimes called individual addresses, physical addresses, or hardware addresses; these terms are all synonymous.
Page 1.46
2.3 MAC addressing broadcast
MAC
00.80.9f.00.02.03
MAC
00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
Dest : ff. ff.ff. ff.ff. ff.ff. ff.ff ff.ff.

MAC
00.35.d6.39.cb .0a 00.35.d6.39.cb.0a
MAC
00.6f.66.32.0b.08
47
Broadcast A broadcast frame is a frame having the destination MAC address all 1s. This frame will be interpreted by all host connected to the LAN. Note : This kind of frame never goes through a router
Page 1.47
2.3 MAC addressing Multicast
MAC
00.80.9f.00.02.03
MAC
01.00.5e.00.00.09 00.18.55.92.a2.08
MAC
00.53.27.32.02.c8
Dest : 01.00.5e.00.00.09 ..
MAC
00.35.d6.39.cb .0a 00.35.d6.39.cb.0a
MAC
00.6f.66.32.0b.08 01.00.5e.00.00.09
48
Multicast address In addition to unicast address, some hosts could get one or several multicast addresses because they belong to one or several groups. Usually, Multicast address is programmable. Therefore a multicast address can be used as a destination address when a sender wants to send a frame to a group of receivers. Most LAN technologies provide many-to-many connectivity among multiple stations on a shared communications channel; multicast addressing provides the means to send a frame to multiple destinations with a single transmission Multicast addresses are sometimes called group addresses or logical addresses. Multicast addresses are assigned by an international organisation.
Some well-known examples include: - The Spanning Tree Protocol uses a multicast address to define the logical group of all bridges that implement the protocol. (01-80-C2-xx-yy-zz) - The Open Shortest-Path-First routing protocol (OSPF) uses a multicast address ( 5E-xx-yy-zz).
Most of routing protocols use multicast addresses to exchange their database. In this case, this method is more efficient than broadcast because it does not disturb hosts which are not concerned by the data exchanged between routers. A multicast address identifies a group of logically-related devices.
Page 1.48
2 Physical and link layers 2.3 MAC addressing Details of the MAC address
6 bytes (48 bits)
O.U.I.: Organizational Unit Identifier (Assigned by IEEE) Manufacturer Code (22 bits) U/L: Bit I/G: Bit Serial number (24 bits)
0: Universal, unique address 1: Local, local significant
0: Individual (or Unicast), associated to only one equipment 1: Group (or Multicast), associated to a set of equipment
hexadecimal representation (12 digits) Examples : CISCO : 0 0 . 1 0 . 7 B . x x . x x . x x Alcatel : 0 0 .8 0 . 9 F . x x . x x . x x

managed by manufacturer
49
The bits are presented in the order they are transmitted Universal / Global address Universal address : managed by international organisation (IETF). Globally unique addresses are assigned by equipment manufacturers at the time a device is produced. Local Global Address : Locally unique addresses are manually assigned by a network administrator (Mainly used in Token Ring network). When the Ethernet address scheme was incorporated into the IEEE LAN standards, political considerations forced the adoption of a means to allow network administrators to manually assign addresses in a locally-unique manner. The second bit of an address ( called the Global/Local or G/L bit in the standards16) indicates whether the identifier is globally-unique (G/L = 0) or unique only to the LAN on which the station resides (G/L = 1). Unicast / Multicast address : Unicast address : identifies a single device or network interface Multicast address : address pointing to a group of host Written address conventions Addresses are normally written as a sequence of 12 hexadecimal digits separated by hyphens or colons. Is 48 bits the right number? A 48-bit address provides about 281 million million, unique points in the address space. Even allowing for half of these to be used for multicast addresses, and further eliminating half of what is left for locally-unique assignments, there is still enough space for almost 12,000 network-addressable devices for every man, woman, and child on the planet. (Even you don't have that many computers on your desk!) Looked at another way, if the industry produced 100 million LAN devices every day of the year (more than 500 times the current level of production), it would still take nearly 2,000 years to exhaust the address space. How unicast Addresses are assigned Globally-unique unicast addresses are assigned by the manufacturer of the networking device. Typically, this address is burned into a read-only memory or the interface controller itself. Device driver software can read this hardwired address and configure the interface controller appropriately. If a company builds devices that need globally-unique addresses assigned to them ( e.g., network interfaces), the company must first obtain an OUI from the IEEE. This is a relatively straightforward procedure involving the filling out of a simple form and an exchange of currency.Information on obtaining OUIs can be found at http://standards.ieee.org/
Page 1.49
2 Physical and link layers 2.3 MAC addressing Transmission of the bits Bit multicast
10000111 11000000 10010011 01010010 00001111 01000001
Manufacturer code (22 bits)
Serial number (24 bits)
MAC address Hexadecimal representation
11100001 00000011 11001001
e 1
0 3
c 9
01001010
4 a
11110000
f0
10000010
82
1st byte odd => multicast address

50
For each byte, that is the less significant bit which is sent first =>the first transmitted bit being U/L, this bit is in fact the less significant bit of the first byte of the MAC address. Consequently when a MAC address has its first byte odd => it is a multicast address. Example : MAC@: 01-80-9F-D1-45-00 is a multicast address.
Page 1.50
1.51
Page 1.51
2 Physical and link layers 2.4 Frame Ethernet V2
Bytes
1518 length 64
2
46 to 1500
Preamble 7 x AA
SFD
MAC @ dest.
type Trame ethernet
MAC @ src.
>5DC
Ether
Data
Padding
FCS
Synchronisation Start Frame Delimiter 10101011
Indicates the upper layer protocol Value > 5DCH or 1500D. Examples :IP: 0800 ARP: 0806 IPv6:086D
Control Max Trans. Unit (MTU): 1500 Mini. size : 46 (possibly padding)
MTU: Maximum Transmission Unit IP: Internet Protocol ARP: Address Resolution Protocol FCS: Frame Check Sequence
52
Ethernet protocol Designed by Digital, Intel, Xerox (DIX ethernet) The original release has been updated and the current version is Eth V2 The field Ether types allows the receiver to forward the frame contains to the correct protocol of the next layer. The type value is standardised and is always higher than 600 hexa or 1536dc The standardised values of ether type can be obtained from IANA the Internet Assigned Numbers Authority which is the central co-ordinator for the assignment of unique parameter values for Internet protocols. http://www.iana.org/numbers.html Directory of General Assigned Numbers (replace RFC1700) The data field must not convey more than 1500 bytes. At the opposite, data field must have 46 bytes at least in order to respect the minimum frame length for collision detection (64 bytes). Therefore, ethernet protocol will sometimes have to make padding. Maximum traffic of short frames : 14880 frames/s Maximum traffic of long frames : 812 frames/s
Page 1.52
1 2
1.53
Page 1.53
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Situation of the MAC 802.3 sub-layer
Network
Other protocols
Other protocols
IP
ARP
LLC
SNAP 802.1a LLC IEEE 802.2
Link
connectionless+ack LLC type 3

MAC
Connected mode LLC type 2

token Ring 802.5 Shield twisted pairs
connectionless LLC type 1

Ethernet ISO 802.3 10 Base T Ethernet V2
FDDI
Physical
Optical Fibre
10 Base 2
10 Base 5
LLC: Logical Link Control
SNAP: Sub Network Attachment Point
54
When IP protocol was designed it was dedicated to operate over Ethernet which run over bus topology. The IEEE wished use other topologies to convey IP (FDDI, Token Ring, ) in addition to the bus CSMA/CD. But, for theses other topologies, the maximum frame length was variable. So, a field frame length should be present inside the frame header. In addition, IP being not reliable, IEEE decided to add a protocol capable of offering reliability: LLC sub protocol Purpose of LLC sub protocol : offers various services : LLC1- connectionless without flow control neither acknowledgment (LAN 802.3 Ethernet et 802.5 Token Ring) LLC2- with connection, acknowledgment (TokenRing, SNA) LLC3- connectionless with acknowledgment (factory network) It is the role of the layer 3 to select the appropriate service. provides Services Access Point to the upper layers. Note: IP use LLC1. Purpose of the SNAP sub-protocol : Due to a growing number of applications using LLC (IEEE 802) as lower protocol layers, an extension was made to the IEEE 802.2 protocol in the form of the Sub-Network Attachment Point (SNAP).
Page 1.54
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Frame IEEE 802.3
Bytes
46 to 1500
Preamble 7 x AA
Flag
MAC @ dest.
MAC @ src.
Ether Length Type 1500D >600
Data
Padding
FCS
synchronisation End of preamble
Indicates the data length (without padding) Value 1500 (dec). dec). 5DC (hexa) hexa)
Control Max. Trans. Unit (MTU): 1500 mini size : 46 (possibly padding)
55
Standardised by IEEE In the 802.3 MAC frame, the length of the data field is indicated in the 802.3 header (instead type of protocol) The length of the 802.3 data field is also limited to 1500 bytes for 10 Mbps networks, but is different for other transmission speeds.
Page 1.55
OSI
Protocol codes SNA
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IEEE 802.2 LLC encapsulation other protocol codes using 2 bytes IP ARP 0806
2
0800
1492
FE LLC 802.2
04
AA
SNAP 802.1a
O. U. I
3
PID
Data
Bytes
Bytes
DSAP SSAP
1 1
Control
1
Data
1497
802.3 frame
MAC @ dest.
Bytes
6
MAC @ src.
6
Length <5DC
2
Data
46 to 1500
Padding
FCS
4
56
The field type of Eth.V2 protocol having been lost in IEEE802.3, the 802.3 protocol forwards systematically the data field to the 802.2 LLC protocol. LLC protocol 802.2 The 802.2 Logical Link Control (LLC) layer above IEEE 802.3 uses a concept known as link service access point (LSAP), which uses a 3-byte header, where DSAP and SSAP stand for destination and source service Access Point respectively. Numbers for these fields are assigned by an IEEE committee. Control : type of frame I, RR, REJ, DM, (note: LLC1 uses only the value: 03= UI). DSAP/SSAP identifies the encapsulated protocol. A problem arises with the use of LLC in its pure form. LLC SAPs (LSAPs11) are only 1 byte long; as a result, they can multiplex only among a maximum of 256 clients. However, the SAP space is further subdivided. Half of the space is reserved for group (Le., multicast) SAPs, leaving only 128 multiplexing points for most purposes. Even within this restricted space, it is also common practice to use the second bit of the SAP to divide the space further, allowing for 64 publicly-administered, globally-unique SAPs and only 64 identifiers that can be locally administered for private use. To overcome this limitation, an escape mechanism was built into the LLC SAP identifier. If the SAP is set equal to OxAA, this indicates that the SubNetwork Access Protocol (SNAP) is in use.
Page 1.56
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols SNAP 802.1a sub-layer PID:encapsulated protocol (809B= AppleTalk 0800= IP, )
3
IP packet
Organisational Unit Id 802.1a SNAP 802.2 LLC 802.3 frame

Bytes Bytes Bytes
O. U. I 00 . 00 . 00 SSAP
(AA)
1 1
PID
1497
1492
Data
DSAP
(AA)
Control
(03)
Data
4
MAC @ dest.
MAC @ src.
Length <5DC
Data
46 to 1500
Padding
FCS
57
SNAP (Sub Network Access Protocol) Allows to indicate the encapsulated protocol. OUI (Organisation Unit Id= vendor code ) : usually 000000 PID (Protocol Identifier) : the same values used in the Ethernet type field. Example : 0800 IP, 809B AppleTalk,
Page 1.57
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Other advantages of SNAP
Bridge
FR, ATM, ... network
Bridge
MAC@ MAC@ Type dest. src. (IP)
Data
FCS
MAC@ MAC @ Type dest. src.
Data
FCS
Data
Data
Encapsulation FR, ATM, ...
De-encapsulation FDDI, ATM, ...
58
When Ethenet data have to cross a WAN, a new encapsulation has to be done and only data field will be encapsulated in the new protocol so, the type field has been lost. At the other end of the WAN no indication about the type of data. In this case, the use of LLC/SNAP becomes crucial.
Page 1.58
Ligne
ADSL Modem
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols IP encapsulation into AAL5 (LLC/SNAP)
Ethernet
LLC 802.2 IEEE 802.3 AAL 5 ATM

5 48 oct. octets
DSAP SSAP AA AA
SNAP 801.a
1
Cntl 03 Length
2 46 - 1500
OUI 00 00 00
PID 0800
IP
MAC MAC destination source

6 6
FCS
4
PAD
Cellules ATM
0 47
UU CPI
Leng. CRC
2 4
59
IP encapsulation into ATM LLC: SNAP DSAP et SSAP= AA AA => use of SNAP Ctl: 03= UI frame(Unnumbered Information) OUI:000000 ethertype PID= 0800: IP PID= 0806: ARP, .
Page 1.59
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Comparison between Eth. V2 and IEEE 802
IP packet
O. U. I 00.00.00 SNAP
Bytes
Bytes
PID 0800
1
1492
Data
1497
Bytes
Eth V2 frame
MAC @ dest.
MAC @ src.
Ether type 0800
46 to 1500
Data
LLC
4
DSAP (AA)
SSAP (AA)
Control (03)
Data
46 to 1500 4
Bytes
Padding FCS
MAC@ dest.
MAC@ src.
802.3 frame
Leng. <600
data
Padding
FCS
60
Note: the maximum size of IP packet depends on the lower layers : Eth V2 : 1500 bytes IEEE 802.3 : 1492 bytes
Page 1.60
2 Physical and link layers - 2.5 Frame 802.3 and associated protocols Protocol recognition
Ethernet V2 or IEEE 802.3 ?

Bytes
7 1 6 6 2 46 to 1500 4
Preamble 7 x AA
Flag
MAC @ dest.
MAC @ src.
Type /Leng
Data
Padding
FCS
1500dec or 5DChex
Length
Field value: type / length ?
>1500dec or > 5DChex
Ether type
802.3
Ethernet V2
61
Both frame formats can coexist on the same physical coax. This is done by using protocol type numbers (type field) greater than 1500 (decimal) in the Ethernet frame. However, different device drivers are needed to handle each of these formats.
Page 1.61
Objective: to be able to describe the Ethernet frame format
2 Physical and link layers Evaluation
Thank you for answering the self-assessment of the objectives sheet
62
Page 1.62
1 2 3 4 5 6 7 8 9
1.63
Page 1.63
3 ARP protocol ARP protocol location
Network
IP ARP
LLC Link MAC Physical

FDDI
SNAP
LLC 802.2
token Ring Shield twisted pair
Ethernet ISO 802.3 10 Base T
Ethernet V2
Optical fibre
10 Base 2
10 Base 5
64
The address resolution protocol is responsible for converting the higher level protocol addresses (IP addresses) to physical network addresses. It is described in RFC 826.
Page 1.64
3 ARP protocol ARP protocol : @IP / @MAC association

IP protocol IP@:1.1.1.1 IP @ :1.1.1.2 Search MAC@ of 1.1.1.2
2 ARP cache MAC @ IP @ 6 ? 1.1.1.2 908070 IP @ :1.1.1.1 MAC @: 102030

ARP Request
@MACsrc: 908070 102030 908070 0806 (ARP)
MAC@ MAC@ Type dest. src.
@IPsrc: 1.1.1.2
Data ARP Reply
FCS
@IPdest: 1.1.1.1 @MACdest: 102030
ARP Response
IP @ : 1.1.1.2 MAC @ : 908070

Data ARP Request @IPsrc: 1.1.1.1 0806 @MACsrc: 102030 (ARP) @IPdest: 1.1.1.2 @MACdest: ???????? FCS

(Broadcast)
fff...ff 102030
65
A module (ARP) is provided that will translate the IP address to the physical address of the destination host. It uses a lookup table (sometimes referred to as the ARP cache) to perform this translation. When the address is not found in the ARP cache, a broadcast is sent out on the network, with a special format called the ARP request. If one of the machines on the network recognises its own IP address in the request, it will send an ARP reply back to the requesting host. The reply will contain the physical hardware address of the host and source route information (if the packet has crossed bridges on its path). Both this address and the source route information are stored in the ARP cache of the requesting host. All subsequent datagrams to this destination IP address can now be translated to a physical address, which is used by the device driver to send out the datagram on the network. Principle: 1- A host (IP@=ZIPO, MAC@=1234) which would like to send an IP packet to IP@=Yaka as to find out the corresponding MAC@. 2- This information not being in its cache memory, 3- ARP protocol broadcast an ARP Request over the LAN. 4- All the hosts connected on the LAN have to decode the ethernet frame because it is broadcasted. But only the host having got the IP@= Yaca, answers. 5- The ARP Response in sent back to unicast MAC@=1234, conveying the MAC@ of Yaca. 6- The response is memorised in the cache memory
Page 1.65
3 ARP protocol Transmission of IP packet

IP protocol IP@:1.1.1.1 IP @ :1.1.1.2
7 ARP cache MAC @ IP @ ? 908070 9
1.1.1.2
IP @ :1.1.1.1 MAC @ : 102030 8

MAC @ : 908070
Data IP Packet FCS
IP @ : 1.1.1.2
908070 102030 (IP)
0800
@IPsrc: 1.1.1.1 @IPdest : 1.1.1.2

66
7-Only now, the IP packet conveying the message can be transmitted to Yaka. 8- To achieved that, the IP packet is encapsulated into an Ethernet frame with the unicast destination MAC@ (=9876) 9- The host having the MAC@=9876 receives the ethernet frame.
Page 1.66
3 ARP protocol Cache updating ARP cache IP @ MAC @

Data MAC@ MAC@ Type ARP Request dest. src. @IPsrc: Z @MACsrc: 123 123 0806 fff...ff (ARP) @IPdest: Y (Broadcast) @MACdest: ????????
1
FCS
123
MAC @ : 123 IP @ :Z ARP cache IP @ MAC @ Y 456 ?

5
MAC @ : 456 IP @ : Y
4
IP @ : X MAC @ : 1 3 ARP cache IP @ MAC @ Z 123

2
123
456
@IPsrc: Y @MACsrc: 456 0806 @IPdest: Z (ARP) @MACdest: 123
Data ARP Reply
FCS
67
Whenever an ARP Request is sent over the LAN, all hosts connected to this LAN can update their ARP cache memory (IP@ <=> MAC) because the destination of the frame is a broadcast address.
Page 1.67
3 ARP protocol Time to live of ARP entry
ARP cache IP @ MAC @ Z 123
123
456
0800
(I P)
Data IP Packet IP Y Z
5
FCS
MAC @ : 123 888 IP @ : Z

1
IP @ : X MAC @ : 1 MAC @ : 456 IP @ : Y
123
888
4
ARP cache IP @ MAC @ Z 123
IP Y Z
68
Time to live of an ARP entry 1- When an Ethernet board has to be replaced in a host therefore, the MAC@ changes. 2- Another host wishing send an IP packet to Z and having in its ARP cache a MAC@ (but the previous one) corresponding to this IP@ wil not perform an ARP procedure. 3- Consequently, the Ethernet frame with the now wrong destination address will never reach the desired host So, to solve this problem, the ARP entries are deleted if they are not used for a time (configurable). For instance, in Cisco router, the default ARP TTL is 4 hours while it is only some seconds in PC. Note: a host could get the suppression of an entry (the oldest one) if there is no enough place in its ARP cache memory
Page 1.68
3 ARP protocol Gratuitous ARP
ARP cache IP @ MAC @ Z 888 123 3

4

(Broadcast)
fff...ff 3
888
Data ARP Request @IPsrc: Z 0806 @MACsrc: 888 (ARP) @IPdest: Z @MACdest: ????????
FCS
MAC @: 123 888 IP @ : Z

1
IP @ : X MAC @ : 1 MAC @ : 456 IP @ : Y
123
888
ARP cache IP @ MAC @ Z 123 888

4
69
ARP gratuitous An ARP gratuitous is an ARP Request having as destination IP@ its own IP@. This particular ARP Request has got to objectives : To update the ARP cache memory of the other hosts on the LAN To detect whether there is another host having the same IP@ (normally no one host should answer to this request).
Page 1.69
3 ARP protocol Various encapsulations of ARP

ARP Message SNAP ARP in SNAP/LLC 802.2 LLC 802.3 @MAC Dest @MAC Src
ARP in Eth V2
ARP Message Eth.V2 @MAC Dest @MAC Src
70
Page 1.70
3 ARP protocol ARP format and encapsulation in Ethernet V2

1:Ethernet 6:Token Ring... 0800 (IP) 6 4 Operation MAC @ IP @ MAC @ Dest. Source source 4 6 2 6 IP @ dest. 4 0001:ARP Request 0002:ARP Response
ARP
Hardwar Protocol MAC @ IP @ Message type length length 2 2 1 1 Byte
Eth V2 frame
MAC @ MAC @ Dest. Source 6 6
Type 2
ARP Message
FCS 4
0806:ARP
71
ARP message format Hardware address space: Specifies the type of hardware; examples are Ethernet or Packet Radio Net. Protocol address space: Specifies the type of protocol, same as the EtherType field in the IEEE 802 header (IP or ARP). Hardware address length: Specifies the length (in bytes) of the hardware addresses in this packet. For IEEE 802.3 and IEEE 802.5 this will be 6. Protocol address length: Specifies the length (in bytes) of the protocol addresses in this packet. For IP this will be 4. Operation code: Specifies whether this is an ARP request (1) or reply (2). Source/target hardware address: Contains the physical network hardware addresses. For IEEE 802.3 these are 48-bit addresses. Source/target protocol address: Contains the protocol addresses. For TCP/IP these are the 32-bit IP addresses. Note: MAC address destination is set to 0 in any ARP request.
Page 1.71
3 ARP protocol The various fields

@MAC dest:ff:ff:ff:ff:ff:ff (Broadcast) Hardware type:1(Ethernet) Protocol: 800 (IP) Hw address length: 6 Protocol address length: 4 Operation: 1 (request) Senders hw address:0:0:c0:6f:6d:40 Senders protocol address:192.10.21.1 Target hw address:0:0:0:0:0:0 Target protocol address:192.10.21.2 IP @ :192.10.21.1 MAC @ :0:0:c0:c2:9b:26
@MAC src:0:0:c0:6f:6d:40 Type:0806 (ARP)
ARP Request
IP @ :192.10.21.2 MAC @ :0:0:c0:6f:6d:40
2 MAC @ ? 0:0:c0:6f:6d:40
MAC @ IP @ 192.10.21.1 0:0:c0:c2:9b:26 ? 5
ARP Response
IP @ 192.10.21.2
@MAC dest 0:0:c0:6f:6d:40 @MAC src:0:0:c0:c2:9b:26 Type:0806 (ARP)
Hardware type:1(Ethernet) Protocol: 800 (IP) Hw address length: 6 Protocol address length: 4 Operation: 2 (response) Senders hw address: 0:0:c0:c2:9b:26 Senders protocol address:192.10.21.1 Target hw address: 0:0:c0:6f:6d:40 Target protocol address:192.10.21.2
72
Details of ARP Protocol
Page 1.72
3 ARP protocol Exercise :Trace of ARP protocol Given the following trace :
Addr. 0000: 0010: 0020: Hex. Data Time:07:33:06.045 FF FF FF FF FF FF 00 60 08 56 F4 E5 08 06 00 01 08 00 06 04 00 01 00 60 08 56 F4 E5 0A 00 00 8C 00 00 00 00 00 00 0A 00 00 8A
1) Below, indicate the name of various fields and their value

ARP Message
Hw type
2
0001
Type type
0800
2
Length @MAC
06
1
length @IP
04
1
Operation
0001
2
@MAC src 00600856F4E5

6
0A00008C
4
@IP src
@MAC dest 000000000000

6
0A00008A
4
@IP dest
Eth frame
ffffffffffff
6
@MAC dest
@MAC src 00600856F4E5

6
Protocol
2
2) Which Ethernet protocol is it (IEEE802.3 or Ethernet V2)? 3) Which kind of operation is it?
EthV2 Request
0806
73
Page 1.73
3 ARP protocol ARP protocole trace (Request)

Addr. 0000: 0010: 0020: Hex. Data Time:07:33:06.045 FF FF FF FF FF FF 00 60 08 56 F4 E5 08 06 00 01 08 00 06 04 00 01 00 60 08 56 F4 E5 0A 00 00 8C 00 00 00 00 00 00 0A 00 00 8A
Hexadecimal Trace Ethernet header
Eth. V2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00600856F4E5 (3Com56F4E5) 000C:000D Ethernet Type: Address Resolution Protocol (ARP) ARP [000E:0029] 000E:000F Hardware Type: Ethernet (10Mbps) 0010:0011 Protocol Type: DOD Internet Protocol (IP) 0012:0012 Hardware Address Length: 6 0013:0013 Protocol Address Length: 4 0014:0015 Opcode: Request 0016:001B Source HW Address: 00600856F4E5 001C:001F Source IP Address: 10.0.0.140 0020:0025 Destination HW Address: 000000000000 0026:0029 Destination IP Address: 10.0.0.138
The analyzer can decode the OUI code i.e. vendor code Decoded ARP message 0 in the request
74
Page 1.74
3 ARP protocol ARP protocol trace (Reply)

Addr. 0000: 0010: 0020: 0030: Hex. Data 00 60 08 56 08 00 06 04 00 60 08 56 00 8A 00 8A F4 00 F4 00 E5 02 E5 8A 00 00 0A 00 80 80 00 8A 9F 9F 00 00 21 21 8C 8A Time:07:33:06.059 32 A9 08 06 00 01 32 A9 0A 00 00 8A 00 8A 00 8A 00 8A 00 8A F9 EF C6 D8
Eth.V2 [0000:000D] 0000:0005 Destination Address: 00600856F4E5 (3Com56F4E5) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: Address Resolution Protocol (ARP) ARP [000E:0029] 000E:000F Hardware Type: Ethernet (10Mbps) 0010:0011 Protocol Type: DOD Internet Protocol (IP) 0012:0012 Hardware Address Length: 6 0013:0013 Protocol Address Length: 4 0014:0015 Opcode: Reply Expected MAC address 0016:001B Source HW Address: 00809F2132A9 001C:001F Source IP Address: 10.0.0.138 0020:0025 Destination HW Address: 00600856F4E5 0026:0029 Destination IP Address: 10.0.0.140
75
Page 1.75
Objective: to be able to describe the ARP protocol and analyze an ARP trace
3 ARP protocol Evaluation
76
Page 1.76
1 2 3 4 5 6 7 8 9
1.77
Page 1.77
4 Repeaters, Bridges and Switches Repeater
10baseT
10base2
AUI (10base5)
Media adaptation Signal amplifier Repeater
Segment
Repeater: Located at the physical level, it acts at the electrical level: Amplifier media adapter It does not interprets addresses
Segment
78
Page 1.78
4 Repeaters, Bridges and Switches Bridge principle
Bridge
LAN 1
Filtering on MAC addresses
LAN 2
79
Bridge Interconnects LAN segments at the network interface layer level and forwards frames between them. A bridge performs the function of a MAC relay, and is independent of any higher layer protocol (including the logical link protocol). It provides MAC protocol conversion, if required. A bridge is said to be transparent to IP. That is, when an IP host sends an IP datagram to another host on a network connected by a bridge, it sends the datagram directly to the host and the datagram "crosses" the bridge without the sending IP host being aware of it.
Page 1.79
4 Repeaters, Bridges and Switches Bridge architecture
Media adaptation Filtering on MAC addresses Bridge

Address filtering MAC MAC Physique Physique
MAC Physical
MAC Physical
Transceiver
Transceiver
HUB
COAXIAL
80
It acts at the level 2 Advantages increase the bandwidth thanks to the filtering, increase the reliability ( a fault is not forwarded) ensure the topology adaptation.(Ethernet, Token-Ring,)
Page 1.80
LAN 1
4 Repeaters, Bridges and Switches Manual filtering b d

LAN 2
ca cf
Eth0
MAC@
Eth 1
Bridge
a b c d e f
eth0 eth0 eth0 eth1 eth1 eth1
Port
81
Page 1.81
LAN 1
4 Repeaters, Bridges and Switches Remote bridge d

LAN 2
b (any WAN : FR, X25, PSTN,) Eth 0 ATM Eth 0
MAC@
1/2 bridge
a b c d e f
eth0 eth0 eth0 S0S0-1/32 S0S0-1/32 S0S0-1/32 Port
Serial 0 VPI/VCI 1/32
Serial 1 VPI/VCI 8/45
MAC@
1/2 bridge
a b c d e f
S1S1-8/45 S1S1-8/45 S1S1-8/45 eth0 eth0 eth0 Port
82
1/2 bridges : Have to maintain the relationship between : @Mac <=> Virtual Channel number (X25) or Telephone number (PSTN) or DLCI (Frame Relay) or, Virtual Connection (ATM), ...
Page 1.82
4 Repeaters, Bridges and Switches Self learning transparently bridge (1) a sends a frame to b a b
Self- learning Bridge 1 2 1 filter @MAC Port a 1
b a b
Self- learning Bridge 3
MAC @ : a
filter @MAC Port a 1
a
2
b a b
MAC @ : b
a a
1
b a b
filter @MAC Port a 2
83
In order to perform a filtering, a bridge must know the location of the MAC@. Two possibilities : Manually, MAC addresses are introduced by the administrator, Automatically, by means of the self learning or the spanning tree protocol. Principle of the self learning bridge : When a bridge receives a frame, it stores in its cache memory the MAC@ and the reception port then, examines the MAC@ destination. If it knows this MAC@, it forwards the Ethernet frame only on corresponding port if it is not the reception port. otherwise, it forwards the frame on all its ports (except the reception port)
Page 1.83
4 Repeaters, Bridges and Switches Self learning transparently bridge(2) b answers to a

Self- learning Bridge 1 filter MAC@ Port a b 1 2
MAC @ : a
b a
filter MAC@ Port a b 1 2
b a
b a
MAC @ : b
1 @MAC: C
filter MAC @ Port a b 2 2
84
As one goes along of the exchanges, the bridge table enhance. Note : If a host stay quiet for a long time, (e.g.: 10mn), the entry is removed from the bridge table
Page 1.84
4 Repeaters, Bridges and Switches Self learning transparently bridge and loops a sends a frame to b a b
filter MAC @ Port a 1 2 filter MAC @ Port a 2 2 1 filter MAC @ Port a
!!!
b
2/1?
MAC @ : a
b
filter MAC @ Port a 2
a
1
b b
2
filter MAC @ Port a
!!!
a b
MAC @: b
2/1?
b
85
Self learning bridge limitation : Self learning bridge cannot work correctly if their is a loop made by bridges. The solution is to use the protocol : Spanning Tree :
Page 1.85
Topology
175 234 114
4 Repeaters, Bridges and Switches Spanning Tree
Tree representation
Root 109
Loop
Loop 447 492 492 562 109 562 175 447
234
114
elimination
86
In order to solve the problem of loop in a bridged network, a protocol has been designed: Spanning Tree Protocol (STP) the standard is IEEE802.1D Tree topology There is a root, plus branches (actually, a hierarchy of progressively smaller branches), and ultimately leaves. On a given tree, there are no disconnected parts that are still considered part of the tree; that is, the tree encompasses all of its leaves. In addition, there are no loops in a tree. If you trace a path from any leaf to any other leaf, you will find that there is one, and only one, possible path.
Loop
Page 1.86
4 Repeaters, Bridges and Switches Switch : Principle Switch 4 ports R T 1 1

Simultaneous communication
R T
R T
Switch 4 ports => The traffic could reach 2 x 10 Mb/s
R T
87
A bridge analyze the MAC@ destination to forward the frame to the correct outgoing port. Early LAN bridges rarely had more than 2 ports. During the 1990 s ASIC, microprocessors, memory technology advanced to the point where it was feasible to built LAN bridges with large numbers of ports capable of forwarding frames at wire-speed on all ports.
A switch is a bridge
(the distinction between bridge and switch is a marketing distinction)
Page 1.87
Segment
4 Repeaters, Bridges and Switches Switch : LAN segmentation
hub
Micro-segment
Port 1 Port 4
Micro-segment
SWITCH
Port 2 Port 5
Micro-segment
Port 6
Port 3
hub
Micro-segment
Segment
88
A switch can be used to segment traditional shared LANs Alternatively, a switch ca be used to interconnect single end stations . This is refferd to as microsegmentation. A microsegmentated environment has a number of interesting characteristics that we will study later.
Page 1.88
4 Repeaters, Bridges and Switches Switch : Half duplex operation on switch

HUB
Switch
Collision
Receive
Loopback
Transmit
Collision detection
Loopback
Receive
Buffer Collision detection Buffer
Transmit Transmit
Collision detection
Loopback
Receive
89
When a LAN is shared by several stations, mechanisms have to be implemented to get the control of the medium detect a possibly collision and take the appropriate decision. The operation mode is half duplex because under normal operation only one end station can transmit at one time.
Page 1.89
4 Repeaters, Bridges and Switches Switch : Full duplex operation Switch
Transmit
Collision detection
Loopback
Receive
Loopback
Receive
Transmit
90
10 Base Tx provides two ways for communication : one pair for Tx and another pair for reception. Just providing a full duplex-capable media and topology is not sufficient to achieve full duplex operation. Unless we also modify the behavior of the LAN interfaces in the switch and the attached devices, we cannot use the channel in any manner other than the normal shared-LAN mode. This is because the LAN interface does not know that the channel is now dedicated for its private use. We must essentially disable the access control mechanism inherent in the LAN interface. We can modify the behavior of the Ethernet MAC controller in both the switch and the attached devices to take advantage of their unique situation. We need to: Disable the Carrier Sense function as it is normally used to defer transmissions. That is, the reception of data on the receive channel should not cause the transmitter to defer any pending transmissions. A normal (half duplex) Ethernet interface will withhold its own transmissions in order to avoid interfering with transmissions in progress under control of the carrier sense signal. Disable the Collision Detect function, which would normally cause the transmitter to abort, jam, and reschedule its transmission if it detects a receive signal while transmitting. Disable the looping back of transmitted data onto the receiver input, as is done on a half duplex channel. Neither end of the link needs to defer to received traffic, nor is there any interference between transmissions and receptions, avoiding the need for collision detection, backoff, and retry. In this environment, we can operate the LAN in full duplex mode; stations can both transmit and receive simultaneously Note: the two parties must have the same operation mode otherwise, the device operating in half duplex will detect collision if it sends a frame at the same time the other device sends another in the other direction.
Page 1.90
4 Repeaters, Bridges and Switches Switch : Collision domains hub

Port 4
Port 1
SWITCH
Port 2 Port 5
Port 3
Port 6
hub
91
A switching hub (unlike a repeater) has a MAC entity for each of its ports. Architecturally, each of the connections to the switching hub constitutes a distinct LAN , with access to each LAN arbitrated independently of all others. A repeater with n ports constitutes a single LAN; a switch with n ports constitutes n LANs, one for each switch port. In a shared Ethernet LAN, the CSMA/CD algorithm is used to arbitrate for use of the shared channel. The set of stations contending for access to a shared Ethernet LAN is known as a collision domain. A switch separates the access domains of each port.
Page 1.91
HUB
Full duplex Transmit Receive
4 Repeaters, Bridges and Switches Switch : Full and half duplex Switch
Receive Transmit
Buffer Buffer
Transmit
Collision detection
Loopback
Receive
Transmit
Collision detection
Loopback
Receive
Loopback
Receive
Transmit Half duplex
92
Whereas with a repeater all of the devices connecting to the hub share the available channel and have to arbitrate for access, with a switching hub each of the attached devices has a dedicated channel between itself and the hub. In the case of a micro segmented switched LAN , each port comprises a two-station network composed of the attached device and the switch port itself. If we consider that two-station LAN in isolation, we can see that it appears exactly the same (architecturally) as the simple RS-422 connection. Each device has a private, independent channel to the other device; there is no possibility of contention for the use of the underlying communications channel.
Page 1.92
Segmentation hub
10 Mb/s
4 Repeaters, Bridges and Switches Switch : Advantages of full duplex operation Micro-segmentation Switch Indedendent rate of each station
100 Mb/s 10 Mb/s
Switch
10 Mb/s 100 Mb/s
Shared bandwidth Half-duplex Access contention

Is medium free no
Extended distance limitations No need access contention

Is medium free
Collision detection
Transmission = reception no delay
No need collision detection

Transmission = reception no delay 93
Full-duplex
Full bandwidth
Implication of full duplex operation The use of microsegmentation associated to full duplex mode have a number of important implications: eliminate the link length restrictions of CSMA/CD. A shared ethernet LAN operating at 10 Mb/s has the full 2;5 km distance limit available. This is especially important for technologie such as FastEthernet (length 250 m) and Gigabit Ethernet increase the aggregate channel capacity. In the best case the the aggregate capacity of a switch will equal the sum of the data rate of all attached ports. increase the potential load on a switch. The transmission is not delayed because there is no access contention neither collision. Allow variaous data rate for each station
Page 1.93
4 Repeaters, Bridges and Switches Switch : The need for flow control SWITCH
Buffer SERVER Buffer Buffer Buffer
Buffer
94
The need for flow control If the ports connected to a switch are operating in half duplex mode, there are some tricks to control the flow : Backpressure. To prevent buffer overflow from traffic arriving on its input ports, a switch can use the underlying access control method to throttle stations on the shared LAN and forestall incoming traffic. Force collisions with incoming frames. The disadvantage of this method is the collision will cause the end station to calculate an exponentially-increasing backoff. The station will select a time, initially in the range of 0 to 1 slot Tirnes, but increasing to 0 to 1,023 slot times for later collisions. It is likely that switch input buffers will become available during this very long time, as the switch will be emptying its queue onto the output ports in the meantime. Even though the queue is so emptied, the channel will remain idle until the backoff timer expires. It seems a shame to waste bandwidth solely due to an inefficient backpressure algorithm. .Make it appear as if the channel is busy. This uses the deferral mechanism rather than the collision backoff mechanism of the Ethernet MAC. As long as the station sees that the channel is busy (i.e., Carrier Sense is asserted) it will defer transmission, but it imposes no additional backoft delay. Aggressive transmission policy. On the output side, a switch can empty its transmit queue in an expedited manner by using an access control algorithm more aggressive than that permitted by the standard. This effectively gives the switch priority over other traffic sources on its output ports.
Page 1.94
4 Repeaters, Bridges and Switches Cabling with HUB
HUB
1 Cabling 2 Communication
HUB
Sell
s R& D Fi na n ce s
s el l s
o rt en t p Im a r mt d ep o rt en t p x e a r mt p e d
R& D
Fi na
n ce s
95
Any frame sent by a host through a Hub and whatever the MAC@ type (unicast, broadcast, multicast) will be systematically broadcasted to all Hub ports.
Page 1.95
4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (1)
HUB
Filtering
Bridge
HUB
Sell
s R& D Fi na n ce s
s el l s
R& D
Fi na
n ce s
96
LAN segmentation can be made by adding Bridge unit. A frame sent by a host to another host located on the same LAN will not be broadcasted. The bridge performing filtering. Nevertheless, all hosts connected to this LAN segment will be disturbed.
Page 1.96
4 Repeaters, Bridges and Switches Cabling with HUB and LAN segmentation (2)
HUB
Bridge
HUB
Sell
s R& D Fi na n ce s
s el l s
R& D
Fi na
n ce s
97
In spite of the presence of a bridge, any communication between two hosts located on two LAN segments will lead to a monopolisation of the two LAN segments.
Page 1.97
4 Repeaters, Bridges and Switches Cabling with Switch and operation
1 Cabling 2 Communication
Sell
s R& D Fina n ces
p o Im a r mt d ep
rt n t e
Sell
R& D
Switch
Fina
n ces
o rt n t e x p mt e a r d ep
Micro-segmentation
98
Switch allows micro-segmentation ( a bridge between each host) A switch receiving a unicast frame from a host will forward that frame to only the involved port.
Page 1.98
4 Repeaters, Bridges and Switches Protocol analysis over a Hub hub R T HUB 4 ports R T
Pr ot oc ol an alyz e r
R T
R T
99
On a shared bandwidth hub, all of the traffic appears on every port of the hub. As a result, a protocol analyser should function properly when attached to any port of the hub.
Page 1.99
4 Repeaters, Bridges and Switches Protocol analysis over a switch (port & switch mirroring)
Pr ot oc ol an alyz e r
Port mirroring
Mirror port : 1 Monitored port: 6 Craft
Port 1
Copy
Port 4
Port 2
Port 5
SWITCH
Port 3
Traffic
Port 6
hub
100
When a LAN switch is used in place of hub, devices connected to a given port will see only that traffic destined to them (known unicast destinations, multicast and broadcast destinations as well as unknown unicast destinations). Thus, as a result of normal operation, it is no longer possible to monitor all of the traffic by attaching a protocol analyser to a single port. Alternatives are commonly used to solve this problem: Port mirroring, it is possible for a switch to replicate the traffic from any single port onto another port, Switch mirroring, some switches provide the capability of mirroring all of the traffic being forwarded by the switch. As a variation of switch mirroring, some switches allow a network administrator to configure the mirror port to reflect a subset of the ports on the switch./
Page 1.100
Objective: To be able to describe the operation of repeaters, bridges and switches
4 Repeaters, Bridges and Switches Evaluation
101
Page 1.101
102
Page 1.102
1 2 3 4 5 6 7 8 9
1.103
Page 1.103
5 IP protocol
5.1 IP addressing 5.2 IP routing 5.3 IP header
1.104
Page 1.104
French PSTN Country Code = 33

Barbados PSTN Country Code = 1246
Telephone numbering
5 IP protocol 5.1 IP Addressing Analogy between PSTN numbering and IP numbering Finnish PSTN Country Code = 358 Russian PSTN Country Code = 7
Border
Telephone number : Country code Designation number Class A networks Large IP Large IP Network Large IP Network Network
IP numbering
Class B networks
medium IP medium IP Network medium medium IPIP Network Network Network
Class C networks
Border (class)
IP address : Network ID
Analogy between PSTN numbering and IP numbering
Host ID
Small IP Network
105
Public Switched Telephone Network On telephone networks the number of digits assigned to Country Code is variable. Some Country have a country code of 1 digit, others 2, 3 or 4 digits. IP Network On IP networks, address is composed of 2 parts : Network Identifier Host Identifier The Net Id length is function of the class. Class A has a short Net ID leaving a longer part for Host ID. So, this class is dedicated for very large network where many many hosts can be connected to. Class B is suitable for a medium size of networks Class C is suitable for small networks.
Page 1.105
5 IP protocol 5.1 IP Addressing IP address classes

Class A 0
1
Net ID (7bits)
8 9 16 17
Host Id (24 bits)

24 25 32
Class B 1 0
Net ID (14bits)
Host Id (16 bits)
Class C 1 1 0 Class D 1 1 1 0 Class E 1 1 1 1 0
Net ID (21bits)
Host Id (8 bits)
Multicast group id (28 bits) Reserved for future use (27 bits)
106
Generalities IP@ is more an interface address rather than a host address. When the host is attached to more than one network, it is called multi-homed and has one IP address for each network interface. An address is composed of 32 bits. An IP@ is composed of 2 parts: Network Identifier Host Identifier IP addresses are structured into classes. IP@ is usually expressed in a dotted decimal format. For example, 145.167.5.9 is a valid IP address There are five classes of IP addresses. A Class A address is suitable for networks with an extremely large number of hosts. Class C addresses are suitable for networks with a small number of hosts.
Page 1.106
5 IP protocol 5.1 IP Addressing Network sizes

0
Net ID (7bits)
Host Id (24bits)
8 9 16 17 24 25 32
Class A Network
Number of Networks :126 Number of Hosts :16 777 214 Net Id from : 1.0.0.0 to 126.0.0.0 Number of Networks :16 384 Number of Hosts :65 534 Net Id from : 128.0.0.0 to 191.255.0.0
Net ID (14bits)
Class B Network
10
Host Id (16bits)
Class C Network
110
Number of Networks :2 097 152 Number of Hosts :254 Net Id from : 192.0.0.0 to 223.255.255.0
107
Net ID (21bits)
Host Id (8bits)
Some Net ID and Host ID are reserved The IP address exhaustion problem 32 bits of IP address give 4.294.967.296 possible addresses. 32 bits seems a suitable length to cover all IP devices over the world. Nearly all of the new networks assigned in the late 1980s were Class B, and in 1990 it became apparent that if this trend continued, the last Class B network number would be assigned during 1994. The reason for this trend was that most potential users found a Class B network to be large enough for their anticipated needs, since it accommodates up to 65534 hosts, whereas a class C network, with a maximum of 254 hosts, severely restricts the potential growth of even a small initial network. Furthermore, most of the class B networks being assigned were small ones. There are relatively few networks that would need as many as 65,534 host addresses, but very few for which 254 hosts would be an adequate limit.
Page 1.107
5 IP protocol 5.1 IP Addressing Special IP @ : Limited broadcast on the network

Destination IP@ 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
255
IP
255
255
255
data FCS
A broadcast at the IP level involves a broadcast at Ethernet level
IP src IP dest 172.245.0.1 255.255.255.255 MAC@dest ff: ff:ff: ff:ff: ff:ff: ff:ff: ff:ff MAC@src Type 01:00:2a:01:22:11 0800
MAC
Network 172.245.0.0
108
Broadcast limited to the network Can be uesd only as a destination IP address. This broadcast does not go trough routers. A broadcast at IP level leads to a broadcast at the Ethernet level
Page 1.108
5 IP protocol 5.1 IP Addressing Special IP @ : Directed broadcast to a network

Destination 1 0 IP@
Example class B
Net id (14bits)
Host id (16bits)
1 0 0 0 1 0 1 0
138
0 0 0 0 0 1 0 1
1 1 1 1 1 1 1 1
255
Broadcast directed towards all hosts of this network data
1 1 1 1 1 1 1 1
255
IP src IP dest 172.245.0.1 138.5.255.255 Network 138.5.0.0 .0.1
Network 172.245.0.0
109
This is called a directed broadcast address because it contains both a valid <network address> and a broadcast <host address>. Most of network administrator configure their router to prevent this kind of directed broadcast because its an easy way for a hacker to perturb a network.
Page 1.109
5 IP protocol 5.1 IP Addressing Special IP @ : (loopback) The IP @ : 127. _._._ allows a communication between 2 applications Application 2 Application 1
IP protocol
@IP:Z
@IP:127.0.0.1
IP @ :Z
this address is not sent over the network IP @ : Y

110
Loopback: The class A network 127.0.0.0 is defined as the loopback network. Addresses from that network are assigned to interfaces that process data within the local system. These loopback interfaces do not access a physical network.
Page 1.110
5 IP protocol 5.1 IP Addressing Special IP @ : unknown IP @ source

1
IP@= ?
IP
3 MAC
IP src
0.0.0.0 255.255.255.255
IP dest
DHCP: IP@ Request FCS
MAC: 01:00:2a:01:22:11 4
MAC@dest ff: ff:ff: ff:ff: ff:ff: ff:ff: ff:ff
MAC@src Type 01:00:2a:01:22:11 0800
@ pool
DHCP Server (Server of IP@)
IP@=0.0.0.0 can be used at the host start-up in order to get an IP @ from BOOTP or DHCP server.
111
Source IP@]= 0.0.0.0 is used by a host which has no IP address.
Page 1.111
Each network has got an unique NetID 200.98.76.0 200.98.76 Hub

200.98.76.1 200.98.76.2 200.98.76.3
Router interface has also an IP@
eth0 eth1
5 IP protocol 5.1 IP Addressing NetID
200.98.76.254
192.100.17.254
Hub
192.100.17.0
192.100.17.1 192.100.17.2 192.100.17.3
200.98.76.253
Classe C network
=> maximum of 254 hosts

112
192.100.17.253
Page 1.112
IP @ : 154.11.22.33
5 IP protocol 5.1 IP Addressing Public addresses - Private addresses
Public IP@
IP @ : 195.51.63.1
IP @ : 9.1.2.3
Internet
assigned by IANA unique over the world

Cannot travel Internet IP @ : 10.6.7.8 Private network 10.0.0.0
IP @ : 10.6.7.8 Private network 10.0.0.0
Address ranges reserved by ICANN Can be used several times
Private IP@
113
Public IP@ A Public IP@ is an Internet IP@ assigned by ICANN (Internet Corporation for Assigned Names and Numbers) which is the organisation in charge of IP@ allocation on Internet. Private IP@ ICANN reserved some ranges of IP@ which are not assigned to any Host connected to Internet. Any organization can use any address in these ranges. However, because these addresses are not globally unique, they are not defined to any external routers. Routers in networks not using private addresses, particularly those operated by Internet service providers, are expected to quietly discard all routing information regarding these addresses. Routers in an organization using private addresses are expected to limit all references to private addresses to internal links. They should neither externally advertise routes to private addresses nor forward IP datagrams containing private addresses to external routers.
Page 1.113
private IP @
Private Net.
5 IP protocol 5.1 IP Addressing Private address ranges
class A : 10.0.0.0 to 10.255.255.255 (1 class)

Private Networks
public IP @
Internet
class B : 172.16.0.0 to 172.31.255.255 (16 classes)

Private Networks
class C: 192.168.0.0 to 192.168.255.255 (256 classes)

114
Internet reserves part of the global address space for use in networks that do not require connectivity to the Internet. Typically these networks are administered by a single organization. Three ranges of addresses have been reserved for this purpose: 10.0.0.0: A single Class A network 172.16.0.0 through 172.31.0.0: 16 contiguous Class B networks 192.168.0.0 through 192.168.255.0: 256 contiguous Class C networks
Page 1.114
5 IP protocol 5.1 IP Addressing Other private addresses IP @ : 154.11.22.33
Public IP@
IP @ : 195.51.63.1
IP @ : 9.1.2.3
Internet
IP @ : 154.11.22.33
IP@ not assigned by IANA

Private network 154.11.0.0 @IP: 154.11.63.1
Private IP@
IP @ : 154.11.12.13
115
Private IP@ Is also considered as Private IP address any IP address not assigned by ICANN. These type of addresses can be used inside a private network. They cannot travel Internet.
Page 1.115
5 IP protocol 5.1 IP Addressing Private IP networks and Internet connections

10.10.10.8 data
1
IP@ : 10.10.10.8 Intranet 1
194.5.3.12
NetID: 10.10.10.0
Discard packet
Internet
194.5.3.12
Private IP addresses
116
A private IP@ cannot travel Internet.
Page 1.116
5 IP protocol 5.1 IP Addressing NAT : Network Address Translation

2 10.10.10.4 .3 .1 Private Network 10.10.10.0 .4 .2 1 IPsrc: 10.10.10.4 IPdest: 194.5.3.12 IPsrc: 194.5.3.12 IPdest : 10.10.10.4 IPsrc: 212.17.22.21 IPdest: 194.5.3.12 IPsrc: 194.5.3.12 IPdest:212.17.22.21 212.17.22.21 Private IP@ 212.17.22.21 212.17.22.22 212.17.22.23 Public IP@ 3
NAT
Internet
194.5.3.12
5
117
Basically, Network Address Translation allows a single device, such as a router, to act as agent between the Internet (or "public network") and a local (or "private") network. The private router connected to Internet must be configured with NAT function and one or several Public IP@. 1 - A computer of the private network send an IP packet to a server connected to Internet. The IP packet contains a private IP@ as a source IP@ and cannot travel Internet 2 - The Internet gateway router translates the source private IP@ into a public IP@ and forwards the packet to Internet. 3 - The Internet gateway router keeps in its memory the assaciation privateIP@ and public IP@. 4 - The IP packet can travel Internet because the IP addresses are valid. 5 - The server can answer. It knows the other party by only the public IP@. 6 - The NAT router operates the inverse translation before forwarding the packet to the private network.
This means that only a single unique IP address is required to represent an entire group of computers to anything outside their network.
Page 1.117
5 IP protocol 5.1 IP Addressing VPN: Virtual Private Network
Private network
Private net.
IP@ : 10.10.10.8 NetID: 10.10.10.0
Leased line
IP@ : 10.10.20.4
Private net.
NetID: 10.10.20.0
Virtual Private Network

Private net.
NetID: 10.10.10.0 IP@ : 10.10.10.8
Tunneling
Private net.
IP@ : 10.10.20.4
Internet
NetID: 10.10.20.0
118
A private network expended over several distant sites has to use very expensive leased lines. To reduce the cost, the infrastructure of Internet can be used while keeping the advantages of a private network (security, ). This concept is called Virtual Private Network. To achieve that a tunnel has to be created between the private networks.
Page 1.118
5 IP protocol 5.1 IP Addressing VPN: Tunneling principle

10.10.10.8 data
1
IP@ : 10.10.10.8
10.10.20.4
IP@ : 10.10.20.4
NetID: 10.10.10.0
Intranet 1
NetID: 10.10.20.0
Intranet 2
IP@ : 194.3.2.1 2 Encapsulation 3
Internet
4
10.10.10.8 data
10.10.20.4
10.10.10.8
194.3.2.1
data
10.10.20.4
198.6.7.2
IP@ : 198.6.7.2
De-encapsulation
10.10.10.8 data
194.3.2.1
20.10.20.4
198.6.7.2
119
The solution consists of encapsulating the original IP packet into another IP packet. 1- the original IP packet using private IP addresses is sent to the border router. 2- the border router makes an IP packet using public IP addresses known by INET 3- the border router encapsulates in this packet the original IP packet as a data 4- Internet can convey the IP packet towards the border router of the remote Intranet because it examine the header and not the data. 5- the Intranet 2 access router examines the received IP packet and because the destination is its own address, it extracts the data. This data being an IP packet, it submits the destination IP address to its routing table. 6- the original IP packet can travel the Intranet up to the destination.
Page 1.119
www.icann.org
www.iana.org
5 IP protocol 5.1 IP Addressing IP address allocation Internet Corporation for Assigned Names and Numbers Internet Assigned Numbers Authority
American Registry for Internet Numbers
Asia Pacific Network Information Centre
Rseaux IP Europens
Network Coordination Centre
www.ripe.net
120
ICANN: Responsible for : IP address assignment, protocol parameter assignment, Domain Name System management ICANN replaces IANA which was an US organisation. The network number portion of the IP address is administered by one of three Regional Internet Registries (RIR): American Registry for Internet Numbers (ARIN): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers for North America, South America, the Caribbean and subSaharan Africa. Rseaux IP Europens (RIPE): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers for Europe, Middle East, parts of Africa. Asia Pacific Network Information Centre (APNIC): This registry is responsible for the administration and registration of Internet Protocol (IP) numbers within the Asia Pacific region.
Page 1.120
5 IP protocol 5.1 IP Addressing Regional coverage
ARIN
RIPE NCC
APNIC
121
Page 1.121
class A
0
5 IP protocol 5.1 IP Addressing Exercise : IP class A Host Id (24bits)
2-Network number from :
1-Number of networks :
With 7 bits for Net Id, what is the maximum number of 128 combinaisons ? 127 (loopback) What are the reserved Net Id? 126 1.0.0.0
to
Net Id (7bits)
With 24 bits for Host Id, what is the maximum number of 16 777 216 combinations ? 0 .255.255.255 What are the reserved Host Id?
3-Number of hosts :
126.0.0.0
16 777 214 4-Host number from : to n.0.0.1 n.255.255.254 Private addresses of the class A : 10.0.0.0 (1 class)
Class A addresses: These addresses use 7 bits for the <network> and 24 bits for the <host> portion of the IP address. This allows for 2 7 -2 (126) networks each with 2 24 -2 (16777214) hosts; a total of over 2 billion addresses.
122
Page 1.122
5 IP protocol 5.1 IP Addressing IP addresses of the class D and E

class D 1 1 1 0
Multicast group id (28bits)
Group Id from 224.0.0.0 to 239.255.255.255

class E 1 1 1 1 0
Reserved for future use (27bits)
de 240.0.0.0 to 247.255.255.255
123
Class D addresses: These addresses are reserved for multicasting (a sort of broadcasting, but in a limited area, and only to hosts using the same class D address).
Class E addresses: These addresses are reserved for future use.
Page 1.123
5 IP protocol 5.1 IP Addressing Multicast in IP protocol and MAC protocol RIP2 (Routing Protocol) IP
MAC
IP src IP dest 172.245.0.254 224.0.0.9
00:46:a5:e7:02:3c
Routing table data FCS
MAC@dest 01:00:5e: 00:00:09
MAC@src
Type 0800
MACU= 00.53.27.32.02.c8
MACM=01.00.5e. 00.00.09 MACU= 00.46 .a5.e7.02.3c
IP@=172 .245.0.254
MACU= 00.a6.b7.30.ee .01 00.a6.b7.30.ee.01
MACU= 00.6f. 66.32.0b.08 MACM=01.00. 5e.00.00.09 5e.00.00.09
MACU= 00.18.55.92.a2.08
MACU= 00.35 .d6.39.cb .0a .d6.39.cb.0a MACM=01.00 .5e. 00.00.09
RIP2
RIP2
124
How Multicast addresses are assigned Multicast addresses are assigned by higher-layer protocols or applications. If an application needs the ability to communicate with a group of devices running an identical ( or cooperating) application, it can assign a multicast address for that purpose. Some well-known examples include: - The RIPv2 uses a MAC multicast address : 01-00-5E-00-00-09 - The Open Shortest-Path-First routing protocol (OSPF) uses a MAC multicast address (01-00-5E- 00-0005 and 01-00-5E-00-00-06 ). Of course, if the designer wants the application to interoperate with implementations built by others, then any such address selection must be made public knowledge. In the case of the Spanning Tree Protocol done through the publication of the IEEE 802.1D standard. It is also possible to have a multicast address assigned dynamically at the time an application is invoked. There are multicasting applications that a only sporadically and whose logical grouping changes with each inv good example would be a network video conferencing application. We would like to be able to use multicast techniques to distribute voice and video among a group of conference members (all of whom are running the cooperating conference application), but the parties involved will surely change from conference-to-conference. There is no easy way to pre-ordain the multicast be used by any arbitrary group of conference attendees, nor do use a single multicast address for all possible conferences. One solution is conference server, which can, upon request from the conference application, create the conference, connect all of the parties, and assign a unique multicast address for this particular conference from a pool of addresses available to the conference application. When the conference is over, the address can go back into the pool. The pool range would likely be assigned by the design conference application, but the particular multicast address used for conference would be dynamically assigned at the time the application is invoked. Thus, multicast groups define a logical grouping of devices on an application basis, not on a physical basis.
Page 1.124
5 IP protocol 5.1 IP Addressing Multicast : impact on frame level
Address translation IP Multicast address 224 to 239.

. .
1110xxxx xyyyyyyyyyyyyyyyyyyyyyyy class D Group address

00000001 00000000 010111100 yyyyyyyyyyyyyyyyyyyyyyy
Multicast MAC address
01
00
5E
125
Multicast : Like broadcast at IP level leads to a broadcast at the Ethernet level, a multicast at the IP level leads to a multicast at the Ethernet level. This is achieved by a copy of 23 less significant bits of the IP multicast address into the 23 bits of the MAC address. The most significant bits taking the hexadecimal value 01:00:5E Some IP multicast @ : 224.0.0.5 OSPFIGP OSPFIGP All Routers 224.0.0.6 OSPFIGP OSPFIGP Designated Routers 224.0.0.7 ST Routers 224.0.0.8 ST Hosts 224.0.0.9 RIP2 Routers 224.0.0.10 IGRP Router 224.0.0.11 Mobile-Agents 224.0.0.12-224.0.0.255 Unassigned 224.0.1.10 IETF-1-LOW-AUDIO 224.0.1.11 IETF-1-AUDIO 224.0.1.12 IETF-1-VIDEO 224.0.1.13 IETF-2-LOW-AUDIO 224.0.1.14 IETF-2-AUDIO 224.0.1.15 IETF-2-VIDEO 224.0.1.16 MUSIC-SERVICE
Page 1.125
5 IP protocol 5.1 IP Addressing Classes and Net ID - Exercise ( 1)
Fill in this table :
@IP 131.108.2.10 159.173.90.134 145.78.185.18 195.32.6.219 125.83.10.3
class _ B _ _ _ _
Net Id
131.108 . . .0.0 .
. . . .
. . . .
. . . .
126
Page 1.126
@IPsrc: 1.0.0.1 1 @IPdest : 2.0.0.2 Yes IP dest. 2 within local net ? No
5 IP protocol 5.1 IP Addressing Default gateway (1) IP level IP@ : 2.0.0.2
Default gateway =@IP: 1.0.0.254
Other network 9 Router
ARP cache IP @ MAC @ 1.0.0.2 405060 ?????? 7 3 1.0.0.254 908070 IP@: 1.0.0.1 MAC@: 102030
ARP Request IP @ : 1.0.0.254
Default gateway:
Data FCS MAC@ MAC@ Type @IPsrc: 1.0.0.1 dest. src. 0800 908070 102030 (IP) @IPdest : 2.0.0.2 6 ARP Response MAC@ : 908070
IP@:1. 0.0.254 MAC@: 908070

8
MAC@:405060 IP@:1.0.0.2 127
The transmission of an IP packet to a host located in another network cannot only use the ARP procedure because the ARP request is a broadcast frame which does not go through any router. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably. If the destination IP@ is out of the sender network, the sender has to forward the IP packet to a router. Normally, any host should know the IP@ of a router on its network (default gateway). 1- A packet has to be transmitted to a host out of the local network. That is the role of the sender to determine if the destination IP@ is in or out of the local network. 2- If the destination IP@ is out, first it must transmit the IP packet to a router. It knows the IP@ of at least one router (configuration parameter of the host). 3- If the host does not know the MAC@ corresponding to the IP@ of the router, 4, 5, 6- It carries out an ARP procedure 7- To update its ARP cache memory. 8- Now, it is capable of transmitting the IP packet encapsulated into an Ethernet frame leading to the router. 9- Then, the router will consult its routing table to know on which outgoing interface it has to forward this IP packet and what is the next router leading to the destination. The process (3-8) is carried out between this router and the next one and so on up to the final destination.
Page 1.127
5 IP protocol 5.1 IP Addressing PC-NT configuration
6 4
8 2
3 1
C:\ ipconfig /all

9
128
Page 1.128
5 IP protocol 5.1 IP Addressing is destination IP@ in or out of the LAN ? (1) Default gateway :128.5.15.5 2 Host IP@: 128.5.4.1
1 Host configuration
IP@ dest: 128.5.26.2

IP @ MAC@ 128.5.26.2 908070 128.5.15.5 405060
class B 3
Same = network
5
ARP cache
MAC @:908070
MAC@ src. Type Data @IPsrc: 128.5.4.1 F @Ipdest: 128.5.26.2 C
S
IP@: 128.5.26.2
MAC@:102030 IP@ :128.5.4.1
MAC@ dest.
0800 908070 102030 (IP) Internet
MAC@: 405060
IP@: 128.5.15.5
129
If the destination host is attached to the same physical network as the source host, IP datagrams can be directly exchanged. This is done by encapsulating the IP datagram in the physical network frame. This is called direct delivery and is referred to as direct routing. How to determine if a destination IP@ is in or out the local network? The transmitter compares the NetID of its IP@ with the NetID of the destination IP@. The transmitter can know the border between NetID and HostID by examining the IP@ class of its own address. In this picture, the destination IP@ is located on the same network than the transmitter.
Page 1.129
5 IP protocol 5.1 IP Addressing is destination IP@ in or out of the LAN ? (2) Default gateway :128.5.15.5 2 Host IP@: 128.5.4.1
5 1 Host configuration 6
IP@ dest: 128.6.6.6

IP @ MAC@ 128.5.26.2 908070 128.5.15.5 405060
class B 3
Other network
ARP cache
7 MAC@ src. Type Data @IPsrc: 128.5.4.1 @Ipdest: 128.6.6.6
MAC @:908070
IP@: 128.5.26.2
MAC@:102030 IP@ :128.5.4.1
405060 102030 (IP) Internet
MAC@ dest.
0800
F C S
MAC@:405060 IP@: 128.5.15.5

130
Indirect routing occurs when the destination host is not connected to a network directly attached to the source host. The only way to reach the destination is via one or more IP gateways. (Note that in TCP/IP terminology, the terms gateway and router are used interchangeably. This describes a system that performs the duties of a router.) In this picture, the destination IP@ is located out of the transmitter network. So, the IP packet will be sent towards the default gateway. Router Interconnects networks at the internetwork layer level and routes packets between them. The router must understand the addressing structure associated with the networking protocols it supports and take decisions on whether, or how, to forward packets. Routers are able to select the best transmission paths and optimal packet sizes. The basic routing function is implemented in the IP protocol of the TCP/IP protocol stack, so any host or workhost running TCP/IP over more than one interface could, in theory and also with most of today's TCP/IP implementations, forward IP datagrams. However, dedicated routers provide much more sophisticated routing than the minimum functions implemented by IP. Because IP provides this basic routing function, the term "IP router," is often used. ther, older terms for router are "IP gateway," "Internet gateway," and "gateway." The term gateway isnow normally used for connections at a higher layer than the internetwork layer. A router is said to be visible to IP. That is, when a host sends an IP datagram to another host on a network connected by a router, it sends the datagram to the router so that it can forward it to the target host.
Page 1.130
5 IP protocol 5.1 IP Addressing Sub-network

128.5.4.3 128.5.4.5
Internet
128.5.4.2 128.5.4.1 128.5.8.1
S/Net 128.5.4.0
128.5.4.4
128.5.8.3
S/Net 128.5.8.0
Network 128.5.0.0
128.5.8.5
128.5.8.2
128.5.8.4
131
Subnetting: Due to the explosive growth of the Internet, the principle of assigned IP addresses became too inflexible to allow easy changes to local network configurations. Those changes might occur when: A new type of physical network is installed at a location. Growth of the number of hosts requires splitting the local network into two or more separate networks. Growing distances require splitting a network into smaller networks, with gateways between them. To avoid having to request additional IP network addresses, the concept of IP subnetting was introduced in 1984. The assignment of subnets is done locally. The entire network still appears as one IP network to the outside world. The host number part of the IP address is subdivided into a second network number and a host number. This second network is termed a subnetwork or subnet. The main network now consists of a number of subnets.
Page 1.131
5 IP protocol 5.1 IP Addressing Sub-net addressing example Net ID (class B) : 128.5.0.0

1 0 0 0 0 0 0 0
Net Id .
Divided into sub-networks
128
0 0 0 0 0 1 0 1
0 0 0 0 0 0 0
Host Id (16bits)
0 0 0 0 0 0 0
128
Net Id (14bits)
254 sub-nets
8 bits Sub-Net Id
of 254 hosts each
8 bits Host Id
Example of Host IP address

1 0 0 0 0 0 0 0
128
0 0 0 0 0 1 0 1
0 0 0 0 0 1 0 0
0 0 0 0 0 1 0 1
Net ID
Host ID
132
The division of the local part of the IP address into a subnet number and host number is chosen by the local administrator. Any bits in the local portion can be used to form the subnet The subnets all bits 0 and all bits A are not valid.
Page 1.132
This host believes the remote Host is in the same network
IP @ MAC@ 128.5.4.5 708090 128.5.4.1 304050 ? 5 128.5.8.4 7 MAC@ dest. 6
ARP cache
Default gateway :128.5.4.1 Host IP@: 128.5.4.3

1
PC configuration
5 IP protocol 5.1 IP Addressing Sub-net addressing : class problem

2
IP@ dest: 128.5.8.4
class B
An ARP request does not go through router
fff..fff
Mac@: IP@:
IP@:128.5.4.3 Mac@:102030 MAC@ Type ARP Request src. 0806 IPdest : 128.5.8.4 102030 (ARP) MAC@ : ??????
F C S
IP@: 128.5.4.5 Mac@: 708090
304050 128.5.4.1
Sub-net 128.5.4.0 Sub-net 128.5.8.0

IP@: 128.5.8.4 Mac@: aabbcc
133
IP@: 128.5.8.1
How a host can know the border between NetID and HostID? 1- For a destination IP@, if the host take in account only the address class to know whether the destination is in or out its network, 2- thus, it believes that the host destination is in its local network 3- It consults its ARP cache memory 4- because the cache memory does not know the MAC@ corresponding the destination IP@, it carries out an ARP procedure 5- The ARP request will stay without any response because it is not forwarded to the other network (a broadcast does not go through a router.
Page 1.133
5 IP protocol 5.1 IP Addressing The Subnet Mask
The Subnet Mask indicates the length of the network address part
@IPsrc: 128.5.4.3 1 @IPdest : 128.5.8.4 Yes IP dest. 2 within local net ? No Default gateway =@IP: 128.5.4.1
IP @ : 128.5.8.4
Other network
IP level
Routeur
IP@ : 128.5.4.3 MAC@ : 102030
Mac@: 304050 IP@: 128.5.4.1
MAC@:708090 IP@:128.5.4.5
134
The border between HostID and NetID being now variable a new concept has been addedto the IP@: NETMASK
Page 1.134
5 IP protocol 5.1 IP Addressing Netmask operation
IP@src :
138
17
5
0 0 0 0 0 1 0 1
1 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 1
IP@dest :
138
19
37
1 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 1 1 0 0 1 0 0 1 0 1 24 23 22 21 20
Net Id : Mask :
138 255
. .
5 255
1 1 1 1 1 1 1 1
. .
16 252
0 0
135
1 1 1 1 1 1 1 1
1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
Now, in addition to the IP@, a Net mask is provided to any host This mask will be applied on both source IP@ and destination IP@ in order to compare the NETID of these 2 addresses and determine if they are located on the same network. The division of the local part of the IP address into a subnet number and host number is chosen by the local administrator. Any bits in the local portion can be used to form the subnet. The division is done using a 32-bit subnet mask. Bits with a value of zero bits in the subnet mask indicate positions ascribed to the host number. Bits with a value of one indicate positions ascribed to the subnet number. When assigning the subnet part of the local address, the objective is to assign a number of bits to the subnet number and the remainder to the local address. Therefore, it is normal to use a contiguous block of bits at the beginning of the local address part for the subnet number.
Page 1.135
5 IP protocol 5.1 IP Addressing IP @ notation and netmask
IP @ : 138 Netmask : 255
Dotted decimal notation 5 255
19 252
37 0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
prefix notation @ IP : 138 5 19 37 22
136
Page 1.136
5 IP @ MAC@ 128.5.4.5 708090 128.5.4.1 304050
ARP cache
Default gateway :128.5.4.1 Host IP@: 128. 5 . 4 .3 1 Subnet Mask: 255.255.255.0 2 IP@ dest: 128. 5 . 8 .4
3
PC configuration
5 IP protocol 5.1 IP Addressing Router searching

4
304050
Mac@: IP@:
MAC@ dest.
IP@:128.5.4.3 Mac@:102030 MAC@ Type IP Packet src. 0800 IPdest : 128.5.8.4 102030 (IP) IPsrc : 128.5.4.3
F C S
IP@: 128.5.4.5 Mac@: 708090
304050 128.5.4.1
Sub-net 128.5.4.0 Sub-net 128.5.8.0

IP@: 128.5.8.4 Mac@: aabbcc
137
IP@: 128.5.8.1
IP@ in or out the sub-network : 1- Thanks to netmask, the sender can know where is the border between NetID and HostID. . 2- Because the sender determined that the destination IP@ is out of the local network, it uses the default gateway parameter to get the next hop 3- in this example, the cache memory already knows the MAC@ of the router (otherwise it should achieve an ARP procedure) 4- The IP packet is encapsulated in an Ethernet frame pointing to the MAC@ of the router which is the next hop.
Page 1.137
5 IP protocol 5.1 IP Addressing Subnet Mask and Net ID - Exercise ( 2)
Attempt to find out:
1- the Subnet Mask expressed in dotted decimal 2- the Net ID expressed in dotted decimal @IP
145.78.185.18 .
Subnet Mask
. .
bits for sub-net 3 .
Net Id
. .
138
Page 1.138
@ IP :
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
5 IP protocol 5.1 IP Addressing Exercise (2) solving demonstration
1 0 1 1 1 0 0 1
185
0 0 0 1 0 0 1 0
18
Net ID :
1 0 0 1 0 0 0 1 0 1 0 0 1 1 1 0 1 0 1 1 1 0 0 1
145
78
(128 + 32)
160
0 0 0 1 0 0 1 0
Subnet Mask :
class B network
Sub-net
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
255
255
224
139
Page 1.139
5 IP protocol 5.1 IP Addressing Subnet Mask and Net ID - Exercise (3)
Fill in this table : @IP

159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Sub-net Mask
255.255.255.128 255.255.255.128 . . . . . .
bits for sub-net _ _ 8 5
Net Id
. . . . . . . . . . . .
140
Page 1.140
5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (4)
Internet
145.78. 185.18
S/Net 145.78.160.0/19 S/Net 145.78.192.0/19
Network 145.78.0.0/16
Attempt to fill in :
Network Broadcast
Net mask
255.255.224.0
Sub-net Broadcast
After at least 5 minutes, see next for the demonstration

141
Page 1.141
@ IPsrc : Network directed broadcast : Sub-net directed broadcast : Sub-net Mask :
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
5 IP protocol 5.1 IP Addressing Exercise (4) solving demonstration
1 0 1 1 1 0 0 1
185
0 0 0 1 0 0 1 0
18
Class B
1 0 0 1 0 0 0 1
145
0 1 0 0 1 1 1 0
78
11 01 1 11 1 1 0 1 0 1 1 0 10 1 11 0 0 1 1 0 1 11 1 10
Host Id
255
255
1 0 0 1 0 0 0 1
Net Id
145
0 1 0 0 1 1 1 0
78
1 0 1 1 1 11 01 01 11
Host Id
191
0 11 01 1 0 1 01 1 10 10 1
255
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0
255
255
224
142
Page 1.142
5 IP protocol 5.1 IP Addressing Net broadcast and Subnet broadcast Mask - Exercise (5)
Fill in this table : @IP

159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Network Broadcast
. . . . . . . . . . . .
Net mask
255.255.255.128 255.255.255.128 255.255.255.0 255.255.255.248
Sub-net Broadcast
. . . . . . . . . . . .
143
Page 1.143
5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 7
Answer the questions :

164.213.32.0/24 1-Host Id being on 8 bits, theoretically, what is the max number of hosts ? .. 2- Four subnets have to be created. How many bits are required for Subnet ID?. 3- How many bits remain for HostID? .. 4- What will be the maximum number of hosts /Subnet ? .
Static subnetting Static subnetting implies that all subnets obtained from the same network use the same subnet mask. While this is simple to implement and easy to maintain, it may waste address space in small networks.
Department a
50 hosts
Department b
50 hosts
Department c
50 hosts
Department d
50 hosts
144
Page 1.144
5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 7 (continued) 5- Fill in this diagram NetID Netmask ? NetID 1 ? NetID 2 ? NetID 3 ? NetID 4 ? 164 ___ ___ ___ ___ ___ . . . . . . 213 ___ ___ ___ ___ ___
NetID 1 : NetID 2 : NetID 3 : NetID 4 : . . . .
. . . . . .
. . . . . . . .
32 ___ ___ ___ ___ ___ .
. ___ ___ ___ ___ ___
. . . .
145
Page 1.145
http://support.3com.com/software/utilities_for_windows_32_bit.htm
Freeware : 3CIPCalc Enter an IP address
5 IP protocol 5.1 IP Addressing IP calculator Example
Select some parameters
Bits in mask or, subnet mask or, number of subnets or, hosts per subnets.
146
Page 1.146
Host Id being on 8 bits, theoretically, the max number of hosts is 254. 164.213.32.0/24 In this network, 210 hosts will be connected. Answer the questions: 1- Five subnets have to be created. How many bits are _ required for Subnet ID?. 3 2- How many bits remain for _ 5 HostID? .. 3- What will be the maximum __ number of hosts /Subnet ? .30 ______________ Subnetting 4- What is the problem ? .Static
Static subnetting
5 IP protocol 5.1 IP Addressing Limits of static subnetting

Department a
50 hosts
Department b
50 hosts
Department c
50 hosts
Department d
30 hosts
Department e
30 hosts
147
Static subnetting implies that all subnets obtained from the same network use the same subnet mask. While this is simple to implement and easy to maintain, it may waste address space in small networks. In this example : either 4 subnets with a maximum of 62 hosts or 8 subnets with a maximum of 30 hosts
Page 1.147
5 IP protocol 5.1 IP Addressing VLSM : Variable Length Subnet Mask

1 0 1 0 0 1 0 0 255
164
Mask
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
SubnetID
Mask
1 0 1 0 0 1 0 0 255
164
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
255
1 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
255
0 0 1 1 0 0 0 0 0 0
62 hosts
Mask
1 1 1 1 1 1 1 1
255
1 0 1 0 0 1 0 0
164
1 1 1 1 1 1 1 1
1 1 0 1 0 1 0 1
213
255
1 1 1 1 1 1 1 1
Mask
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 255
0 0 1 0 0 0 0 0 1 1 0 1 1 1 1 1 11 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0
164
213
255
1 1 1 1 1 1 1 1
0 0 1 0 0 0 0 0
32
255
0 1 1 1 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0
64
192
62 hosts 62 hosts
128
192
32
255
192 224
192
30 hosts 30 hosts
Mask
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 255 255
0 0 1 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 255 224
148
164
213
255
32
255
224
VLSM When variable length subnetting is used, allocated subnets within the same network can use different subnet masks. A small subnet with only a few hosts can use a mask that accommodates this need. A subnet with many hosts requires a different subnet mask. The ability to assign subnet masks according to the needs of the individual subnets helps conserve network addresses. Variable length subnetting divides the network so that each subnet contains sufficient addresses to support the required number of hosts.
Page 1.148
5 IP protocol 5.1 IP Addressing Serial link and sub-network
Question : How many network are there ?
RNIS, Frame Relay One serial link = one subnetwork
149
A serial link is considered as a network having only 2 hosts connected to.
Page 1.149
5 IP protocol 5.1 IP Addressing Serial link : one IP@ to each end
192.192.100.0/24 R1
192.192.1.1
192.192.1.0/24
1SDN
192.192.1.2
R2
192.192.200.0/24
An IP address to each end of the serial link Two IP addresses used in the class C sub-net 192.192.1.0 252 unusable IP addresses
150
If a complete class C is assigned to a network made of a serial link, many host IP@ will be wasted
Page 1.150
R1
192.192.1.1
192.192.1.0/30
ISDN
5 IP protocol 5.1 IP Addressing Serial link and sub-net mask
R2
This network needs 2 IP@ Question : How many bits for Host Id are requested to get 2 IP@ ?
NetID HostID are invalid
192.192.1.2
1 bit for Host Id seems correct but, 255 255 255
HostID =0 HostID =1 252
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0
151
192
192
Net ID
192
192
The best way is to assigned a 30 bits netmask.
Page 1.151
Objective: to be able to describe IP addressing modes, handle the subnet masks
5 IP protocol 5.1 IP Addressing Evaluation
152
Page 1.152
5 IP protocol
1.153
Page 1.153
5 IP protocol 5.2 IP routing Routing table : principle

204.92.75.0 204.92.75.0 .2
e0
.1 204.92.77.0 204.92.77.0
e1
e2
.1 204.92.76.0 204.92.76.0 204.92.76.0 192.168.201.0 0.0.0.0(default)
.2
e1
R2
R1
e0
.1 192.168.201.0 192.168.201.0
Network
255.255.255.0 255.255.255.0 0.0.0.0
Mask
Next hop
204.92.76.1
e1 e0 e1
If
154
An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnect different physical networks. The router only has information about various kinds of destinations: networks that are directly attached to one of the physical networks to which the router is attached. Hosts or networks for which the router has been given explicit definitions.
Page 1.154
5 IP protocol 5.2 IP routing Routing table - Exercise 8

204.92.75.0/24 204.92.75.0/24 .2
e0
.1 204.92.77.0/24 204.92.77.0/24
e1
e2
.1 204.92.76.0/24 204.92.76.0/24 204.92.76.0 192.168.201.0 0.0.0.0(default)
.2
e1
R2
R1
e0
.1 192.168.201.0/24 192.168.201.0/24
Network
Fill-in this table Network Mask
255.255.255.0 255.255.255.0 0.0.0.0
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Next hop If
155
Page 1.155
5 IP protocol 5.2 IP routing Routing table - Exercise 8 (answer)

204.92.75.0/24 204.92.75.0/24 .2
e0
.1 204.92.77.0/24 204.92.77.0/24
e1
e2
.1 204.92.76.0/24 204.92.76.0/24 204.92.76.0 192.168.201.0 0.0.0.0(default)
.2
e1
R2
R1
e0
.1 192.168.201.0/24 192.168.201.0/24
Network
Answer
255.255.255.0 204.92.76.0 204.92.77.0 255.255.255.0 255.255.255.0 204.92.75.0 192.168.201.0 255.255.255.0 204.92.76.2
255.255.255.0 255.255.255.0 0.0.0.0
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Network
Mask
Next hop If
e0 e1 e2 e0
156
Page 1.156
@IPsrc: 204.92.75.3 @IPdest : 128.5.8.4
5 IP protocol 5.2 IP routing Routing table - Default route
What will be the path of this IP packet ?

204.92.76.0 204.92.76.0 .2
3 e1 e0
.3
1
204.92.75.0 204.92.75.0 .2
e0
.1 204.92.77.0 204.92.77.0
e1
e2
.1
4
.1 192.168.201.0 192.168.201.0
R2
R1
204.92.76.0 204.92.77.0 204.92.75.0 0.0.0.0(default)
Network
255.255.255.0 255.255.255.0 255.255.255.0 0.0.0.0 204.92.76.2
Mask
Next hop If
204.92.76.0 192.168.201.0 0.0.0.0(default)
Network
255.255.255.0 255.255.255.0 0.0.0.0
Mask
Next hop
204.92.76.1
e1 e0 e1
If
e0 e1 e2 e0
Note : Avoid loops with default routes !

157
Page 1.157
5 IP protocol 5.2 IP routing Routing table : the metric

204.92.77.0 204.92.75.0 .2 192.168.201.0
.1
e1
e2
R1
e0
.1 204.92.76.0
.2
R2
e1
.2
e2
e0
.1
Secondary route Primary route
255.255.255.0 204.92.76.0 192.168.201.0 255.255.255.0 204.92.77.0 255.255.255.0 204.92.76.1 204.92.77.0 255.255.255.0 204.92.75.0 255.255.255.0 204.92.76.1 204.92.75.0 255.255.255.0 204.92.77.1
Network
Mask
Next hop
e1 e0 e1 e2 e1 e2
If metric
0 0 1 0 1 1
158
The metrics provide indication about cost of a route to a destination. Metrics are based on : the number of hops, the bandwidth, the delay, ...
Page 1.158
Application Transport
Host IP@a
5 IP protocol 5.2 IP routing IP packet transfer synthesis

IP@b
IP Network
IP@ sadb Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7 IP@ sadb Phys@ 7
Application
Host
Transport Network IP@ sadb Link Phys@ s4d15
Network IP@ sadb Link Phys@ s1d2
Host
Phys @ 9
Phys @ 12
Host
159
Page 1.159
5 IP protocol
1.160
Page 1.160
5 IP protocol 5.3 IP header IP datagramme format

byte byte byte byte
Version Header length
Flag Datagram offset Identification TTL Protocol Checksum
Type Of Service
Datagram length
Source IP address Destination IP address Options Data
161
The unit of transfer in an IP network is called an IP datagram. It consists of an IP header and data relevant to higher level protocols. The maximum length of an IP datagram is 65,535 bytes. All IP hosts must support 576 bytes datagrams without fragmentation. The size of the IP header is between 20 bytes 60 bytes.
Page 1.161
5 IP protocol 5.3 IP header Version

byte byte byte byte
4 = IPv4 6 = IPv6
TTL
Identification
Type Of Service
Protocol Checksum Source IP address Destination IP address Options

Data
Flag
Datagram length
Datagram Offset
162
Version The field contains the IP protocol version. The current version is 4. 5 is an experimental version. 6 is the version for IPv6
Page 1.162
5 IP protocol 5.3 IP header Header length

byte byte byte byte
Flag Identification TTL Protocol
Type Of Service
Datagram length
Datagram Offset
Source IP address Destination IP address Options

Data
Checksum
The unit is the word of 4 bytes

163
Header length The length of the IP header counted in word (=32-bit quantities). This does not include the data field. Value between 5 and 15
Page 1.163
5 IP protocol 5.3 IP header Packet length

Version Header length Type Of Service
TTL
Identification
Protocol Checksum Source IP address Destination IP address Options

Data
Flag
Datagram length
Datagram Offset
The unit is the byte Maximum value = 65535

164
Total Length The total length of the datagram, header and data. Expressed in bytes The maximum length of an IP datagram is 65,535 bytes.
Page 1.164
5 IP protocol 5.3 IP header Type of Service Informs crossed networks about the desired Quality of Service
byte byte byte byte
Version
Identification TTL Protocol
Header length
Type Of Service
Flag
Datagram length
Datagram Offset

4 Delay 3
Checksum
Bits
Precedence
RFC 791
Through Reliability -put RFC 1349
Cost 6
DSCP (RFC 2474)

165
Service Type: The service type is an indication of the quality of service requested for this IP datagram The Type of Service is used to indicate the quality of the service desired. The type of service is an abstract or generalized set of parameters which characterize the service choices provided in the networks that make up the internet. This type of service indication is to be used by gateways to select the actual transmission parameters for a particular network, the network to be used for the next hop, or the next gateway when routing an internet datagram.
Page 1.165
5 IP protocol 5.3 IP header ToS : Precedence (rfc791) Precedence 1
Bits
Indicates the priority of the datagram: 000 : Routine 001 : Priority 010 : Immediate 011 : Flash 100 : Flash override 101 : not used 110 : Inter-network control 111 : Network control
166
Precedence: is intended to denote the importance or priority of the datagram. This field specifies the nature and priority of the datagram: 000: Routine 001: Priority 010: Immediate 011: Flash 100: Flash override 101: Critical 110: Internetwork control 111: Network control
Page 1.166
5 IP protocol 5.3 IP header ToS : Precedence management

Router
Prec 4 Prec 3 Prec 2 Prec 1 Prec 0
Congestion
IP network
167
Page 1.167
5 IP protocol 5.3 IP header ToS : (rfc1349)
Bits
Delay 3
Through put
Reliability
Cost 6
0= normal 1= low
0= normal 1= high
0= normal 1= low 0= normal 1= high
168
- TOS: Specifies the type of service value: 1000: Minimize delay 0100: Maximize throughput 0010: Maximize reliability 0001: Minimize monetary cost 0000: Normal service
Page 1.168
5 IP protocol 5.3 IP header ToS : rfc1349 suggested values Application

Telnet/Rlogin FTP control data TFTP SMTP control data
Minimise Maximise Maximise Minimise the delay the throughput the reliability the cost
1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
169
DNS UDP dns request TCP dns request zone transfer ICMP Error request IGP SNMP BOOTP NNTP
Suggested TOS values for various applications
Page 1.169
5 IP protocol 5.3 IP header Differentiated Services Code Point (rfc-2474)

Version Type Of Header length Service Identification Protocol Flag Datagram length Checksum Datagram Offset
TTL
Destination IP address Options
Source IP address
DSCP (Differentiated Services Code Point)

Bits 0 1 2 3 4 5
Code point pool
Unused 6 7
Class Selector Code Points
0: standard 1: experimental or local use

Differentiated Services New IETF definition of the IPv4 Type of Service (ToS) byte in the IP packet-header by utilising the Differentiated Services Code Point (DSCP) field to classify packets into classes. To preserve backward-compatibility with any IP Precedence scheme currently in use on the network, DiffServ has defined the three left bits as Class-Selector Code Points. Packets can be marked with an arbitrary DSCP value. 6 bits allow to select up to 64 PHP Per Hop Behavior Packets with the same PHB and sent in a particular direction follow the same packet scheduling, queuing, policing, or shaping behaviour of a node The packets are classified IETF-defined per-hop behaviors (PHBs) including assured forwarding (AF) expedited forwarding (EF) and Best effort Traffic that is characterised as EF will receive the lowest latency, jitter and assured bandwidth services which is suitable for applications such as VoIP. AF allows carving out the bandwidth between multiple classes in a network according to desired policies. The default PHB essentially specifies that a packet marked with a DSCP value of 000000 receives the traditional best-effort service
170
Page 1.170
5 IP protocol 5.3 IP header Diffserv mechanism Traffic conditioning

(Meter, Marker, Dropper)
EF AF2
Link utilisation ratio 65/100 20/100 10/100 5/100
Input Classifier
AF1 BE
Output
Scheduler
Queue management
171
Classifier: Packets which have to be classified according to the traffic class (conversational, streaming, interactive, background). Traffic conditioning: includes mechanisms for: traffic metering (verification of the traffic contract) Dropper (discarding packets) Queue management : allows to prevent congestion Scheduler : assign a specific rate to each class
Page 1.171
5 IP protocol 5.3 IP header Time To Live

Version Header Type Of length Service Identification Protocol Datagram length Flag Datagram Offset Checksum 1 TTL=64 2 TTL=63 TTL=62 3
TTL
Destination IP address Options Data
Source IP address
TTL=61
5 TTL=60
TTL=32
TTL=0 3
172
Time to Live: This field specifies the time (in seconds) the datagram is allowed to travel. Theoretically, each router processing this datagram is supposed to subtract its processing time from this field. In practise, a router processes the datagram in less than 1 second. Thus the router subtracts one from the value in this field. The TTL becomes a hop-count metric rather than a time metric. When the value reaches zero, it is assumed that this datagram has been travelling in a closed loop and is discarded. The initial value should be set by the higher level protocol that creates the datagram.
Page 1.172
5 IP protocol 5.3 IP header Encapsulated protocol
ICMP Upper protocols IP protocol 1

Version Header length Identification TTL ToS
Data
TCP 17
Flag Datagram length Checksum Datagram Offset
UDP
Protocol
Destination IP address Options Data
Source IP address
MAC
@MAC dest.
@MAC src.
Type 0800 (IP)
Data
FCS
173
Protocol Number: This field indicates the higher level protocol to which IP should deliver the data in this datagram. These include: - 0: Reserved - 1: Internet Control Message Protocol (ICMP) - 2: Internet Group Management Protocol (IGMP) - 3: Gateway-to-Gateway Protocol (GGP) - 4: IP (IP encapsulation) - 5: Stream - 6: Transmission Control Protocol (TCP) - 8: Exterior Gateway Protocol (EGP) - 9: Private Interior Routing Protocol - 17: User Datagram Protocol (UDP) - 41: IP Version 6 (IPv6) - 50: Encap Security Payload for IPv6 (ESP) - 51: Authentication Header for IPv6 (AH) - 89: Open Shortest Path First
Page 1.173
DF: Don't fragment
0 can be fragmented, 1 cannot be fragmented
5 IP protocol 5.3 IP header Flags

0 last fragment, 1 a fragment follows.
MF: More Fragment Bits 0

Version Header length Identification Type Of Service Protocol
0 DF MF
1 2
TTL
Flag
Datagram length Checksum
Datagram Offset
Destination IP address Options 4 400 bytes (DF=0, MF=0) MF=0 3 500 bytes (DF=0, MF=1) MF=1 2 500 bytes (DF=0, MF=1) MF=1
Source IP address
1400 bytes (DF=0, MF=0) MF=0
MTU: 1500
1 1400 bytes(DF=1 DF=1) 2
MTU: 500
174
Flags : DF (Do not Fragment): 0 means allow fragmentation; 1 means do not allow fragmentation. MF (More Fragments): 0 means that this is the last fragment of the datagram; 1 means that additional fragments will follow.
Page 1.174
5 IP protocol 5.3 IP header Identification

Version Header length Type Of Service Datagram length Flag Datagram Offset Checksum
TTL
Identification
Protocol
300 bytes ID=6701 (DF=0, MF=0) MF=0
1400 bytes ID=6700 (DF=0, MF=0) MF=0 4 400 bytes ID=6700 (DF=0, MF=0) MF=0
MTU: 1500
5 300 bytes ID=6701 (DF=0, MF=0) MF=0 3 500 bytes ID=6700 (DF=0, MF=1) MF=1
500 bytes ID=6700 (DF=0, MF=1) MF=1
MTU: 500
175
Identification : A unique number assigned by the sender to aid in reassembling a fragmented datagram. Each fragment of a datagram has the same identification number.
Page 1.175
5 IP protocol 5.3 IP header Offset field
Type Of Service
Datagram length
Datagram Offset
Checksum
Expressed in word of 8 bytes
176
Fragment Offset: This is used to aid the reassembly of the full datagram. The value in this field contains the number of 64-bit segments (8 bytes) contained in earlier fragments. Header bytes are not counted. If this is the first (or only) fragment, this field contains a value of zero.
Page 1.176
5 IP protocol 5.3 IP header Use of the offset

Frag.3 Frag.1 Frag.2
MTU: 2000 1880 octets
MTU: 800
Frag.1 Frag.2
Frag.1
Frag.1
.3 ag Fr
Frag. 1
Offset= 0
.2 ag Fr
Offset= 100 x 8 =800

Byte 0 Byte 800 Byte 1600 Byte 1879
Fragmentation When an IP datagram travels from one host to another, it may pass through different physical networks. Each physical network has a maximum frame size. This is called the maximum transmission unit (MTU). It limits the length of a datagram that can be placed in one physical frame. IP implements a process to fragment datagrams exceeding the MTU. The process creates a set of datagrams within the maximum size. The receiving host reassembles the original datagram.
Offset= 0
Frag. 2
Offset= 200 x 8 =1600
0 800 1600
Frag.1 Frag.2 Frag.3
data
Frag. 3
177
Page 1.177
5 IP protocol 5.3 IP header Fragmentation synthesis (3)

MTU = 4096 Total length Offset Identification Flag TTL 4 5 0 2039 1234 000 0 12 6 xxxx source address dest address. Data 2019 bytes MTU = 1024 4 5 0 1020 1234 001 0 11 6 xxxx source address dest address. 1000 bytes
20 oct
20 oct
4 5 0 1020 1234 001 125 11 6 xxxx source address dest address. 1000 bytes 45 0 39 1234 000 250 11 6 xxxx source address dest address. 19 bytes
20 oct
Must be a multiple of 8 bytes
20 oct
Optional exercise: What will be the value of the various fields if the next MTU is 512.
178
The following steps are performed to fragment the datagram: The DF flag bit is checked to see if fragmentation is allowed. If the bit is set, the datagram will be discarded and an ICMP error returned to the originator. Based on the MTU value, the data field is split into two or more parts. All newly created data portions must have a length that is a multiple of 8 bytes, with the exception of the last data portion. Each data portion is placed in an IP datagram. The headers of these datagrams are minor modifications of the original: - The more fragments flag bit is set in all fragments except the last. - The fragment offset field in each is set to the location this data portion occupied in the original datagram, relative to the beginning of the original unfragmented datagram. The offset is measured in 8-byte units. - If options were included in the original datagram, the high order bit of the option type byte determines if this information is copied to all fragment datagrams or only the first datagram. For example, source route options are copied in all fragments. - The header length field of the new datagram is set. - The total length field of the new datagram is set. - The header checksum field is re-calculated. Each of these fragmented datagrams is now forwarded as a normal IP datagram. IP handles each fragment independently. The fragments can traverse different routers to the intended destination. They can be subject to further fragmentation if they pass through networks specifying a smaller MTU.At the destination host, the data is reassembled into the original datagram. The identification field set by the sending host is used together with the source and destination IP addresses in the datagram. Fragmentation does not alter this field. In order to reassemble the fragments, the receiving host allocates a storage buffer when the first fragment arrives. The host also starts a timer. When subsequent fragments of the datagram arrive, the data is copied into the buffer storage at the location indicated by the fragment offset field. When all fragments have arrived, the complete original unfragmented datagram is restored. Processing continues as for unfragmented datagrams.
Page 1.178
5 IP protocol 5.3 IP header Check of the header
Type Of Service
Datagram length

Data
Checksum
Datagram Offset
179
Header Checksum: This field is a checksum for the information contained in the header. If the header checksum does not match the contents, the datagram is discarded.
Page 1.179
5 IP protocol 5.3 IP header IP Addresses
Type Of Service
Datagram length
Datagram Offset
Checksum
IP address using 32 bits
180
Source IP Address: The 32-bit IP address of the host sending this datagram.
Destination IP Address: The 32-bit IP address of the destination host for this datagram.
Page 1.180
5 IP protocol 5.3 IP header Options

TTL
Identification
Type Of Service
Destination IP address Options

Main options : -Route recording -Route + Time stamp -strict routing -no strict routing
Protocol Checksum Source IP address
Flag
Datagram length
Datagram Offset
Padding
variable field, maxi length 40 bytes, rarely used
181
IP datagram routing options The IP datagram Options field provides two methods for the originator of an IP datagram to explicitly provide routing information. It also provides a method for an IP datagram to determine the route that it travels. Loose source routing also called the loose source and record route (LSRR) option, provides a means for the source of an IP datagram to supply explicit routing information. Strict source routing also called the strict source and record route (SSRR) option, uses the same principle as loose source routing except the intermediate router must send the datagram to the next IP address in the source route via a directly connected network. Record route This option provides a means to record the route traversed by an IP datagram. Internet timestamp A timestamp is an option forcing some (or all) of the routers along the route to the destination to put a timestamp in the option data.
Page 1.181
5 IP protocol 5.3 IP header IP encapsulation in Ethernet V2

Data
IP protocol
Ver. Head leng. Type serv. Total Leng Identif Flag
20 bytes
0 length40
Offset TTL Protocol fragment
CRC
IP @ source
IP @ dest.
Options
Data
MAC protocol
Eth V2 frame
MAC @ MAC @ Dest. Source

6 6
Type 0800
2
IP datagram
FCS
4
0800 = IP
182
Page 1.182
5 IP protocol Synthesis
no reliability,
no error recovery
Best effort
connectionless-oriented
183
Page 1.183
5 IP protocol 5.3 IP header Exercise

Addr. 0000: 0010: 0020: 0030: 0040: 0050: 0140: 0150: Hex. Data FF FF FF FF 01 48 00 00 FF FF 00 44 7E BA 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 FF 00 43 00 00 00 00 0F 01 00 00 00 80 11 34 00 80 00 9F AA EF 00 9F 00 21 A6 12 00 21 00 32 00 01 00 32 00 A9 00 01 00 A9 00 08 00 06 00 00 00 00 00 00 00 00 00 45 FF 00 00 00 00 00 FF 00 00 00 00
1-What is the encapsulated protocol in this IP packet? 2-What is the byte representing this protocol in the hexadecimal trace ?
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth v2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; Reliability:Normal 0010:0011 Packet Length: 328 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255
184
Page 1.184
5 IP protocol 5.3 IP header Exercise
Addr. 0000: 0010: 0020: 0030: 0040:
Hex. Data 01 00 5E 00 00 34 00 00 00 09 02 08 00 00 0A 0A 00 01
Ethernet Frame
00 00 02 00 09 00 08 00 00 02 00 FF 10 11 20 FF 7B CD 05 00 81 DD 73 00 9E 0A 02 00 9A 0E 02 00 08 00 00 00 00 05 00 00 45 E0 00 00 C0 00 02 00
ASCII ..^.....{.....E. .4.............. ....... .s...... ................
1- Look for the destination IP @ and indicate which class is it 2- Look for the destination MAC @ and explain its value
185
Page 1.185
Objective: To be able to describe the role of the various IP header fields
5 IP protocol Evaluation
186
Page 1.186
1 2 3 4 5 6 7 8 9
1.187
Page 1.187
6 ICMP protocol ICMP protocol situation

ICMP Network
IP ARP
SNAP LLC Link MAC 802.2
FDDI
token Ring Paires torsades blindes
Ethernet V2
Physical
Fibre optique
10 Base 2
10 Base 5
188
ICMP uses IP as if ICMP were a higher level protocol (that is, ICMP messages are encapsulated in IP datagrams). However, ICMP is an integral part of IP and must be implemented by every IP module. ICMP messages are described in RFC 792 and RFC 950, belong to STD 5 and are mandatory.
Page 1.188
6 ICMP protocol Main function
IP @ : Y Router IP @ : M
2 ICMP message
@IP:M @IP:Z IP @ :Z @IP:Z @IP:Y

Data Router
189
When a router or a destination host must inform the source host about errors in datagram processing, it uses the Internet Control Message Protocol ICMP is used to report errors, not to make IP reliable. Datagrams may still be undelivered without any report on their loss. Reliability must be implemented by the higher-level protocols using IP services. ICMP cannot be used to report errors with ICMP messages. This avoids infinite repetitions.ICMP responses are sent in response to ICMP query messages (ICMP types 0, 8, 9, 10 and 13 through 18). ICMP messages are never sent in response to datagrams with a broadcast or a multicast destination address. ICMP is also used to perform tests (see ping, traceroute).
Page 1.189
6 ICMP protocol Format of the ICMP message ICMP message Type Code
1 1
CRC
2
Parameters
4
Data
Protocol= 1 (ICMP)
Header
20 bytes
IP
Eth V2 frame
MAC @ MAC @ Source Dest.

6 6
Type 0800
2
Datagram IP
Type=0800 (IP)
FCS
4
190
Page 1.190
6 ICMP protocol Type - Code

Type
0:Echo
Code
0: Response 0: network unreachable 1: host unreachable 2: Protocol unreachable 3: Port unreachable 4: fragmentation needed but dont frag=0 5: Source route failed 6: Unknown destination network 7: Unknown destination host 8: (obsolete) 9: destination network administratively forbidden 10: destination host administratively forbidden 11: network unreachable for this TOS 12: host unreachable for this TOS 13: Communication forbidden (filter) 14: Violation of the precedence 15: precedence 0: Source Quench 0: 1: 2: 3: Redirection for a network Redirection for a host Redirection for a service and a network Redirection for service and a host
8: Echo
Type
0: Request 0: 0:
Code
9: Router Advertisement 10: Router solicitation 11: Time to live 12: parameter error 13: Timestamp Request 14: Timestamp response 15: Information request 16: Information Response 17: Netmask request 18: Netmask response
3:unreachable destination
0: time to live exceeded in transit 1: during reassembly
0: IP header 1: Option missing 0: 0: 0: 0: 0: 0: (obsolete) (obsolete)
4: flow control
5:Redirection
191
Page 1.191
6 ICMP protocol Parameter Error ICMP Message Parameters

0
4
Type Code 12 0 or 1
CRC
data Header IP+ 64 first bits
0: Bad IP header 1: Requested option missing IP Packet 2 Router
ICMP Parameter error : bad IP header
192
Parameter Problem (12) This message indicates that a problem was encountered during processing of the IP header parameters. The pointer field indicates the byte in the original IP datagram where the problem was encountered. The ICMP header code field may have the one of the following values: 0: unspecified error 1: required option missing
Page 1.192
6 ICMP protocol Unreachable destination

Host not existing
Type =3 (unreachable destination)
Code= 1 (unreachable Host)
Type =3 (unreachable destination) Code= 1 (unreachable Host)
Network
Type =3 (unreachable destination) Code= 3 (non valid Port) non active Application non implemented
Type =3 (unreachable destination) Code= 0 (unreachable network)

Unreachable destination (3)
Type =3 (unreachable destination) Code= 2 (non valid protocol )

193
If this message is received from an intermediate router, it means that the router regards the destination IP address as unreachable. If this message is received from the destination host, it means that either the protocol specified in the protocol number field of the original datagram is not active or the specified port is inactive.
Page 1.193
6 ICMP protocol Unreachable destination fragmentation needed ICMP Message Parameter

0
4
Type Code 4 3
CRC
Data IP header+ 64 first bits
fragmentation needed Flag df (dont fragment)

1
1500 oct
MTU=1500
3
MTU=256 MTU=512
ICMP unreachable destination (fragmentation needed)

194
Unreachable destination (3)
Page 1.194
Type Code 4 3
CRC
ICMP Message 0
2
6 ICMP protocol MTU discovery (option rfc 1191) Data IP header+ 64 first bits
MT U= 5 12
Flag df (dont fragment) 1

1500
fragmentation needed
2
MT U =1536
next hop MTU
4 1 0 2 = U M T
ICMP Unreachable destination (Path MTU Discovery:1024)

Flag df (dont fragment) 4
1024
MT U =1536
2 4 = 1 0 U M T 6
MT U= 5 12
ICMP Unreachable destination (Path MTU Discovery:512)

195
Unreachable destination (3) Path MTU Discovery is a draft standard protocol with a status of elective. It is described in RFC 1191. If a router implements the Path MTU Discovery protocol, the format of the destination unreachable message is changed for code 4. This includes the MTU of the link that did not accept the datagram.
Page 1.195
Type Code 0 11
CRC
Parameters 0
ICMP Message
4
6 ICMP protocol Time overflow (overflow TTL) Data IP header + 64 first bits
overflow generated by a router TTL (Time to Live) Network

2
ICMP
196
Time Exceeded (11) If this message is received from an intermediate router, it means that the time to live field of an IP datagram has expired. If this message is received from the destination host, it means that the IP fragment reassembly time to live timer has expired while the host is waiting for a fragment of the datagram. The ICMP header code field may have the one of the following values: 0: transit TTL exceeded 1: reassembly TTL exceeded
Page 1.196
Type Code 1 11
CRC
Parameters 0
ICMP Message
4
6 ICMP protocol Time overflow (overflow time to reassemble) Data IP header + 64 first bits
overflow (during reassembly) generated by a host TTL (Time to Live) MTU=1536

1 2
MTU=512
ICMP overflow time to reassemble

197
Time Exceeded (11) The ICMP header code field may have the one of the following values: 0: transit TTL exceeded 1: reassembly TTL exceeded
Page 1.197
6 ICMP protocol Redirection Type Code 0 ..3 5

1 1 2
0: Network redirection 1: Host redirection 2: Network redirection for the requested service 3: Host redirection for the requested service R2
CRC
Parameters
@IP router
ICMP Message
4
Data IP header + 64 first bits
Default gateway : R1
4 1 ICMP Redirection (R2) R2

3
R1
198
Redirect (5) If this message is received from an intermediate router, it means that the host should send future datagrams for the network to the router whose IP address is specified in the ICMP message. This preferred router will always be on the same subnet as the host that sent the datagram and the router that returned the IP datagram. The router forwards the datagram to its next hop destination. This message will not be sent if the IP datagram contains a source route.
Page 1.198
6 ICMP protocol Example of redirection

Destination 127.0.0.1 140.252.1.0/24 default Gateway 127.0.0.1 Flags UH U UG Interface lo0 eth0 eth0
flag H: the destination is a Host flag G: route through Gateway flag U: the route is Up flag D: route made by redirection ICMP
2 6 140.252.13.34/32
140.252.1.183
140.252.1.4
UGHD
eth0
1 % ping 140.252.13.34
140.252. 1.92 140.252.1.32 140.252.1.11
7
140.252.13.66
140.252.1.183
ICMP host redirection 140.252.1.183
4
140.252.1.4
Internet
Network 140.252.1
140.252.13.65
140.252.1.29 140.252.13.33
Network 140.252.13.32
140.252.13.35
140.252. 13.34
199
Redirect (5) Example
Page 1.199
6 ICMP protocol Source Quench ICMP message

4
Type Code 0 4
CRC
Parameters
0
Data IP header + 64 first bits
Source Quench
1 ICMP Source quench 2 Flow control
200
Source Quench (4) If this message is received from an intermediate router, it means that the router did not have the buffer space needed to queue the datagram. If this message is received from the destination host, it means that the incoming datagrams are arriving too quickly to be processed. The ICMP header code field is always zero.
Page 1.200
Type Code 17 ou 18 0
CRC
ICMP message
Identification
2
6 ICMP protocol Subnet mask Netmask

32
Sequence number
17: Request 18: Response
Subnet
IP @ :A 1
ICMP: Response netmask of network 2

@IP:A Broadcast
Router
ICMP: Request netmask
ICMP: Response netmask of network

201
Address Mask Request (17) and Address Mask Reply (18) An address mask request is used by a host to determine the subnet mask used on an attached network. Most hosts are configured with their subnet mask(s). However some, such as diskless workhosts, must obtain this information from a server. A host uses RARP to obtain its IP address. To obtain a subnet mask, the host broadcasts an address mask request. Any host on the network that has been configured to send address mask replies will fill in the subnet mask, convert the packet to an address mask reply and return it to the sender. The ICMP header code field is zero.
Router
Page 1.201
6 ICMP protocol Time stamp Type Code 13 0

1 1
CRC
Identification
Sequence number
ICMP timestamp Request
Origin time
2 ICMP timestamp Response Type Code 14 0

1 1
CRC
Identification
Sequence number
Origin time
reception transmission time time
Transit time Processing time

202
Timestamp Request (13) and Timestamp Reply (14) These two messages are for debugging and performance measurements. They are not used for clock synchronization. The sender initializes the identifier and sequence number (which is used if multiple timestamp requests are sent), sets the originate timestamp and sends the datagram to the recipient. The receiving host fills in the receive and transmit timestamps, changes the type to timestamp reply and returns it to the original sender. The datagram has two timestamps if there is a perceptible time difference between the receipt and transmit times. In practice, most implementations perform the two (receipt and reply) in one operation. This sets the two timestamps to the same value. Timestamps are the number of milliseconds elapsed since midnight UT (GMT).
Page 1.202
6 ICMP protocol Advertisement/ Solicitation of Routers Solicitation

1
Type 10
Code 0
Parameter
0
2
CRC
Advertisement
Type 9 Number of addresses
Code 0 Entry size (=2) Preference level (1) Preference level(2) Preference level (n) router address(n) router address(2) router address (1)
CRC TTL
203
Router Advertisement (9) and Router Solicitation (10) (RFC 1256) These two messages are used if a host or a router supports the router discovery protocol. Routers periodically advertise their IP addresses on those subnets where they are configured to do so. Advertisements are made on the all-systems multicast address (224.0.0.1) or the limited broadcast address (255.255.255.255). The default behavior is to send advertisements every 10 minutes with a TTL value of 1800 (30 minutes). Routers also reply to solicitation messages they receive. They may reply directly to the soliciting host, or they may wait a short random interval and reply with a multicast. Hosts may send solicitation messages. Solicitation messages are sent to the all-routers multicast address (224.0.0.2) or the limited broadcast address (255.255.255.255). Typically, three solicitation messages are sent at 3-second intervals. Alternatively a host may wait for periodic advertisements. Each time a host receives an advertisement with a higher preference value, it updates its default router. The host also sets the TTL timer for the new entry to match the value in the advertisement. When the host receives a new advertisement for its current default router, it resets the TTL value to that in the new advertisement. This process also provides a mechanism for routers to declare themselves unavailable. They send an advertisement with a TTL value of zero. number: The number of entries in the message.
entry length: The length of an entry in 32-bit units. This is 2 (32 bits for the IP address and 32 bits for the preference value). TTL: The number of seconds that an entry will be considered valid. router address: One of the sender's IP addresses. preference level: A signed 32-bit level indicating the preference to be assigned to this address when selecting a default router. Each router on a subnet is responsible for advertising its own preference level. Larger values imply higher preference; smaller values imply lower. The default is zero, which is in the middle of the possible range. A value of X'80000000 (-231) indicates the router should never be used as a default router.
Page 1.203
6 ICMP protocol Echo (PING) ICMP Message

Identification
4
Type Code 0 ou 8 0
CRC
Sequence number
Data
0: Echo Response 8: Echo Request IP@A IP@B ICMP Echo Request 1 IP @ : A 2 @IPB @IPA ICMP Echo Response @IP: B
204
Echo (0) (8) is used to detect if another host is active on the network. It is used bythe Ping command.The sender initializes the identifier, sequence number, and data field. The datagram is then sent to the destination host. The recipient changes the type to Echo Reply and returns the datagram to the sender. PING (Packet Internet Groper ) Ping is the simplest of all TCP/IP applications. It sends IP datagrams to a specified destination host and measures the round trip time to receive a response. The word ping, which is used as a noun and a verb, is taken from the sonar operation to locate an underwater object. It is also an abbreviation for Packet InterNet Groper. Traditionally, if you could successfully ping a host, other applications such as Telnet or FTP could reach that host. With the advent of security measures on the Internet, particularly firewalls, which control access to networks by application protocol and/or port number, this is no longer necessarily true. Nonetheless, the first test of reachability for a host is still to attempt to ping it. Ping is useful for verifying an IP installation. The following variations of the command each require the operation of an different portion of an IP installation: ping loopback: Verifies the operation of the base TCP/IP software. ping my-IP-address: Verifies whether the physical network device can be addressed. ping a-remote-IP-address: Verifies whether the network can be accessed. ping a-remote-host-name: Verifies the operation of the name server (or the flat namespace resolver, depending on the installation).
Page 1.204
IP @ : A
IP@: x
IP @ :y
6 ICMP protocol Trace route program IP @: z IP @ : B
@IPA @IPB TTL=1 @IPx @IPA @IPA

ICMP: Type 11 code 0: overflowTTL
@IPB TTL=2 @IPy @IPA

@IPA
@IPB TTL=3
@IPz
@IPA
@IPBTTL=4
@IPA
ICMP: Type 0 code 0: Echo Response

Traceroute
@IPB
@IPA
205
The Traceroute program is used to determine the route IP datagrams follow through the network. Traceroute is based upon ICMP and UDP. It sends an IP datagram with a TTL of 1 to the destination host. The first router decrements the TTL to 0, discards the datagram and returns an ICMP Time Exceeded message to the source. In this way, the first router in the path is identified. This process is repeated with successively larger TTL values to identify the exact series of routers in the path to the destination host. Traceroute sends UDP datagrams to the destination host. These datagrams reference a port number outside the standard range. When an ICMP Port Unreachable message is received, the source determines the destination host has been reached.
Page 1.205
6 ICMP protocol Exercise: Ping and Trace route program
cmd 3
2 1
On Windows-NT On Unix or Linux

traceroute ping
> tracert <ip-addr> or > tracert isoc.org > ping <ip-addr> > ping icann.org
206
Page 1.206
6 ICMP protocol Attacks against security with ICMP (1)

I P@ o l ast _ t @ P _I = f i r st For i i
i next
e r out e c a tr
P ing
Hacker
Ping allows the scan of IP addresses Destination unreachable allows to know who is unreachable and why. Traceroute allows to know the IP addresses of the routers
ICMP Redirects modifies the routing table of the hosts ( DoS attack). ICMP Source Quench request to reduce the throughput
207
ICMP can be used by hackers to know more about a network as well as to damage the correct operation of a network. That is why, usually, the firewalls connected to the border between Private network and Internet will discard any ICMP messages. Note : DoS attack- This name is given to this kind of attack because only Microsoft DoS (not Unix nor Linux) take in account the redirect ICMP message. http://www.sys-security.com/archive/papers/ICMP_Scanning_v1.0.pdf
Page 1.207
6 ICMP protocol Attacks against security with ICMP (2) ICMP allows to detect the type of Operating System :
3
DoS
Destin a unrea tion chable
A: Microsoft B: Unix
UNIX
B 2
ICMP timestamp Request

sta mp e m i t IC MP po nse R es
Hacker
ICMP Address Mask Requests (type 16)
Allows to detect routers Allows to know the subnets

208
ICMP with type=echo and code 0 : is accepted by UNIX leads to a response with code=0 on Microsoft
Page 1.208
ping @IP:10.12.0.1
Given this interconnection diagram and the trace (next page) of messages made on the network 10.10.0.0 when a ping is sent from this PC : 1- Fill in this diagram (IP@ of various units)
Network 10.10.0.0/16
MAC@ :00.10.7b.81.9d.15 IP@ : . . . MAC@ :00.10.7b.81.9c.f9 IP@ : . . .
6 ICMP protocol Exercise ICMP(1)
2- Draw the exchanges (see the page following the trace)
MAC@: 00.a0.24.ea .16.7e 00.a0.24.ea.16.7e IP@ : . . . default/gateway: 10.10.0.11

Exercise:
PC configuration
209
A ping has been launch to the IP@:10.12.0.1
Given the following trace: 1- Draw the events 2 - on the diagram, - write down the IP @ of the host, - draw with arrows the exchanges.
Page 1.209

802.3 Destination Address: 00107B819D15 Source Address: 00A024EA167E (3ComEA167E) Ethernet Type: DOD Internet Protocol (IP) IP Source Address: 10.10.10.10 Destination Address: 10.12.0.1 ICMP Type: Echo Code: 0x00 Checksum: 0xFB5B Identifier: 0x0001 Sequence Number: 81 802.3 Destination Address: 00A024EA167E Source Address: 00107B819D15 Ethernet Type: DOD Internet Protocol (IP) IP Source Address: 10.10.0.11 Destination Address: 10.10.10.10 ICMP Type: Redirect Code: Redirect datagrams for the Network Checksum: 0x9B8D Gateway Internet Address: 10.10.0.12 IP - Version: 4, Header Length: 20 IP - Service Type: 0x00 IP - Packet Length: 60 IP - Identification: 0xB941 IP - Fragment Offset: 0x0000 IP - Time to Live: 31 IP - Transport: Internet Control Message IP - Header Checksum: 0xC45F IP - Source Address: 10.10.10.10 IP - Destination Address: 10.12.0.1 Others: 8 bytes of data 802.3 Destination Address: 00107B819CF9 Source Address: 00107B819D15 Ethernet Type: (IP) IP Source Address: 10.10.10.10 Destination Address: 10.12.0.1 ICMP Type: Echo Code: 0x00 Checksum: 0xFB5B Identifier: 0x0001 Sequence Number: 81 802.3 Destination Address: 00A024EA167E Source Address: 00107B819CF9 Ethernet Type: (IP) IP Source Address: 10.12.0.1 Destination Address: 10.10.10.10 ICMP Type: Echo Reply Code: 0x00 Checksum: 0x035C Identifier: 0x0001 Sequence Number: 81 802.3 Destination Address: 00107B819CF9 Source Address: 00A024EA167E Ethernet Type: (IP) IP Source Address: 10.10.10.10 Destination Address: 10.12.0.1 ICMP Type: Echo Code: 0x00 Checksum: 0xFA5B Identifier: 0x0001 Sequence Number: 82
Frame 1
Frame 2
Frame 5
Frame 4
Frame 3
210
% ping IP @ :10.12.0.1 MAC @ :00.a0.24.ea.16.7e default/gateway: 10.10.0.11 IP @ :
Network 10.10.0.0/16 MAC @ :00.10.7b.81.9d.15 @IP:
MAC @ :00.10.7b.81.9c.f9 IP @ :
Page 1.210
MAC@:00.a0.24.ea .16.7e MAC@:00.a0.24.ea.16.7e IP@ : . . .

IC M P ( echo, . . .
MAC @ :00.10.7b.81.9d.15 IP@ : . . .
MAC@ :00.10.7b.81.9c.f9 IP@ : . . .
time
time
time
211
Page 1.211
Objective:
6 ICMP protocol Evaluation
to be able to analyze an ICMP message and explain the operation of the Ping and Trace_route programs
212
Page 1.212
1 2 3 4 5 6 7 8 9
1.213
Page 1.213
The Client is the party requesting a service

Example:
7 Client-Server Model Overview
The Server is the party providing a service

Network IP Server : File transfer
tftp <server-IP@>
tftp> put/get <file_name> . . Transfer completed tftp> quit
Client : File transfer
File
File
Whatever the direction of the transfer

214
A server is an application that offers a service to internet users; a client is a requester of a service. An application consists of both a server and a client part, which can run on the same or on different systems. Users usually invoke the client part of the application, which builds a request for a particular service and sends it to the server part of the application using TCP/IP as a transport vehicle. The server is a program that receives a request, performs the required service and sends back the results in a reply. A server can usually deal with multiple requests and multiple requesting clients at the same time.
Page 1.214
7 Client-Server Model Overview of UDP / TCP Multiplexing

Finance 4 Business Research accounting department Telecom Company 75000 PARIS
Sender:
UDP port MAC address IP address
Finance department Alcatel 22300 LANNION
Alcatel
Artois
SOMME NORD SEINEMARITIME
Picardie
OISE VAL D'OISE AISNE
ARDENNES
CALVADOS
BasseBrest FINISTRE St-Brieuc CTES D'ARMOR
Normandie
EURE
Haute-
Paris le de France
ESSONE SEINE-ETMARNE
MARNE
MOSELLE MEUSE
T T H E -E M E U R
BASRHIN
le
Normandie
ORNE
YVELINES
ChampagneArdenne
HAUTEMARNE
d'Oussant
MOSELLE
EUREMAYENNE SARTHE ILLE-ETVILAINE ET-LOIR
Quimper
Bretagne
MORBIHAN Lorient
Lorraine
VOSGES HAUTRHIN HAUTESANE BELFORT CTE-D'OR
Alsace
NCHE
AUBE LOIRET
YONNE
LOIREATLANTIQUE
Pays de la Loire
LOIRET-CHE R
FRANCE
CHER NIVRE
MAINE-ETLOIRE INDREET-LOIR INDRE VENDE
DOUBS
FrancheSANE-ETLOIRE JURA
Comt
R E S X -S V D E U
VIENNE
ALLIER
CHARENTEMARITIME
Charentes
CHARENTE
Poitou-
AIN HAUTEVIENNE CREUSE RHNE
Rhne-Alpes
HAUTE SAVOIE
PUY-DE-DME
LOIRE ISRE SAVOIE
CORRZE
Auvergne
CANTAL HAUTELOIRE
Savoie
Grenoble
GIRONDE Bordeaux
DORDOGNE
Valence
LOT LOZRE LOT-ETGARONNE TARN-ETLANDES GARONNE AVEYRON
ARDCHE
DRME
HAUTES-ALPES
Pyrnes
TARN
Midi-
Roussillon
GARD Nmes
LanguedocVAUCLUSE Avignon
ALPES-DEHAUTEPROVENCE ALPESMARITIMES Nice Cannes
GERS
-G A R O N N E
Bayonne PYRNESATLANTIQUES
P Y R N E S H A U T E S -
Toulouse HRAULT
Montpellier
BOUCHESDU-RHNE
Provence-Cte d'Azur
VAR
H A U TE
Pau Tarbes
Bziers AUDE ARIGE
Marseilles Toulon
Perpignan PYRNESORIENTALES
215
Analogy The city/post code MAC@ Company name IP@ Department UDP port Note : the company could move to another city => modification of the City/post code but no modification of the company name (logical address) The post office pay attention only on the city/post code (MAC@) and the Company name (IP@) but not the department (UDP port) Only the private companies (users) pay attention to the department (UDP port). UDP/TCP ports allows multiplexing. Delivering data from an application to its remote peer. Multiple applications can be supported simultaneously.
Page 1.215
7 Client-Server Model Ephemeral ports and well-known ports

File File
Client File transfer

1
Ephemeral port

1
Ephemeral port
TFTP server File transfer 6 6 Socket Socket @ IPa ,Port1955 @IPa, Port1843 @IPb,Port69 @Ipb, Port69
Well known port
1843
1955 2 UDP/TCP
3
IP a
@IPa @IPb PORTsrc:1843 PORTdst: 69
@IPa @IPb PORTsrc:1955 PORTdest: 69 IP network
UDP/TCP IP b
69
4 4 Well-known port <1024 Ephemeral port 1024

216
The well-known ports are controlled and assigned by the Internet Assigned Number Authority (IANA)Most servers wait for requests at a well-known port so that their clients know which port (and in turn, which application) they must direct their requests. The reason for well-known ports is to allow clients to be able to find servers without configuration information. The well-known port numbers are defined in STD 2 Assigned Internet Numbers. The client typically uses an arbitrary port called an ephemeral port for its communication. Clients that wish to communicate with a server that does not use a well-known port must have another mechanism for learning to which port they must address their requests. This mechanism might employ a registration service such as portmap, which does use a well-known port. Ephemeral: Clients do not need well-known port numbers because they initiate communication with servers and the port number they are using is contained in the UDP datagrams sent to the server. Each client process is allocated a port number for as long as it needs it by the host it is running on. Ephemeral port numbers have values greater than 1023, normally in the range 1024 to 65535. A client can use any number allocated to it, as long as the combination of <transport protocol, IP address, port number> is unique. Ephemeral ports are not controlled by IANA and can be used by ordinary user-developed programs on most systems.
Page 1.216
7 Client-Server Model Multiplexing
Server Application layer Layer 4 (TCP / UDP) Layer 3 IP
Multiplexing based on port number Application x Port 1 Application y Port 2

3
Application z Port n Data

4
Data
UDP 4 header Layer header Port :., Port :: n Portsrc :., Portdest n src dest
IP header @IPsrc @Ipdest
Layer 4 header Portsrc:., Portdest: n IP packet 1
Data
217
In both transport layer UDP and TCP, the destination port is used to determine the target application.
Page 1.217
7 Client-Server Model Simultaneous access to a server

File File File

1
Ephemeral port
Socket 5 @IPa,Port1025 IPa,Port1025 @IPb,Port69 IPb,Port69
Server File transfer

Well known port
Socket 5 @IPc,Port1025 IPc,Port1025 @IPb,Port69 IPb,Port69 4 2

1
Ephemeral port
UDP:TCP IP a
1025
UDP/TCP IP b
69
UDP/TCP IP c
1025
IP network
@IPc @IPb PORTsrc:1025 PORTdest: 69

218
The concepts of port and socket, determine which local process at a given host actually communicates with which process, at which remote host, using which protocol. If this sounds confusing, consider the following: An application process is assigned a process identifier number (process ID), which is likely to be different each time that process is started. Process IDs differ between operating system platforms, hence they are not uniform. A server process can have multiple connections to multiple clients at a time, hence simple connection identifiers would not be unique. The concept of ports and sockets provides a way to uniformly and uniquely identify connections and the programs and hosts that are engaged in them, irrespective of specific process IDs. A socket address is the triple: <protocol, local-address, local-process> For example, in the TCP/IP suite: <tcp, 193.44.234.3, 12345> A conversation is the communication link between two processes. An association is the 5-tuple that completely specifies the two processes that comprise a connection: <protocol, local-address, local-process, foreign-address, foreign-process> In the TCP/IP suite, the following could be a valid association: <tcp, 193.44.234.3, 1500, 193.44.234.5, 21>
Page 1.218
7 Client-Server Model Host being both Server and Client

File File File

1
Ephemeral port
Socket @IPa,Port1025 5 @IPb,Port 69

1
Ephemeral port
Well known port
Socket 5 @IPb,Port1542 @IPc,Port 69
UDP/TCP IP a
1025
1542 2 4 69 UDP/TCP IP b
3
Well known port
69
UDP/TCP IP c
IP network
@IPb @IPc PORTsrc:1542 PORTdest: 69

219
A server could be a client for another communication.
Page 1.219
7 Client-Server Model Port distribution

1
Well-known ports
1023 1024
Registered ports
49151 49152
Ephemeral ports
65535
7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen 37: Temps (time) 43: whois53: DNS Domain Name Server (Query) 67: BOOTPs BOOTP Bootstrap Protocol- Server 68: BOOTPc BOOTP Bootstrap Protocol- Client 69: TFTP Trivial File Transfer Protocol 111: RPC remote Procedure Call 123: NTP Network Time Protocol 161: SNMP Simple Network Management Protocol 162: SNMP - Traps
UDP Well-known ports
5: RJE- Remote Job Entry 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen20: FTP File Transfer Protocol- Data 21: FTP File Transfer Protocol- Commands 23: TELNETTELNET Remote connection 25: SMTP Simple Mail Transfer Protocol53: DNS Domain Name Server (zone transfer) 80: HTTP Hypertext Transfer Protocol 110: POP3 Post Office Protocol 111: SUNRPC 139: Netbios
TCP Well-known ports
220
In the past, only two ranges of ports : well-known and ephemeral Now, because so many new services have been born : Well-known ports are assigned by IANA. range between 1 and 1023. Registered ports are displayed bu IANA Ephemeral ports Well-known port numbers are typically odd, because early systems using the port concept required an odd/even pair of ports for duplex operations. Client uses an ephemeral port, exception is the BOOTP client, which uses well known port 68 Most servers require only a single well known port. Exception is the FTP server, which uses two: 20 and 21 An application could run on both TCP or UDP transport layer. But in fact each application runs always to only one transport protocol some exception like DNS running on server which uses both UDP port 53 (for query operation) and TCP port 53 (for database transfer between 2 DNS servers).
Page 1.220
Host @IPa
data Transport Port sd data IP@ sadb Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7
7 Client-Server Model TCP/IP communication synthesis
IP Network
IP@ sadb Phys@ 7
@IPb Appli
Host
Transport Port sd data
Appli Appli
Host
Phys @ 9
Phys @ 12
Host
221
Page 1.221
7 Client-Server Model Evaluation
Objective:
to be able to describe the operation of the client/server model at the transport layer
222
Page 1.222
1 2 3 4 5 6 7 8 9
1.223
Page 1.223
8 User Datagram Protocol Situation of the UDP protocol Application Transport Network
NTP TFTP UDP ICMP SNMP DNS Telnet FTP SMTP TCP HTTP
IP ARP
LLC
SNAP 802.2
Link
MAC FDDI Optical fibre
Ethernet V2
Physical
10 Base 2
10 Base 5 224
Usually, UDP is used by applications that need a fast transport mechanism (time synchronisation, voice over IP) that have a very short communication (one question, one response) that can tolerate the loss of some data. The main applications using UDP are : TFTP: Trivial File Transfer Protocol DNS : Domain Name System NTP : Network Time Protocol
Page 1.224
9 User Datagram Protocol Connectionless service
UDP IP
P3 P2 P1
UDP does not reorder the received packets
Offers Connectionless service

P2
IP network
P2 P1 P3
UDP IP
P1 P3 P2 P1
P3
P3
P1
P2
UDP offers Connectionless service

225
Page 1.225
8 User Datagram Protocol UDP not a reliable protocol

1 5 0 $
Bill
Classical mail
User User
Not reliable Nevertheless people appreciate mail services

That is the role of users to implement a procedure if they want a reliable communication
( i.e. : if no response in 3 day time, the letter is retransmit)

UDP provides connectionless, unreliable, best-effort service.
226
UDP provides a mechanism for one application to send a datagram to another. The UDP protocol can be regarded as being extremely thin and consequently has low overheads, but it requires the application to take responsibility for error recovery and so on. As a result, applications using UDP as the transport protocol have to provide their own end-to-end integrity, flow control, and congestion control, if it is so desired. Usually, UDP is used by applications that need a fast transport mechanism and can tolerate the loss of some data.
Page 1.226
8 User Datagram Protocol Applications tolerating the loss of some data
Convsation
IP network
Conversation
Co
nv
er
sa
ti
on
E v ery 1 0 s
Network Time Server
Dat NTP e& t im e
IP network
Network management
227
UDP is suitable for application tolerating loss of some data. Example: Voice over IP - If a part of the conversation is lost during the transmission, the ear is capable of understanding. In addition if the part of lost conversation is repeated, it will be out of sequence and will cause the worst effect. Time synchronisation is necessary to well manage a network. A Network Time Server delivers recurrently the time. If a message conveying the current time is lost, it is crazy to repeat this message because the time run.
Page 1.227
http://alcatel.com Internet
8 User Datagram Protocol Applications using simple exchange

IP@=169.109.33.06 169.109.33.06
Alcatel
Name Server
DNS UDP application not needs reliable reliability
What is t he IP@ of alc at e l.c om ?
DNS UDP not application reliable needs reliability
Wha t is the IP@ o f a lca tel.co m ?
l.c om = 169.109.33.06 alc ate l.c alc
The application has to implement an error recovery procedure

228
Applications using a communication type Question / Response can easily implement a simple procedure to assure a correct exchange. Lets cite : DNS, TFTP, ...
Page 1.228
8 User Datagram Protocol Main UDP Well-known ports 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen 37: Temps (time) 43: whois53: DNS Domain Name Server 67: BOOTPs BOOTP Bootstrap Protocol- Serveur 68: BOOTPc BOOTP Bootstrap Protocol- Client 69: TFTP Trivial File Transfer Protocol 111: RPC remote Procedure Call 123: NTP Network Time Protocol 161: SNMP Simple Network Management Protocol 162: SNMP - Traps
229
Well-known port are assigned by ICANN. Well-known: Well-known ports belong to standard servers, for example, DNS uses port 53. Well-known port numbers range between 1 and 1023 Well-known port numbers are typically odd, because early systems using the port concept required an odd/even pair of ports for duplex operations. Most servers require only a single port. Exceptions are the BOOTP server, which uses two: 67 and 68
Well-known ports
Page 1.229
8 User Datagram Protocol Optional services
Servers
DNS
TFTP
Appli. n
Finger Echo Port 7 Discard Port 9 Port 11
Daytime Port 13
Chargen Port 19
Port 53 Time Port 37
Port 69
Port n
Portsrc, Portdest
Data
UDP
230
Character Generator : The Character Generator service is designed to send a set of ASCII characters. Upon receipt of a datagram (the contents of which are ignored), the Character Generator service returns a list of all printable ASCII characters. The UDP Character Generator service monitors port 19 for an incoming datagram and responds with a datagram containing a random number of characters. Up to 512 characters can be sent. Daytime : The Daytime service returns a message with the current date and time. The format it uses is the day of the week, month of the year, day of the month, time, and theyear. Time is specified in a HH:MM:SS format. Each field is separated by spaces to enable parsing of the contents. Both TCP and UDP versions monitor port 13 and, upon receipt of a datagram, return the message. The Daytime service can be used for several purposes, including setting system calendars and clocks to minimize variations. It also can be used by applications. Discard The Discard service simply discards everything it receives. TCP waits for a connection on port 9, whereas UDP receives datagrams through that port. Anything incoming is ignored. No responses are sent. The Discard service might seem pointless, but it can be useful for routing test messages during system setup and configuration. It can also be used by applications in place of a discard service of the operating system (such as /dev/null in UNIX). Echo : The Echo service returns whatever it receives. It is called through port 7. With TCP, it simply returns whatever data comes down the connection, whereas UDP returns an identical datagram (except for the source and destination addresses). The echoes continue until the port connection is broken or no datagrams are received. The Echo service provides very good diagnostics about the proper functioning of the network and the protocols themselves. The reliability of transmissions can be tested this way, too. Turnaround time from sending to receiving the echo provides useful measurements of response times and latency within the network. Finger The Active Users service returns a message to the originating user that contains a list of all users currently active on the remote machine. The behavior of the TCP and UDP versions is the same. When requested, the Active Users service monitors port 11 and, upon establishment of a connection, responds with a list of the currently active users and then closes the port. UDP sends a datagram, and TCP uses the connection itself. Time Time : The Time service returns the number of seconds that have elapsed since January 1, 1990. Port 37 is used to listed for a request (TCP) or receive an incoming datagram (UDP). When a request is received, the time is sent as a 32-bit binary number. It is up to the receiving application to convert the number to a useful figure. The Time service is often used for synchronizing network machines or for setting clocks within an application. Quote of the Day : The Quote of the Day service does as its name implies. It returns a quotation from a file of quotes, randomly selecting one a day when a request arrives on port 17. If a source file of quotations is not available, the service fails. Note : Users can directly access their service of choice (assuming it is supported) by using Telnet.
Page 1.230
8 User Datagram Protocol Format of the UDP message
byte
byte
byte
byte
UDP message length
UDP source port
UDP destination port Checksum UDP
Data
231
UDP datagram format Each UDP datagram is sent within a single IP datagram. Although, the IP datagram may be fragmented during transmission, the receiving IP implementation will reassemble it before presenting it to the UDP protocol. All IP implementations are required to accept datagrams of 576 bytes, which means that, allowing for maximum-size IP header of 60 bytes, a UDP datagram of 516 bytes is acceptable to all implementations. Many implementations will accept larger datagrams, but this is not guaranteed. The UDP datagram has a 16-byte header. Source Port: Indicates the port of the sending process. It is the port to which replies should be addressed. Destination Port: Specifies the port of the destination process on the destination host. Length: The length (in bytes) of this user datagram, including the header. Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length:
Page 1.231
8 User Datagram Protocol IP packet processing
Server Application layer Layer 4 UDP (17)

2
Multiplexing based on port number Application x Port 1 Application y Port 2

4
Application z Port n Data

5
Data
UDP header Port :., :: n Portsrc :., Port Portdest n src dest
Prot=17
TCP (6)
Layer 3 IP
@IPsrc @Ipdest IP header
UDP header Portsrc:., Portdest: n IP packet 1
Data
232
It simply serves as a multiplexer/demultiplexer for sending and receiving datagrams, using ports to direct the datagrams. Applications sending datagrams to a host need to identify a target that is more specific than the IP address, since datagrams are normally directed to certain processes and not to the system as a whole. UDP provides this by using ports.
Page 1.232
UDP
pseudo IP header 12 bytes IP address source IP address destination 00 Protocol Datagram length UDP dest Port Checksum UDP UDP src Port UDP message length
8 User Datagram Protocol Checksum calculation IP

Ver Header length
Type Of Service
Datagram length
Identification TTL Protocol 17
Flag
Datagram Offset
Checksum
Source IP address Destination IP address
Calculation
Data
UDP Datagram
233
Checksum: An optional 16-bit one's complement of the one's complement sum of a pseudo-IP header, the UDP header, and the UDP data. The pseudo-IP header contains the source and destination IP addresses, the protocol, and the UDP length. Why is this header added? It is because the TCP header doesnt contain IP addresses and just includes source and destination port numbers. This means if a TCP segment is delivered to the wrong system (wrong destination IP address), the TCP module on that system could not notice it by looking at the TCP header. Including the IP address information in checksum using the pseudo-header prevents this problem. If a problem is detected after the checksum calculation (validation) in a receiving system, the TCP segment is silently discarded. Nothing informs the sending system.
Page 1.233
8 User Datagram Protocol Synthesis
UDP added value : no reliability, connectionless-oriented
no flow-control,
Application 2 Application Application 1 3
no error recovery
UDP simply serves as a multiplexer/demultiplexer

234
Page 1.234
8 User Datagram Protocol Exercise - UDP trace

Addr. 0000: 0010: 0020: 0030: 0040: 0050: 0140: 0150: Hex. Data FF FF FF FF 01 48 00 00 FF FF 00 44 7E BA 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 FF 00 43 00 00 00 00 0F 01 00 00 00 80 11 34 00 80 00 9F AA EF 00 9F 00 21 A6 12 00 21 00 32 00 01 00 32 00 A9 00 01 00 A9 00 08 00 06 00 00 00 00 00 00 00 00 00 45 FF 00 00 00 00 00 FF 00 00 00 00
1- At each level, look for the field allowing to know the encapsulated protocol.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth V2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; 0010:0011 Packet Length: 328 Reliability:Normal 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255 UDP [0022:0029] 0022:0023 Source Port: Bootstrap Protocol Client 0024:0025 Destination Port: Bootstrap Protocol Server 0026:0027 Packet Length: 308 0028:0029 Checksum: 0xEF12 (correct)
235
Page 1.235
Addr. 0000: 0010: 0020: 0030: 0040: 0050: 0140: 0150:
BOOTPBOOTP-client
Hex. Data FF FF FF FF 01 48 00 00 FF FF 00 44 7E BA 00 00 00 00 00 00 00 00 00 00
BOOTPBOOTP-server
FF 00 00 00 00 00 FF 00 43 00 00 00 00 0F 01 00 00 00 80 11 34 00 80 00 9F AA EF 00 9F 00 21 A6 12 00 21 00
UDP
32 00 01 00 32 00 A9 00 01 00 A9 00 08 00 06 00 00 00 00 00 00 00 00 00
IP
45 FF 00 00 00 00 00 FF 00 00 00 00
8 User Datagram Protocol UDP trace

1- At each level, look for the field allowing to know the encapsulated protocol.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Eth v2 [0000:000D] 0000:0005 Destination Address: FFFFFFFFFFFF (Broadcast) 0006:000B Source Address: 00809F2132A9 (Alcatel2132A9) 000C:000D Ethernet Type: DOD Internet Protocol (IP) IP [000E:0021] 000E:000E Version: 4; Header Length: 20 000F:000F TOS, Precedence: Routine; Delay:Normal;Throughput:Normal; 0010:0011 Packet Length: 328 Reliability:Normal 0012:0013 Identification: 0x0000 0014:0014 DF: May Fragment; MF: Last Fragment 0014:0015 Fragment Offset: 0 0016:0016 Time to Live: 15 0017:0017 Transport: User Datagram 0018:0019 Header Checksum: 0xAAA6 (correct) 001A:001D Source Address: 0.0.0.0 001E:0021 Destination Address: 255.255.255.255 UDP [0022:0029] 0022:0023 Source Port: Bootstrap Protocol Client 0024:0025 Destination Port: Bootstrap Protocol Server 0026:0027 Packet Length: 308 0028:0029 Checksum: 0xEF12 (correct)
236
Page 1.236
Objective:
8 User Datagram Protocol Evaluation
to be able to to be able to list the characteristics of UDP transport layer protocol
237
Page 1.237
238
Page 1.238
1 2 3 4 5 6 7 8 9
1.239
Page 1.239
9 TCP protocol Situation of the TCP protocol Application Transport Network

NTP TFTP UDP ICMP SNMP DNS Telnet FTP SMTP TCP HTTP
IP ARP
LLC
SNAP 802.2
Link
MAC FDDI Optical fibre
Ethernet V2
Physical
10 Base 2
10 Base 5 240
Transmission Control Protocol (TCP) TCP provides connection-oriented reliable data delivery, duplicate data suppression, congestion control, and flow control. TCP is a standard protocol with STD number 7. TCP is described by RFC 793transmission Control Protocol. Its status is recommended, but in practice, every TCP/IP implementation that is not used exclusively for routing will include TCP. TCP provides considerably more facilities for applications than UDP, notably : error recovery, flow control, reliability. TCP is a connection-oriented protocol, unlike UDP, which is connectionless.
Page 1.240
9 TCP protocol Connection-oriented service
TCP IP
P3 P2 P1
TCP reorder the received packets
Connectionless service
P2
IP network
P1 P2 P3
TCP IP
P1 P3 P2 P1
P3
P3
P1
P2
TCP offers Connection-oriented service
Sequence numbers have to be introduced and managed by TCP

241
Page 1.241
9 TCP protocol Error recovery Application TCP P1 IP

2 Central Bank Withdraw: 50$ P1P1-OK
Application
Withdraw: 50$
TCP is reliable
TCP P1 IP
IP network (not reliable)
h C as er ens di s p
242
Page 1.242
9 TCP protocol TCP Format

Byte Byte Byte Byte
source Port number
max 60 bytes
A R S F Header Reserved U R C PS S Y I H length G K T N N
Sequence number Acknowledge number
destination port number Min 20 bytes
Checksum
Options (optional) Data (optional)
Window size urgent Pointer
Header length : expressed in word of 4 bytes

243
A unit of transmission in a TCP layer is called a segment Header length : The number of 32-bit words in the TCP header. It indicates where the data begins.
Page 1.243
9 TCP protocol TCP port number

Bytes Bytes Bytes Bytes
Source port number
Header length
Checksum
S Y I Reserved R C PS G K H T N N
U A

R S F
Destination port number
244
Ports : Allow multiplexing: Achieved through the use of ports, just as with UDP.
Page 1.244
9 TCP protocol Some Well known ports using TCP server FTP
Data
port
Server Telnet
Server SMTP
Server DNS
Server HTTP
port
Ctrl
20
21
port
23
port
TCP IP
25
port
53
port
80
Network TCP/IP
Server
245
Unix display /etc/services to see port assignments.
Page 1.245
9 TCP protocol Main TCP well-known ports 5: RJE- Remote Job Entry 7: Echo 9: Discard 11: Systat- logged users 13: Daytime 15: Netstat 19: Chargen20: FTP File Transfer Protocol- Data 21: FTP File Transfer Protocol- Commands 23: TELNETTELNET Remote connection 25: SMTP Simple Mail Transfer Protocol53: DNS Domain Name Server (zone transfer) 80: HTTP Hypertext Transfer Protocol 110: POP3 Post Office Protocol 111: SUNRPC 139: Netbios
246
Most servers require only a single port. Exception is the FTP server, which uses two: 20 and 21 Normally, a server will use either TCP or UDP, but there are exceptions. For example, domain name servers use both UDP port 53 (for query) and TCP port 53 (for database transfer between Domain name servers).
Page 1.246
9 TCP protocol Sequence numbers and flags

source Port number
Header length
Checksum
U A

R S F
destination port number
247
Sequence Number: The sequence number of the first data byte in this segment. If the SYN control bit is set, the sequence number is the initial sequence number (n) and the first data byte is n+1. Acknowledgement Number: If the ACK control bit is set, this field contains the value of the next sequence number that the receiver is expecting to receive. URG: Indicates that the urgent pointer field is significant in this segment. PSH: Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination. ACK: Indicates that the acknowledgement field is significant in this segment. RST: Resets the connection. SYN: Synchronise the sequence numbers. FIN: No more data from sender.
Page 1.247
9 TCP protocol Connection establishment

Appli
Seq. X Connect-Request
TCP
Three-way handshake
S YN
Seq. : y Connect-Indication Connect-Response
TCP
Appli
(Seq.: x)
Connect-Confirm
q.= y) SYN (Seq.=
x+ 1) / ACK ( Ack.=
ACK ( Ack.= y +1)/
(Seq.= X + 1)
248
Once established, data can flow reliably on both directions
Page 1.248
9 TCP protocol Reordering data Establishment phase Seq. : 40 Data-Request (abcd) abcd Data-Request (efg) efg Data-Request (hi) hi Data-Request (jkl) jkl Transfer phase
( S eq .= 44 ) / Dat a e f g
(Seq.= 40 ) / Data a bc d
44 ACK =44
Data-Indication (abcd) abcd
(Seq.= 47) / Data hi (Seq.= 49 ) / Data j kl
52 ACK =52
Data-Indication (efghijkl) efghijkl

249
TCP is in charge of reordering the received data.
Page 1.249
Client
400
9 TCP protocol Reliability thanks to sequence and acknowledge numbers Server

SYN / Seq nb :4 0 0 / ..
100
401
::
+1 411
SYN / seq nb :100 / A C K : a c k nb: 4 0 1
+1 101
Seq nb:4 0 1 PS / H
ACK
/ a ck nb : 1 0 1 /
/ACK /a ck nb: 1 0 1 /1 0 by tes
421
delivery 22 bytes
1 bytes 1/ PSH/ ACK ack nb : 42/2 21 sq:12 n sq:1 Seq nb :4 2 1 / ACK / a ck nb : 1 2 3
/20 bytes 1/ ACK: ack nb : 411 01 sq:10 n sq:1 Seq nb :4 1 1 / ACK / a ck nb : 1 2 1 /1 0 by tes
delivery 10 bytes
121
123
250
The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself. TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.
Page 1.250
Client 421
FIN / Seq nb :4 2 1 / A CK / a ck nb : 1 2 3
A C K : a c k nb: 4 2 2
9 TCP protocol Session termination Server 123
+1
/ ack nb : 422 FIN / Seq nb :123 / ACK
+1
ACK: ack nb: 124
251
The primary purpose of TCP is to provide reliable logical circuit or connection service between pairs of processes. It does not assume reliability from the lower-level protocols (such as IP), so TCP must guarantee this itself. TCP can be characterised by the following facilities it provides for the applications using it: Stream Data Transfer: From the application's viewpoint, TCP transfers a contiguous stream of bytes through the network. The application does not have to bother with chopping the data into basic blocks or datagrams. TCP does this by grouping the bytes in TCP segments, which are passed to IP TCP assigns a sequence number to each byte transmitted and expects a positive acknowledgement (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Sometimes, an application needs to be sure that all the data passed to TCP has actually been transmitted to the destination. For that reason, a push function is defined. It will push all remaining TCP segments still in storage to the destination host. The normal close connection function also pushes the data to the destination.
Page 1.251
9 TCP protocol Urgent Pointer

source Port number
Header length
Checksum
U A

R S F
Urgent data
Options (optional)
252
Urgent Pointer : Points to the first data byte following the urgent data. Only significant when the URG control bit is set. URG: Indicates that the urgent pointer field is significant in this segment
Page 1.252
9 TCP protocol Flow control
a window size TCP gives a credit to each sender
IP network
253
Page 1.253
9 TCP protocol Window size

source Port number
Header length
Checksum
U A

R S F
254
Window: The window size is determined by the receiver when the connection is established and is variable during the data transfer. Each ACK message will include the window size that the receiver is ready to deal with at that particular time. Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism.
Page 1.254
5000
W I N D 5500 O W I N 6000 D O W
500 bytes 500 bytes 500 bytes
Seg m ent 1 ( Seq. nb=5 0 0 0 )
9 TCP protocol Window : End-to-end flow control Receiver Ack nb=5000 / Window: 1000 Buffer
5 0 0 by t es
5000 5500
Ack nb=5500
S e gme n t 2 (Se q . bn S e gme n t 3 (Se q . bn
0 / W i ndo w: 1 0 0
=5500) 500 b yte s
500 bytes 500 bytes 500 bytes
Ack nb=6000
/W
indow: 500
6000
=6000)
500 b yte s
Ack nb=6500 / Window: 0
6500 6850
W I N D O W
350 bytes
Se gme nt 4 (Se q. nb=6500)

350 byte s
6500 6850
350 bytes
255
TCP sends data in variable length segments. Sequence numbers are based on a byte count. Acknowledgements specify the sequence number of the next byte that the receiver expects to receive. The sender can send all packets within the window without receiving an ACK, but must start a timeout timer for each of them. The receiver must acknowledge each packet received, indicating the sequence number of the last well-received packet. The sender slides the window on each ACK received. This window mechanism ensures: Reliable transmission. Better use of the network bandwidth (better throughput). Flow-control, since the receiver may delay replying to a packet with an acknowledgment, knowing its free buffers are available and the window-size of the communication.
Page 1.255
TCP
Source IP address
Pseudo IP header
9 TCP protocol Checksum calculation IP

Ver Header length
Type Of Service
Datagram length
Destination IP address 00 Protocol port source Ack number Window size Urgent pointeur port destination Datagramme length
Identification
Flag
12 bytes
Datagram Offset
TTL
Protocol 17
Checksum
Source IP address Destination IP address
Sequence number
Header Reserved U A P R S F RCS S Y I length
Calculation
Checksum
G K HT N N
TCP Datagram
256
Checksum: The 16-bit one's complement of the one's complement sum of all 16-bit words in a pseudo-header, the TCP header, and the TCP data. While computing the checksum, the checksum field itself is considered zero. The pseudo-header is the same as that used by UDP for calculating the checksum. It is a pseudo-IP-header, only used for the checksum calculation.
Page 1.256
9 TCP protocol Options
Header length
destination port source port Sequence number Acknowledge number Checksum

S Y I Reserved R C PS G K H T N N U A R S F
Window size urgent Pointeur
1 Type
1 Length
2 Value 4 : Sack-Permitted 5 : Sack(Selective ACK) 8 : Timestamps

257
0: end of option list 1 : No-Operation 2 : Maximum segment size 3 : Window scale

Options:
Maximum Segment Size option: This option is only used during the establishment of the connection (SYN control bit set) and is sent from the side that is to receive data to indicate the maximum segment length it can handle. Window Scale option: This option is not mandatory. Both sides must send the Windows Scale Option in their SYN segments to enable windows scaling in their direction. The Window Scale expands the definition of the TCP window to 32 bits. It defines the 32-bit window size by using scale factor in the SYN segment over standard 16bit window size. The receiver rebuild the 32-bit window size by using the 16-bit window size and scale factor. This option is determined while handshaking. There is no way to change it after the connection has been established. SACK-Permitted option: This option is set when selective acknowledgement is used in that TCP connection. SACK option: Selective Acknowledgement (SACK) allows the receiver to inform the sender about all the segments that are received successfully. Thus, the sender will only send the segments that actually got lost. If the number of the segments that have been lost since the last SACK is too large, the SACK option will be too large. As a result, the number of blocks that can be reported by the SACK option is limited to four. To reduce this, the SACK option should be used for the most recent received data. Timestamps option: The timestamps option sends a timestamp value that indicates the current value of the timestamp clock of the TCP sending the option. Timestamp Echo Value can only be used if the ACK bit is set in the TCP header.
Page 1.257
9 TCP protocol Retransmit Timeout

INTERNET
Round Trip Time
segment
Ack
etransmit _ x = R TimeOut
Waiting for ack
segment
258
Variable timeout intervals Each TCP should implement an algorithm to adapt the timeout values to be used for the round trip time of the segments. To do this, TCP records the time at which a segment was sent, and the time at which the ACK is received. A weighted average is calculated over several of these round trip times, to be used as a timeout value for the next segment(s) to be sent. In Internet, the path between a pair of hosts may traverse a single high speed network or, it may wind across multiple intermediate networks. Thus it is impossible to know a priori how quickly an acknowledge will return. TCP uses an adaptive retransmission algorithm. The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT Round Trip Time .
Page 1.258
9 TCP protocol Average RTT A : average RTT

INTERNET
A0 =
RTT0 RTT1 RTT2
segment
Ack
segment
Ack
A1 =0,9 x A0 + 0,1 x
segment
Ack
: smooth factor 1< <0
A2 =0,9 x A1 + 0,1 x
A = x A + (1- ) x RTT
259
The TCP sender records the time at which each segment is sent, and the time at which an acknowledgement arrives. The elapsed time is called RTT Round Trip Time . Whenever it measures a new RTT, TCP adjusts its notion of the average RTT for the connection. The algorithm is : RTT being the latest measured Round Trip Time, T0 being the average RTT calculated on the previous RTTs The new average T1 is given by : - T1 = T0 + (1- ) RTT : weighing factor 0< <1 Choosing a value for close to 0 makes the weighted average respond to changes in delay very quickly. Usually, is chosen closer to 1 to prevent a single RTT to affect average dramatically. Example: if =0.9 then the last RTT contribute in only 10% of the new Timeout calculation. Van Jackobson suggested in 1990 a new method of timeout calculation. Karn algorithm suggested not to take in account the measured RTT after a retransmission because one cannot know if the received ack is the response to the initial segment or the retransmit segment.
Page 1.259
9 TCP protocol Congestion control: algorithm Slow Start Transmitter

Ex a mple : 5 1 2 by t es
Receiver
x dow si ze = Ack, Wi n
Segments 20 15 10 5
(Round Trip Time)
exponential increasing
260
TCP congestion control algorithms The TCP congestion algorithm prevents a sender from overrunning the capacity of the network Several congestion control enhancements have been added and suggested to TCP over the years. This is still an active and ongoing research area, but modern implementations of TCP contain four intertwined algorithms as basic Internet standards: Slow start Congestion avoidance Fast retransmit Fast recovery The assumption of the algorithm is that packet loss caused by damage is very small (much less than 1 percent). Therefore, the loss of a packet signals congestion somewhere in the network between the source and destination. There are two indications of packet loss: 1. A timeout occurs. 2. Duplicate ACKs are received. slow start It operates by observing that the rate at which new packets should be injected into the network is the rate at which the acknowledgements are returned by the other end. Slow start adds another window to the sender's TCP: the congestion window, called cwnd. The sender starts by transmitting one segment and waiting for its ACK. When that ACK is received, the congestion window is incremented from one to two, and two segments can be sent. When each of those two segments is acknowledged, the congestion window is increased to four. This provides an exponential growth, although it is not exactly exponential, because the receiver may delay its ACKs, typically sending one ACK for every two segments that it receives.
Page 1.260
9 TCP protocol Algorithm Slow Start and Congestion Avoidance segments

25
20
congestion Detection
Congestion avoidance
rowth
15
10
ssthresh= 16/2= 8
g L inear
slow start
(Round Trip Time)
261
Congestion avoidance Congestion avoidance and slow start are independent algorithms with different objectives. But when congestion occurs TCP must slow down its transmission rate of packets into the network, and invoke slow start to get things going again. In practice, they are implemented together. Congestion avoidance and slow start require that two variables be maintained for each connection: A congestion window, cwnd A slow start threshold size, ssthresh The combined algorithm operates as follows: 1. Initialization for a given connection sets cwnd to one segment and ssthresh to 65535 bytes. 2. The TCP output routine never sends more than the lower value of cwnd or the receiver's advertised window. 3. When congestion occurs (timeout or duplicate ACK), one-half of the current window size is saved in ssthresh. Additionally, if the congestion is indicated by a timeout, cwnd is set to one segment. 4. When new data is acknowledged by the other end, increase cwnd, but the way it increases depends on whether TCP is performing slow start or congestion avoidance. If cwnd is less than or equal to ssthresh, TCP is in slow start; otherwise, TCP is performing congestion avoidance.
Page 1.261
9 TCP protocol Summary
TCP adds : reliability, flow-control,
error recovery
multiplexing/ demultiplexing
connection-oriented
262
Reliability: CP assigns a sequence number to each byte transmitted and expects a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. Since the data is transmitted in blocks (TCP segments), only the sequence number of the first data byte in the segment is sent to the destination host. The receiving TCP uses the sequence numbers to rearrange the segments when they arrive out of order, and to eliminate duplicate segments. Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. This is sent in the ACK in the form of the highest sequence number it can receive without problems. This mechanism is also referred to as a window-mechanism. Multiplexing: Achieved through the use of ports, just as with UDP. Logical Connections: The reliability and flow control mechanisms described above require that TCP initializes and maintains certain status information for each data stream. The combination of this status, including sockets, sequence numbers and window sizes, is called a logical connection. Each connection is uniquely identified by the pair of sockets used by the sending and receiving processes. Full Duplex: TCP provides for concurrent data streams in both directions.
Page 1.262
Objective:
9 TCP protocol Evaluation
to be able to to be able to list the characteristics of TCP transport layer protocol
263
Page 1.263
264
Page 1.264
Exercise solutions
265
Page 1.265
3 ARP protocol Exercise :Trace of ARP protocol Given the following trace :
Addr. 0000: 0010: 0020:
>600hexa =>EthV2
Hex. Data Time:07:33:06.045 FF FF FF FF FF FF 00 60 08 56 F4 E5 08 06 00 01 08 00 06 04 00 01 00 60 08 56 F4 E5 0A 00 00 8C 00 00 00 00 00 00 0A 00 00 8A
1) What is the Ethernet protocol (IEEE802.3 ou Ethernet V2)? 2) Indicate the name of various fields and their value below
ARP Message
Hw type
2
EthV2
0001
Type type
0800
2
Legth @MAC
06
1
length @IP
04
1
Operation
0001
2
@MAC src 00600856F4E5

6
0A00008C
4
@IP src
@MAC dest 000000000000

6
0A00008A
4
@IP dest
Eth frame
ffffffffffff
6
@MAC dest
@MAC src 00600856F4E5

6
Protocol
2
0806 Request
3) Which kind of operation is it?
266
Page 1.266
5 IP protocol 5.1 IP Addressing Exercise ( 1)
@IP 131.108.2.10 159.173.90.134 145.78.185.18 195.32.6.219 125.83.10.3
class B _ B _ A _ C _ B _
Net Id 131.108.0. . . . 0 159.173.0.0 . . . 145.78.0.0 . . . 125.0. . . 0.0 .
195.32.6.0 . . .
267
Page 1.267
@IP
159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Sub-net Mask
255.255.255.128 255.255.255.128 255.255.255.0 . . . 255.255.255.248 . . .
bits for sub-net 9 _ 9 _ 8 5
Net Id
159.173.90.128 . . . 159.173.90.0 . . . 131.108.2.0 . . . 195.32.6.216 . . .
268
Page 1.268
@IP
159.173.90.134 159.173.90.34 131.108.2.10 195.32.6.219
Network Broadcast
159.173.255.255 . . . . . . 159.173.255.255 131.108.255.255 . . . 195.32.6.255 . . .
Net mask
255.255.255.128 255.255.255.128 255.255.255.0 255.255.255.248
Sub-net Broadcast
159.173.90.255 . . . . . . 159.173.90.127 . . . 131.108.2.255 . . . 195.32.6.223
269
Page 1.269
5 IP protocol 5.1 IP Addressing Static subnetting - Exercise 2 - Answer NetID Netmask NetID 1 NetID 2 NetID 3 NetID 4
1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1
164
213
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 0 1 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 1
NetID 1 : 164.213.32.0 / 26 NetID 2 : 164.213.32.64 / 26 NetID 3 : 164.213.32.128 / 26 NetID 4 : 164.213.32.192 / 26
255 164 164
255
0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
32
255
192 0
. .
213 213
. .
32 32
. .
64
164 164
. .
213 213
. .
32 32
. .
128 192
270
Page 1.270
5 IP protocol 5.2 IP routing Routing table - Exercise 8 (answer)

204.92.75.0 204.92.75.0 .2
e0
.1 204.92.77.0 204.92.77.0
e1
e2
.1 204.92.76.0 204.92.76.0
.2
e1
R2
R1
e0
.1 192.168.201.0 192.168.201.0
Fill-in this table

255.255.255.0 204.92.76.0 204.92.77.0 255.255.255.0 255.255.255.0 204.92.75.0 192.168.201.0 255.255.255.0 204.92.76.2
204.92.76.0 192.168.201.0 0.0.0.0(default)
Network
255.255.255.0 255.255.255.0 0.0.0.0
Mask
Next hop
204.92.76.1
e1 e0 e1
If
Network
Mask
Next hop If
e0 e1 e2 e0
271
An important function of the IP protocol is IP routing. This provides the basic mechanism for routers to interconnect different physical networks. The router only has information about various kinds of destinations: networks that are directly attached to one of the physical networks to which the router is attached. Hosts or networks for which the router has been given explicit definitions. The metrics provide indication about cost of a route to a destination. Metrics are based on : the number of hops, the bandwidth, the delay, ...
Page 1.271
5 IP protocol 5.3 IP header Exercise Ethernet header MAC@dest

Addr. 0000: 0010: 0020: 0030: 0040: Hex. Data 01 00 5E 00 00 34 00 00 00 09 02 08 00 00 0A 0A 00 01 00 00 02 00 09 00 08 00
IP header Ethernet Frame

00 02 00 FF 10 11 20 FF 7B CD 05 00 81 DD 73 00 9E 0A 02 00 9A 0E 02 00 08 00 00 00 00 05 00 00 45 E0 00 00 C0 00 02 00 ASCII ..^.....{.....E. .4.............. ....... .s...... ................
IP@dest
1- Look for the destination IP @ and indicate which class is it 2- Look for the destination MAC @ and explain its value Multicast @ 01:00:5E:00:00:09 Copy of lower significant bits from IP@ Answer : E0.00.00.09 224.0.0.9
Class D (multicast)
272
Page 1.272
AAA Authentication, Authorization and Accounting AAL ATM Adaptation Layer API Application Programming Interface ARP Address Resolution Protocol ARPA Advanced Research Projects Agency AS Autonomous System ASN.1 Abstract Syntax Notation 1 BGP Border Gateway Protocol BIND Berkeley Internet Name Domain BSD Berkeley Software Distribution
CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter-Domain Routing CLNP Connectionless Network Protocol JPEG Joint Photographic Experts Group CORBA Common Object Request Broker Architecture LAC L2TP Access Concentrator COS Class of Service LAN Local Area Network CPCS Common Part Convergence Sublayer LAPB Link Access Protocol Balanced CSMA/CD Carrier Sense Multiple Access with Collision Detection LCP Link Control Protocol LDAP Lightweight Directory Access Protocol LE LAN Emulation (ATM) DARPA Defense Advanced Research Projects Agency LLC Logical Link Layer DCE Data Circuit-terminating Equipment LNS L2TP Network Server LPD Line Printer Daemon DDNS Dynamic Domain Name System LPR Line Printer Requester DES Digital Encryption Standard LSAP Link Service Access Point L2F Layer 2 Forwarding DHCP Dynamic Host Configuration Protocol L2TP Layer 2 Tunnelling Protocol DLC Data Link Control DLCI Data Link Connection Identifier DMZ Demilitarized Zone DNS Domain Name Server DOD U.S. Department of Defense DSA Digital Signature Algorithm DSAP Destination Service Access Point DSS Digital Signature Standard DTE Data Terminal Equipment DVMRP Distance Vector Multicast Routing Protocol EGP Exterior Gateway Protocol ESP Encapsulating Security Payload FDDI Fiber Distributed Data Interface FQDN Fully Qualified Domain Name FR Frame Relay FTP File Transfer Protocol GGP Gateway-to-Gateway Protocol GUI Graphical User Interface HDLC High-level Data Link Control HMAC Hashed Message Authentication Code HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol IAB Internet Activities Board IANA Internet Assigned Numbers Authority ICMP Internet Control Message Protocol ICSS Internet Connection Secure Server IDEA International Data Encryption Algorithm
IDLC Integrated Data Link Control IDRP Inter-Domain Routing Protocol IEEE Institute of Electrical and Electronics Engineers IESG Internet Engineering Steering Group IETF Internet Engineering Tas k Fo r ce IGMP Internet Group Management Protocol IGP Interior Gateway Protocol IKE Internet Key Exchange IMAP Internet Message Access Protocol IMS Information Management System IP Internet Protocol IPSec IP Security Architecture IPX Internetwork Packet Exchange IRFT Internet Research Task Force ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network ISO International Organization for Standardization ISP Internet Service Provider
Glossary
MAC Medium Access Control MD2 RSA Message Digest 2 Algorithm MD5 RSA Message Digest 5 Algorithm MIB Management Information Base MILNET Military Network MIME Multipurpose Internet Mail Extensions MLD Multicast Listener Discovery MOSPF Multicast Open Shortest Path First MPC Multi-Path Channel MPEG Moving Pictures Experts Group MPLS Multiprotocol Label Switching MPOA Multiprotocol over ATM MPTN Multiprotocol Transport Network MS-CHAP Microsoft Challenge Handshake Authentication Protocol MTA Message Transfer Agent MTU Maximum Transmission Unit NAT Network Address Tr an sl a t i o n NBDD NetBIOS Datagram Distributor NBNS NetBIOS Name Server NCP Network Control Protocol NCSA National Computer Security Association
Page 1.273
NDIS Network Driver Interface Specification NetBIOS Network Basic Input/Output System NFS Network File System NIC Network Information Center NIS Network Information Systems NIST National Institute of Standards and Technology NMS Network Management Station NNTP Network News Transfer Protocol NRZ Non-Return-to-Zero NRZI Non-Return-to-Zero Inverted NSAP Network Service Access Point NTP Network Time Protocol NVT Network Virtual Ter mi na l OSI Open Systems Interconnect OSPF Open Shortest Path First PAP Password Authentication Protocol PDU Protocol Data Unit PGP Pretty Good Privacy PI Protocol Interpreter PIM Protocol Independent Multicast PKCS Public Key Cryptosystem PKI Public Key Infrastructure PNNI Private Network-to-Network Interface POP Post Office Protocol POP Point-of-Presence PPP Point-to-Point Protocol PPTP Point-to-Point Tunneling Protocol PRI Primary Rate Interface PSDN Packet Switching Data Network PSTN Public Switched Telephone Network PVC Permanent Virtual Circuit QLLC Qualified Logical Link Control QoS Quality of Service RACF Resource Access Control Facility RADIUS Remote Authentication Dial-In User Service RARP Reverse Address Resolution Protocol RAS Remote Access Service RC2 RSA Rivest Cipher 2 Algorithm RC4 RSA Rivest Cipher 4 Algorithm REXEC Remote Execution Command Protocol RFC Request for Comments RIP Routing Information Protocol RIPE Rseaux IP Europens RISC Reduced Instruction-Set Computer RPC Remote Procedure Call RSH Remote Shell RSVP Resource Reservation Protocol RTCP Realtime Control Protocol RTP Realtime Protocol SA Security Association SAP Service Access Point SDLC Synchronous Data Link Control
Glossary
SET Secure Electronic Transaction SGML Standard Generalized Markup Language SHA Secure Hash Algorithm S-HTTP Secure Hypertext Transfer Protocol SLA Service Level Agreement SLIP Serial Line Internet Protocol SMI Structure of Management Information S-MIME Secure Multipurpose Internet Mail Extension SMTP Simple Mail Transfer Protocol SNA System Network Architecture SNAP Subnetwork Access Protocol SNMP Simple Network Management Protocol SOA Start of Authority SPI Security Parameter Index SSL Secure Sockets Layer SSAP Source Service Access Point SSP Switch-to-Switch Protocol SSRC Synchronization Source SVC Switched Virtual Circuit TACACS Terminal Access Controller Access Control System TCP Transmission Control Protocol TCP/IP Transmission Control Protocol/Internet Protocol TFTP Trivial File Transfer Protocol TLPB Transport-Layer Protocol Boundary TLS Transport Layer Security TOS Type of Service TRD Transit Routing Domain TTL Time to Live UDP User Datagram Protocol UID Unique Identifier URI Uniform Resource Identifier URL Uniform Resource Locator VPN Virtual Private Network VRML Virtual Reality Modeling Language VRRP Virtual Router Redundancy Protocol VTAM Virtual Telecommunications Access Method WAE Wireless Application Environment WAP Wireless Application Protocol WSP Wireless Session Protocol WTP Wireless Transaction Protocol WAN Wide Area Network WWW World Wide Web XDR External Data Representation XML Extensible Markup Language 3DES Triple Digital Encryption Standard
Page 1.274
dec 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
hex 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F
bin 00000000 00000001 00000010 00000011 00000100 00000101 00000110 00000111 00001000 00001001 00001010 00001011 00001100 00001101 00001110 00001111 00010000 00010001 00010010 00010011 00010100 00010101 00010110 00010111 00011000 00011001 00011010 00011011 00011100 00011101 00011110 00011111 00100000 00100001 00100010 00100011 00100100 00100101 00100110 00100111 00101000 00101001 00101010 00101011 00101100 00101101 00101110 00101111 00110000 00110001 00110010 00110011 00110100 00110101 00110110 00110111 00111000 00111001 00111010 00111011 00111100 00111101 00111110 00111111
dec 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
hex 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F
bin 01000000 01000001 01000010 01000011 01000100 01000101 01000110 01000111 01001000 01001001 01001010 01001011 01001100 01001101 01001110 01001111 01010000 01010001 01010010 01010011 01010100 01010101 01010110 01010111 01011000 01011001 01011010 01011011 01011100 01011101 01011110 01011111 01100000 01100001 01100010 01100011 01100100 01100101 01100110 01100111 01101000 01101001 01101010 01101011 01101100 01101101 01101110 01101111 01110000 01110001 01110010 01110011 01110100 01110101 01110110 01110111 01111000 01111001 01111010 01111011 01111100 01111101 01111110 01111111
dec 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
hex 80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF
bin 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 10100000 10100001 10100010 10100011 10100100 10100101 10100110 10100111 10101000 10101001 10101010 10101011 10101100 10101101 10101110 10101111 10110000 10110001 10110010 10110011 10110100 10110101 10110110 10110111 10111000 10111001 10111010 10111011 10111100 10111101 10111110 10111111
dec 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
hex C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF
bin 11000000 11000001 11000010 11000011 11000100 11000101 11000110 11000111 11001000 11001001 11001010 11001011 11001100 11001101 11001110 11001111 11010000 11010001 11010010 11010011 11010100 11010101 11010110 11010111 11011000 11011001 11011010 11011011 11011100 11011101 11011110 11011111 11100000 11100001 11100010 11100011 11100100 11100101 11100110 11100111 11101000 11101001 11101010 11101011 11101100 11101101 11101110 11101111 11110000 11110001 11110010 11110011 11110100 11110101 11110110 11110111 11111000 11111001 11111010 11111011 11111100 11111101 11111110 11111111
Page 1.275
276
Page 1.276

Basic IP PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Basic IP PDF

Uploaded by

Copyright:

Available Formats

TCP/IP protocols

Alcatel University - 8AS 90200 1124 VT ZZA Ed.02

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Page intentionally left blank

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

TCP/IP protocols Session presentation

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Alcatel University - 8AS 90200 1124 VT ZZA Ed.02

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction Network interconnection

TCP/IP network interconnection

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction Communication needs

Many kinds of connections :

- Point-to-Point (leased lines, PSTN,

To facilitate the user tasks : file transfer

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction The TCP/IP model

Application Presentation Session Transport Network Link Physical

HTTP TELNET FTP SMTP DNS TCP IP

FDDI, ATM, PPP ...

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction TCP/IP and Internet

1969-1971 1973 1974

19781978-1981 1983 1986 1991 1995

New TCP and IP protocols

Commercial Internet backbone service

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction Internet growth

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

IESG Internet Engineering Steering Group

Internet Engineering Task Force

IANA www.iana.org Internet Assigned Numbers Authority

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Introduction Process of standardization New specification IESG

RFC yyyy Standard

RFC yyyy Draft standard

RFC xxxx Proposed standard

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Introduction RFC: Request For Comments

Clarifications and Extensions for the Bootstrap Protocol

W. Wimer Carnegie Mellon University October 1993

Clarifications and Extensions for the Bootstrap Protocol 13

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction Main topologies

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1 Introduction The use of layers in a TCP/IP communication

Network @IPa IP@ sadb Link Phys@ s1d2

Phys@ s8d7 Phys@ 2 Phys@ Phys@ 8 6 Phys@ s8d7

Phys@: 1 Phys@ s1d2 Phys@ 3

Phys@ Phys@: 15 4 Phys@ s4d15 Phys@ 34

Network @IPb IP@ sadb Link Phys@ s4d15

Transport Port sd data

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

1- Among these protocols, which are level 4 protocols ?

2- Who is responsible for the number assignment in the Internet

3- What is first status given to a new RFC

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

Alcatel University - 8AS 90200 1124 VT ZZA Ed.02

Alcatel University 8AS 90200 1124 VH ZZA Ed.02

2 Physical and link layers