1 originally (1/7/01) by: usha viswanathan modified (1/17/03) by: john r. durrett
TRANSCRIPT
11
Originally (1/7/01) by:Originally (1/7/01) by:Usha ViswanathanUsha Viswanathan
Modified (1/17/03) by:Modified (1/17/03) by:John R. DurrettJohn R. Durrett
22
Presentation OverviewPresentation Overview
– TCP/IP ideas and origins– Conceptual Model: OSI and TCP/IP– TCP/IP protocol architecture– IP addressing – IP Routing– TCP– Applications– IPv6
33
TCP/IP TCP/IP The “The “lingua francalingua franca” of the ” of the InternetInternet..
44
ISO’s Open Systems Interconnect (OSI) ISO’s Open Systems Interconnect (OSI) Reference ModelReference Model
– Protocol Layering• Series of small modules
Well defined interfaces, hidden inner processesΔ Process modules can be replaced
Lower layers provide services to higher layers
– Protocol Stack: modules taken together
– Each layer communicates with its pair on the other machine
55
The OSI ModelThe OSI Model
PhysicalPhysical
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
PhysicalPhysical
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
Across Network
The path messages take
Sender Receiver
NetworkNetworkNetworkNetwork
66
OSI LayersOSI Layers
Communication partners, QoS identified
Semantics , encryption compression (gateways)
Establishes, manages, terminates sessions
Sequencing, flow/error control, name/address resolution
Routing, network addresses (routers)
MAC address, low level error control (bridges )
Encoding/decoding digital bits, interface card PhysicalPhysical
NetworkNetwork
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
77
TCP/IPTCP/IP
Network Network LayerLayer
TransportTransportLayerLayer
ApplicationApplication
Network Network LayerLayer
Network Network LayerLayer
Network Network LayerLayer
Network Network LayerLayer
TransportTransportLayerLayer
ApplicationApplication
Network Network LayerLayer
TransportTransportLayerLayer
AliceAlice BobBobRouterRouter
88
TCP/IP: The Protocols and the OSI TCP/IP: The Protocols and the OSI ModelModel
EthernetEthernet Token BusToken Bus Token RingToken Ring FDDIFDDI
Internet ProtocolInternet Protocol
ARPARP
TELNET FTP SMTP DNS SNMP DHCPTELNET FTP SMTP DNS SNMP DHCP
DatalinkDatalinkPhysicalPhysical
NetworkNetwork
TransportTransport
ApplicationApplicationPresentationPresentation
SessionSession
ICMPICMPIGMPIGMP
RTPRTPRTCPRTCP
TransmissionTransmissionControl ProtocolControl Protocol
User DatagramUser DatagramProtocolProtocol
OSPFOSPF
RIPRIP
99
Data Encapsulation by LayerData Encapsulation by Layer
DestinationDestinationDestinationDestination
DataData
TCP HeaderTCP Header
DatagramDatagram
PacketPacket
ApplicationApplication
TCPTCP
NetworkNetwork
Data LinkData Link
FrameFrame
Opens envelopes layer-by-layerOpens envelopes layer-by-layer
1010
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
– Traditional TCP/IP Security: None• No authenticity, confidentiality, or integrity• Future: IPSec
– Workhorse of the internet• FTP, telnet, ssh, email, http, etc.
– The protocol responsible for the reliable transmission and reception of data.
– Unreliable service is provided by UDP.– Transport layer protocol.– Can run multiple applications using the same transport.
• Multiplex through port numbers
1111
TCP FieldsTCP Fields
Source portSource port Destination portDestination port
Sequence numberSequence number
Acknowledgment numberAcknowledgment number
Data offset Data offset ReservedReserved WindowWindow
ChecksumChecksum Urgent pointerUrgent pointer
OptionsOptions PaddingPadding
datadata
UURRPP
AACCKK
PPSSHH
RRSSTT
SSYYNN
FFIINN
1212
TCP Connection EstablishmentTCP Connection Establishment
– Alice to Bob: SYN with Initial Sequence Number-a
– Bob to Alice: ACK ISN-a with ISN-b
– Alice to Bob: ISN-b
– Connection Established
1313
User Datagram Protocol (UDP)User Datagram Protocol (UDP)– Connectionless– Does not retransmit lost packets– Does not order packets– Inherently unreliable
– Mainly tasks where speed is essential
– Streaming audio and video– DNS
Source PortSource Port Destination PortDestination Port
Message LengthMessage Length ChecksumChecksum
DataData
……
1414
ICMP: network plumberICMP: network plumber
Message Type Type # Purpose
Echo Reply 0 Ping response –system is alive
Destination Unreachable 3 No route, protocol, or port closed
Source Quench 4 Slow down transmission
Redirect 5 Reroute traffic
Echo 8 Ping
Time Exceeded 11 TTL exceeded packet dropped
Parameter Problem 12 Bad header
Timestamp 13 Time sent and requested
Timestamp return 14 Time request reply
Information request 15 Hosts asks: What network am I on
Information Reply 16 Information Response
1515
Ports Ports
PORT USE
17 Quote of the Day
20 File Transfer Data
21 File Transfer Control
22 SSH
23 Telnet
25 SMTP
43 Whois (tcp & udp)
666 Doom
““Ports are used in the TCP [RFC793] to name the ends of logical connections which carry Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact contact port is defined. This list specifies the port used by the server process as its contact
port. The contact port is sometimes called the "well-known port". port. The contact port is sometimes called the "well-known port".
•Source portSource port•Destination portDestination port•Logical connectionLogical connection
•Priviledged – unprivileged portsPriviledged – unprivileged ports
•Netstat –naNetstat –na
1616
IP AddressIP Address
– uniquely identifies a computer on a network
– 32 bits, 4 bytes of 8 bits each:xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
– dotted quad notation system– Example 198.113.201.23 – There are five classes of addresses: A - E.
1717
Identifying a ClassIdentifying a ClassAddress Address IdentifierIdentifier
Network AddressNetwork Address Host AddressHost Address
1111011110 Class E - Reserved for future useClass E - Reserved for future use
00 7 bits of network address7 bits of network address 24 bits of host address24 bits of host addressFirst byte Last three bytes
Class A
1010 14 bits of network address14 bits of network address16 bits of host address16 bits of host address
First two bytes Last two bytes
110110 21 bits of network address21 bits of network address 8 bits of host address8 bits of host addressFirst three bytes Last
byte
11101110 Multicast address in the range of 224.0.0.0 - 239.255.255.255Multicast address in the range of 224.0.0.0 - 239.255.255.255
Class B
Class C
Class D
Class E
0-126
128-191
192-223
224-239
240-255
16,277,214 hosts per network ID
254 hosts
65,354 hosts
1818
SubnettingSubnetting
– Each address consists of two components:Network address and Host address
– Determined by Netmask
– 10.21.41.3 = 00001010 00010101 00101001 00000011– 255.255.0.0 = 11111111 11111111 00000000 00000000
– Network address is IP XORed with netmask
Customer SiteCustomer Site
130.1.0.0130.1.0.0
130.1.1.0130.1.1.0130.1.2.0130.1.2.0130.1.3.0130.1.3.0 . . . . . . .. . . . . . .130.1.255.0130.1.255.0
InternetInternet
1919
Masks and PrefixesMasks and Prefixes
– The addresses 210.10.40.0/24 and 210.10.40.0/255.255.255.0 mean the exact same thing.
IP Network AddressIP Network Address PrefixPrefix Subnet MaskSubnet Mask
128.1.0.0128.1.0.0 /16 /16 255.255.0.0255.255.0.0
190.1.8.0190.1.8.0 /21 /21 255.255.248.0255.255.248.0
207.16.16.128207.16.16.128 /25 /25 255.255.255.128255.255.255.128
IP Network AddressIP Network Address PrefixPrefix Subnet MaskSubnet Mask
128.1.0.0128.1.0.0 /16 /16 255.255.0.0255.255.0.0
190.1.8.0190.1.8.0 /21 /21 255.255.248.0255.255.248.0
207.16.16.128207.16.16.128 /25 /25 255.255.255.128255.255.255.128
2020
IP Addressing IP Addressing
Internet
150.1.0.0
150.1.1.0
150.1.2.0
150.1.3.0
150.1.4.0
150.1.5.0
150.1.6.0
150.1.7.0150.1.8.0
150.1.9.0
150.1.10.0
150.1.11.0
150.1.12.0
1501.13.0
150.1.14.0
150.1.15.0
150.1.16.0
150.1.17.0
Autonomous System(Typical Customer Network)
Customer can split the network intomultiple subnets, each with an entry inthe local router table.
One entry in the Global Routing Tables
Router
2121
Address Allocation (The Internet Registry)Address Allocation (The Internet Registry)
IANAIANA
InterNICInterNICAmericaAmerica
RIPERIPEEuropeEurope
APNICAPNICAsiaAsia
NationalNational
RegionalRegional
ConsumerConsumer
2222
Domain Name Service (DNS)Domain Name Service (DNS)
– Provides a naming service for TCP/IP.• Provides many functions related to IP addresses and names
– Three components• A name server, a name resolver, and a database
Name ServerName Server
198.1.1.1198.1.1.1198.1.1.2198.1.1.2Database containing Database containing
the mapping for the mapping for Sun_Server 198.1.1.1Sun_Server 198.1.1.1
(1) Name Query “Sun_Server”(1) Name Query “Sun_Server”
(2) Query Response “198.1.1.1”(2) Query Response “198.1.1.1”
(3) Connection(3) Connection
DNS ResolverDNS Resolver
TELNETTELNETSun_serverSun_server
110001100011
101010101010
2323
DNS StructureDNS Structure
– Hierarchical in structure.– Each level provides further definition.– Each branch is called a level (63 characters in length).– Internet Registry provides uniqueness in names.– A single domain is assigned and may be further defined by the local
site.
2424
Domain StructureDomain Structure
Root ServerRoot Server
comcom eduedu comcom govgov milmil netnet
.firm.firm .arts.arts .nom.nom .rec.rec .info.info .web.web .store.store
The extra top-level domains (TLDs) that are shown as the bottom setThe extra top-level domains (TLDs) that are shown as the bottom setof boxes are proposed, they are shown here as examples,of boxes are proposed, they are shown here as examples,
and as of this writing have not been adopted.and as of this writing have not been adopted.
2525
Network Address Translation (NAT)Network Address Translation (NAT)
– Illegal Addresses– Unroutable addresses: 10.0.0.0 192.168.0.0 – Limited address space in IP V4
– NAT maps bad to valid addresses• Mapping to single external address• One-to-One mapping• Dynamically allocated addresses
RouterRouter
10.0.0.510.0.0.5 12.13.4.512.13.4.5
2626
Name ServersName Servers
Query Query “labhost.bnr.ca.us”“labhost.bnr.ca.us”
IP address of “labhost.bnr.ca.us”IP address of “labhost.bnr.ca.us”
Name ServerName Server
Query “labhost.bnr.ca.us”Query “labhost.bnr.ca.us”
Query “labhost.bnr.ca.us”Query “labhost.bnr.ca.us”
Query “labhost.bnr.ca.us”Query “labhost.bnr.ca.us”
Query “labhost.bnr.ca.us”Query “labhost.bnr.ca.us”
IP address of IP address of “labhost.bnr.ca.us”“labhost.bnr.ca.us”
Referral to bnr.ca.us serverReferral to bnr.ca.us server
Referral to ca.us serverReferral to ca.us server
Referral to us serverReferral to us server
Root serverRoot server
.us server.us server
.ca.us server.ca.us server
bnr.ca.us serverbnr.ca.us server
2727
HTTPHTTP
Logical Structure of theLogical Structure of the Internet Protocol Suite Internet Protocol Suite
Physical LayerPhysical Layer
IPIP
ARPARP
TELNETTELNET
TransmissionTransmissionControl ProtocolControl Protocol
User DatagramUser DatagramProtocolProtocol
RARPRARP
Internet AddressingInternet Addressing
(ICMP,IGMP)(ICMP,IGMP)
FTPFTP SNMPSNMPDNSDNS TFTPTFTP
Connection OrientedConnection Oriented ConnectionlessConnectionless
2828
Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)
Maps IP addresses to MAC addresses
When host initializes on local network:– ARP broadcast : IP and MAC address– If duplicate IP address, TCP/IP fails to initialize
Address Resolution Process on Local Network – Is IP address on local network?– ARP cache– ARP request– ARP reply– ARP cache update on both machines
2929
ARP OperationARP Operation
ARP Request
Here is my Here is my MAC addressMAC address
129.1.1.1129.1.1.1 BB CC 129.1.1.4129.1.1.4NotNotmeme
Not Not meme
That’sThat’smeme
RequestRequestIgnoredIgnored
RequestRequestIgnoredIgnored
ARP ResponseARP ResponseAcceptedAccepted
Give me the MAC address of station 129.1.1.4Give me the MAC address of station 129.1.1.4
3030
Address Resolution on Remote Address Resolution on Remote NetworkNetwork
– IP address determined to be remote– ARP resolves the address of each router on the way– Router uses ARP to forward packet
RouterRouter
Network ANetwork A Network BNetwork B
3131
Reverse Address Resolution Protocol Reverse Address Resolution Protocol (RARP)(RARP)
Same packet type used as ARP
Only works on local subnets
Used for diskless workstations
RARP RARP RequestRequest
RARPRARPResponseResponse
DisklessDisklessWorkstationWorkstation BB CC RARPRARP
ServerServer
NotNotmeme
Not Not meme
RequestRequestIgnoredIgnored
RequestRequestIgnoredIgnored
RARP ResponseRARP ResponseAcceptedAccepted
Give me my IP addressGive me my IP address 129.1.1.1129.1.1.1
3131
3232
The Internet Protocol (IP)The Internet Protocol (IP)
– IP’s main function is to provide for the interconnection of subnetworks to form an internet in order to pass data.
– The functions provided by IP are:• Addressing• Routing• Fragmentation of datagrams
3333
Host Name ResolutionHost Name Resolution
Standard Resolution– Checks local name– Local HOSTS file– DNS server
Windows NT Specific Resolution– NetBIOS cache– WINS server– b-node broadcasts– LMHOSTS file (NetBIOS name)
3434
Routing PacketsRouting Packets
– Process of moving a packet from one network to another toward its destination
– RIP, OSPF, BGP
– Dynamic routing
– Static routing
– Source routing
3535
IP RoutingIP Routing
– IP routing is the process by which packets are routed and delivered between networks
– Local vs remote networks– Router vs default gateway– Static vs dynamic routing– Two types: direct and indirect.– Two types of protocols IGP and EGP.
• IGP provides for routing within a single AS• EGP provides for routing between ASs
3636
Direct and Indirect RoutingDirect and Indirect Routing
– Network numbers must match for direct routing.
– Different network numbers for indirect routing.
– Remote nodes may use a combination of both direct and indirect routing.
Direct RoutingDirect Routing
Indirect RoutingIndirect RoutingStation D 140.2.1.1Station D 140.2.1.1
DirectDirectRoutingRouting Station AStation A
140.1.1.1140.1.1.1Station BStation B140.1.2.1140.1.2.1
Station CStation C140.1.3.1140.1.3.1
3737
Hubs & SwitchesHubs & Switches
– Hub:• broadcasts information received on one interface to all other
physical interfaces
– Switch: • does not broadcast• Uses MAC address to determine correct interface
3838
FirewallsFirewalls
– Control the flow of traffic between networks
– Internal, External, Server, Client Firewalls
– Traditional Packet filters– Stateful Packet filters– Proxy-based Firewalls
3939
Traditional Packet FiltersTraditional Packet Filters
– Analyses each packet to determine drop or pass– SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface
– Very limited view of traffic
Action Source Destination Protocol SrcPort Dest Port Codebits
Allow Inside Outside TCP Any 80 Any
Allow Outside Inside TCP 80 >1023 ACK
Deny All All All All All All
4040
Stateful Packet FiltersStateful Packet Filters
– Adds memory of previous packets to traditional packet filters
– When packet part of initial connection (SYN) it is remembered– Other packets analyzed according to previous connections
4141
Proxy-based (Application) FirewallsProxy-based (Application) Firewalls
– Focus on application to application
– Can approve:• By user• By application• By source or destination
– Mom calls, wife answers, etc.
4646
IP Address AllocationIP Address Allocation
– Automatic Allocation: permanently assigns an IP address to a station.
– Dynamic Allocation: assigns an IP address to a requesting station for specified amount of time.
– Manual Allocation: preconfigure the server to give the requesting station the same IP address every time it requests it.
4747
SecuritySecurity
– Encryption: Symmetric vs Asymmetric, hash codes
– Application Layer• PGP, GnuPG, S/MIME, SSH
– Session Layer: Secure Socket Layer (SSL)• Digital certificates to authenticate systems and distribute
encryption keys• Transport Layer Security (TLS)
– Network-IP Layer Security (IPSec)• AH: digital signatures• ESP: confidentiality, authentication of data source, integrity
4848
IPSecIPSec Authentication Header (AH) Authentication Header (AH)
Next Header Payload Length Reserved
Security Parameters Index (SPI)
Sequence Number Field
Authentication Data
(variable number of 32 bit Words)
4949
IPSecIPSec: Encapsulating Security Payload (ESP): Encapsulating Security Payload (ESP)
Security Parameters Index (SPI)
Sequence Number Field
Opaque Data, variable Length
Padding
Pad Length Next Header
Authentication Data
5050
Introduction to the TCP/IP Introduction to the TCP/IP Standard ApplicationsStandard Applications
– DHCP–Provides for management of IP parameters.
– TELNET–Provides remote terminal emulation.– FTP–Provides a file transfer protocol.– TFTP–Provides for a simple file transfer
protocol.– SMTP–Provides a mail service.– DNS–Provides for a name service.
5151
DHCP OperationDHCP OperationDHCPDHCPServerServer
BB
DHCP ClientDHCP ClientDHCPDHCPServerServer
AA
DHCP DiscoverDHCP A Offer (IP addr)DHCP A Offer (IP addr)
DHCP B Offer (IP addr)DHCP B Offer (IP addr)
DHCP Request (A)DHCP Request (A)
DHCP A ACKDHCP A ACK
FFFFFF
5252
TELNETTELNET
TELNETTELNETclientclient
HostHost
TELNET TELNET serverserver
TELNET TELNET serverserver
5353
File Transfer Protocol (FTP)File Transfer Protocol (FTP)
ClientClient
HostHost
StorageStorage
(TFTP – (TFTP – uses UDP)uses UDP)
5454
Simple Mail Transfer Protocol (SMTP)Simple Mail Transfer Protocol (SMTP)
–Today known as Electronic Mail, or email.–RFCs 821, 822, 974.–Email still cannot transport packages and other items.–Email is very fast and guarantees delivery.–Three protocols are used for today’s email.
• SMTP–operates over TCP• POP–operates over TCP• DNS–operates over UDP
–SMTP allows for the sending/receiving of email.–POP allows us to intermittently retrieve email.–DNS makes it simple.
5555
Post Office Protocol (POP)Post Office Protocol (POP)
– SMTP is set up to send and receive mail by hosts that are up full time.
• No rules for those hosts that are intermittent on the LAN– POP emulates you as a host on the network.
• It receives SMTP mail for you to retrieve later– POP accounts are set up for you by an ISP or your company.– POP retrieves your mail and downloads it to your personal computer
when you sign on to your POP account.
5656
POP OperationPOP Operation
TCP port 110 connectionTCP port 110 connectionattemptattempt ““POP3 server ready” replyPOP3 server ready” reply
Wait for authentication Wait for authentication
Send authenticationSend authentication Process authentication and ifProcess authentication and ifokay, enter transaction stateokay, enter transaction stateLock mailbox for user.Lock mailbox for user.Assign messages numbersAssign messages numbersSend messagesSend messagesDelete (possibly) messagesDelete (possibly) messages
Retrieve all messagesRetrieve all messagesSend QUIT commandSend QUIT commandSession closedSession closed
Quit receivedQuit receivedPerform update on mailboxPerform update on mailbox
Read messages locallyRead messages locally
POPPOPServerServer
POP ClientPOP Client
5757
SMTP, DNS, and POP TopologySMTP, DNS, and POP Topology
YourYourPCPC
POP3/SMTPPOP3/SMTP
mnauglemnaugleuser1user1user2user2
SMTPSMTP
Your ISPYour ISP
Send mailSend mail
Retrieve mailRetrieve mail
InternetInternet
SMTPSMTP
DNSDNS
joejoe POP ServerPOP ServerJoe’s PCJoe’s PC
send mailsend mail
Retrieve mailRetrieve mail
DNSDNS
Remote ISPRemote ISP
root DNSroot DNS
POP ServerPOP Server
5858
IPv6IPv6
– IPv6 features:
• 128 bit address space
• 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
• ARP not used, “Neighbor Discovery Protocol"
– IPv6 addressing:
• Unicast: A one-to-one IP transfer
• Multicast: A one-to-many-but-not-all transfer
• Anycast: A one-to-many-but-not-all (nearest in group)
• No broadcast
5959
ReferencesReferences
– RFCs: 1180 - A TCP/IP tutorial, 1812 - IP Version 4 Routers1122 - Requirements for Internet Hosts -- Communication Layers1123 –Requirements for Internet Hosts -- Application & Support826 – Address Resolution Protocol, 791 – IP addressing,950 – Subnetting, 1700 – Assigned Numbers
– TCP/IP 24/7 (ISBN: 0782125093)
– MCSE TCP/IP for Dummies : Cameron Brandon
– Illustrated TCP/IP : Matthew Naugle