< Prev I l@ve RuBoard Next >

Page 21

Chapter 2—
TCP/IP Architecture
< Prev I l@ve RuBoard Next >

Page 22

Introduction

TCP/IP was designed for an environment that was quite unusual in the 1970s but now is the norm.
The TCP/IP protocols had to connect equipment from different vendors. They had to be capable of
running over different types of media and data links. They had to unite sets of networks into a
single internetwork, all of whose users could access a set of generic services.

Furthermore, the academic, military, and government sponsors of TCP/IP wanted to be able to
plug new networks into their internetworks without interruption of service to the rest of the
network.

These requirements shaped the protocol architecture. The need for independence of media
technology and plug-and-play network growth led to the decision to move data across an
internetwork by chopping it into pieces and routing each piece as an independent unit.

The functions that guarantee reliable data transmission were placed into source and destination
hosts. Because of this, router vendors could focus their efforts on improving performance and
keeping up with new communications technologies.

As it happens, the TCP/IP protocols turned out to scale very well, running on systems ranging
from mainframes to PCs. In fact, a useful subset that supports network management routinely is
ported to ''dumb" network devices such as bridges, multiplexers, and switches.

In this chapter, we present a very brief overview of the TCP/IP architecture.

Layering

In order to achieve a reliable exchange of data between computers, there are many separate
procedures that must be carried out:

• Package the data

• Determine the path that the data will follow

• Transmit the data on a physical medium

• Regulate the rate of data transfer according to the available bandwidth and the capacity of the
receiver to absorb data

• Assemble incoming data so that it is in sequence and there are no missing pieces
< Prev I l@ve RuBoard Next >

Page 23

• Check incoming data for duplicated pieces

• Notify the sender of how much data has been received safely

• Deliver data to the right application

• Handle error or problem events

The result is that communications software is complicated! Following a layered model makes it
easier to group related functions together and implement communications software in a modular
manner.

The specific structure selected for the TCP/IP protocols was dictated by requirements that
evolved in the academic and defense communities. IP does what is needed to glue different types
of networks into an internetwork. TCP provides reliable data transfer.

Open Systems Interconnection

Open Systems Interconnection (OSI) was an international effort to create standards for computer
communications and generic application services. OSI was an activity of the International
Organization for Standardization (ISO), founded to promote trade and cooperative advances in
science and technology. Standards promoting OSI are published as ISO documents.

The OSI model for computer communications became a standard part of any networking
professional's education. It provided a framework for identifying where the functionality of
various protocols fit into the overall scheme of things.

OSI protocols are used at some European sites, and the IETF has published a number of RFCs that
deal with internetworking between TCP/IP and OSI environments. However, use of the OSI
protocols is waning.

Figure 2-1 contrasts the TCP/IP and OSI layers. Let's take a brief look at what happens within
each of the TCP/IP layers, starting from the bottom.1

1TCP/IP does not implement formal session and presentation layers.

< Prev I l@ve RuBoard Next >

Page 24

Figure 2-1
TCP/IP and OSI layers.

Physical Layer

The physical layer deals with everything required to place 0s and 1s on a medium—physical
media, connectors, and the signals that represent the 0s and 1s. For example, Ethernet and Token-
Ring network interface cards and cables implement physical layer functions.

Data Link Layer

Recall that a link is a local area network, a point-to-point line, or some other facility across
which systems communicate by means of a data link layer protocol. At the data link layer, data is
organized into units called frames. As shown in Figure 2-2, each frame has a header that includes
address and control information and a trailer that is used for error detection.

For example, a Local Area Network (LAN) frame header contains source and destination
''physical addresses" that identify the source and destination network interface cards on the LAN.
The header for a frame that will be transmitted across a frame relay Wide Area Network (WAN)
contains a circuit identifier in its address field.
< Prev I l@ve RuBoard Next >

Page 25

Figure 2-2
Frame format.

Frames carry any type of protocol data across a link—NetWare IPX, Digital DECnet, IBM, SNA,
and more. The data link layer is neutral territory. It is at layer 3, the network layer, that major
differences between protocol families appear.

Links and their frames are described in Chapter 4.

Network Layer

The Internet Protocol performs network layer functions. IP routes data between systems. Data may
traverse a single link or may be relayed across several links in an internetwork. Data is carried in
units called datagrams.

As shown in Figure 2-3, a datagram has an IP header that contains layer 3 addressing information.
Routers examine the destination address in the IP header in order to direct datagrams to their
destinations.

The IP layer is called connectionless because every datagram is routed independently and IP does
not guarantee reliable or in-sequence delivery of datagrams. IP routes its traffic without caring
which application-to-application interaction a particular datagram belongs to.

Figure 2-3
IP datagram.
< Prev I l@ve RuBoard Next >

Page 26

IP runs on top of just about any kind of link—from gigabit Ethernet to ISDN2 or POTS3 dial-ups.

Transport Layer--TCP

The Transmission Control Protocol performs transport layer functions. TCP provides reliable data
connection services to applications. TCP contains the mechanisms that guarantee that data is
delivered error-free, without omissions and in sequence.

An application (such as file transfer) passes data to TCP. TCP adds a header, forming a unit that is
called a segment.

TCP sends segments by passing them to IP, which routes them to the destination. TCP accepts
incoming segments from IP, determines which application is the recipient, and passes data to that
application in the order in which it was sent.

Transport Layer--UDP

An application sends a stand-alone message to another application by passing the message to the
User Datagram Protocol (UDP). UDP adds a header, forming a unit called a UDP Datagram or
UDP message.

UDP passes outgoing UDP messages to IP. UDP accepts incoming UDP messages from IP and
determines which application is the recipient.

UDP is a ''connectionless" communication service that often is used by simple database lookup
applications. What we mean by the term "connectionless" is that no persistent session is set up. An
application sends a stand-alone message at any time that it deems appropriate.

Packaging Data for Transmission

Figure 2-4 shows how application data is packaged for transmission. Starting from the top, an
application produces some data to be transmitted. A series of headers is added before the
information is placed onto a

2Integrated Services Digital Network.

3Plain Old Telephone Service.

< Prev I l@ve RuBoard Next >

Page 27

Figure 2-4
Packaging data for transmission.

medium packaged in a frame. At the receiving end, an incoming frame is peeled, layer by layer.
Each header is processed, and finally data are delivered to the destination application.

The generic term for information combined with an appropriate layer header is Protocol Data
Unit (PDU). For example, a TCP segment is a transport layer PDU, and an IP datagram is a
network layer PDU. Standards writers like formal terms like PDU. We will rarely use the term in
this book.

TCP/IP Topology

The TCP/IP protocol suite can be used on stand-alone LANs and WANs or on complex
internetworks created by gluing many networks together. Figure 2-5 illustrates stand-alone
network links. Any hosts that are equipped with TCP/IP can communicate with one another across
a LAN, point-to-point line, or wide area packet network.

Networks are joined into an internetwork by means of IP routers. Figure 2-6 shows an
internetwork that was created by connecting the stand-alone networks together via IP routers.

Modern router products are equipped with multiple hardware interface

< Prev I l@ve RuBoard Next >

Page 28

Figure 2-5
Stand-alone networks.

Figure 2-6
Gluing networks together with routers.
< Prev I l@ve RuBoard Next >

Page 29

slots that can be configured with the combination of attachments that the customer needs: Ethernet,
Token-Ring, Fiber Distributed Data Interface (FDDI), point-to-point synchronous, frame relay,
ATM, or whatever.

Internetworks can be built up with arbitrarily messy topologies. However, when an internetwork
has a coherent structure, it is easier for routers to do their job efficiently and to react quickly to a
failure in some part of the network, altering paths so that datagrams avoid a trouble spot. An easy-
to-understand logical design also helps network managers to diagnose, locate, and repair network
faults.

The robust and competitive IP router market has helped to promote TCP/IP architecture. Router
vendors are quick to implement new LAN and WAN technologies, widening their customers'
connectivity options. The router price/performance ratio has decreased steadily over the past few
years.

IP

IP software runs in hosts and in IP routers. If the destination for a datagram is not on the same link
as the source host, IP in the host directs the datagram to a local router. If that router is not directly
connected to the destination link, the datagram must be sent on to another router. This continues
until the destination link is reached.

IP routes to remote locations by looking up the destination network in a routing table. A routing
table entry identifies the next-hop router to which traffic should be relayed in order to reach a
destination. Not all destinations need to be explicitly listed. An entry labeled ''default" can point
traffic toward a more powerful router that has more information, or toward a router that connects
an organization to the Internet.

IP is described in Chapter 6. The closely related Internet Control Message Protocol (ICMP) is
presented in Chapter 7. ICMP provides some error handling and query facilities associated with
IP.

IP Version 6

The version of IP that runs in desktops and servers all over the world today is IP version 4 (IPv4).
At the time that IPv4 was designed, no one
< Prev I l@ve RuBoard Next >

Page 30

could have dreamed that there would be millions (and someday billions) of networked computers
in the world. IPv4 uses a skimpy address format that cannot meet the expanding needs of the
Internet.

A new version of IP is needed in order to solve the address shortage problem. IP version 6 (IPv6)
has been designed to do this—and to do many other things, for example:

• Build networks that automatically configure themselves.

• Support flows of data, such as audio and video.

At the time of writing, IP version 6 is still under construction, and is in a state of experimentation
and change. Many parts of the TCP/IP suite must be modified in order to rebuild the protocol stack
on top of IPv6. For example, applications must be rewritten to work with and display the new
addresses.

Chapters 22 and 23 are devoted to IP version 6. Other IPv6 information is sprinkled through the
book, wherever it is relevant.

Routing Protocols

In a small, static internetwork, routing tables can be entered and maintained manually. In larger
internetworks, routers keep their tables up to date by exchanging information with one another.
Routers can dynamically discover facts such as:

• A new network has been added to the internetwork.

• The path to a destination has been disrupted, and the destination cannot be reached at this time.

• A new router has been added to the internetwork. This router provides a shorter path to certain
destinations.

There is no single required standard for router-to-router information exchange. An organization

can use any protocol it wishes within its own boundaries. A routing information exchange
protocol used within an internetwork is called an Interior Gateway Protocol, or IGP. The
freedom to choose the most convenient protocol has stimulated competition and has led to great
improvements in these protocols.
The Routing Information Protocol (RIP) is a popular standard Interior Gateway Protocol. RIP is
popular because it is simple and widely avail-
< Prev I l@ve RuBoard Next >

Page 31

able. However, the newer Open Shortest Path First (OSPF) protocol has a rich set of useful
features.

Although all routers support one or more standard protocols, some router vendors also provide a
proprietary protocol for router-to-router information exchange. For example, Cisco's Enhanced
Interior Gateway Routing Protocol (EIGRP) is popular with its customers.

Routing protocols are described in Chapter 8.

TCP

TCP is implemented in hosts. The TCP entity at each end of a connection must ensure that the data
delivered to its local application is:

• Accurate

• In sequence

• Complete

• Free of duplicates

The basic mechanism for doing this has been used since the dawn of data communications. The
sending TCP:

• Numbers each segment

• Sets a timer

• Transmits the segment

The receiving TCP has to keep its partner informed of how much correct data has arrived by
means of acknowledgments (ACKs). If an ACK for a segment does not arrive within a timeout
period, TCP resends the segment. This strategy is called retransmission with positive
acknowledgment.
TCP is described in Chapter 9, the longest chapter in this book.

UDP

UDP is implemented in hosts. UDP makes no promise of guaranteed delivery, and it is up to the
peer applications to exchange information that confirms that data has arrived safely.
< Prev I l@ve RuBoard Next >

Page 32

An application that wants to send data via UDP passes a block of data to UDP. UDP simply adds a
header to the block and transmits it.

An application participating in UDP communications may send and receive UDP messages at any
time. It is up to the clients and servers that are built on top of UDP to keep track of any
relationship between the User Datagrams that are exchanged.

UDP also is described in Chapter 9.

Application Services

Implementations of TCP/IP are expected to provide several application services: terminal access,
file transfer, electronic mail and remote printing always are supported. Most products also
include World Wide Web clients and servers.

Terminal Access

In the early 1970s, most computer vendors built proprietary terminals that could be used only with
their own computer systems. The U.S. Department of Defense (DOD) purchased systems from
many different vendors but wanted every user to be able to connect to any host on their network
from a single terminal. The telnet terminal access protocol was created to make this possible.
Telnet terminal access was the first TCP/IP application. Over the years telnet has been enhanced
to work with a large assortment of terminal displays and operating system types.

Telnet is described in Chapter 13.

File Transfer

File transfer was among the earliest services added to TCP/IP. The File Transfer Protocol (FTP)
enables users to copy entire files from one system to another. FTP deals with simple types of files
such as American National Standard Code for Information Interchange (ASCII) text or
unstructured binary data. FTP also lets a user access a remote file system to perform housekeeping
functions such as renaming files, deleting files, or creating new directories.
< Prev I l@ve RuBoard Next >

Page 33

The File Transfer Protocol and a simplified Trivial File Transfer Protocol are described in
Chapter 14.

Mail

Mail has attracted many end users to TCP/IP. Two aspects of mail are standardized:

• The format of the mail passed between users. There are formats for simple text and for multipart,
multimedia messages.

• The mechanisms needed for direct or store-and-forward transfer of mail between hosts. The
Simple Mail Transfer Protocol (SMTP) has been used to transmit mail since the earliest days of
the Internet. Recent extensions have added new functionality.

Many proprietary mail systems have been linked to Internet mail, enlarging the community of
potential mail partners. Electronic mail protocols are discussed in Chapter 16.

World Wide Web Service

The World Wide Web is the most versatile of all of the TCP/IP client/server applications. Users
can view attractive documents enhanced by images and sounds, navigate effortlessly from site to
site with the click of a mouse, and search huge archives of information.

Chapter 18 presents the component protocols used by World Wide Web clients and servers.

Additional Services

Other services have been added to the TCP/IP suite. The sections that follow describe those that
are most popular and widely available.

File Access

File servers let users access remote files as if they are local. File servers first became popular in
personal computer LAN environments as a
< Prev I l@ve RuBoard Next >

Page 34

means to share valuable disk resources and centralize maintenance and backup chores. Many
TCP/IP products include the Network File System (NFS). The products support one or both of the
NFS roles:

File access client. Lets a computer access remote files as if they are local. End users and
local programs will be unaware of the actual location of these files.

File server. Maintains directories that can be accessed by specified computers on a

network.

Clients usually access a file server located on their own LAN. A new version of NFS called
WebNFS works well across wide area networks—including the Internet. NFS and WebNFS are
discussed in Chapter 15.

News

The electronic news application started out as a way to support local bulletin board services and
to exchange bulletin board information between sites.

Many organizations publish their own internal information or operate Internet bulletin boards
using free TCP/IP news server software. Others access Internet news groups that discuss topics
ranging from sports to plasma physics. A news client also can be used to retrieve news that comes
from commercial wire services, such as Reuters, AP, and UPI. See Chapter 17 for a description of
news internals.

Domain Name System Name Service

In order to use network services, you must be able to identify remote computers. Users and
programs can identify computers by names that are easy to remember and easy to type.

To set up communication with a host, its name must be translated to a numeric IP address. In
earlier times, each TCP/IP host kept a complete list of all of the names and addresses of all hosts
on its network. It was impossible to keep these lists up to date on a dynamically growing network
like the Internet, with its hundreds—then hundreds of thousands, and then millions—of hosts.

The Domain Name System (DNS) was invented to solve this problem. The Internet Domain Name
System is a database of host names and addresses distributed across thousands of servers. DNS
protocols enable
< Prev I l@ve RuBoard Next >

Page 35

a user to submit a query to a local server and receive a response that may have been obtained
from a remote server.

In addition to translating between host names and addresses, DNS servers also provide
information that is needed to route electronic mail to its destination. The Domain Name System is
being expanded to hold information that will enhance the overall security of the TCP/IP network
and application environment. The Domain Name System is introduced in Chapter 5 and studied in
depth in Chapter 12.

Network Management

Over the years, many network management tools have been developed for use with the TCP/IP
protocol suite. For example, there are commands that enable a network manager to see whether
systems are active, view their current load, list logged-in users, and list services that are
available.

These commands are very useful, but a lot more was needed to provide a consistent and
comprehensive platform for centralized network management. The Internet community developed
the Simple Network Management Protocol (SNMP) to manage everything from simple devices to
host operating systems and application software. SNMP is described in Chapter 20.

Commercial Software

Many third-party vendors have built applications that run on top of TCP/IP. For example, database
vendors link desktop clients to their servers by means of TCP/IP. New application servers
designed to provide a robust environment for reliable business computing have appeared on the
market. Application servers communicate with clients, peer application servers, and backend
database servers using TCP/IP.

Host Client and Server Roles

Figure 2-7 illustrates interactions between hosts on a network. Note that TCP/IP truly is a peer-to-
peer network architecture. Any host may act as a client, a server, or both.
< Prev I l@ve RuBoard Next >

Page 36

Figure 2-7
Application services on a TCP/IP network.

Application Programming Interfaces

Operating systems that implement TCP/IP usually offer a communications programming interface
for software developers. Most of these are based on the socket programming interface, first
created for the Berkeley Unix operating systems.4 The socket programming interface includes:

• Simple subroutines that create, transmit, and receive the stand-alone messages used in
connectionless UDP communication

• Routines that set up TCP connections, send and receive data, and close the connection

• Routines that can be used to access IP directly, and send datagrams with any type of content.

4The Windows version of the socket programming interface is called WinSock.

< Prev I l@ve RuBoard Next >

Page 37

Socket programming calls are described in Chapter 21, which also contains some sample
programs.

There are many toolkits that simplify the development of distributed client/server applications by
providing built-in communications software. They hide the detailed network calls and allow
developers to concentrate on program logic. For example, database vendors offer tools for
developing client/database server applications. There are two competing Remote Procedure Call
(RPC) client/server programming interfaces that are widely available. RPC toolkits simplify
communications and security programming. Object-oriented programming toolkits hide the details
of remote object access.

The most successful tool is World Wide Web client and server software. Most new applications
are being built around Web clients and servers. It is very easy to add or download a program or a
script to a Web client, or to add application components to a Web server. In this case, the user
interface, communications software, security, a rich client/server protocol (HTTP), and
components that access backend data stores all are prepackaged. Additional prepackaged
components are available and can be plugged in.

Protocol Components Overview

Figure 2-8 shows the relationship between common TCP/IP applications and the components of
the TCP/IP protocol suite. The five applications at the top left—World Wide Web, electronic
mail, file transfer, news, and telnet terminal access—are interactive client/server applications that
run on top of TCP sessions.

End users are generally oblivious to the three applications on the right. The Network File System
(NFS) makes remote files look as if they are located at the user's computer. In other words, NFS
is a standardized file server. Client programs consult the Domain Name System (DNS) in order to
translate server computer names to addresses; and Simple Network Management Protocol
(SNMP) software in hosts, routers, and other network devices enables a network manager to
extract information that is needed for capacity management and troubleshooting. NFS traditionally
ran on top of UDP, but TCP use is on the rise today. The Domain Name System makes use of both
UDP and TCP. UDP is the preferred protocol for the Simple Network Management Protocol, but it
can run on top of anything.
< Prev I l@ve RuBoard Next >

Page 38

Figure 2-8
TCP/IP protocol suite components.

Client Programs

End users can choose from a rich array of products that offer graphical user interfaces for these
applications. In a pinch, most systems provide simple, free built-in text-based clients for file
transfer and terminal access.

Although these text-based user interfaces have not been formally standardized, all of them are
based on Berkeley Software Distribution Unix end-user interfaces. Users who work in text
command mode on two or more types of hosts find it very helpful that the user interface stays
pretty much the same as they move from system to system.

Other Components of TCP/IP

Chapter 3 contains an overview of security technologies. Chapter 24 describes security

capabilities that are being built into IP. Naming and addressing are dealt with in Chapter 5.
Chapter 10 presents a series of
< Prev I l@ve RuBoard Next >

Page 39

protocols associated with multicasting. These relate to multicast clients, routing, and the RSVP
reservation service. Chapter 11 describes the automatic configuration of TCP/IP systems via a
BOOTP or DHCP server. Directories and the Lightweight Directory Access Protocol are
discussed in Chapter 19.