Академический Документы
Профессиональный Документы
Культура Документы
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Port Destination Port
2 Sequence Number
Header
Words
3 Acknowledgement Number
4 Offset Reserved Control Bits Window
5 Checksum Urgent Pointer
6 Options Padding
Data begins here ...
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Version IHL Type of Service Total Length
2 Identification Flag Fragment Offset
Header
Words
3 Time-to-live Protocol Header Checksum
4 Source Address
5 Destination Address
6 Options Padding
Data begins here ...
Ethernet Router
Router Token Ring Router
Router Ethernet
Table of Contents:
Introduction.............................................................................................1
Telematics ...............................................................................................................1
Data-communication................................................................................................1
Data-transmission....................................................................................................1
Accident-proof network ............................................................................................1
Network Media........................................................................................2
Network Medium ......................................................................................................2
Twisted-pair cable....................................................................................................2
Unshielded Twisted-Pair ..................................................................................................................2
Shielded Twisted-Pair.......................................................................................................................2
Coaxial cable ...........................................................................................................2
Thick coax ........................................................................................................................................2
Thin coax..........................................................................................................................................2
Fibre-optic cable ......................................................................................................3
Network Components .............................................................................4
Network Operating System ......................................................................................4
Network Interface Card ............................................................................................4
Client........................................................................................................................4
Server ......................................................................................................................4
Client-Server model .................................................................................................5
Local Resource........................................................................................................5
Remote Resource....................................................................................................5
Node ........................................................................................................................6
Concentrator ............................................................................................................6
Hub ..........................................................................................................................6
Repeater ..................................................................................................................6
Bridge ......................................................................................................................6
Router ......................................................................................................................7
Gateway...................................................................................................................7
Backbone.................................................................................................................7
Networks.................................................................................................8
Network Topology....................................................................................................8
Bus Networks ...................................................................................................................................8
Ring Network ....................................................................................................................................9
Star Network.....................................................................................................................................9
Hub Network...................................................................................................................................10
Local Area Networks..............................................................................................10
Circuit-Switched networks ..............................................................................................................11
Packet-Switched networks .............................................................................................................11
Backbone Network .........................................................................................................................12
Thinnet Network .............................................................................................................................12
10BASET Network .........................................................................................................................12
Wide Area Networks ..............................................................................................12
The seven-layer Open Systems Interconnection Reference Model ......13
Communication Protocols......................................................................................13
Characteristics of Layered Architectures:.......................................................................................13
Description of each of these layers........................................................................14
Layer 1, the Physical Layer ............................................................................................................14
Table of Contents I
4/4/2002 Alex.Peeters@citap.com
Table of Contents II
4/4/2002 Alex.Peeters@citap.com
Table of Contents IV
4/4/2002 Alex Peeters
Introduction:
Telematics:
Data-communication:
Data-transmission:
Character-sets (ASCII & EBCDIC), parallel/serial, method' s of transmission (Asynchronically: all char-
acters are directly and independently from eachother transmitted. It begins with a start-, and ends with
a stop-bit. & Synchronically: The information-packet is transmitted in block.), simplex/half-duplex/full-
duplex, and the speed from the data-transmission.
Accident-proof network:
Is designed so that the actions of one user do not affect the network access of another user. No net-
work is really accident-proof. Therefore, we must reduce the impact of a user' s mistake on the other
users, while knowing well that some accidents cannot be planned for. Design a network that a user
cannot bring down by merely disconnecting his PC, or even by accidentally cutting a wire in his office.
Introduction 1
4/4/2002 Alex Peeters
Network Media:
A Network Medium is the type of cabling used in a network. There are many types of cables used in
networks today, although only a few are commonly used. The type of cabling can have an influence on
the speed of the network.
A Twisted-pair cable has a pair of wires twisted around eachother to reduce the interference. There
can be two, four, or even more sets of twisted pairs in a network cable. Twisted-pair cables are usually
attached to the network devices with a jack that looks like a telephone modular jack, but a little wider,
supporting up to eight wires. The most commonly used jacks are called RJ-11 (6 wires) and RJ-45 (8
wires), depending on the size of the connector and the number of wires inside.
A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insula-
tion, and the second a mesh or foil conductor surrounded the insulation. Outside the mesh is a layer of
outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission
than twisted-pair cable. Coax is also broadband, supporting several network channels on the same
cable.
Network Media 2
4/4/2002 Alex Peeters
A Fibre-optic cable is becoming popular for very high-speed networks (500 Mbits). It is very expen-
sive but capable of supporting many channels at tremendous speed. Fibre-optic cable is almost never
used in local area networks, although some large corporations do use it to connect many LAN’s to-
gether into a wide area network. The supporting hardware to handle fibre-optic backbones is quite ex-
pensive and specialised.
Network Media 3
4/4/2002 Alex Peeters
Network Components:
A Network Operating System (NOS) controls the interaction between all the machines on the net-
work. The network operating system is responsible for controlling the way information is sent over the
network medium and handles the way data from one machine is packaged and send to another. The
NOS also has to handle what happens when two or more machines try to send at the same time.
• Local area networks that have a single server with many clients connected to it who put the
NOS on the server. The main part of the NOS sits on the server, while the smaller client soft-
ware packages are loaded onto each client.
• With larger networks that don'
t use a single server, such as a network running TCP/IP, the
NOS may be part of each machine' s software.
A Network Interface Card (NIC) is an adapter that usually sits in a slot inside the PC. Some NIC’s
can plug into parallel or SCSI ports. The network interface card handles the connection to the network
itself through one or more connectors on the backplane of the card. You must make sure that the net-
work interface card you are using in your machine works with the network operating system.
NIC
A Client is any machine that request something from a server. The server supplies files and some-
times processing power to the smaller machines connected to it. Each machine is a client in this type
of network.
A Server is any machine that can provide files, resources, or services to another machine. Any ma-
chine that you request a file from is a server. This is the essence of client-server networks: One ma-
chine, the client, request something from another machine, the server. A single machine may be both
client and server. The more commonly used definition for a server is related to local area networks,
where the server is a powerful machine that holds main files and large applications. Other machines
on the network connect to the server to access those files and applications. In this type of network, a
single machine usually acts as the server and all the other machines are clients. Simply put, the server
is any machine on the network that your machine request something from.
Network Components 4
4/4/2002 Alex Peeters
In the Client-Server model, a client is the machine that initiates a request to a server. This type of
terminology is common with TCP/IP networks, where no single machine is a central repository.
initiates a request
the response
A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so on) that is at-
tached to your machine. Since the machine doesn't have to go on the network to get to the device, it is
called a local device or a local resource.
your machine
Modem
Local Resources
A Remote Resource is any device that must be reached through the network. Any devices attached
to a server, are remote resources.
Modem
Remote Resources
Network Components 5
4/4/2002 Alex Peeters
A Node is any device on a network (server, workstation, printer, scanner, or any other kind of periph-
eral) that is accessed directly by the network. A node has a unique name or IP address so the rest of
the network can identify it.
Network
Modem
Concentrator
A Hub is a multipurpose network device that lies at the centre of a star-topology network. Most hubs
do the same job as concentrators. Hubs support a variety of different interface cards, from concentra-
tor cards to router cards. Hubs are also expandable within a single chassis. Despite these differences,
the term hub and concentrator are often used interchangeably. There are active and passive hubs.
Hub
A Repeater is a network device that boosts the power of incoming signals to allow the length of a net-
work to be extended.
A Bridge is a network device capable of connecting networks that use similar protocols. It connects
two local area networks running the same network operating system.
Router
Bridge
Network Components 6
4/4/2002 Alex Peeters
A Router is a network device that connects LAN’s, that may be running on different operating sys-
tems, into an internetwork and routes traffic between them. The router can have software that con-
verts on NOS' s packets to the other'
s. A router is more complicated than a bridge in that it can make
decisions about where and how to send packets of information.
Router
Router
A Gateway forwards data between IP networks. It is a machine that acts as an interface between a
small network and a much larger one, such as a local area network connecting to the internet. Gate-
ways are also used in large corporations to connect small office-based LAN’s into the larger corporate
mainframe networks. Usually, the gateway connects to a high-speed network cable or medium called
the backbone.
Router
Gateway
A Backbone is a set of nodes and links connected together comprising a network, or the upper layer
protocols used in a network. A star network has no backbone.
Backbone
Network Components 7
4/4/2002 Alex Peeters
Networks:
A Network Topology describes the way network cabling is laid out. This doesn' t mean the physical
layout (how it loops through walls and floors), but how the logical layout looks when viewed in a simpli-
fied diagram.
• A Bus Networks is one of the most widely used network topologies. A bus network uses a
cable to which all the network devices are attached, either directly or through a junction box.
The method of attachment depends on the type of bus network, the network protocol, and the
speed of the network. The main cable that is used to connect all the devices is called the
backbone.
Bus Terminator
File Server
Bus Backbone
Connector
In figure 19, the backbone has a number of junction boxes (transceivers) attached. This al-
lows for a high-speed backbone that is usually also immune to problems with any network
card within a device. The junction box allows traffic through the backbone whether or not a
device is attached to the junction box. Each end of the backbone, called the bus, is terminated
with a block of resistors or a similar electrical device.
A popular variation of the bus network topology is found in many small LAN’s. This consists of
a length of cable that snakes from machine to machine. There are no transceivers along the
network. Instead, each device is connected into the bus directly using a T-shaped connector
(Bus Network Connector) on the network interface card. The connector connects the machine
to the two neighbours through two cables, one to each neighbour. At the ends of the network,
a simple resistor is added to one side of the T-connector to terminate the network electrically.
T-Connector
NIC NIC
Terminator
In figure 20, each network device has a T-connector attached to the network interface card,
leading to the two neighbours. The two ends of the bus are terminated with resistors. Some
devices on this type of network use a telephone jack connector, called RJ-45, instead of a T-
connector and BNC jacks. In this case, a special adapter must be coupled into the network
backbone to accept the telephone jacks. This connector acts much like a transceiver in the
true bus network.
This machine-to-machine network, also called a peer-to-peer network, is not capable of sus-
taining the high speeds possible with a backbone-based bus network. A machine-to-machine
network is usually built using coaxial cable. Until recently, these networks were limited to a
throughput of about 10 Mbps. Recent improvements allow 100 Mbps on this type of network.
Networks 8
4/4/2002 Alex Peeters
The problem with this type of machine-to-machine network is that if one machine is taken off
the network cable or the network interface card malfunctions, the backbone is broken and
must be tied together again with a jumper of some sort.
• A Ring Network is a closed network structure in the form of a circle, to which all nodes are
connected. Despite misconceptions, there is no physical loop made of the network cable, at
least not in the case of the most common form of ring network called Token Ring. The ring
name comes from the design of the central network device, which has a loop inside it to which
are attached cables for all the devices on the network. With a Token Ring network, a central
control unit called a Media Access Unit (MAU) has a cable ring inside it to which all devices
are attached.
MAU
In figure 21, with the MAU at the centre of the network containing the bus ring. Attached to the
ring through junction boxes are all the network devices.
There are some true ring networks that have a physically closed loop of the network cable.
The ring network has some advantages from a design point of view in that network problems
with traffic collisions are handled more easily than on a bus network. A problem is that as with
the bus-based machine-to-machine network, any problem with one machine' s connection to
the network cable can crash the entire network.
e
am
Fr
n
ke
To
In figure 22, a Token Frame is transported in only one direction, until it reaches it’s destination.
Thereafter it’s back transported by the Token Ring network until the sending node recognise it
and remove it from the ring.
• A Star Network is arranged in a central structure with branches radiating from it. The central
point of the star-structure is called a concentrator, into which plug all the cables from individu-
als machines. On machine on the network usually acts as the central controller or network
server. A star network has one major advantage over the machine-to-machine bus and ring
networks: When a machine is disconnected from the concentrator, the rest of the network
continues functioning unaffected.
Networks 9
4/4/2002 Alex Peeters
Concentrator
In figure 23, each cable from the concentrator to the device comes out of one of a row of slots
or connectors, each identified by a number. Network traffic on a star network proceeds from
your machine to the concentrator, then out to the target machine. A star network needs a lot of
cable because each machine has to have a cable straight to the concentrator.
• A Hub Network is similar to the bus network in that it uses a backbone cable that has a set of
connectors on it. The cable is called a backplane in a hub network. Each connector leads to
the hub device, which leads off to network devices. This allows a very high-speed backplane
to be used, which can be as long and complex as needed. Hub networks are commonly found
in large organisations that must support many network devices and need high speed.
The hubs that lead off the backplane can support many devices, depending on the type of
connector. They can support hundreds of PC each, so a hub network can be used for very
large networks. The cost of a hub network is usually very high because of the high-speed
backbone and the fast hub devices.
Hub or Port Hub or Port Hub or Port Hub or Port Hub or Port
High-Speed Backplane
A Local Area Networks (LAN) is a number of devices (computers, printers, and other special periph-
erals) that are connected to eachother by some form of wiring, all of which are treated as a single en-
tity for TCP/IP configuration. This usually means they share a subnet IP address in common. A LAN
enables independent devices to communicate directly with each other through peer-to-peer communi-
cations. A LAN does not exceed a span of about 10 kilometre’s and is usually limited to a single build-
ing or group of close buildings. LAN’s use a moderate data rate, which means they are slower than
mainframe-to-mainframe links. A LAN is a physical and logical accumulation of machines, called
nodes, and cables or other communications method' s between the machines, called links. Usually the
links are simple coaxial or twisted-pair cables. In larger LAN’s, there may have to be amplifiers or re-
peaters positioned along the cables to ensure the signal is not lost due to lack of strength.
Networks 10
4/4/2002 Alex Peeters
E D C B A Original Message
E D C B A Circuit E D C B A
Switching
Message Fragments Network Message Fragments
Reassembled Message E D C B A
• Packet-Switched networks, this networks divides all messages on the local area network
into small chunks called packets and attaches information to the front of the packet that
identifies the recipient. The packets from all the machines on the local area network are
placed on a high-bandwidth cable running through all the machines on the network. As a
packet moves around the network, each machine analyses the header to see if the packet
is for it. If not, it is sent further on.
E D C B A Original Message
E D C B A Packet E D C B A
Switching
Message Fragments Network Message Fragments
Reassembled Message E D C B A
While packet switching is a more flexible approach than circuit switching, it does have a few
problems. The primary problem is network traffic. As the number of nodes on the network in-
creases, the network traffic increases too, sometimes reaching the network limit' s. Another
problem with packet switching is that there is no guarantee of packets getting from source to
destination, which is one of the strong points of circuit switching.
Networks 11
4/4/2002 Alex Peeters
• A Backbone Network:
Router
Router Router
Router
Backbone Network
Router
Router Router
Router
• A Thinnet Network:
Internal tranceiver
Thinnet cable
Terminator
External tranceiver
AUI cable
• A 10BASET Network:
10BASET
Concentrator
A Wide Area Networks (WAN) is a number of local area networks that are connected to form a large,
logical entity. The LAN’s are connected through a gateway or bridge, cabled to each other with a high-
speed network cable. WAN’s can be close together physically or separated by a large distance. For
example, the design of the WAN is such that machines-to-machines connections are simpler than go-
ing out over the internet, and usually much faster.
WAN’s can share a subnet IP address, or they can have different subnets. The design of the WAN is
more a choice of logical configuration and can be tailored to meet traffic, security, and speed consid-
erations. WAN’s are used by most corporations that maintain multiple offices.
Networks 12
4/4/2002 Alex Peeters
A heterogeneous network (predict the users in freedom of choice) exist out products from different
suppliers of computers, hardware, software, periphery and/or network-products.
An architectural model developed by the International Standards Organisation (ISO) is frequently used
to describe the structure and function of data communication protocols. This architectural model,
called the Open Systems Interconnect (OSI) Reference Model, contains seven layers that define the
functions of data communications protocols. Each layer represents a function performed when data is
transferred between co-operating applications across an intervening network. A layer does not define
a single protocol, it defines a data communications function that may be performed by any number of
protocols. Therefore, each layer may contain multiple protocols, each providing a service suitable to
the function of that layer. Every protocol communicates with its peer. A peer is an implementation of
the same protocol in the equivalent layer on a remote system. Each protocol is only concerned with
communicating to its peer, it does not care about the layer above or below it. However, there must
also be agreement on how to pass data between the layers on a single computer, because every layer
is involved in sending data from a local application to an equivalent remote application. The individual
layers do not need to know how the layers above and below them function, they only need to know
how to pass data to them. Isolating network communications functions in different layers minimises
the impact of technological change on the entire protocol suite. New applications can be added without
changing the physical network, and new network hardware can be installed without rewriting the appli-
cation software. Although the OSI model is useful, the TCP/IP protocols don' t match its structure ex-
actly.
• Communication Protocols:
Network protocols are typically described with a layered model, in which the protocols are stacked on
top of each other. Data coming into a machine is passed from the lowest-level protocol up to the high-
est, and data sent to other hosts moves down the protocol stack. The layered model is a useful de-
scription because it allows network services to be defined with their functions, rather than their specific
implementation. New protocols can be substituted at lower levels without affecting the higher-level pro-
tocols, as long as these new protocols behave in the same manner as those that were replaced. Each
layer has certain functions. Communication in a heterogeneous network can take place if the functions
in each layer successfully are executed conform with the standards.
Application Layer
7 consists of application programs that
use the network
Higher Layers
Presentation Layer
6 standardises data presentation to the
applications
Session Layer
Lower Layers
3 manages connections across the
network for the upper layers
Data Link Layer
Network Interface
2 provides reliable data delivery across
the physical link
Physical Layer
1 defines the physical characteristics of
the network interface
In figure 30, each layer provides a specific type of network service. It illustrates why groups of related
protocols are frequently called protocol stacks.
• The connection between the different applications the are running on these processors are carried
by the higher layers (5-7).
• The connection between the different processors are carried by the lower layers (1-4).
• The physical and the data link layers, the lower layers 1 & 2, of the network protocol stack together
define a machine's network interface.
From a software perspective, the network interface defines how the Ethernet device driver gets pack-
ets from or to the network. Ethernet is the best known implementation of the physical- and data link
layers. The Ethernet specification describes how bits are encoded on the cable and also how stations
on the network detect the beginning and end of a transmission. Ethernet can be run over a variety of
media, including thinnet, thicknet, and unshielded twisted-pair cables. All Ethernet media are function-
ally equivalent, they differ only with their convenience, cost of installation, and maintenance. Convert-
ers from one media to another operate at the physical layer, making a clean electrical connection be-
tween two different kinds of cable.
• Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carry the
data transmission signal. Things such as voltage levels, and the number and locations of inter-
face pins, are defined in this layer (RS232C, V.35, IEEE 802.3, ...). TCP/IP does not define
physical standards, it makes use of existing standards. Describes the way data is actually
transmitted on the network medium.
The Physical Layer communicates directly with the communication medium, and has two re-
sponsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit of informa-
tion in data communication. A bit can have only two values, 0 or 1, represented by different
states on the communication medium. Other communication layers are responsible for collect-
ing these bits into groups that represent message data.
Bits are represented by changes in signals on the network medium. Some wire media repre-
sent 0’s and 1’s with different voltages, some use distinct audio tones, and yet others use
more sophisticated methods, such as state transitions.
A wide variety of media are used for data communication, including electric cable, fibre optics,
light waves, radio, and microwaves. The medium used can vary, a different medium simply
necessitates a different set of physical layer protocols. Thus, the upper layers are completely
independent from the particular process used to deliver bits through the network medium.
The physical layer describes the bit patters to be used, but does not define the medium, it de-
scribes how data are encoded into media signals and the characteristics of the media attach-
ment interface.
• Layer 2, the Data Link Layer is responsible for delivering the data without errors to the next
layer. It formats the packets for transmitting after delivery. Defines the network-frames. This
layer synchronises the transmission and is responsible for error-control on frame-level (a
frame is a block of data within network-specific addressing information), also error-correction
so that information can be transmitted from the physical layer. It formats the message into a
data frame, and the CRC-verification (this checks on errors into the frame) is in this layer es-
tablished. This layer carries the access-method' s for Ethernet and Token Ring. This layer also
provide the address information for the physical layer on top of the transmitted frame.
As can be concluded from the points made earlier, in addition to user data, computers
must be able to exchange additional information about the progress of the physical
communication process. To accommodate these decision-making requirements, net-
work designers decided to deliver data on the wire is well defined packages called
data frames.
It is important to realise that the primary concern of the receive process is the reliable
recovery of the information embedded in the information field, with no attention paid to
the nature of the actual contents of that field. Instead, processing the data in the in-
formation field is delegated to another process as the receive process reverse to lis-
tening mode to take care of future transmissions.
The reliable delivery of data across the underlying physical network is handled by the Data
Link Layer. TCP/IP rarely creates protocols in this layer. Most RFC' s that relate to this layer
talk about how IP can make use of existing data link protocols. Defines how these streams of
bits are put together into manageable chunks of data.
Devices that can communicate on a network frequently are called nodes, station or device.
The data link layer is responsible for providing node-to-node communication on a single, local
network. To provide this service, the data link layer must perform two functions. It must pro-
vide an address mechanism that enable messages to be delivered to the correct nodes. Also,
it must translate messages from upper layers into bits that the physical layer can transmit.
When the data link layer receives a message to transmit, it formats the message into a data
frame (packets). The sections of a frame are called fields.
Start Indicator Source Address Destination Address Control Data Error Control
Frame delivery on a local network is extremely simple. A sending node simply transmits the
frame. Each node on the network sees every frame, and examines the destination address.
When the destination address of a frame matches the node' s address, the data link layer at
the node receives the frame and sends it up the protocol stack. Data units at the data link
layer are most commonly called frames, although the term packet is used with some proto-
cols.
MAC Address = 3 MAC Address = 5 MAC Address = 7
DA = 7 DA = 7
Figure 32 shows how simple delivering of a frame on a local network can be.
In figure 32, the source node simply builds a frame that includes the recipient’s destination
address. The sender’s responsibility ends when the addressed frame is placed on the net-
work. On LAN’s, each node examines each frame that is sent on the network, looking for
frames with a destination address that matches its own MAC address. Frames that matches
are received. Frames the don’t match are discarded by Ethernet networks or forwarded to the
next node by Token Ring networks.
Ethernet Addresses:
Associated with the data link layer is it a method for addressing hosts on the network. Every
machine on the Ethernet has a unique, 48-bit address called its Ethernet address or Media
Access Control (MAC) address. Vendors making network ready equipment ensure that every
machine in the world has unique MAC address. 24-bit prefixes for MAC addresses are as-
signed to hardware vendors, and each vendor is responsible for the uniqueness of the lower
24-bits. MAC addresses are usually represented as colon-separated pairs of hex digits. Note
that MAC addresses identify a host, and a host with multiple network interfaces may (or
should) use the same MAC address on each. Part of the data link layer' s protocol-specific
header are the packet' s source and destination MAC address. Each protocol layer supports
the notation of a broadcast, which is a packet or set of packets that must be sent to all hosts
on the network. The broadcast MAC address is: ff:ff:ff:ff:ff:ff. All network interfaces recog-
nise this wildcard MAC address as a broadcast address, and pass the packet up to a higher-
level protocol handler.
• Layer 3, the Network Layer transmit the data and decide which route the data must follow
through the internetwork. The network layer receives data-packets from the upper layer from
the transmitter, and transmit these by so many connections and subsystems as needed to
reach it destination. Defines the network packets. Controls the routing and the switching from
the data through the network. This layer controls the transmitting from packets between sta-
tions. On basics from certain information will this layer transmit the data sequential from one
station to one other by the most economic route, and both logical as physical. This layer per-
mits that data units can be transmit to other networks if the are using special equipment,
called routers. Routers are defined in this layer.
The Network Layer manages connections across the network and isolates the upper layer
protocols from the details of the underlying network. The Internet Protocol (IP), which isolates
the upper layers from the underlying network and handles the addressing and delivery of data,
is usually described as TCP/IP' s Network layer.
The most known protocol in this layer is IP. The network-layer is the limit from the communi-
cation subnet: Above this layer increases the level off abstraction dramatically. For layer 3 and
lower is there mostly an upper-limit for the size of these packets. In broadcast-networks is the
routing very simply, so that the network-layer is thin or event existing. This is the reason why
the transport layer-protocol TCP so many times is combined with IP, called TCP/IP.
Only the smallest networks consist of a single, local network. The majority of networks must
be subdivided. A network that consists of several network segments is frequently called an in-
ternetwork, or an internet, not to be confused with the Internet. These subdivisions may be
planned to reduce traffic on network segments or to isolate remote networks connected by
slower communication media. When networks are subdivided, it can no longer be assumed
that messages will be delivered on the local network. A mechanism must be put in place to
route messages from one network to another.
Name Server
Internet
Router
Router
Network
Name Server
Internet
Router
Router
Internet
Network Router
Router Network
Forwarding packets to the correct network is called routing, and the devices that route packets
are called routers.
The network layer operates independently of the physical medium, which is a concern of the
physical layer. Since routers are network layers devices, they can be used to forward packets
between physically different networks. For example, a router can join an Ethernet to a Token
Ring network. Routers also are often used to connect a local area network, such as Ethernet,
to a wide area network, such as the Internet.
Ethernet Router
Router Token Ring
Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network.
• Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was
sent. In TCP/IP this function is performed by the Transmission Control Protocol (TCP), How-
ever, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP) that
does not perform the end-to-end reliability checks.
All network technologies set a maximum size for frames that can be sent on the network.
Ethernet limits the size of the data field to 1500 bytes.
One responsibility of the transport layer is to divide messages into fragments that fit within the
size limitations established by the network. At the receiving end, the transport layer reassem-
bles the fragments to recover the original message.
When messages are divided into multiple fragments, the possibility that segments might not
be received in the order sent increases. When the packets are received, the transport layer
must reassemble the message fragments in the correct order. To enable packets to be reas-
sembled in their original order, the transport layer includes a message sequence number in its
header.
The transport layer is responsible for delivering messages from a specific process on one
computer to the corresponding process on the destination computer. The transport layer as-
signs a Service Access Point (SAP) ID to each packet. The SAP ID is an address that identi-
fies the process that originated the message. The SAP ID enables the transport layer of the
receiving node to route the message to the appropriate process.
Identifying messages from several processes so that the message can be transmitted through
the same network medium is called multiplexing. The procedure of recovering messages and
directing them to the correct process is called demultiplexing. Multiplexing is a common occur-
rence on networks, which are designed to enable many dialogues to share the same network
medium. Because multiple protocols may be supported for any given layer, multiplexing and
demultiplexing can occur at many layers.
Although the data link and network layers can be assigned responsibility for detecting errors in
transmitting data, that responsibility generally is dedicated to the transport layer.
Two general categories of error detection can be performed by the transport layer:
• Reliable delivery: Does not mean that errors cannot occur, only that errors are detected if
the do occur. Recovery from a detected error can take the form of simply notifying upper
layer processes that the error occurred. Often, however, the transport layer can request the
retransmission of a packet for which an error was detected.
• Unreliable delivery: Does not mean that errors are likely to occur, but rather, indicates that
the transport layer does not check for errors. Because error checking takes time and re-
duces network performance, unreliable delivery often is preferred when a network is known
to be highly reliable, which is the case with majority of local area networks. Unreliable de-
livery generally is used when each packet contains a completes message, whereas reliable
delivery is preferred when messages consist of large number of packets. Unreliable deliv-
ery is often called datagram delivery, and independent packets transmitted in this way fre-
quently are called datagrams.
Assuming that reliable delivery is always preferable is a common mistake. Unreliable delivery
actually is preferable in at least two cases: When the network is fairly reliable and perform-
ance must be optimised, and when entire messages are contained in individual packets and
loss of a packet is not a critical problem.
• Layer 5, the Session Layer manages the sessions (connection) between co-operating appli-
cations. In TCP/IP, this function largely occurs in the transport layer, and the term session is
not used. For TCP/IP, the term socket and port are used to describe the path over which co-
operating applications communicate. This layer is not identifiable as a separate layer in the
TCP/IP protocol hierarchy.
The Session Layer is responsible for dialogue control between nodes. A dialogue is a formal
conversation in which two nodes agree to exchange data.
Connection establishment and Connection release represent extra overhead for the commu-
nication process. When devices are managed on a network, they send out periodic status re-
ports that generally consist of single frame messages. If all such messages were sent as part
of a formal session, the connection establishment and release phases would transfer far more
data than the message itself. In such situation, communicating using a connection-less ap-
proach is common. The sending node simply transmits its data and assumes availability of the
desired receiver. A connection-oriented session approach is desirable for complex communi-
cation. Consider transmitting a large amount of data to another node. Without formal controls,
a single error anytime during the transfer would require resending of the entire file. After es-
tablishing a session, the sending and receiving nodes can agree on a checkpoint procedure. If
an error occurs, the sending node must retransmit only the data sent since the previous
checkpoint, The process of managing a complex activity is called activity management.
• Layer 6, the Presentation Layer is for co-operating applications to exchange data, they must
agree about how data is represented. This layer is handled within the applications in TCP/IP.
The Presentation Layer is responsible for presenting data to the application layer. In some
cases, the presentation layer directly translates data from one format to another, whereas vir-
tually all other computers use the ASCII encoding scheme. For example, if data is being
transmitted from an EBCDIC computer to an ASCII computer, the presentation layer might be
responsible for translating between the different character sets. Numeric data is also repre-
sented quite differently on different computer architecture and must be converted when trans-
ferred between different machines times.
A common technique used to improve data transfer is to convert all data to a standard format
before transmitting data. This standard format probably is not the native data format of any
computer. All computers can be configured to retrieve standard format data, however, and
convert it into their native data forms.
Other functions that may correspond to the presentation layer are data encryption/decryption
and compression/decompression.
• Layer 7, the Application layer is the level of the protocol hierarchy where user-accessed net-
work processes reside. An TCP/IP application is any network process that occurs above the
transport layer. This include all the processes that the users directly interact with, as well as
other processes at this level that users are not necessarily aware of.
The Application Layer provides the services user applications needed to communicate through
the network.
When a device transmits data to the network, each protocol layer processes the data in turn. Consider
the network layer for the sending device. Data to be transmitted is received from the transport layer.
The network layer is responsible for routing and must add its routing information to the data. The net-
work layer information is added in the form of a header, which is appended to the beginning of the
data. The term Protocol Data Unit (PDU) is used to describe the combination of the control information
for a layer with the data from the next higher layer. Each layer appends a header to the PDU that the
next higher layer receives. The data field for each layer consists of the PDU for the next higher layer.
The physical layer does not encapsulate in this manner because the physical layer manages data in
bit form.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Port Destination Port
2 Sequence Number
Header
Words
3 Acknowledgement Number
4 Offset Reserved Control Bits Window
5 Checksum Urgent Pointer
6 Options & Padding
Data begins here ...
As received data passes up the protocol stack, each layer strips its corresponding header from the
data unit. The process of removing headers from data is called decapsulation. This mechanism en-
ables each layer in the transmitting device to communicate with the corresponding layer in the re-
ceiver. Each layer in the transmitting device communicates with its peer layer in the receiving device,
in a process called peer-to-peer communication.
IEEE LAN’s:
Terminology:
This method decides the presentation and possibilities from the network
• Polling:
Making periodic requests is called polling. Polling also reduces the burden on the
network because the polls originate from a single system are at a predictable rate.
The shortcoming of polling is that it does not allow for real-time updates. If a problem
occurs on a managed device, the manager does not find out until the agent polled.
Mostly used in a star network topology.
• Token passing:
Token passing that every device on the network receives a periodic opportunity to
transmit. The token consists of a special frame that circulates from device to device
around the ring. Only the device that possesses the token is permitted to transmit. Af-
ter transmitting, the device restarts the token, enabling other devices the opportunity
to transmit.
Network type IEEE 802.3: Network with a bus-topology and the access method CSMA/ CD,
10 Mbps. Defines the MAC and physical layer for CSMA/CD.
Network type IEEE 802.4: Network with a bus-topology and the access method token pass-
ing, 2.5 Mbps.
Network type IEEE 802.5: Network with a ring-topology and the access method token pass-
ing, 4 Mbps. Defines the MAC and physical layer for a Token Ring network.
This sublayer provides a network interface to Upper-Layer Protocols (ULP) and is concerned
with transmitting data between two stations on the same network segment.
An interface between the LLC sublayer and upper-layer protocols is a Link Service Access
Point (LSAP). It is a logical address that identifies the upper-layer protocol from which the data
originated or to which the data should be delivered.
IEEE LAN’s 24
4/4/2002 Alex Peeters
Devices have a limited number of receive buffers, used to store frames that have been re-
ceived but not processed. If the sending device continues to transmit while the destination re-
ceive buffers are full, frames not received are lost. Flow control ensures that frames are not
sent at a rate faster than the receiving device can accept them.
Sending Computer
Full
Communication
Communication
buffers
... buffers ...
Transmitted Data
... Received Data
Discarded Data
Figure 39 shows the receiving computer risks losing data whenever its communication buffers
become full.
IEEE LAN’s 25
4/4/2002 Alex Peeters
1 1 1 0 -1497 octets
Physical device addresses are defined at the MAC protocol sublevel. Physical addresses, therefore,
frequently are referred to as MAC addresses.
Bits
4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
Organisation Unique Identification (22 bits) Organisation Administered Address (24 bits)
U/L bit: '
0'= universally administered address & '1'= locally administered address
I/G bit: '
0'= individual address & '1'= group address
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
IEEE 802.2 LLC
Data Link Layer
IEEE 802.3 IEEE 802.5
Physical Layer CSMA/CD Token Ring
Figure 42 shows IEEE 802 standards related to the OSI reference model.
IEEE LAN’s 26
4/4/2002 Alex Peeters
Utilise the same CSMA/CD access control mechanism that was developed for Ethernet II. The same
media-signalling techniques are employed and 802.3 and Ethernet II network hardware are inter-
changeable. 802.3 and Ethernet II frames may be multiplexed on the same media. The primary differ-
ence between the 802.3 and Ethernet II standards has to do with frame formats.
Ethernet
Typically, local area networks permit a single node to transmit at a given time. Access control
methods are systems that enable many nodes to have access to a shared network medium by
granting access to the medium in an organised manner. Ethernet uses an elegant access
control method, called carrier sence. When a node has data to transmit, it senses the me-
dium, essentially listening to see if any other node is transmitting. If the medium is busy, the
node waits a few microseconds and tries again. If the medium is quiet, the node begins to
transmit. The full name for this approach is Carrier Sence Multiple Access (CSMA), permitting
multiple nodes to access the medium through a carrier sence method.
The listen to the wire to check if there is someone that wants to communicates, the
pronounce that the are ready to start with a communication (burst). When two termi-
nals on the same moment are ready to start with a communication then the communi-
cation will be delayed for a random time by both terminals.
The start with there communication when the think that the are the only ones that
wants to communicate. When after a searten time seams that the don' t where the
only ones that wants to communicate, both terminals stops there communication for a
random time before the trey again. With a much better rendement then a token that
needs to pass all the different terminals offers the CSMA/CD method the disadvan-
tage that it is not possible to now exactly which response time they need to use with a
danger for saturation if there is much intensive traffic.
Before the stations can send the need to do next 5 steps on a CSMA/CD-network:
1 - listen to the wire before the can send,
2 - wait if the cable isn'
t free,
3 - send and listen to the wire to check if there are collisions,
4 - if there is a collisions, wait again before you can send it again,
5 - send it again or cancel it.
IEEE LAN’s 27
4/4/2002 Alex Peeters
Before the stations can recieve the need to do next 4 steps on a CSMA/CD-network:
1 - inspectation of the incoming packets and checking on fragmentation,
2 - read and check the destination address,
3 - when the packet is for the local station, check the packet to sea if it'
s intact,
4 - process the packet.
A brief period of time must expire before a transmitted electrical signal reaches the furthest
extents of the medium on which it is sent. As the two signals flow through the medium, even-
tually they overlap in an event called a collision. Collisions always damage data, and having a
mechanism for dealing with collisions when they occur is of paramount importance.
Ethernet nodes detect collisions by continuing to listen as they transmit. If a collision takes
place, the nodes measure a signal voltage that is twice as high as expected. After detecting a
collision, the nodes transmit a jamming signal that notifies all nodes on the network that a col-
lision has occurred and the current frame should be disregarded. Then the nodes wait random
amount of time before attempting to retransmit. Because each node delays for a different
time, the likelihood of a new collision is reduced. This technique of managing collisions is
called Collision Detection (CD), making the complete abbreviation for the Ethernet access
control method CSMA/CD.
Collisions are part of the normal operation of an Ethernet. Because CSMA/CD is an excep-
tionally efficient access control method, normal collision activity does not seriously affect net-
work performance. They occur when two or more systems transmit at the same time contend-
ing for the right to control the network. If a system transmit 64 bytes, it is considered to be in
control, and the other systems are supposed to be quiet until the controlling system has fin-
ished. It is possible, if the total length of an Ethernet exceeds the specifications, for a system
not to know that another system has control of the network and to transmit right over the con-
trolling system' s packet. This creates a packet greater than 64 bytes long with a CRC error.
The busier the network, the more this problem becomes.
Ethernet
Sometimes when an installation doesn' t work because the cable is to long or otherwise out of
specification, people use a transceiver or network card that functions even over an out-of-
specification link to solve the problem. Don't do it. You are not solving the problem. You'
re just
hiding the problem that may came back to haunt you in the future.
In a large 10BASET installation, hubs that can be remotely managed are almost indispensa-
ble.
Simple Network Management Protocol (SNMP) is the standard management software for
TCP/IP networks. The agent is the software that reports information about a device back to
the management station. SNMP may help you manage the PC’s on your network.
Late collisions are undetected collisions caused by a cable segment that is too long and are
one example of why you' ll regret violating the Ethernet specifications.
IEEE LAN’s 28
4/4/2002 Alex Peeters
Ethernet II Frames:
Consist of 48 bits, organised in three fields, commonly organised in sec octets, six groups of 8
bits.
Bits
4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
Vendor Code (23 bits) Globally Administered Address (24 bits)
I/G bit: '
0'= individual address & '
1'= group address
• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address
of one device on the network. If the bit is 1, it specifies a multicast address that identifies a
group of devices.
IEEE LAN’s 29
4/4/2002 Alex Peeters
Vendors are assigned unique vendor codes that are used to identify their adapters. This regis-
tration system ensures that each Ethernet device that is manufactured has a physical address
that is unique in the entire world. The Globally Administrated Address is designated by the
manufacturer of the Ethernet equipment. Because each manufacturer is assigned a unique
vendor ID, and the manufactures assign a different identification number to each equipment
produced, the complete Ethernet ID for each Ethernet device is unique.
Each of the cable standards has a three-part name. The first number indicates the data rate in
megabits per second. BASE specifies baseband operation, and BROAD indicates a broad-
band network. The final designation suggest the cable type.
• 10BASE5 : Thick, 50-ohm coaxial cable.
• 10BASE2 : Thinner coaxial cable.
• 10BASE-T : UTP cable.
• 10BROAD36: A broadband cable system that enables multiple 10 Mbps channels to be
carried by the same coaxial medium.
• 100BASE-TX: Utilises two pairs of high-grade UTP cable, 100 Mbps.
• 100BASE-T4: Utilises four pairs of standard grade UTP cable, 100 Mbps
• 100BASE-TF: Utilises optical fibre, 100 Mbps.
IEEE LAN’s 30
4/4/2002 Alex Peeters
IEEE 802.5 Token Ring is the second most commonly employed LAN physical layer, trailing signifi-
cantly behind Ethernet.
Each time a device needs to transmit, some probability exists that the network will be busy.
And, even when the device successfully begins to transmit, some probability exists that an-
other device will also transmit and cause a collision, forcing both devices to back off and try
again. These probabilities increase as the network becomes busier, until a point is reached at
which a device needing to transmit data becomes extremely unlikely to receive the opportunity
to do so. Because network access on a CSMA/CD network is uncertain, CSMA/CD is called a
probabilistic access method.
The mere probability of access is unacceptable in certain critical situations such as industrial
control. Suppose that an overheat urgently needs to send a warning to the factory operators. If
even a possibility exists that the sensor cannot access the network, the factory designers will
not take the situation lightly.
Token access guarantees that every device on the network receives a periodic opportunity to
transmit.
IEEE LAN’s 31
4/4/2002 Alex Peeters
Detected a
preamble
Yes
Read destination
address
Broadcast Yes
address
No
Ignore No My
transmission address
Yes
Read data
frame contents
No
End of
frame
Yes
Perform
integrity check
No Check
Discard data passed
Yes
Deliver data to
designated process
The token consists of a special frame that circulates from device to device around the ring.
Only the device that possesses the token is permitted to transmit. After transmitting, the de-
vice restarts the token, enabling other devices the opportunity to transmit.
The initial 4 Mbps implementation of Token Ring permitted a single token to circulate on the
network. Before releasing a token on the network that enabled other devices to transmit, a de-
vice that transmitted a frame waited for the frame to return after circulating the ring. A new
feature, called Early Token Release (ETR), introduced with the newer 16 Mbps Token Ring,
enables a sending device to release a token immediately after it completes transmission of a
frame. Thus a token can circulate at the same time as a data frame.
Although token access control appears simple, numerous problems lie beneath the surface.
The point of introducing them is to illustrate that the control mechanisms Token Ring uses are
significantly more complicated than those required for CSMA/CD. These control mechanisms
take up network bandwidth, reducing the efficiently of Token Ring.
To compensate for this added complexity, Token Ring offers significant benefits. Data
throughput of a Token Ring can never reach zero, as is possible with an Ethernet experienc-
ing excessive collisions. Although network performance slows as demand increases, every
device on the network receives a periodic opportunity to transmit.
Token Ring possesses a capability to set network access priorities, which is unavailable in
Ethernet. High-priority devices can request preferred network access. This capability enables
a critical device to gain greater access to the network.
IEEE LAN’s 32
4/4/2002 Alex Peeters
Token Ring was also designed to provide a higher level of diagnostic and management capa-
bility than is available with Ethernet. The mechanisms that compensate for Token Ring errors
provide a capability for diagnosing other network problems, as well. For example, detecting
devices causing network errors and forcing those devices to disconnect from the network, is
possible. Also, in the cabling system IBM designed, the network is services by two rings of ca-
ble. In the event of a cable break, using the media ring to reconfigure the network and keep it
operating is possible.
Nevertheless, Ethernet remains the most popular network physical layer. Ethernet works well
in the majority of networks and costs considerably less than Token Ring. Equipment for Token
Ring costs two-to-three times as much as corresponding Ethernet components.
Wiring Hub
Nevertheless, Token Ring is an effective physical layer technology with features that make it
preferable under some circumstances.
SD AC FC DA SA Information FCS ED FS
IEEE LAN’s 33
4/4/2002 Alex Peeters
IEEE LAN’s 34
4/4/2002 Alex Peeters
Application Layer Vines Redirector Server Message NetWare Core Network Applications
Block Protocols
(SMB) (NCP) Socket Interface
Presentation Layer
Net Direct
RPC Socket Named
Session Layer NetBIOS
Pipes
Physical Layer Network Interface Card Network Interface Card Network Interface Card Network Interface Card
Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the
OSI model.
In figure 52, each NOS manufacturer has implemented its own networking protocols to provide the
required networking functions. These protocols operate as distinct programs or processes that the
NOS use to transport data between the network nodes. Each set of programs is commonly referred as
a protocol stack. It is important to note that although the underlying functionality of each of these pro-
tocol stacks is similar, the implementation within each NOS is unique.
A client application sends data down its protocol stack, passing through each of the protocols and in-
terfaces. Information necessary to forward the application data to its destination is added by the pro-
grams operating at each level. At the receiving side, the data packets traverse a similar stack of proto-
cols and programs, this time in reverse. Starting at the physical layer, the packet passed through each
successive layer until it reaches the top of the stack at the relevant application process. At each layer,
the information appended by the different protocols is examined so that the host can forward the
packet to its final destination. For the host to accomplish this, both the client and the host need to run
the same program at each level. If the server received a data packet that contained protocol informa-
tion generated from a program not in its protocol stack, it would obviously not be able to understand
the contained information.
Client Host
Figure 53 provides a generic illustration of a data packet moving through the different protocol layers
of the OSI model.
Each subsequent layer, additional protocol information is appended to the original data packet. At the
host side, the protocol information is stripped away layer by layer to finally leave the application data.
Presentation Layer
Session Layer
Data Link Layer Application TCP IP NDIS & Data NDIS & Data IP TCP Application
Data Info. Info. Link Info. Link Info. Info. Info. Data
Physical Layer Application TCP IP NDIS & Data Ethernet Ethernet NDIS & Data IP TCP Application
Data Info. Info. Link Info. Info. Info. Link Info. Info. Info. Data
Figure 54 shows a more specific example of an application packet moving through a TCP/IP network.
The biggest problems in providing multiprotocol support to network clients relate to the operation of
the interface at both the top and the bottom of the protocol stack.
At the top of the stack, applications are generally written to function through the use of a specific net-
work protocol. The application developer then needs to write different version of the application for it to
operate using different network protocols. It is possible, however, for developers to overcome these
issues by writing applications based on a common or standard interface such as NetBIOS, WinSock,
or BSD sockets. It then becomes the problem of the implemented networking protocol to offer support
for these interfaces.
Similar interpretability problems are found at the protocol stack, the use of a standard interface offers
a possible solution. Each distinct networking solution offers its own protocol drivers to communicate
with the installed network interface card. For example, this means, that if you loaded a separate NIC
driver for both your NetWare stack and your TCP/IP stack, each driver program would assume that it
had complete control over the installed NIC. The result would be that as either driver attempted to ac-
cess the NIC it could corrupt any communication being carried out by the other program.
The solution to this problem requires that you load a single device driver to interface directly with the
NIC and that this driver provides simultaneous support to all the installed protocol stacks. Two possi-
ble solutions have been developed to provide this support. The first is known as the Network Driver
Interface Specification, and the second is the Open Datalink Interface. The implementation of either of
these standards enables you to effectively provide multiprotocol support, enabling you to load more
than one network protocol on a single workstation.
The NDIS specification was written to provide an NIC with the capability to simultaneously support
multiple protocol stacks through the use of a single NIC device driver.
The initialisation of the NDIS environment starts with the protocol manager, which reads a configura-
tion file, called PROTOCOL.INI, and stores the contained configuration in a predefined structure in an
area of memory known as configuration memory.
As each of the other device drivers are loaded, they issue requests to the protocol manager for their
specific configuration details. The protocol manager provides this information by indicating to each
driver where it can find the configuration memory. The drivers then access this area of memory, which
provides them with the details they need in order to initialise.
After the MAC driver and all the required protocol drivers have been loaded, the protocol manager
must connect all the drivers together. This process is known as binding and is initiated by a program
called NETBIND. The principal function of NETBIND is to issue the BindAndStart directive to the pro-
tocol manager. This indicates that all the drivers and protocols to form the necessary protocol stacks.
The protocol manager should initiates communication with the MAC driver by issuing the IniatiateBind
directive to each of the protocols that was loaded. Each of the protocols binds to the MAC driver with
an indicated vector value. The MAC driver can then multiplexed between each of the loaded protocols
based on this vector value.
Applications Applications
Application Layer
TCP/IP NOS
Binding Interface
Data Link Layer(s)
NIC NDIS Driver
Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program.
The ODI specification is similar in structure and functionality to NDIS. The ODI specification was de-
veloped as a means of providing client and server support for network protocols alongside its native
networking protocol, IPX.
Configuration and protocol loading within an ODI environment are controlled via the net.cfg file on the
workstation. The first program to load is the LSL driver, which provides a basis for the binding of up-
per-layer protocols and for the loading of the NIC drivers. The file net.cfg contains information relating
to the installed NIC driver, or MLID, and the LAN frame type support that is required. After the MLID
has been installed, the upper-layer protocol drivers can be loaded to interface individually onto the
LSL.
Listing 1 shows an example ODI dual protocol stack configuration. It indicates the loading of both the
IPXODI driver, for IPX support, and the TCP/IP driver to provide a TCP/IP protocol stack.
AUTOEXEC.BAT
...
REM Load LSL driver
LSL
REM Load MLID driver, which reference NET.CFG for its configuration
3c509
REM Load IPX upper layer ODI compliant driver
IPXODI
REM Load TCP/IP upper layer ODI compliant driver
TCPIP
REM Load redirector program
VLM
REM TCP/IP and IPX stacks loaded, continue with login routines
...
NET.CFG
...
link driver 3c509
frame ethernet_803.2
frame ethernet_snap
frame ethernet_II
frame ethernet_803.3
...
It is also possible to provide for NDIS-compatible environments within the ODI specification. This is
provided through inclusion of a program called ODINSUP.COM. This program provides support for
upper-layer protocol drivers written to the NDIS specification to interface directly with the installed ODI
MLID. In other words, the NDIS protocols bind to the ODI MLID, via ODINSUP.COM, bypassing the
installed LSL module. You might undertake this method if the TCP/IP stack you wanted to load sup-
plied only an NDIS-compliant driver.
Ethernet Router
Router Token Ring Router
Router Ethernet
The way data are delivered through internetworks involves several topics:
• Methods for carrying multiple data streams on common media.
• Methods for switching data through paths on the network.
• Methods for determining the path to be used.
Multiplexing:
LAN’s generally operate in baseband mode, which means that a given cable is carrying a single data
signal at any one time. The various devices on the LAN must take turns using the medium. This gen-
erally is a workable approach for LAN’s, because LAN media offer high performance at low cost.
Long-distance data communication media are expensive to install and maintain, and it would be ineffi-
cient if each media path could support only a single data stream. WAN’s, therefore, tend to use broad-
band media, which can support two or more data streams. Increasingly, as LAN’s are expected to
carry more and different kinds of data, broadband media are being considered for LAN as well.
To enable many data streams to share a high-bandwidth medium, a technique called multiplexing is
employed.
A A
Demultiplex
Multiplex
B B
D C B A D C B A D C B A D C B A
C C
D Data Flow D
In figure 57, the signals-carrying capacity of the medium is divided into time slots, with a time slot as-
signed to each signal, a technique called Time-Division Multiplexing (TMD). Because the sending and
receiving devices are synchronised to recognise the same time slots, the receiver can identify each
data stream and re-create the original signals. The sending device, which places data into the time
slots, is called a multiplexer or mux. The receiving device is called a demultiplexer or demux. TMD can
be inefficient. If a data stream falls silent, its time slots are not used and the media bandwidth is under-
utilised.
A A
Demultiplex
Multiplex
B B
A B A C A B A A A C A A B A B A
C C
D Data Flow D
In figure 58, time slots are still used, but some data streams are allocated more time slots that others.
An idle channel, D, is allocated no time slots at all. A device that performs statistical TMD often is
called a stat-MUX.
Switching Data:
On an internetwork, data units must be switched through the various intermediate devices until they
are delivered to their destination. Two contrasting methods of switching data are commonly used: Cir-
cuit switching and packet switching. Both are used in some form by protocols in common use.
Circuit Switching:
E D C B A Original Message
E D C B A
Message Fragments E
D
C
B
A
E D C B A E D C B A
Message Fragments
Reassembled Message E D C B A
When two devices negotiate the start of a dialogue, they establish a path, called a circuit, through the
network, along with a dedicated bandwidth through the circuit. After establishing the circuit, all data for
the dialogue flow through that circuit. The chief disadvantage of circuit switching is that when commu-
nication takes place at less than the assigned circuit capacity, bandwidth is wasted. Also, communicat-
ing devices can’t take advantage of other, less busy paths through the network unless the circuit is
reconfigured.
Circuit switching does not necessarily mean that a continuous, physical pathway exists for the sole use
of the circuit. The message stream may be multiplexed with other message streams in a broadband
circuit. In fact, sharing of media is the more likely case with modern telecommunications. The appear-
ance to the end devices, however, is that the network has configured a circuit dedicated to their use.
End devices benefit greatly from circuit switching. Since the path is pre-established, data travel
through the network with little processing in transit. And, because multipart messages travel sequen-
tially through the same path, message segments arrive in an order and little effort is required to recon-
struct the original message.
Packet Switching:
E D C B A Original Message
E D C B A D C A A
Message Fragments
B D
E A
C
E E D C B E D C B A
Message Fragments
Reassembled Message E D C B A
Packet switching takes a different and generally more efficient approach to switching data through
networks. Messages are broken into sections called packets, which are routed individually through the
network. At the receiving device, the packets are reassembled to construct the complete message.
Messages are divided into packets to ensure that large messages do not monopolise the network.
Packets from several messages can be multiplexed through the same communication channel. Thus,
packet switching enables devices to share the total network bandwidth efficiently.
Data can be routed through an internetwork using the following three types of information:
• The physical address of the destination device, found at the data link layer. Devices that
forward messages based on physical addresses generally are called bridges.
• The address of the destination network, found at the network layer. Devices that use net-
work addresses to forward messages usually are called routers, although the original
name, still commonly used in the TCP/IP world, is gateway.
• The circuit that has been established for a particular connection. Devices that route mes-
sages based on assigned circuits are called switches.
Bridges:
End Node Bridge End Node
Network A Network B
Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model.
Bridges build and maintain a database that lists known addresses of devices and how to reach those
devices. When it receives a frame, the switch consults its database to determine which of its connec-
tions should be used to forward the frame.
A bridge must implement both the physical and data link layers of the protocol stack. Bridges are fairly
simple devices. The receive frames from on connection and forward them to another connection
known to be en route to the destination. When more than one route is possible, bridges ordinarily can’t
determine which route is most efficient. In fact, when multiple routes are available, bridging can result
in frames simply travelling in circles. Having multiple paths available on the network is desirable, how-
ever, so that a failure of one path does not stop the network. With Ethernet, a technique called the
spanning-tree algorithm enables bridged networks to contain redundant paths.
Token Ring uses a different approach to bridging. When a device needs to send to another device, it
goes through a discovery process to determine a route to the destination. The routing information is
stored in each frame transmitted and is used by bridges to forward the frames to the appropriate net-
works. Although this actually is a data link layer function, the technique Token Ring uses is called
source routing.
The bridge must implement two protocol stacks, one for each connection. Theoretically, these stacks
could belong to different protocols, enabling a bridge to connect different types of networks. However,
each type of network, such as Ethernet and Token Ring, has its own protocols at the data link layer.
Translating data from the data link layer of an Ethernet to the data link layer of a Token Ring is diffi-
cult, but not impossible. Bridges, which operate at the data link layer, therefore, generally can join only
networks of the same type. You see bridges employed most often in networks that are all Ethernet or
all Token Ring. A few bridges have been marketed that can bridges networks that have different data
link layers.
Routers:
Network A Network B
Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.
A different method of path determination can be employed using data found at the network layer. At
that layer, networks are identified by logical network identifiers. This information can be used to build a
picture of the network. This picture can be used to improve the efficiency of the paths that are chosen.
Devices that forward data units based on network addresses are called routers.
With TCP/IP, routing is a function of the internet layer. By convention, the network on which the data
unit originates counts as one hop. Each time a data unit crosses a router, the hop count increases by
one.
Router A
Router Router B
Router Router C
Router
Router D
Router Router
Router E Router
Router F
By this method, A-E-F is the most efficient route. This assumes that all of the paths between the
routers provide the same rate of service. A simple hop-count algorithm would be misleading if A-D and
D-E were 1.5 Mbps lines while A-E was a 56 Kbps line. Apart from such extreme cases, however, hop-
count routing is a definite improvement over no routing planning at all.
Routing operates at the network layer. By the time data reach that layer, all evidence of the physical
network has been shorn away. Both protocol stacks in the router can share a common network layer
protocol. The network layer does not know or care if the network is Ethernet or Token Ring. Therefore,
each stack can support different data link and physical layers. Consequently, routers posses a capabil-
ity, fairly rare in bridges, to forward traffic between dissimilar types of networks. Owing to that capabil-
ity, routers often are used to connect LAN’s to WAN’s.
Building routers around the same protocol stack as are used on the end-nodes is possible. TCP/IP
networks can use routers based on the same IP protocol employed at the workstation. However, it is
not required that routers and end-nodes use the same routing protocol. Because network layers need
not communicate with upper-layer protocols, different protocols may be used in routers than are used
in the end-nodes. Commercial routers employ proprietary network layer protocols to perform routing.
These custom protocols are among the keys to the improved routing performance provided by the
bets routers.
Switches:
Circuit-based networks operate with high efficiency because the path is established once, when the
circuit is established. Each switch maintains a table that records how data from different circuits
should be switched. Switching is typically performed by lower-level protocols to enhance efficiency,
and is associated most closely with the data link layer.
When networks must span more than a few kilometre' s, new categories of technology come into play.
Before considering WAN standards, it is useful to take a look at options that might be used by an or-
ganisation that wants to build a private WAN. Not all options are examined.
A Leased line is a dedicated communication line between two points. It’s usually used by organisa-
tions to connect computers over a dedicated telephone line.
Router
Router CSU/DSU CSU/DSU Router
Router
DDS
The interface to the leased line consists of a bridge or router to forward frames to the leased
circuit. A Channel Service Unit/Digital Service Unit (CSU/DSU) to translate between LAN and
the Digital Data Service (DDS) signal formats. A network interface provided by the communi-
cation service vendor.
Leased lines can be used to construct quite large networks. The Internet is a world wide net-
work that consists of thousands of host. Most connected by leased lines. The participant in the
Internet share the cost of operating the Internet by bearing the cost of one or more leased
lines to connect to other host sites.
The downside of leased lines is that an organisation bears the full cost of the capacity they
have leased. Some allowance must be made for peak traffic periods, and a portion of the
channel capacity being paid for may be idle a great deal of the time. Dedicated lines ensure an
organisation of a specified communication capacity, but come at a high cost.
The protocol architecture for TCP/IP currently is defined by the IETF, which is responsible for estab-
lishing the protocols and architecture for the Internet.
TCP/IP attempts to create a heterogeneous network with open protocols that are independent of op-
erating system and architectural difference. TCP/IP protocols are available to everyone, and are de-
veloped and changed by consensus, not by the fiat of one manufacturer. Everyone is free to develop
products to meet these open protocol specifications. Most information about TCP/IP is published as
Request For Comments (RFC), its contain the latest version of the specifications of all standard
TCP/IP protocols.
Application Layer
4 consists of applications and processes
that use the network
Transport Layer
3 provides end-to-end data delivery
services
Internet Layer
2 defines the datagram and handles the
routing of data
Network Access Layer
1 consists of routines for accessing
physical media
The four-layered structure of TCP/IP is seen in the way data handled as it passes down the protocol
stack from the Application Layer to the underlying physical network. Each layer in the stack adds con-
trol information to ensure proper delivery. This control information is called a header because it is
placed in front of the data to be transmitted. Each layer treats all of the information it receives from the
layer above as data and places its own header in front of that information. The addition of delivery in-
formation at every layer is called encapsulation. When data is received, the opposite happens. Each
layer strips off its header before passing the data on the layer above. As information flows back up the
stack, information received from a lower layer is interpreted as both a header and data.
Each layer has its own independent data structures. Conceptually a layer is unaware of the data struc-
ture used by the layers above and below it. In reality, the data structures of a layer are designed to be
compatible with the structures used by the surrounding layers for the sake of more efficient data
transmission. Still, each layer has its own data structure and its own terminology to describe that struc-
ture.
TCP UDP
Figure 67 shows the terms used by different layers of TCP/IP to refer to the data being transmitted.
Most networks refer to transmitted data as packets of frames.
Application Application
Send continuous data streams Receive continuous data streams
Data Steam
TCP
TCP
Defragment segments,
Fragment data stream to segments
reconstruct data stream
Segments
IP IP
Fragment segments if required, Reconstruct segments
prepare datagrams from datagrams
Datagrams
Figure 68 shows the processing of data during the transmission and the receiving for TCP.
• The Network Access Layer it is the lowest layer of the TCP/IP protocol hierarchy. The proto-
cols in this layer provide the means for the system to deliver data to the other device on a di-
rectly attached network. It defines how to use the network to transmit an IP diagram. Unlike
higher-level protocols, it must know the details of the underlying network to correctly format the
data being transmitted to comply with the network constraints. The TCP/IP Network Access
Layer can encompass the function of all three lower layers of the OSI reference model Net-
work Layer, Data Link Layer, and Physical Layer.
Functions performed at this level include encapsulation of IP datagrams into the frames
transmitted by the network, and mapping of IP addresses to the physical addresses used by
the network.
The network access layer is responsible for exchanging data between a host and the network
and for delivering data between two devices on the same network. Node physical addresses
are used to accomplish delivery on the local network.
TCP/IP has been adapted to a wide variety of network types, including switching, such as
X.21, packet switching, such as X.25, Ethernet, the IEEE 802.x protocols, frame relay, etc..
Data in the network access layer encode EtherType information that is used to demultiplex
data associated with specific upper-layer protocol stacks.
SMTP FTP Telnet TFTP SNMP NFS Application Layer SMTP FTP Telnet TFTP SNMP NFS
Figure 69 shows processes/applications and protocols that rely on the Network Access Layer
for the delivery of data to their counterparts across the network.
• The Internetwork Layer it is the heart of TCP/IP and the most important protocol. IP provides
the basic packet delivery service on which TCP/IP networks are built. All protocols, in the lay-
ers above and below IP, use the Internet Protocol to deliver data. All TCP/IP data flows
through IP, incoming and outgoing, regardless of its final destination.
The Internetwork Layer is responsible for routing messages through internetworks. Devices
responsible for routing messages between networks are called gateways in TCP/IP terminol-
ogy, although the term router is also used with increasing frequency. The TCP/IP protocol at
this layer is the Internet Protocol (IP). In addition to the physical node addresses utilised at the
network access layer, the IP protocol implements a system of logical host addresses called IP
addresses. The IP addresses are used by the internet and higher layers to identify devices
and to perform internetwork routing. The Address Resolution Protocol (ARP) enable IP to
identify the physical address that matches a given IP address.
The Datagram:
Is the packet format defined by Internet Protocol. The internet protocol delivers the datagram
by checking the Destination Address (DA). This is an IP address that identifies the destination
network and the specific host on that network. If the destination address is the address of a
host on the local network, the packet is delivered directly to the destination, otherwise the
packet is passed to a gateway for delivery. Gateways are devices that switch packets between
the different physical networks. Deciding which gateway to use is called routing. IP makes the
routing decision for each individual packet. IP deals with data in chunks called datagrams. The
terms packet and datagram are often used interchangeably, although a packet is a data link-
layer object and a datagram is a network layer object. In many cases, particularly when using
IP on Ethernet, a datagram and packet refer to the same chunk of data. There' s no guarantee
that the physical link layer can handle a packet of the network layer' s size. If the media's MTU
is smaller than the network' s packet size, then the network layer has to break large datagrams
down into packed-sized chunks that the data link layer and physical layer can digest. This
process is called fragmentation. The host receiving a fragmented datagram reassembles the
pieces in the correct order.
IP Datagram Format:
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Version IHL Type of Service Total Length
2 Identification Flag Fragment Offset
Header
Words
3 Time-to-live Protocol Header Checksum
4 Source Address
5 Destination Address
6 Options Padding
Data begins here ...
Routing Datagrams:
Internet gateways are commonly referred to as IP routers because they use Internet Protocol
to route packets between networks. Gateways forward packets between networks and hosts
don' t. However, if a host is connected to more than one network (a multihomed host), it can
forward packets between the networks. When a multihomed host forwards packets, it acts just
like any other gateway and is considered to be a gateway.
Systems can only deliver packets to other devices attached to the same physical network.
Host A1 Gateway AB1 Gateway BC1 Host C1
The hosts (end-systems) process packets through all four protocol layers, while the gateways
(intermediate-systems) process the packets only up to the internet layer where the routing de-
cisions are made.
Fragmenting Datagrams:
As a datagram is routed through different networks, it may be necessary for the IP module in
the gateway to divide the datagram into smaller pieces. A datagram received from one net-
work may be to large to be transmitted in a single packet on a different network. This condition
only occurs when a gateway interconnects dissimilar physical networks. Each type of network
has a Maximum Transmission Unit (MTU), which is the largest packet that it can transfer If the
datagram received from one network is longer than the other network' s MTU, it is necessary
to divide the datagram into smaller fragments for transmission. This process is called frag-
mentation.
• Redirecting routes: A gateway sends the ICMP Redirect Message to tell a host to use an-
other gateway, presumably because the other gateway is a better choice. This message
can only be used when the source host is on the same network as both gateways.
• Checking remote hosts: A host can send the ICMP Echo Message to see if a remote sys-
tem'
s internet protocol is up and operational. When a system receives an echo message, it
sends the same packet back to the source host (e.g. PING).
SMTP FTP Telnet TFTP SNMP NFS Application Layer SMTP FTP Telnet TFTP SNMP NFS
Figure 73 shows processes/applications and protocols rely on the Internet Layer for the deliv-
ery of data to their counterparts across the network.
• The Host-to-Host Transport Layer has two major jobs: It must subdivide user-sized data
buffers into network layer sized datagrams, and it must enforce any desired transmission con-
trol such as reliable delivery. The two most imported protocols in this layer are Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP). TCP provides reliable data deliv-
ery service with end-to-end error detection and correction. UDP provides low-overhead, con-
nectionless datagram delivery service. Both protocols deliver data between the Application
Layer and the Internet Layer. Applications programmers can choose whichever service is
more appropriate for their specific applications.
The Host-to-Host Transport Layer is responsible for end-to-end data integrity. Two protocols
are employed at this layer: Transmission control protocol and user datagram protocol. TCP
precedes reliable, full-duplex connections and reliable service by ensuring that data is present
when transmission result in an error. Also, TCP enables hosts to maintain multiple, simultane-
ous connections. UDP provides unreliable service that enhances network throughput when er-
ror correction is not required at the host-to-host-layer.
Protocols defined at this layer accept data from application protocols running at the Applica-
tion layer, encapsulate it in the protocol header, and deliver the data segment thus formed to
the lower IP layer for routing. Unlike the IP protocol, the transport layer is aware of the identity
of the ultimate user representative process. As such, the Transport layer, in the TCP/IP suite,
embodies what data communications are all about: The delivering of information from an ap-
plication on one computer to an application on another computer.
NFS and NIS are build on top of UDP because of its speed and statelessness. While the per-
formance advantages of a fast protocol are obvious, the stateless nature of UDP is equally
important. Without state information in either the client or server, crash recovery is greatly
simplified.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Header
Words
1 Source Port Destination Port
2 Length Checksum
Data begins here ...
TCP provides reliability with a mechanism called Positive Acknowledgement with Retransmis-
sion (PAR). Simply stated, a system using PAR sends the data again, unless it hears from the
remote system that the data arrived okay. The unit of data exchanged between co-operating
TCP modules is called a segment.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Port Destination Port
2 Sequence Number
Header
Words
3 Acknowledgement Number
4 Offset Reserved Control Bits Window
5 Checksum Urgent Pointer
6 Options Padding
Data begins here ...
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Address
Header
Words
2 Destination Address
3 zero Protocol TCP length
Each segment contains a checksum that the recipient uses to verify that the data is undam-
aged. If the data segment is received undamaged, the receiver sends a positive acknowl-
edgement back to the sender. If the data segment is damaged, the receiver discards it. After
an appropriate time-out period, the sending TCP module retransmits any segment for which
no positive acknowledgement has been received.
SMTP FTP Telnet TFTP SNMP NFS Preceived Data SMTP FTP Telnet TFTP SNMP NFS
Preceived Connection
IP ICMP IP ICMP
Figure 78 shows TCP establishes virtual circuits over which applications exchange data.
The type of handshake used by TCP is called a three-way handshake because three seg-
ments are exchanged.
Three-Way Handshake:
Host A Host B
SYN
SYN, ACK
ACK, data
ACK1
Time
DS2
ACK2
In figure 80, with a laddergram depicting the events taking place between two hosts. The ar-
rows represent transmitted data and/or acknowledgements, and time is represented by the
vertical distance down the ladder. When TCP send a data segment, it requires an acknowl-
edgement from the receiving end. The acknowledgement is used to update the connection
state table. An acknowledgement can be positive or negative. An positive acknowledgement
implies that the receiving host recovered the data and that it passed the integrity check. A
negative acknowledgement implies that the failed data segment needs to be retransmitted. It
can be caused by failures such as data corruption or loss.
Host A Host B
Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments.
In figure 81, what illustrates what happens when a packet is lost on the network and fails to
reach its ultimate destination. When a host sends data, it starts a countdown timer. If the timer
expires without receiving an acknowledgement, this host assumes that the data segment was
lost. Consequently, this host retransmits a duplicate of the failing segment. TCP keep a copy
of all transmitted data with outstanding positive acknowledgement. Only after receiving the
positive acknowledgement is this copy discarded to make room for other data in its buffer.
Ports are identified by port numbers. To fully specify a connection, the host IP address is ap-
pended to the port number. This combination of IP address and port number is called a
socket. A given socket number is unique on the internetwork. A connection between two hosts
is fully described by the sockets assigned to each end of the connection.
Window 6000
Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0.
In figure 82, the receiving system has received and acknowledged 2000 bytes. so the current
Acknowledgement Number is 2000. The receiver also has enough buffer space for another
6000 bytes, so it has advertised a Window of 6000. The sender is currently sending a seg-
ment of 1000 bytes starting with Sequence Number 4001. The sender has received no ac-
knowledgement for the bytes from 2001 on, but continues sending data as long as it is within
the window. If the sender fills the window and receives no acknowledgement of the data pre-
viously sent, it will, after an appropriate time-out, send the data again starting from the first
unacknowledged byte. Retransmission would start from byte 2001 if no further acknowledge-
ments are received. This procedure ensures that data is reliably received at the far end of the
network.
Managing Connections:
From the perspective of the process, communication with the network involves sending and
receiving continuous streams of data. The process is not responsible for fragmenting the data
to fit lower-layer protocols.
Application Application
Send continuous data streams Receive continuous data streams
Data Steam
TCP
TCP
Defragment segments,
Fragment data stream to segments
reconstruct data stream
Segments
IP IP
Fragment segments if required, Reconstruct segments
prepare datagrams from datagrams
Datagrams
Figure 83 shows how data are processed as the travel down the protocol stack, through the
network, and up the protocol stack of the receiver.
SMTP FTP Telnet TFTP SNMP NFS Application Layer SMTP FTP Telnet TFTP SNMP NFS
Figure 84 shows processes/applications and protocols rely on the Transport Layer for the de-
livery of data to their counterparts across the network.
• The Process/Application Layer includes all processes that use the transport layer protocols
to deliver data. There are many applications protocols. A good example of concerns handled
by these process is the reconciliation of differences in the data syntax between the platforms
on which the applications are running. It should be clear that unless this difference in data rep-
resentation is handled properly, any exchange of data involving these processes id likely to
yield erroneous interpretations of numerical data. To resolve this issue, and other similar is-
sues, TCP/IP defines the eXternal Data Representation (XDR) protocol. Reflecting on the na-
ture of this problem, you can easily see that the problem has nothing to do with the underlying
network topology, wiring, or electrical interference.
134.67.40.0 134.67.32.0
Network A Network B
SMTP FTP Telnet TFTP SNMP NFS Application Layer SMTP FTP Telnet TFTP SNMP NFS
Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of
data to their counterparts across the network.
To deliver data between two Internet hosts, it is necessary to move data across the network to the cor-
rect host, and within that host to the correct user or process.
Each of these functions is necessary to send data between two co-operating applications across the
Internet.
IP Host Address:
The Internetwork Protocol identifies hosts with a 32-bit number called IP address or a host address.
To avoid confusion with MAC addresses, which are machine or station addresses, the term IP address
will be used to designate this kind of address. IP addresses are written as four dot-separated decimal
numbers between 0-255.
IP addresses must be unique among all connected machines (are any hosts that you can get over a
network or connected set of networks, including your local area network, remote offices joined by the
company' s wide-area network, or even the entire Internet community).
The Internet Protocol moves data between the hosts in the form of datagrams. Each datagram is de-
livered to the address contained in the destination address of the datagrams header. The Destination
Address is a standard 32-bit IP address that contains sufficient information to uniquely identify a net-
work and a specific host on that network.
If your network is connected to the Internet, you have to get a range of IP addresses assigned to your
machines through a central network administration authority. The IP address uniqueness requirement
differs from the MAC addresses. IP addresses are unique only on connected networks, but machine
MAC addresses are unique in the world, independent of any connectivity. Part of the reason for the
difference in the uniqueness requirement is that IP addresses are 32-bits, while MAC addresses are
48-bits, so mapping every possible MAC address into an IP address requires some overlap. Of
course, not every machine on a Ethernet is running IP protocols, so the many-to-one mapping isn' t as
bad as the numbers might indicate. There are a variety of reasons why the IP address is only 32 bits,
while the MAC address is 48 bits, most of which are historical.
Since the network and data link layer use different addressing schemes, some system is needed to
convert or map the IP addresses to the MAC addresses. Transport-layer services and user processes
use IP addresses to identify hosts, but packets that go out on the network need MAC addresses. The
Address Resolution Protocol (ARP) is used to convert the 32-bit IP address of a host into its 48-bit
MAC address. When a hosts wants to map an IP address to a MAC address, it broadcasts an ARP
request on the network, asking for the host using the IP address to respond. The host that sees its
own IP address in the request returns its MAC address to the sender. With a MAC address, the send-
ing host can transmit a packet on the Ethernet and know that the receiving host will recognise it.
IP Address Classes:
An IP address contains a network part and a host part, but the format of these parts in not the same in
every IP address.
Class D 1 1 1 0 Multicast
Class E 1 1 1 1 0 Reserved
31 23 15 7 0
Not all network addresses or host addresses are available for use. The class A addresses, 0 and 127,
that are reserved for special use. Network 0 designates the default route (is used to simplify the rout-
ing information that IP must handle) and network 127 is the loopback address (simplifies network ap-
plications by allowing the local host to be addressed in the same manner as a remote host). We use
the special network addresses when configuring a host.
There are also some host addresses reserved for special use. In all network classes, host number 0
and 255 are reserved. An IP address with all host bits set to zero identifies the network itself. Ad-
dresses in this form are used in routing table listings to refer to entire networks. An IP address with all
bits set to one is a broadcast address (is used to simultaneously address every host on a network). A
datagram sent to this address is delivered to every individual host on that network.
IP uses the network portion of the address to route the datagram between networks. The full address,
including the host information, is used to make final delivery when the datagram reaches the destina-
tion network.
Subnets:
The standard structure of an IP address can be locally modified by using host address bits as addi-
tional network address bits. Essentially, the dividing line between network address bits and host bits is
moved, creating additional networks, but reducing the maximum number of hosts that can belong to
each network. These newly designed network bits define a network within the larger network, called a
subnet. Subnetting allows decentralised management of host addressing. With the standard address-
ing scheme, a single administrator is responsible for managing host addresses for the entire network.
By subnetting, the administrator can delegate address assignment to smaller organisations within the
overall organisation.
Subnetting can also be used to overcome hardware differences and distance limitations. IP routers
can link dissimilar physical networks together, but only if each physical network has its own unique
network address. Subnetting divides a single network address into many unique subnet addresses, so
that each physical network can have its own unique address.
31 23 15 7 0
A subnet is defined by applying a bitmask, the subnetmask, to the IP address. If a bit is on the mask,
that equivalent bit in the address is interpreted as a network bit. If the bit in the mask is off, the bit be-
longs to the host part of the address. The subnet is only known locally. To the rest of the Internet, the
address is still interpreted as a standard IP address.
Routing:
As networks grow in size, so does the traffic imposed on the wire, which in turn impacts the overall
network performance, including responses. To alleviate such a degradation, network specialist resort
to breaking the network into multiple networks that are interconnected by specialised devices, includ-
ing routers, bridges, and switches.
The routing approach calls on the implementation of various co-operative processes, in both routers
and workstations, whose main concern is to allow for the intelligent delivery of data to its ultimate des-
tination. Data exchange can take place between any workstation, whether or not both belong to the
same network.
A1
Token Ring Router
Gateway G1
X.25
B1
Router
Gateway G2
Ethernet
Figure 91 emphasises that the underlying physical networks that a datagram travels through may be
different and even incompatible. Host A1 on the Token Ring network routes the datagram through
gateway G1, to reach host B1 on the Ethernet. Gateway G1 forwards the data through the X.25 net-
work to gateway G2, for delivery to B1. The datagram traverses three physical different networks, but
eventually arrives intact at B1.
A good place to start when discussing routers is with a through discussion of the addresses, including
MAC addresses, network addresses, and the complete addresses.
To perform its function reliably, the routing process is equipped with the capability to maintain a road
map depicting the entire internetwork of which it is part. This road map is commonly referred to as the
routing table, and it includes routing information depicting every known network is, and how it can be
reached. The routing process builds and maintains the routing table by employing a route discovery
process known as the Routing Information Protocol (RIP).
Routers should be capable of selecting the shortest path connecting two networks. Routers discover
the road map of the internetwork by dynamically exchanging routing information among themselves or
by being statically configured by network installers, or both. The dynamic exchange of routing informa-
tion is handled by yet another process besides the routing process itself. In the case of TCP/IP, IP
handles the routing process, whereas RIP handles the route discovery process.
When a hierarchical structure is used, routing information about all of the networks in the internet is
passed into the core gateway (a central delivery medium to carry long distance traffic). The core gate-
way process this information, and then exchange it among themselves using the Gateway-to-Gateway
Protocol (GGP). The processed routing information is then passed back out to the external gateways.
Internet Core
Router
Gateway Router
Gateway
Autonomous Autonomous
Core Gatway
System System
External Gatway
Outside of the Internet Core are groups of independent networks called Autonomous Systems (AS), it
is a collection of networks and gateways with its own internal mechanism for collection routing infor-
mation and passing it to other network systems.
Because routing is network oriented, IP makes routing decisions based on the network portion of the
address. The IP module determines the network part of the destination' s IP address by checking the
high-order bits of the address to determine the address class. The address class determines the por-
tion of the address that IP uses to identify the network. If the destination network is the local network,
the local subnet mask is applied to the destination address.
After determining the destination network, the IP module looks up the network in the local routing ta-
ble. Packets are routed toward their destination as directed by the routing table. The routing table may
be built by the system administrator or by routing protocols, but the end result is the same, IP routing
decisions are simple table look-ups.
Route Datagram
Destination
Yes
and Source Network
ID Match
No
No
Route to
Network Found in
RIT
No
No Default Route
Defined
Yes
The netstat command displays a routing table containing the following fields:
• Destination : The destination network or host.
• Gateway : The gateway to use to reach the specified destination.
• Flags : The flags describe certain characteristics of this route.
U: Indicates that the route is up and operational.
H: Indicates this is a route to a specific host.
G: Means the route uses a gateway.
D: Means that this route was adds because of an ICMP redirect.
• Refcnt : Shows the number of times the route has been referenced to establish a
connection.
• Use : Shows the number of packets transmitted via this route.
• Interface : The name of the network interface used by this route.
All of the gateways that appear in a routing table are networks directly connected to the local system.
A routing table does not contain end-to-end routes. A rout only points to the next gateway, called the
next hop, along the path to the destination network. The host relies on the local gateway to deliver the
data, and the gateways relies on the other gateways. As a datagram moves from one gateway to an-
other, it should eventually reach one that is directly connected to its destination network, It is this last
gateway that finally delivers the data to the destination host.
Address Resolution:
The IP address and the routing table direct a datagram to a specific physical network, but when the
data travels across a network, it must obey the physical layer protocol used by that network. The
physical networks that underlay the TCP/IP network do not understand IP addressing. Physical net-
works have their own addressing schemes. and there are as many different addressing schemes as
there are different types of physical networks. One task of the network access protocols is to map IP
addresses to physical network addresses.
134.67.32.1 134.67.32.2 134.67.32.3
The most common example of this network access layer function is the translation of IP addresses to
Ethernet addresses. The protocol that performs this function is Address Resolution Protocol (ARP).
In figure 95, when an ARP request is sent, all fields in the layout are used except the Recipient Hard-
ware Address (which the request is trying to identify). In an ARP reply, all the fields are used. The
fields in the ARP request and reply can have several values.
The ARP software maintains a table of translations between IP addresses and Ethernet addresses.
This table is built dynamically. When ARP receives a request to translate an IP address, it checks for
the address in its table. If the address is found, it returns the Ethernet address in its table. If the ad-
dress is not found in the table, ARP broadcast a packet to every host on the Ethernet. The packet con-
tains the IP address for which an Ethernet address is sought. If a receiving host identifies the IP ad-
dress as its own, it responds by sending its Ethernet address back to the requesting host. The re-
sponse is then cached in the ARP table.
The arp -a command display all the contents of the ARP table.
Routing Routing
Domain Domain
Routing
Domain
RARP:
The Reverse Address Resolution Protocol (RARP), is a variant of the address resolution protocol.
RARP also translates addresses, but in the opposite direction. It converts Ethernet addresses to IP
addresses. The RARP protocol really has nothing to do with routing data from one system to another.
RARP helps configure diskless systems by allowing diskless workstations to learn their IP address.
The diskless workstations uses the Ethernet broadcast facility to ask which IP address maps to its
Ethernet address. When a server on the network sees the request, it looks up the Ethernet address in
the table. If it finds a match, the server replies with the workstation'
s IP address.
Source Destination
Host Host
134.268.67.3 134.268.67.5
00003E2D1C0B 0000B3C2D1E0
Ethernet
Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the
Ethernet data frame.
In figure 97, Shaded fields correspondent to the destination and source address of host A, (the
sender) and Host B (the receiver).
Once data is routed through the network and delivered to a specific host, it must be delivered to the
correct user or process. As the data moves up or down the layers of TCP/IP, a mechanism is needed
to deliver data to the correct protocols in each layer. The system must be able to combine data from
many applications into a few transport protocols, and from the transport protocols into the Internet Pro-
tocol. Combining many sources of data into a single data stream is called multiplexing. Data arriving
from the network must be demultiplexed, divided for delivery to multiple processes. To accomplish
this, IP uses protocol numbers to identify transport protocols, and the transport protocols use port
numbers to identify applications.
Telnet
port 23
TCP
protocol 6
Internet Protocol
Figure 99 shows the protocol interdependency between Application level protocols and Transport level
protocols.
Protocol Numbers:
Is a single byte in the header of the datagram. The value identifies the protocol in the layer above IP to
which the data should be passed.
Port Numbers:
A host may have many TCP and UDP connections at any time. Connections to a host are distin-
guished by a port number, which serves as a sort of mailbox number for incoming datagrams. There
may be many processes using TCP and UDP on a single machine, and the port numbers distinguish
these processes for incoming packets. When a user program opens a TCP or UDP socket, it gets
connected to a port on the local host. The application may specify the port, usually when trying to
reach some service with a well-defined port number, or it may allow the operating system to fill in the
port number with the next available free port number.
After IP passes incoming data to the transport protocol, the transport protocol passes data to the cor-
rect application process. Application processes are identified by port numbers, which are 16-bit values.
The source port number, which identifies the process that sent the data, and the destination port num-
ber, which identifies the process that is to receive the data are contained in the header of each TCP
segment and UDP packet.
Port numbers are not unique between transport layer protocols, the numbers are only unique within a
specific transport protocol. It is the combination of protocol and port numbers that uniquely identifies
the specific process the data should be delivered to.
Presentation Layer
Session Layer
Network Layer
Physical Layer
Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the tar-
geted TCP/IP applications.
In figure 100, if a data packet arrives specifying a transport protocol of 6, it is forwarded to the TCP
implementation. If the packet specifies 17 as the required protocol, the IP layer would forward the
packet to the programs implementing UDP.
Source Destination
3044,23
23,3044
3044,23
23,3044
134.67.32.1 134.268.67.1
Figure 101 shows the exchange of port numbers during the TCP handshake.
In figure 101, the source host randomly generates a source port, in this example 3044. It sends out a
segment with a source port of 3044 and a destination port of 23. The destination host receives the
segment, and responds back using 23 as it source port and 3044 as its destination port.
Sockets:
Well-known ports are standardised port numbers that enables remote computers to know which port
to connect to for a particular network service. This simplifies the connection process because both the
sender and the receiver know in advance that data bound for a specific process will use a specific
port.
There is a second type of port number called a dynamically allocated port. As the name implies, this
ports are not pre-assigned. They are assigned to processes when needed. The system ensures that it
does not assign the same port number to two processes, and that the number assigned are above the
range of standard port numbers. She provide the flexibility needed to support multiple users.
The combination of an IP address and a port number is called a socket. A socket uniquely identifies a
single network process within the entire internet. One pair of sockets, one socket for the receiving host
and one for the sending host, define the connection for connection-oriented protocols such as TCP.
Every network interface attached to a TCP/IP network is defined by a unique 32-bit IP address. A
name, called a host name, can be assigned to any device that has an IP address. Names are as-
signed to devices because, compared to numeric Internet addresses, names are easier to remember
and type correctly. The network software doesn' t require names, but they do make it easier form hu-
mans to use the network. In most cases, host names and numeric addresses can be used inter-
changeably. Whether a command is entered with an address or a host name, the network connection
always takes place based on the IP address. The system converts the host name to an address be-
fore the network connection is made. The network administrator is responsible for assigning names
and addresses and storing them in the database used for the conversion. There are two methods for
translating names into addresses. The older method simply looks up the host name in a table called
the host table. The newer technique uses a distributed database system called Domain Name Service
(DNS) to translate names to addresses.
In figure 102, each record begins with a keyword (NET, HOST or GATEWAY) that identifies the record
type, followed by an IP address, and one or more names associated with the address. The IP ad-
dresses and host names from the Host record are extracted to construct the /etc/hosts file. The net-
work addresses and names from the NET records are used to create the etc/networks file.
Application
address
Name
Host
IP
Resolver
Response
Query
. (root)
firm ...
The Network Information Centre has the authority to allocate domains. To obtain a domain, you apply
to the NIC for authority to create a domain under one of the top-level domains. Once the authority to
create a domain is granted, you can create additional domains, called subdomains, under your do-
main.
Domain Names:
Reflect the domain hierarchy. Domain names are written from most specific, a host name, to least
specific, a top-level domain, with each part of the domain name separated by a dot (<host
name>.<subdomain>.<domain>).
..
AK AL AZ ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... WY
States
NIS provides a distributed database system for common configuration files. NIS servers manage cop-
ies of the database files, and NIS clients request information from the servers instead of using their
own, local copies of these files. Once NIS is running, simply updating the NIS server ensures that all
machines will be able to retrieve the new configuration file information
the rest of the network, rather than changing the hosts file for each individual host on the network. Be-
cause NIS enforces consistent views of files on the network, it is suited for files that have no host-
specific information in them. Files that are generally the same on all hosts in a network, fit the NIS
model of a distributed database nicely. NIS provides all hosts information from its global database.
NIS
Master Server
Map Transfers
NIS Requests
NIS NIS
Slave Server Slave Server
With the distinction between NIS servers and clients firmly established, we can see that each
system fits into the NIS scheme in one of three ways:
• Client only: This is a typical of desktop workstations, where the system administrator tries
to minimise the amount of host-specific tailoring required to bring a system onto the net-
work. As an NIS client, the host gets all of its common configuration information from an
extant server.
• Server only: While the host services client request for map information, it does not use NIS
for its own operation. Server-only configuration may be useful when a server must provide
global host and password information for the NIS clients, but security concerns prohibit the
server from using these same files. However, bypassing the central configuration scheme
opens some of the same loopholes that NIS was intended to close. Although it is possible
to configure a system to be an NIS server only, we don' t recommend it.
• Client and server: In most cases, an NIS server also function as an NIS client so that its
management is streamlined with that of other client-only hosts.
Most precisely, a domain is a set of NIS maps. A client can refer to a map from any of several
different domains. Most of the time, however, any given host will only look up data from one
set of NIS maps. Therefore, it' s common to use the term domain to mean the group of sys-
tems that share a set of NIS maps. All systems that need to share common configuration in-
formation are put into an NIS domain. Although each system can potentially look up informa-
tion in any NIS domain, each system is assigned to a default domain, meaning that the sys-
tem, by default, looks up information from a particular set of NIS maps. It is up to the adminis-
trator to decide how many different domains are needed.
An interruption in NIS service affects all NIS clients if no other servers are available. Even if
another server is available, clients will suffer periodic slowdowns as the recognise the current
server is down and hunt for a new one.
A second imperative for NIS servers is synchronisation. Clients may get their NIS information
from any server, so all servers must have copies of every map file to ensure proper NIS op-
eration. Furthermore, the data in each map file on the slave servers must agree with that on
the master server, so that NIS clients cannot get out-of-data or stale data. NIS contains sev-
eral mechanisms for making changes to map files and distributing these changes to all NIS
servers on a regular basis.
Provides a mechanism for one host to make a procedure call that appears to be part of the local proc-
ess but is really executed on another machine on the network. Typically, the host on which the proce-
dure call is executed has resources that are not available on the calling host. This distribution of com-
puting services imposes a client/server relationship on the two hosts: The host owning the resource is
a server for that resource, and the calling host becomes a client of the server when it needs access to
the resource. The resource might be a centralised configuration file (NIS) or a shared filesystem
(NFS).
Instead of executing the procedure on the local host, the RPC system bundles up the arguments
passed to the procedure into a network datagram. The exact bundling method is determined by the
presentation layer, described in the next section. The RPC client creates a session by locating the ap-
propriate server and sending the datagram to a process on the server that can execute the RPC. On
the server, the arguments are unpacked, the server executes the result, packages the result (if any),
and sends it back to the client. Back on the client side, the reply is converted into a return value for the
procedure call, and the user application is reentered as if a local procedure call has completed. RPC
services may be built on either TCP or UDP transports, although most are UDP-oriented because the
are centred short-lived requests. Using UDP also forces the RPC call to contain enough context infor-
mation for its execution independent of any other RPC request, since UDP packets may arrive in any
order, if at all.
When an RPC call is made, the client may specify a time-out period in which the call must complete. If
the server is overloaded or has crashed, or if the request is lost in transit to the server, the remote call
may not be executed before the time-out period expires. The action taken upon an RPC times varies
by application, some resend the RPC call, while others may look for another server.
User Process
ruser (host)
RPC Server
Is built on the notion of an immutable network byte ordering, called the canonical form. It isn'
t really
important what the canonical form is, your systems may or may not use the same byte ordering and
structure packing conventions. This form simply allows network hosts to exchange structured data
independently of any peculiarities of a particular machine. All data structures are converted into the
network byte ordering and padded appropriately.
The rule of XDR is sender makes local canonical, receivers makes canonical local. Any data that goes
over the network is in canonical form. A host sending data on the network converts it to canonical
form, and the host that receives the data converts it back into its local representation. A different way
to implement the presentation layer might be receiver makes local. In this case, the sender does noth-
ing to the local data, and the receiver must deduce the packing and encoding technique and convert it
into the local equivalent, While this scheme may send less data over the network, it places the burden
of incorporating a new hardware architecture on the receiving side, rather than on the new machine.
Many of the descriptions included in this section are intended to give you only the basic.
IP is responsible for several tasks, most importantly determining a route to the description. In addition,
IP is responsible for the packing of messages into small network-transportable packets, called data-
grams. IP is used with almost all TCP protocols, sitting at the bottom of the TCP protocol stack just
above the network-layers. IP has no control over whether messages sent and received are intact. All
IP does is handle the sending and receiving, leaving it up to the next higher layer, usually TCP or UDP,
to take care of any problems that occur with lost or damaged data.
ICMP is a special form of IP used to handle error and status messages between IP layers on different
machines. Whenever one IP layer has to send information to another, it uses ICMP. Also, whenever IP
software detects an error of some sort, it uses ICMP to send reports to the other machine. Probably
the most common use of ICMP is for the ping command, which checks whether a machine is respon-
sive by sending a small ICMP message to the machine and waiting for a reply.
TCP is used primarily to verify that whatever was sent by the sending machine is received intact by the
destination. TCP is called a reliable delivery protocol, meaning that it makes sure everything sent was
received properly. TCP adds a header to the front of each message that contains checksums, num-
bering, and other reliability information to ensure that every packet sent is received without modifica-
tion. If there is a transmission problem, TCP takes care of resending the information.
TCP sits between the application and the IP layer on each machine, acting as a packaging layer for
application data and a delivery mechanism of sending packets to an application. TCP usually runs with
IP, but it can work with other protocols.
TCP is a connection-based protocol, meaning that the sending and the destination machines commu-
nicate with each other by sending status messages back and forth. If the connection is lost because of
routing problems or machine failures, errors are sent to the applications that use TCP. Some service
use TCP to maintain a connection between two machines, notably FTP or Telnet, both of which enable
you to move files and commands back and forth between two machines as if you were logged into
both at the same time.
UDP is an alternative to TCP. It is a connection-less protocol, meaning that the sending and receiving
machine are not constantly connected to each other. They can send status messages back and forth
to indicate reception of packets, but there is no constant connection maintained.
UDP is used by services that do not require a connection, such as the TFTP, DNS, NFS, and RPC.
Because of the lack of a connection, UDP is often thought of as a less reliable delivery protocol than
TCP, although other protocols can pick up the tasks that TCP offers. UDP sits in the layer between the
applications and IP. UDP usually uses IP to handle its packets.
Telnet:
The Telnet service provides a remote login capability. This lets a user on one machine log into another
machine and act as if they are directly in front of the second machine. The connection can be any-
where on the local network, or on another network anywhere in the world, as long as the user has
permission to log into the remote system. Telnet uses TCP to maintain a connection between two ma-
chines.
FTP enables a file on one system to be copied to another system. Users don' t actually log in as full
users to the machine they want to access but instead use the FTP service to provide access. The re-
mote machine must be set up with the permissions necessary to provide the user access to the files.
FTP uses TCP to create and maintain a connection between source and destination machines. Once
the connection to a remote machine has been established, FTP enables you to copy one or more files
to your machine. The term transfer implies that the file is moved from one system to another, but the
original is not affected, files are copied from one system to another.
SMTP is one protocol used for transferring electronic mail. Transparent to the user. SMTP connects to
different machines and transfers mail messages, much like FTP transfers files.
DNS enables a device with a common name to be converted to a special network address. DNS pro-
vides the conversion from a common local name to the unique physical address of the device'
s net-
work connection.
SNMP is a network management protocol. SNMP uses UDP as a transport mechanism. SNMP relies
on several terms from TCP/IP standard specifications, working with managers and agents instead of
clients and servers. An agent provides information about a device, whereas a manager communicates
across the network.
NFS is used to transparently enable multiple machines to access each other' s directories. NFS ac-
complishes this by using a distributed filesystem scheme. NFS systems are common in large corpo-
rate environments.
RPC are programming functions that enable an application to communicate with another machine, the
server. They provide the programming functions, return codes, and predefined variables to support
distributed computing.
TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It uses UDP as a
transport. Although not as sophisticated or as fast as FTP, TFTP can be used on many systems that
do not enable FTP access. In some ways, TFTP can be analogous to an e-mail message requesting
and receiving a file instead of a text body.
The BOOT Protocol, called BOOTP, is used to start up machines on a network that do not have their
own hard drives or storage devices containing operating systems and network information. BOOTP is
used for X-terminals and other diskless workstations.
ARP is one of several protocols that helps determine addresses on a network. ARP works with IP to
set routes to a destination. ARP converts an IP address to a network interface hardware address.
RARP as its name suggest, is the reverse process of ARP. RARP uses a network interface hardware
address and from that produces the IP address, whereas ARP produces the IP address from the
hardware address.
NTP is used to synchronise clocks across a network. This is important because many packets have a
prespectified amount of time to reach their routes. If a clock on one machine is inaccurate, the timers
in the packet might expire prematurely. Time is also used to build efficient routing tables that let IP
determine the fastest route to a destination.
The protocols that make up the TCP/IP family can be divided into groups of similar functionality for
convenience.
Routing ARP,
Internet Layer IP ICMP
Protocol RARP
Network Access Layer ATM, Ethernet II, IEEE 802.x, ISDN, X.25, etc.
Transport:
• TCP (Transport Control Protocol): A connection-based service, meaning that the sending and re-
ceiving machines are communicating with each other at all times.
• UDP (User Datagram Protocol): A connection-less service, meaning that the two machines are not
communicating with each other.
Routing:
Protocols that handle the addressing of data and determine the best routing to the destination. They
also handle the breaking up and reassemble of larger messages.
Network Address:
These protocols handle the way machines are addressed, both by a unique number and a more com-
mon symbolic name.
• ARP (Address Resolution Protocol): Determines the unique numeric addresses of the machine on
the network.
• DNS (Domain Name System): Determines numeric addresses from machine names.
• RARP (Reverse Address Resolution Protocol): Determines addresses of machines on the network,
but in a manner backward from ARP.
User services:
• BOOTP (BOOT Protocol): Starts up a network machine by reading the boot information from a
server.
• FTP (File Transfer Protocol): Transfers files from one machine to another without excessive over-
head. Uses TCP as the transport.
• TFTP (Trivial File Transfer Protocol): A simple file transfer method that uses UDP as the transport.
• Telnet: Enables remote logins so that users on one machine can connect to another machine and
behave as if they are sitting at the remote machine'
s keyboard.
Gateway Protocols:
These protocols help the network communicate routing and status information.
• EGP (Exterior Gateway Protocol): Transfers routing information for external networks.
• GGP (Gateway-to-Gateway Protocol): Transfers routing information between Internet gateways
• IGP (Interior Gateway Protocol): Transfer routing information for internal networks.
Others:
• NFS (Network File System): Enables directories on one machine to be mounted on another ma-
chine, then accessed by users as if they were on the local machine.
• NIS (Network Information Service): Maintains user accounts across networks simplifying logins and
password maintenance.
• RPC (Remote Procedure Call): Enables remote applications to communicate with each other using
function calls.
• SMTP (Simple Mail Transfer Protocol): A protocol for transferring electronic mail between ma-
chines.
• NTP (Network Time Protocol): Used to synchronise clocks of machines on a network.
• SNMP (Simple Network Management Protocol): An administrator'
s service that sends status mes-
sages about the network and devices attached to it.
Implementing TCP/IP:
• The standard interface defined by Microsoft is the Network Device Interface Specification (NDIS).
• The standard interface defined by Novell is the Open Datalink Interface (ODI).
These are different and incompatible specifications. Both of these driver interface standards allow
multiple protocol stacks to be run on the same PC. This means that TCP/IP can share a single net-
work interface with another protocol. such as NetWare, when an NDIS or ODI driver is used.
TCP/IP NetWare
Applications Services
TCP/IP Workstation
Protocols Shell
ODI Novell IPX
Converter Protocols
NetBIOS and the associated protocol NetBEUI (NetBIOS Extended User Interface) have long been
the basis of Microsoft'
s networking strategy.
Implementing TCP/IP 77
4/4/2002 Alex Peeters
It is the part of DOS that defines the I/O calls that applications use to request DOS I/O services. Net-
BIOS extends this to include calls that support I/O over a network. NetBIOS is an Application Pro-
gramming Interface (API) that defines how an application program request services from the underly-
ing network. NetBEUI includes the NetBIOS API, the Service Message Block (SMB) protocol, and the
NetBIOS Frame (NBF) protocol. SMB is an API that defines how applications ask for network services,
but NetBEUI is not just an API. It also includes the NBF protocol that builds NetBIOS frames for
transmission over the network. NetBIOS is not just used to refer to the API, it is frequently used to re-
fer to any network that uses NetBIOS.
NetBIOS requires very little memory and runs on any type of PC equipment. It is a fast, lightweight
protocol suitable for small LAN’s. NetBIOS is only suitable for LAN applications, it cannot be used by
itself for a WAN or an enterprise network because it is a non-routable protocol (the protocol cannot be
passed through routers, she can only be passed on a single physical network, it has no routing proto-
col and no independent address structure), and it depends on an underlying broadcast medium (it
cannot be used over serial lines, point-to-point networks, or internets built from dissimilar physical
networks).
Is a standard protocol, by encapsulating the NetBIOS messages inside TCP/IP datagrams. It is based
on the B-node (is an end node that uses broadcast messages to register its name and to request the
names of other systems on the network) architecture. The NetBIOS messages are encapsulated in
UDP messages and sent using the IP broadcast address. In effect, IP acts as the broadcast medium
for the NetBIOS protocol.
The B-node architecture doesn't address the problem of broadcast dependence, so NBT loads a
cache with NetBIOS-name-to-IP-address mappings from the LMHOSTS file.
In the B-node model, broadcast are only needed for name resolution. Other messages are addressed
directly to the remote host. Therefore, broadcasts are only needed for names that cannot be resolved
by other means. NBT also uses a name cache to further improve performance. The name cache pro-
vides information about computers that cannot respond to a broadcast. These are computers located
outside of the broadcast area, including computers located behind routers or on non-broadcast links.
Broadcasts continue to be used to local computers, so no entries need to be made for them in the
LMHOSTS file. This keeps the file small and permits it to be cached in memory.
Encapsulating NetBIOS inside IP datagrams reduces the performance and increase the complexity of
the protocol. Both protocols requires some level of configuration, whether it is the address for IP or he
LMHOSTS file for NetBIOS.
• NetBIOS-specific information are the hostname, and are the workgroup name.
• NBT-specific information are the scope ID (limits communication between NBT hosts, it
limits access and prevents the resources being offered by a system from being seen by
systems with a different scope ID), and the location from which the LMHOSTS file should
be imported.
It is a protocol to provide name service for NetBIOS names. The advantage of WINS is that it dynami-
cally learns names and addresses from the transmission on the network, and that it can be dynami-
cally updated by DHCP. The disadvantage is that it requires an NT server, and it is primarily a Net-
BIOS service. It is generally not used on TCP/IP networks.
Implementing TCP/IP 78
4/4/2002 Alex Peeters
Can be used to map a NetBIOS name to an IP address, but only if the NetBIOS name and the Internet
hostname of the computer are the same. It is a good idea to always make the NetBIOS name and the
hostname the same on every system
#PRE Causes the entry to be pre-loaded into the cache and permanently retained there. Nor-
mally entries are only cached when they are used for name resolution and are only re-
tained in the cache for a few minutes. Use #PRE to speed up address resolution for fre-
quently used hostnames.
#DOM Domain identifies NT domain controllers.
#INCLUDE File specifies a remote file that should be incorporated in the local LMHOSTS file. This
allows a centrally maintained LMHOSTS file to be automatically loaded. To provide re-
dundant sources for LMHOSTS, enclose a group of #INCLUDE commands inside a pair
of #BEGIN_ALTERNATE and #END_ALTERNATE statements. The system tries the vari-
ous sources in order and stops as soon it successfully downloads one copy of the
LMHOSTS file.
The system first checks the LMHOSTS file and then issues a DNS query if the NetBIOS name is not
found in the file. Many systems use a small LMHOSTS file to provide the addresses of important serv-
ers.
TCP/IP Applications:
Is a protocol that converts a physical network address into an IP address. This is the reverse of what
Address Resolution Protocol (ARP) does. Address Resolution Protocol maps an IP address to a
physical address so that data can be delivered over a physical network. It does this by broadcasting an
ARP packet that contains the IP address in question. When a system receives an ARP packet that
contains its IP address, it responds with a packet that contains its physical network address, e.g. its
Ethernet address.
Reverse Address Resolution Protocol (RARP) maps a physical address to an IP address for a system
that doesn't know its own IP address. The client uses the broadcast services of the physical network to
send out a packet that contains the client's physical network address, and asks if any system on the
network knows what IP address is associated with the address. The RARP server responds with a
packet that contains the client'
s IP address.
RARP is a useful tool, but it only provides the IP address. There are still several other values (the sub-
net mask, default gateway, the list of name servers, and the broadcast address) that need to be
manually configured.
Implementing TCP/IP 79
4/4/2002 Alex Peeters
Bootstrap Protocol:
Is an alternative to RARP, and when is used, RARP is not needed. BOOTP is a more comprehensive
configuration protocol than RARP. It provides much more configuration information, and it continues to
evolve to provide ever more comprehensive information. Over time they have expanded to become
the Dynamic Host Configuration Protocol (DHCP).
The BOOTP client broadcasts a single packet called a BOOTREQUEST packet that contains, at a
minimum, the client's physical network address. The client sends the broadcast using the address
255.255.255.255, which is a special address called the limited broadcast address. The clients wait for
a response from the server, and if one is not received within a specified time interval, the client re-
transmits the request. The server responds to the client'
s request with a BOOTREPLY packet.
BOOTP uses UDP as a transport protocol and, unlike RARP, it does not require any special Network
Access Layer protocols. It uses two different well-known port numbers: UDP port number 67 is used
for the server, and UDP port number 68 is used for the client. This is very unusual. Most software uses
a well-know port on the server side and a randomly generated port on the client side. The random port
number ensures that each pair of source/destination ports identifies a unique path for exchanging in-
formation. A BOOTP client, however, is still in the process of booting, it may not know its IP address.
Even if the client generates a source port for the BOOTREQUEST packet, a server response ad-
dressed to that port and the client' s IP address won' t be read by a client that doesn'
t recognise the ad-
dress. Therefore BOOTP sends the response to a specific port on all hosts. A broadcast set to UDP
port 68 is read by all hosts, even by a system that doesn' t know its specific address. The system then
determines if it is the intended recipient by checking the physical network address embedded in the
response. The server fills in all of the fields in the packet for which it has data. There are many differ-
ent values a server can provide.
Implementing TCP/IP 80
4/4/2002 Alex Peeters
# /etc/bootptab
defaults:\
:hd=/usr/boot: \
:bf=null: \
:ds=134.268.67.1 134.239.67.3: \
:sm=255.255.255.0: \
:gw=134.268.67.5:
PC0087: \
:tc=defaults: \
:ht=ethernet: \
:ha=0000c0a15e10: \
:ip=134.268.67.87: \
:hn:
PC0088: \
:tc=defaults: \
:ht=ethernet: \
:ha=0000c0a10e15: \
:ip=134.268.67.88: \
:hn:
It is possible to configure a BOOTP server to handle a very large number of clients. One server for
each subnet is a good design because it eliminates the need to pass BOOTP information through a
router, which requires a special router configuration.
Is the latest generation of BOOTP. It is designed to be compatible with earlier versions. DHCP is only
a proposed standard. DHCP uses the same UDP ports, 67 and 68, as BOOTP, and the same
BOOTREQUEST and BOOTREPLY packet format. But DHCP is more than just an update of BOOTP.
DHCP uses the portion of the BOOTP packet originally set aside for vendor extensions to indicate the
DHCP packet type and to carry a complete set of configuration information. DHCP calls the values in
this part of the packet options instead of vendor extensions. This is a more accurate description be-
cause DHCP defines how the options are used and does not leave their definition up to the vendors.
To handle the full set of configuration values from the Requirements for Internet Hosts, the option field
is expanded to 312 bytes from the original 64 bytes of the BOOTP vendor extension field.
Implementing TCP/IP 81
4/4/2002 Alex Peeters
Dynamic allocation is useful in a large distributed network where many PC’s are being added and de-
leted. Unused addresses are returned to the pool of addresses without relying on users or system ad-
ministrators to take action to return them. Addresses are only used when and where they' re needed.
Dynamic allocation allows a network to make the maximum use of a limited set of addresses.
DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses
are assigned.
Local Network
Router with BOOTP enabled
Remote Network
Router
Router
In figure 111, it consists of a single DHCP server and a few clients. As shown, a single DHCP server
can supply addresses for more than one network. To support DHCP on an internetwork, routers must
be configured with BOOTP forwarding.
The DHCP server maintains pools of IP addresses, called scopes. When a DHCP client enters a net-
work, it requests and granted a lease to use an address from an appropriate scope.
The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use
of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be
renegotiated. This approach ensures that unused addresses become available for use by other cli-
ents.
A single DHCP server can support clients on several networks in an internetwork. Clients moved to
different networks are assigned IP addresses appropriate to the new network.
Discover message
Offer message
Request message
DHCP Client DHCP Server
Acknowledgement message
Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a
DHCP client obtains a lease from a DHCP server.
Implementing TCP/IP 82
4/4/2002 Alex Peeters
Renewal
Granted
This process is completely transparent to the client and requires little ongoing maintenance on the part
of the network administrator.
DHCP can be configured to assign specific addresses to specific hosts, which enables administrators
to use DHCP to set host protocol options while retaining fixed address assignments.
Several types of hosts must assigned fixed, manual addresses so that other hosts can enter the ad-
dresses into their configurations.
Implementing TCP/IP 83
4/4/2002 Alex Peeters
Is a TCP/IP file sharing protocol that allows a server to export files that are mounted by clients and
used as if they are local files. NFS is a client/server application. The server makes part of its filesys-
tem available for use by its clients, and the client uses the remote filesystem as if it were part of its
local filesystem. Attaching a remote directory to the local filesystem (a client function) is called mount-
ing a directory. Offering a directory for remote access (a server function) is called exporting a direc-
tory.
NFS is a distributed filesystem. An NFS server has one ore more filesystems that are mounted by
NFS clients, to the NFS clients, the remote disks look like local disks. NFS filesystems are mounted
using the standard UNIX mount command, and all UNIX utilities work just as well with NFS-mounted
files as they do with files on local disks. NFS makes system administration easier because it elimi-
nates the need to maintain multiple copies of files on several machines: All NFS clients share the sin-
gle copy of the file on the NFS server. NFS also makes life easier for users: Instead of logging on to
many different systems and moving files from one system to another, a user can stay on one system
and access all the files that he or she needs within one consistent file tree.
The Network File System is a distributed file system that provides transparent access to remote disks.
Just as NIS allows you to centralise administration of user and host information, NFS allows you to
centralise administration of disks. Instead of duplicating common directories on every system, NFS
provides a single copy of the directory that is shared by all systems on the network. To a host running
NFS, remote filesystems are indistinguishable from local ones. For the user, NFS means that he/she
doesn' t have to log into other systems to access files. There is no need to use RCP or tapes to move
files onto the local system. Once NFS has been set up properly, users should be able to do all their
work on their local system, remote files will appear to be local to their own system. NFS and NIS are
frequently used together: NIS makes sure that configuration information is propagated to all hosts, and
NFS ensures that the files a user needs are accessible from these hosts.
NFS is also built on the RPC protocol and imposes a client-server relationship on the hosts that use it.
An NFS server is a host that owns one ore more filesystems and makes them available on the net-
work, NFS clients mount filesystems from one or more servers. This allows the normal client-server
model where the server owns a resource that is used by the client. In the case of NFS, the resource is
a physical disk drive that is shared by all clients of the server.
Is the TCP/IP mail delivery protocol. It moves mail across the Internet and across your local network. It
runs over the reliable, connection-oriented service provided by Transmission Control Protocol (TCP),
and it uses well known port number 25.
SMPT is such a simple protocol you can literally do it yourself. You telnet to port 25 (telnet alex.firm.be
25) on a remote host and type mail in from the command line using the SMTP commands.
Implementing TCP/IP 84
4/4/2002 Alex Peeters
SMTP provides direct end-to-end mail delivery. This is unusual, most mail systems use store and for-
ward protocols that move mail toward its destination one hop at a time, storing the complete message
at each hop and then forwarding it on the next system until final delivery is made. If the direct end-to-
end mail delivery fails, the local system knows it right away.
Is an extension of the TCP/IP mail system, not a replacement for it. MIME is more concerned with
what the mail system delivers than it is with the mechanics of delivery. It doesn'
t attempt to replace
SMTP or POP, it extends the definition of what constitutes mail.
Implementing TCP/IP 85
4/4/2002 Alex Peeters
File Sharing:
A true file sharing system allows files to be accessed at the record level. This makes it possible for a
client to read a record from a file located on a remote server, update that record, and write it back to
the server without moving the full file from the server to the client.
File sharing is transparent to the user and to the application software running on the user' s system.
Through file sharing, users and programs access files located on the remote systems as if they were
local. In a perfect file sharing environment, the user neither knows nor cares where the files are actu-
ally stored.
Implementing TCP/IP 86
4/4/2002 Alex Peeters
Application developers can write network-aware applications by accessing a set of standard proce-
dures and functions through an Application Programming Interface (API). This interface specifies soft-
ware-defined entry points that developers can use to access the functionality of the networking proto-
cols. The use of an API enables a developer to develop networkable applications, while being shielded
from having to understand how the underlying protocols operate. Other API’s define interfaces to other
system functionality.
Standard API Calls and Procedures Application Interface
Application Layer
Presentation Layer
Network Protocol Interface API accessing underlying network protocols Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-
layer model.
The majority of network applications have been written specifically to access a single networking pro-
tocol. This is because each of the NOS implementations have developed their API’s as a standard.
One of the main application requirements within a network is saving files on a central file store. To
achieve this, NOS implementations commonly include a program known as a redirector. A redirector
program extends the functionality of the workstation operating system to enable it to address remote
file stores.
In a DOS/Windows environment, file storage areas are denoted with the use of letters, typically with
the letters A through E being reserved for local disk drives. When a user wants to access a network
file volume, it is common for the NOS to facilitate some form of mapping between a volume name and
an available drive letter. After the mapping has been made, it is possible for any application to access
the shared file volumes in the same way as the would access a local drive. This is because of the op-
eration of the installed redirector program. The program sits between the workstation operating system
and the NOS protocol stack and listens for application calls made to any of the mapped network
drives.
The functionality of a redirector can be further clarified by considering the example of an application
user attempting to save a file on a network drive. The user prompts the application to save the file on a
network file volume that the NOS has mapped to the DOS drive I:. The application makes a call to the
workstation operating system to complete the required file save operation. The redirector program
recognise that the application is attempting to access a network drive and steps in to handle the re-
quired data transfer. If the redirector hadn'
t been active, the workstation operating system would have
been presented with a request to save a file on a drive letter that is knew nothing about, and it would
have responded with a standard error message, such as ' Invalid drive specification'
.
In a UNIX environment, similar file sharing capabilities are provided through the use of a Network File
System (NFS). The use of NFS enables the workstation to access file volumes located on remote host
machines as if they were extensions to the workstation' s native filesystem. As such, the use of NFS,
on the workstation side, is very similar to the use of the NOS redirector as outlined earlier. Implemen-
tation of client NFS software are available from several thirdparty companies. These implementations
require a TCP/IP protocol stack to operate alongside the installed NOS protocol stack.
A workstation configured with both an NOS and a TCP/IP protocol stack is able to operate two inde-
pendent applications that can provide file sharing access between environments. This is accomplished
through the use of the redirector program, to provide access to the NOS file server, and NFS, operat-
ing on the TCP/IP protocol stack to provide access to NFS volumes on UNIX-servers.
NetWare Server
UNIX Server
F:
G:
H:
Workstation
Figure 115 illustrates how a single workstation can be utilise to access both network environments.
The indicated workstation loads a NetWare protocol software and the associated redirector software.
File areas on the NetWare server are mapped as local drive F: and G:. The TCP/IP stack and NFS
implementation are also loaded, and the remote UNIX file system is mounted as the local drive H: on
the workstation PC. Files are then available to be saved by any application operating on the work-
station to any of the mapped drivers.
It is often more efficient to utilise an NOS server as a gateway into an existing TCP/IP network than to
run dual protocol stacks upon each network client.
In figure 117, the NetWare server has the Novel NFS Gateway software installed. The UNIX host has
exported the NFS, which has been mounted to a drive on it. This file area is now available to any of
the NetWare client workstations. These users are able to access the UNIX file area through the stan-
dard NetWare redirector program, removing the requirement of having to load a TCP/IP protocol stack
and run a TCP/IP-based application.
The NetWare server provides application gateway services between the IPX/SPX-based networks and
the TCP/IP network. To achieve this, it is necessary for the server to load both protocol stacks. On the
network clients, however, it is necessary to operate only the standard IPX/SPX protocol. The client
directs applications requests to use resources within the UNIX network to the gateway using IPX/SPX
protocols. The gateway relays these requests to the UNIX host via its TCP/IP protocol stack. In this
way, the use of a gateway greatly reduces the administrative overhead required to provide network
clients with access to TCP/IP hosts. Network users are able to utilise UNIX-based resources without
the requirement to run multiprotocol stacks.
NFS NFS
Protocol stack
Protocol stack
Protocol stack
TCP/IP
TCP/IP
IPX
Figure 116 outlines a sample configuration of a NOS server as a gateway.
NOS gateways tend to be implemented in one of two ways. The first is through the operation of proxy
application services. The use of a proxy service provides the user with a special set of the network
applications, such as Telnet, FTP, and Web browsers, that have been specifically written to operate
over NOS protocols. The client applications communicate with the gateway process, which forwards
the application request to the specified UNIX hosts. An alternative solution utilise a tailored version of
a standard WinSock driver. This special WinSock driver provides support for standard WinSock appli-
cations, but instead of operating on an underlying TCP/IP protocol stack it communicates using
IPX/SPX protocols. Yet again, communication occurs between the client workstation and the gateway
application, with the gateway acting to forward application data between the client and UNIX host. The
use of the tailored WinSock driver means that network clients are able to utilise any standard.
WinSock application and don' t have to rely on the gateway manufacturer to provide specialised appli-
cation software.
Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use
any standard WinSock application.
The major NOS vendors have recognised an increasing demand to replace their proprietary commu-
nication methods with native TCP/IP protocols. However, network applications have generally inter-
faced with a specific protocol. If NOS vendors were to suddenly adopt a different protocol, many of the
existing network applications would no longer function. For this reason, vendors are looking for ways
to replace their proprietary network protocols, but at the same time to provide a degree of backward-
compatibility to protect existing applications.
For example, within NetWare it is possible to replace the standard IPX/SPX protocols with a TCP/IP
protocol stack to provide standard communication between network client and server. However, within
this implementation each data packet actually consists of an IPX packet enclosed within a UDP
packet. The inclusion of the IPX header provides NetWare with the backward-compatibility it requires
to support its existing application base. However, the inclusion of the IPX header places an additional
overhead on each data packet. This overhead is likely to account for around 8 to 10 percent of the
total packet size.
Other NOS vendors also provide native support for TCP/IP protocols. For example, Windows NT al-
lows for the users of the NetBEUI protocol or TCP/IP protocols or a combination of both. Within NT,
network protocols are provided via an interface that it refers to as the Transport Driver Interface (TDI).
This is a layer that is loaded toward the top of the protocol stack and is used to provide a standard in-
terface between application environments and any underlying network protocols.
NetBIOS WinSock
Applications Applications
NetBIOS
Interface
TCP/UDP Services
Transport Device Interface
Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT.
At the TDI interface, standard API’s such as NetBIOS and WinSock are able to interact with communi-
cation modules, principally TCP/IP and NetBEUI. The TDI model has been designed around a flexible
architecture so that it can be adapted to support additional network protocols as required.
Under this networking model, applications that have been written to the NetBIOS interface can operate
over an installed TCP/IP protocol stack. NetBIOS operates by assigning a unique name to every net-
work node. The assignment and management of the NetBIOS name space results in the generation of
a large amount of network traffic. This is because hosts send out broadcasts to all network nodes
when they want to register the use of a name they need to perform name resolution. The NetBIOS
over TCP/IP standards specifies a method whereby this functionality can occur over a TCP/IP protocol
stack. The excessive broadcast requirements effectively limit the use of NetBIOS to small LAN envi-
ronments where the necessary bandwidth is available. IP networks, on the other hand, often include
wide area links where bandwidth might not be sufficient to handle the required broadcasts needed to
maintain the NetBIOS address space.
If an organisation merely wants to offer a service to the Internet community without enabling the users
to use the same connection to the Internet, limiting the security risk is easy.
local network
Internet
Figure 119 shows an Internet server isolated from the local network.
Figure 119 illustrates a configuration that completely isolates local users computers from the Internet.
If someone breaks into your Internet server, access is limited to the server itself.
IPX Protocols
local network
Internet
Figure 120 shows an Internet server that connect to the Internet using TCP/IP.
In figure 120, the server is connected to the organisation’s LAN using NWLink (IPX/SPX). Windows
NT servers do not route between different protocol stacks, and this approach very effectively isolates
outside TCP/IP users from inside users connected using NWLink.
Suppose that you want your Internet connection to enable outside users to connect in and inside users
to connect out. Don’t use an insecure Internet connection. If an outsider attempts to violate security,
you’ll know it. After all, the intruder can be readily identified because he will be using a nonlocal netid.
local network
Windows NT
Router
Internet
Unfortunately, IP addresses aren’t secure. Any reasonably knowledgeable Internet snoop can use a
technique known as IP spoofing to make his packets appear to have originated on your local network.
All the intruder needs to do is listen into your network for awhile, pick up a few usernames and pass-
words, which are transmitted in the clear, spoof an IP address, and break in. Once in, an intruder can
gain entry to dozen of TCP/IP systems. If the intruder can spoof in using the address of a user logged
on to a server, the intruder might be able to impersonate the logged-on user and access files using
that user’s security permissions.
A firewall is a filter that can be configurated to block certain types of network traffic.
A firewall is essentially an IP router that has had its routing function replaced by a more secure
method of forwarding messages. Some firewalls are specialised pieces of hardware, while other fire-
walls might consist of software running on a multihomed TCP/IP host.
Firewall
Router
In figure 122, the router handles packets up through the IP layer. The router forwards each packet
based on the packet’s destination address, and the route to that destination indicated in the routing
table. A host, on the other hand, does not forward packets, and the firewall system is just a special
type of multihomed host. Just like any host, the firewall accepts packets that are addressed to it, and
processes those packets through the Application Layer. The firewall ignores packets that are not ad-
dressed to it.
local network
Internet
Figure 123 illustrates a firewall configuration in which on Internet host provides all Internet services
and runs firewall software. The firewall/Internet server combination is configured to enable inside us-
ers to connect out to the Internet. Outside users are not permitted to connect to the LAN.
local network
Additional
Internet
Server
Internet
In figure 124, if you must configure more than on Internet server, you should avoid this example. No
matter how tightly the firewall is configured to restrict outside users from accessing specific hosts, an
intruder still could circumvent the firewall and gain access to other LAN-based hosts.
You should isolate the servers on a separate network segment and configure the firewall to route traf-
fic appropriately.
local network
Additional
Internet
Server
Internet
In figure 125, the firewall permits outside users to access designated servers on one network seg-
ment, but prevent access to systems on the other segments.
Because firwalls are used in place of routers, the are usually thought of as a way to separate an inter-
nal network from the external world. However, isolating an entire network behind a firwall may not be
required. Even at sites that need a firewall, most workstations and desktop computers may not contain
information or applications that need this level of protection. Frequently, only a limited set of com-
puters contain truly sensitive data or processes critical to the operation or the organisation.
One way to limit the impact of a firewall on the operation of a network is to use an internal firewall that
isolates selected critical systems, while allowing all other systems to operate in a normal manner.
Internal network of
Internet Router internal firewall
non-sensitive systems
Internet Router
Router
Internet
Figure 126 illsutrates networks using both Internal and External Firewalls.
The difficulty of identifying all sensitive systems, and the fear of making a mistake that could compro-
mise critical information, causes many security-conscious sites to prefer an external firewall, or even a
combination of internal and external firewalls. However, if sensitive systems can be identified and iso-
lated, the majority of users benefit from a more user friendly network because the entire network is not
isolated behind an external firewall.
The techniques for cracking into TCP/IP networks are advancing at least as quickly as the techniques
for building firewalls. and potting too much faith in the security you implement in unwise. For many, a
secure network is merely an inspiration to try harder. For this reason, physical isolation of critical com-
puters remain the one certain way to prevent intrusion.
The manager (the client) runs on the Network Management Station, it collects information from all of
the different devices that are being managed, consolidates it, and presents it to the human network
manager.
SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its
transport protocol because it has no need for the overhead of TCP. Reliability is not required because
each request generates a response. If the SNMP application does not receive a response, it simply
reissues the request. Sequencing is not needed because each request and each response travels as
a single datagram.
The request and response messages that SNMP sends in the diagrams are called Protocol Data Units
(PDU). These message types allow the manager to request management information, and when ap-
propriate, to modify that information. The messages also allow the agent to respond to manager re-
quests and to notify the manager of unusual situations.
PDU Use
GetRequest Manager requests an update
GetNextRequest Manager requests the next entry in a table
GetResponse Agent answers a manager request
SetRequest Manager modifies data on the managed device
Trap Agent alerts manager of an unusual event
The NMS periodically requests the status of each device (GetRequest) and each agent responds with
the status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the
burden on the agent because the NMS decides when polls are needed, and the agent simply re-
sponds. Polling also reduces the burden on the network because the polls originate from a single sys-
tem are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates.
If a problem occurs on a managed device, the manager does not find out until the agent polled. To
handle this, SNMP uses a modified polling system called trap-directed polling.
A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent
does not wait for the manager to poll, instead it immediately sends information to the manager. Traps
allow the agent to inform the manager of unusual events while allowing the manager to maintain con-
trol of polling. SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and lis-
tens for traps on port 162.
Generic Trap:
Trap Meaning
coldStart Agent restarted, possible configuration changes
warmStart Agent reinitialised without configuration changes
enterpriseSpecific An event significant to this hardware or software
authenticationFailure Agent received an unauthenticated message
linkDown Agent detected a network link failure
linkUp Agent detected a network link coming up
egpNeighborLoss The device'
s EGP neighbour is down
The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol
(SGMP), which was a tool for tracking the status of network routers. Routers are generally the only
devices that have multiple network links to keep track of and are the only devices that run Exterior
Gateway Protocol (EGP). These traps are not significant for PCs.
The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are
defined differently by every vendor' s SNMP agent software. Therefore it is possible for the trap to be
tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that
is privately defined by a vendor or organisation as opposed to something that is globally defined by an
RFC.
The Structure of Management Information (SMI) defines how data should be presented in an SNMP
environment. The SMI defines how managed objects are named, the syntax in which they are defined,
and how they are encoded for transmission over the network. The SMI is based on previous ISO work.
Each managed object is given a globally unique name called an object identifier. The object identifier
is part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to
guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is iden-
tified by a number. All SNMP managed object start with the number 1.3.6.1 .
Objects are defined just as formally as they are named. The syntax used to define managed objects is
Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It
makes the data definition independent of rules for encoding data for transfer over a network.
Installing SNMP:
Only one copy of the manager software is needed for a network. SNMP agents are installed in every
system.
Microsoft TCP/IP:
TCP/IP
Windows API Applications
Applications
Application/Presentation
Windows
Layer NetBIOS
NetBIOS over Sockets
Session Layer TCP/IP
TDI Interface
Transport Layer
Network Layer NWLink NetBEUI (NBF) TCP/IP
NDIS and TDI act as the unifying layers that enable Microsoft workstations to support multiple protocol
stacks over a single network interface.
At the lowest level of the protocol stack model are network interface adapters and the driver software
that enables them to connect with upper layers. NDIS is a standard interface between the MAC layer
protocols and the network layer. At the MAC layer, NDIS provides a well-defined interface that enables
vendors to write drivers for their network interface products. NDIS also provides a standard protocol
layer that upper-layer protocols can use, enabling multiple NDIS-compliant network layer protocols to
interface with any NDIS-compliant network adapter.
NDIS enables a computer to support multiple network adapters, which might be of the same or mixed
type. These adapters communicate with the same upper-layer protocol stacks, mediated by the NDIS
interface.
The Transport Driver Interface (TDI) defines a protocol interface between session layer protocols and
the transport layer. Transport protocols, therefore, can be written to standard interfaces both above
(TDI) and below (NDIS) in the protocol stack.
Above the TDI, Microsoft provides support for two Application Programming Interfaces (API’s). Net-
BIOS is the historic API for Microsoft network products. On the other hand, the standard API for
TCP/IP applications is Berkeley sockets, which Microsoft has implemented as Windows Sockets. For
environments that choose to implement TCP/IP without NetBEUI, and to support the non-routable
NetBIOS protocols over internetworks, Microsoft has provides a NetBIOS over TCP/IP (NBT) feature
that enables NetBIOS applications to access the TCP/IP transport.
Microsoft TCP/IP 97
4/4/2002 Alex Peeters
An efficient protocol that functions well in local networks, part of Windows NT. NBF is compatible with
the earlier NetBEUI implementations found in LAN Manager and Windows 3.x.
NWLink:
Is a Microsoft implementation of the two protocols (IPX and SPX) that are the standard transport on
NetWare networks.
• Internetwork Packet eXchange (IPX): Is a datagram network layer protocol that services as
the primary workhorse on NetWare LAN’s. The majority of NetWare services operate over
IPX.
• Sequenced Packet eXchange (SPX): Is an optional transport-layer protocol that provides
connection-oriented, reliable message delivery.
IPX is a routable protocol, and NWLink can be used to construct routed networks using Microsoft
products. The network/hardware address mechanism differs significantly from the mechanism used
for IP.
IPX uses sockets to direct messages to and from the correct upper-layer processes. In most cases,
upper-layer functions are performed by the NetWare Core Protocols (NCP), which provides network
services at the session, presentation, and application layers. NCP is not part of NWLink, although Mi-
crosoft has implemented a NetWare client requester that implements the client side of NCP.
The IPX/SPX protocols offer high performance, because node ID’s need not be maintained manually.
Use of IPX/SPX, however, has been confined primarily to the NetWare environment.
TCP/IP:
Microsoft has been including TCP/IP support in network products since LAN Manager. TCP/IP was
Microsoft'
s choice as a notable protocol for use when the non-routable NetBEUI was not functional.
DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses
are assigned. A single DHCP server can supply addresses for more than one network. To support
DHCP on an internetwork, routers must be configured with BOOTP forwarding.
The DHCP servers maintains pools of IP addresses, called scopes. When a DHCP client enters a
network, it request and is granted a lease to use an address from an appropriate scope. The concept
of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address.
Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This
approach ensures that unused addresses become available for use by other clients.
Microsoft TCP/IP 98
4/4/2002 Alex Peeters
DHCP can be configured to assign specific addresses to specific hosts, which enables administrators
to use DHCP to set host protocol options while retaining fixed address assignments.
Several types of hosts must be assigned fixed, manual addresses so that other hosts can enter the
addresses into their configuration, including, among others, the following examples: Routers (Gate-
ways), WINS servers, and DNS servers.
Managing WINS:
The primary naming system for Microsoft networks is based on NetBIOS names. Each computer on
the network is configured with a name that it broadcasts to the network make its presence known to all
other computers on the local network. This system is easy to maintain because whenever a computer
inserts itself into the network, the global name database is updated. This system works well on local
networks on which all protocols are supported by Microsoft network products. Microsoft operating sys-
tems configured using only TCP/IP protocols can use NetBIOS names within the context of a local,
non-routed network.
A significant limitation of NetBIOS naming in a TCP/IP environment is that the names do not propa-
gate across routers. NetBIOS names are disseminated using broadcast datagrams, which IP routers
do not forward. The NetBIOS names on one network, therefore, are invisible to computers on net-
works connected via routers.
The Microsoft LAN Manager products supported internetwork name resolution using static naming
tables stored in files named LMHOSTS. An LMHOSTS file is a text file that contains mappings be-
tween NetBIOS names and IP addresses. To enable computers on the internetwork to resolve names,
a network administrator had to manually update the LMHOSTS file and distribute it to all computers on
the Internet. This was a distinctly labour-intensive method of maintaining NetBIOS naming.
Like LMHOSTS, Windows Internet Name Service (WINS) maintains a NetBIOS global naming service
for TCP/IP internets. Unlike LMHOSTS, WINS is dynamic, extending the automatic configuration of
the NetBIOS name directory from local networks to internets. The WINS database is updated auto-
matically as NetBIOS computers insert and remove themselves from the network. Using WINS in con-
junction with DNS is possible, which would enable WINS to provide DNS with host names for Micro-
soft-based hosts within your network.
Microsoft TCP/IP 99
4/4/2002 Alex Peeters
Resolution is the process of associating host names with addresses. Resolution of NetBIOS names on
TCP/IP environments is the responsibility of the NetBIOS over TCP/IP (NBT) service. NBT name reso-
lution has evolved from a basic, broadcast-based approach to the current name-service approach.
Before discussing WINS, it is necessary to examine the name resolution modes supported by NBT.
• B-node: Is the oldest method employed on Microsoft networks, name resolution using broad-
cast messages. When Host A needs to communicate with Host B, it sends a broadcast mes-
sage to interrogates the network for the presence of Host B. If Host B receives the broadcast,
it sends a response to Host A that includes its address. If Host A does not receive a response
within a preset period of time, it times out and the attempt fails.
It'
s 134.67.32.2
A B C D
It works well in small, local networks, but poses two disadvantages that become criti-
cal as networks grow:
• As the number of hosts on the network increases, the amount of broadcast traffic
can consume significant network bandwidth.
• IP routers do not forward broadcasts, and this technique cannot propagate names
through an internetwork.
B-node is the default name resolution mode for Microsoft hosts not configured to use WINS
for name resolution. In pure B-node environments, hosts can be configured to use LMHOSTS
files to resolve names on the networks.
• P-node: Is used for name resolution. P-node computers register themselves with a WINS
server, which functions as a NetBIOS name server. The WINS server maintains a database of
NetBIOS names, ensures that duplicate names do not exist, and makes the database avail-
able to WINS clients.
It'
s 134.67.32.2
WINS Server
A B C
Each WINS client is configured with the address of a WINS server, which may reside on the
local network or on a remote network. WINS clients and servers communicate via directed
messages that can be routed. No broadcast messages are required to P-node name resolu-
tion.
• M-node: computers first attempt to use B-node name resolution, which succeeds if the desired
host resides on the local network. If B-node resolution fails, M-node hosts then to use P-node
to resolve the name. M-node enables name resolution to continue on the local network when
WINS servers are down. B-node resolution is attempted first on the assumption that in most
environments, hosts communicate most often with hosts on their local networks. When this
assumption holds, performance of B-node resolution is superior to P-node. Recall, however,
that B-node can result in high levels of broadcast traffic. Microsoft warns that M-node can
cause problems when network logons are attempted in a routed environment.
• H-node: Is the default for Microsoft TCP/IP clients configured using the addresses of WINS
servers. As a fallback, Windows TCP/IP clients can be configured to use LMHOSTS fields for
name resolution. Nodes configured with H-node, however, first attempt to resolve addresses
using WINS. Only after an attempt to resolve the name using a name server fails does an H-
node computer an attempt to use B-node. H-Node computers, therefore, can continue to re-
solve local addresses when WINS is unavailable. When operating in B-node, H-node com-
puters continue to poll the WINS server and revert to H-node when WINS services are re-
stored.
WINS uses one ore more WINS servers to maintain a database that provides name-to-address map-
pings in response to queries from WINS clients. WINS is a particularly got fit when IP addresses are
assigned by DHCP. Although the DHCP lease renewal process results in a certain stability of IP ad-
dress assignments. IP addresses can change if hosts are moved to different networks or if a hosts is
inactive for a time sufficient to cause its address to be reassigned. WINS automatically updates its
database to respond to such changes. Because WINS clients communicate with WINS servers via
directed messages, no problems are encountered when operating in a routed environment.
IP Address
P-node directed query
IP Address
Router
Router
WINS Server 1
with
Non-WINS Client WINS Proxy
BOOTP
Database Replication
WINS Server 2
WINS-Enabled Client
Router
Router
P-node query
with
BOOTP
IP Address
WINS proxies enable non-WINS clients to resolve names on the internetwork. When a WINS proxy
receives a B-node broadcast attempting to resolve a name on a remote network, the WINS proxy di-
rects a name query to a WINS server and returns the response to the non-WINS client.
WINS makes maintaining unique NetBIOS names throughout the Internet possible. When a computer
attempts to register a NetBIOS name with WINS, it is permitted to do so only if the name is not cur-
rently reserved in the WINS database. Without WINS, unique names are enforced only through the
broadcast B-node mechanism on local networks.
• When a WINS client is shut down in an orderly manner, it releases its name reservation in the
WINS database and the name is marked as released. After a certain time, a released name is
marked as extinct. Extinct names are maintained for a period of time sufficient to propagate the in-
formation to all WINS servers, after which the extinct name is removed from the WINS database.
• If a computer has released its name through an orderly shutdown, WINS knows that the name is
available and the clients can immediately reobtain the name when it reenters the network. If the cli-
ent has changed network addresses, by moving to a different network segment, a released name
can also be reassigned.
• If a computer is not shut down in an orderly fashion, its name reservation remains active in the
WINS database. When the computer attempt to reregister the name, the WINS server challenges
the registration attempt. If the computer has changed IP addresses, the challenge fails and the cli-
ent is permitted to reregister the name with its new address. If no other computer as actively using
the name, the client is also permitted to reregister with the name.
• All names in the WINS database bear a timestamp that indicates when the reservation will expire.
If a client fails to reregister the name when the reservation expires, the name is released. WINS
supports definition of static assignments that do not expire.
Any Windows NT server computer can be configured as a WINS server, except WINS servers cannot
receive their IP address assignment from DHCP. WINS clients communicate with WINS servers via
directed datagrams, and you do not have to locate a WINS server on each network segment. How-
ever, non-WINS clients are supported only if at least one WINS proxy is installed on each network or
subnetmask.
Multihomed computers should not be configured as WINS server. A WINS server may register its
name with only one network. The name of a multihomed WINS server, therefore, cannot be registered
with all attached networks. Also, some client connection attempts fail with multihomed WINS servers.
WINS recognises a variety of special names, identified by the value of the 16th byte of LAN Manager-
compatible names. Special names are encountered when setting up static mappings and when exam-
ining entries in the WINS database.
• Multihomed Names:
A multihomed name is a single computer name that stores multiple IP addresses, which are
associated with multiple network adapters on a multihomed computer. Each multihomed
name can be associated with up to 25 IP addresses. This information is established when
TCP/IP configuration is used to specify IP addresses for the computer.
When the WINS server service is running on a multihomed computer, the WINS service is al-
ways associated with the first adapter in the computer configuration. All WINS messages on
the computer, therefore, originate from the same adapter.
Multihomed computers with connections to two or more networks should not be configured as
WINS servers. If a client attempts a connection with a multihomed WINS server, the server
might supply an IP address on the wrong network, causing the connection attempt to fail.
Having two or more WINS servers on any network is desirable. A second server can be used to main-
tain a replica of the WINS database that can be used if the primary server fails. On large internet-
works, multiple WINS servers result in less routed traffic and spread the name resolution workload
across several computers.
Pairs of WINS servers can be configured as replication partners. WINS servers can perform two types
of replication actions: Pushing and pulling. And a member of a replication pair functions as either a
push partner or a full partner. All database replication takes place by transferring data from a push
partner to a pull partner. But a push partner cannot unilaterally push data. Data transfers may be initi-
ated in two ways.
• A pull partner can initiate replication by requesting replication from a push partner. All records in a
WINS database are stamped with a version number. When a pull partner sends a pull request, it
specifies the highest version number that is associated with data received from the push partner.
The push partner then sends any new data in its database that has a higher version number than
was specified in the pull.
• A push partner can initiate replication by notifying a pull partner that the push partner has data to
send. The pull partner indicates its readlines to receive the data by sending a pull replication re-
quest that enables the push partner to push the data.
Pulls generally are scheduled events that occur at regular intervals. Pushes generally are triggered
when the number of changes to be replicated exceeds a specified threshold. An administrator, how-
ever, can manually trigger both pushes and pulls.
WINS performs a complete backup of its database every 24 hours. If users cannot connect to a server
running the WINS server service, the WINS database probably has become corrupt. In that case, you
might need to restore the database from a backup copy.
Push
Pull
Pull
Push
Push
Pull
Pull
Push
Browsers, however, maintain databases only of host names. Addresses must still be derived from a
name resolution process.
Browsing works somewhat differently on TCP/IP networks than on networks running NetBIOS and
NWLink, although the difference becomes apparent only when routing is involved. Windows browsing
is based on browse lists, which catalogue all available domains and servers.
Browse lists are maintained by browsers. By default all Windows NT server computer are browsers.
Windows NT workstations computers are potential browsers, and can become browsers if required.
Each domain has one master browser that serves as the primary point for collecting the browse data-
base for the domain. Servers, any computer that offers shared resources, that enter the network
transmit server announcements to the master browser to announce their presence. The master
browser uses these server announcements to maintain its browse list.
Backup browsers receive copies of the browse list from the master browser at periodic intervals. She
introduce redundancy to the browsing mechanism and distribute browsing queries across several
computers. An election process among the various browsers determines the master browser. In do-
mains, the election is biased in favour of making the Primary Domain Controller (PDC) the master
browser, which always is the master browser if it is operational.
All Windows NT server computers function as master or backup browser. Windows NT workstations
can function as browsers. In the presence of sufficient Windows NT server computers, no Windows
NT workstation will be configured as browsers. When no Windows NT server computers are available,
at least two Windows NT workstations computers will be activated as browsers. An additional browser
will be activated for every 32 Windows NT workstation computers in the domain.
Severs must announce their presence to the master browser at periodic intervals, starting at one min-
ute intervals and increasing to 12 minutes. If a server fails to announce itself for three announcement
periods, it is removed from the browse list. Therefore, up to 36 minutes may be required before a
failed server is removed from the browse list.
Domains are also maintained in the browse list. Every fifteen minutes, a master browser broadcast a
message announcing its presence to master browsers in other domains. If a master browser is not
heard for three 15-minutes periodes, other master browsers remove the domain from their browse list.
Thus, 45 minutes may be required to remove information about another domain from a browse list.
Internetworks based on NetBIOS and NWLink protocols can route broadcast name queries across
routers. Maintaining a single master for each domain, therefore, is necessary.
Internetworks based on TCP/IP cannot forward broadcast queries between networks. Therefore, Mi-
crosoft TCP/IP networks maintain a master browser for each network or subnetmask. If a domain
spans more than one network or subnetwork, the domain master browser running on the PDC has a
special responsibility of collecting browse lists from the master browser on each network and subnet-
work. The domain master browser periodically rebroadcasts the complete domain browse list to the
master browser, which in turn update backup browsers on their networks. Therefore, significant time
might be required to disseminate browsing data through a domain on a large TCP/IP internetwork.
The browsing service is a convenience but is not required to enable clients to access servers on the
internetwork. Clients processes still can use shared resources by connecting directly with the Univer-
sal Naming Convention (UNC) name of the resource. On a TCP/IP internetwork, that makes WINS a
near necessity. Browsing, on the other hand, is very convenient but is not essential.
Multihomed hosts often present an ambiguous face to the network community. Different hosts can use
different IP addresses to access services running on the host, with unpredictable results. One case in
which this unpredictability seems to appear is browsing when the PDC for a domain is multihomed.
Clients are not hard-wired with the address of browsers, and a multihomed browser appears to con-
fuse things, causing various clients to see different browse lists. More consistent results seem to be
obtained when the PDC has a single IP address. In any case, the PDC cannot serve as master
browser for more than one network or subnetmask.
Sometimes dynamic name-address mappings are not desirable. At such times, creating static map-
pings in the WINS database proves useful. A static mapping is a permanent mapping of a computer
name to an IP address. Static mappings cannot be challenged and are removed only when they are
explicitly deleted. Reserved IP addresses assigned to DHCP clients override any static mappings as-
signed by WINS. Static mappings for unique and special group names can be imported from files that
conform to the format of LMHOSTS files.
Although a complete name resolution system can be based on LMHOSTS files, static naming files can
be a nightmare to administrator, particularly when they must be distributed to several hosts on the
network. Nevertheless, LMHOSTS files may be necessary if WINS will no be run on a network or if
having a backup is desirable in case the WINS service fails.
Although LAN manager host files supported little more than mappings of NetBIOS names to IP ad-
dresses, Windows NT offers several options that make LMHOSTS considerably more versatile.
IP-address Name
134.67.32.0 Logon-Server-Network-A
134.67.32.1 Host-1-Network-A
134.67.32.2 Host-2-Network-A
134.67.40.0 Logon-Server-Network-B
134.67.32.3 Host-3-Network-B
134.268.67.0 Logon-Server-Network-C
134.268.67.3 Host-3-Network-C
134.268.67.5 Host-5-Network-C
Managing DNS:
Domain Name Service (DNS) is the standard naming service used on the Internet and on most
TCP/IP networks.
If your Windows TCP/IP network is not connected to non-Microsoft TCP/IP networks, you do not need
DNS. WINS can provide all the naming services required on a Microsoft Windows Network.
You need DNS if you want to connect your TCP/IP hosts to the Internet or to a UNIX based TCP/IP
network, but only if you want to enable users outside the Windows network to access your TCP/IP
hosts by name.
Before DNS, name resolution was accomplished using files named HOSTS. Supporting a naming ser-
vice is a simple matter of editing a master HOSTS file and distributing it to all computers, which could
be accomplished by copying the file when a user logs on to a domain, or it could be done using a soft-
ware distribution system.
The electrical characteristics of the media used to send network datagrams partly define the physical
layer: The determine the maximum transmission rate, the longest straight run of cable, and other con-
strains of the network. This are all products of the transmission line theory, a study how signals be-
have when they are transmitted over long distances. While the extremely lower-level theory doesn’t
have any direct implications for higher-level protocols, violating the constraints imposed by transmis-
sion line theory can lead to intermittent and puzzling network failures that appear to the higher-level
protocol breakdowns.
A transmission line is any signal path that is long compared to the wavelength of the signal travelling
the path. Signals of higher frequencies have shorter wavelengths, so higher frequencies signals re-
quire transmission line analysis over much shorter path lengths. For example, low-speed AC line volt-
age going from a power company generator to a substation or transformer is affected by transmission
line problems over a distance of several miles. On the other end of the spectrum, high-speed inte-
grated circuits that produce pulses in the nanosecond range require transmission line treatment for
signals that are a few centimetres long. Signals on the Ethernet have wavelengths of about one meter,
so transmission line theory applies to every network with at least two stations on it, assuming the ma-
chines aren’t located on top of each other.
Every signal conductor has some inherent capacitance and inductance. The inductance comes from
the fact that any conductor must have a real non-zero thickness, the capacitance is due to coupling
with the ground plane and other nearby wires. Ethernet backbones are limited in length partly because
of these capacitive loading effects: The longer the cable, the greater its capacitance. As the capaci-
tance increases, each signal must charge up the line for a longer time, and after some critical value,
the time required to charge the line’s capacitance is significant compared to the time required to send
the packet’s preamble.
At low frequencies, the non-ideal characteristics of the wire may be ignored, but at the Ethernet data
transmission frequency of 10 MHz, the become important.
L1 L2 Ln
C1 C2 Cn
In figure 133, the series of inductors/capacitor pairs define an AC impedance for the cable. Impedance
is usually a function of the frequency of the signal encountering the L/C pairs. Ethernet packets are
sent with a constant frequency (not the frequency of the packets themselves, but the frequency of the
modulated signal representing the packet), fixing the AC impedance of the cable. The fixed imped-
ance is why you can put a fixed-value resistor on the Ethernet as a terminator, the rest of this discus-
sion explores the transmission line theory underpinnings that determine the value of that terminator.
On a non-ideal wire, the voltage at an endpoint can’t change instantaneously, due to the capacitive
and inductive effects described earlier. When a signal is impressed on a line (when a host sends a
packet on the Ethernet), the voltage at the end of the wire must go from 0 to -2.5 volts. A packet rolling
down the Ethernet cable is represented as a series of voltage changes, each with a corresponding
change in current as defined by Ohm’s law. The endpoint of the wire appears to be a signal load, for
this discussion assume that the load has an arbitrary value.
IR
IO = IL - IR IL
VO ZO ZL VL
load
The endpoint of the wire, represented as the load above, is initially at 0 volts. In order to satisfy Ohm’s
and Kirkhoff’s laws, a reflected signal must be created.
• Kirkhoff’s law dictates that the current flowing into a node must equal the current leaving it.
The incident, load, and reflected currents obey the following equation:
IO = IL − IR
• Kirkhoff’s law states that the loop voltage around a circuit must add up to zero.
We can use this form of Kirkhoff’s law to express the relationship of the voltages in the circuit:
VL = VO + VR
• Ohm’s law is used to describe the relationship of the line impedance, Z, and the current:
VL = IL. ZL
Substituting for VL and IL, we get:
VO + VR = ZL[IO - IR ]
Apply Ohm’s law again, with VR = IR . ZO, since the reflected signal sees the same impedance as
the incident signal:
ZL
VO + VR = [ VO − VR ]
ZO
Rearranging terms, we can express the amplitude of the reflected signal as a function of the origi-
nal signal:
VR ZL − ZO
=
VO ZL + ZO
Now let’s revisit our assumption that the load impedance, ZL, is some arbitrary value. An unterminated
cable endpoint has an infinite load impedance, so with ZL infinite, the fraction’s value is approximately
unity and VO = VR. The reflected current becomes a signal that looks electrically similar to the incident
packet, travelling in the opposite direction.
Again, the non-ideal physical characteristics of the wire prevent the reflected signal from being a mirror
image of the incident signal. At the same time, the end point of the line starts to charge to -2.5 volts,
so the voltage V at the endpoint of the wire isn’t precisely 0 volts. The combination of these two effects
makes the reflected signal a slightly attenuated version of the original. After several trips down the
length of the cable, the reflected signal is damped out completely. During the voltage rise time, how-
ever, reflected signals are making the line ring.
The fairly obvious solution is to make the reflection coefficient (the numerator in the fraction above)
equal to zero, so that there is no signal reflection. By placing a terminating resistor between the cable
and ground, the incident signal is caught and any reflection is suppressed.
Ethernet cabling has a characteristic impedance of 50 ohms, which is precisely the value used for
termination. Note that the line impedance is seen by AC signals only, and that DC testing of the line
itself, without the terminators, should show a DC resistance of a fraction of an ohm. However, this fact
can be exploited to perform a simple cable test: With a multimeter set on ohms, measure the DC re-
sistance between the centre conductor of the Ethernet and the ground shield on a network with no traf-
fic. Do not measure resistance on a live network. The network activity will cause the ohmmeter to give
an inexact reading. You may inadvertently create a short on the network, possibly damaging some
transceivers equipment.
The multimeter should read 25 ohms, half of the terminating resistor value, for a properly terminated
Ethernet. The resistance of the entire cable is 25 ohms because it is the effective resistance of the two
50 ohm terminators wired in parallel, joined by two conductors of the Ethernet cable:
R1. R2 R
Re ffective = =
R1 + R2 2
Ehternet Conductor
R1 R1 = R2 = 50 ohms R2
Sometimes the most perplexing network problems stem from a failure in the physical layer. This theo-
retical discussion may not help you debug open circuits or locate bad transceivers by watching wave-
forms, but it should help you build a mental checklist of potential problems to be used when examining
network cabling.
Troubleshooting TCP/IP:
Introduction:
• Resolving most problems requires a methodical approach and the application of your knowledge of
TCP/IP and of your network.
• TCP/IP is a four-layer hierarchy. Problems seen by the user in the Application Layer may be
caused by problems in the lower layers.
• IP requires that each system have a globally unique, software-defined address. IP uses the ad-
dress to move data through networks and through the layers of software in a host. Unlike networks
that use hardware addresses, IP relies on the system administrator to define the correct address.
Problems are frequently caused by configuration errors.
• Routing is required to deliver data between any two systems that are not directly connected by the
same physical network. Subnetting divides a network into separate physical networks so that rout-
ing may even be required within a single enterprise network.
• Pay attention to the error messages. Error messages are often vague, but they contain valuable
pointers to the underlying problem.
• The error Unknown host indicates a name server problem. If other computers resolve the
name correctly, the user's PC is probably misconfigured. If no system resolves the name
correctly, the name the user has may be wrong or the name server may be misconfigured.
Have the user try to connect with the numeric address.
• The error Network unreachable indicates a routing problem. It means that there is no route
to the remote host. If no system can reach it, the remote site might be down. If only the
user's PC has the problem, check the PC's routing configuration.
• The error Cannot connect or No answer or Connection timed out means that the remote
system is not responding. Either the remote system is down or a link between the user's
PC and the remote system is down. If the user is trying to connect using a numeric ad-
dress, it could mean that the user has the wrong address. Ask him/her to use the remote
system' s hostname.
Troubleshooting TCP/IP:
Deals with the unexpected. Network problems are usually unique and sometimes difficult to resolve.
Troubleshooting is an important part of maintaining a stable, reliable network service. Effective trou-
bleshooting requires a methodical approach to the problem, and a basic understanding of how the
network works. The key to solving a problem is understanding what the problem is. This is not as easy
as it may seem. The surface problem is sometimes misleading, and the real problem is frequently ob-
scured by many layers of software. When the true nature of the problem is understood, the solution of
the problem is often obvious.
Approaching a Problem:
• Gather detailed information about exactly what' s happening. When the first problem is reported,
talk to the user. Find out which application failed. What is the remote host'
s name and IP address?
What is the user' s hostname and address? What error message was displayed? If possible, verify
the problem by having the user run the application while you talk him/her through it. If possible, du-
plicate the problem on your own system.
• Does the problem occur in other applications on the user' s host, or is only one application having
trouble? If only one application is involved, the application may be misconfigured or disabled on the
remote host. Because of rising security concerns, more and more systems are disabling some ser-
vices.
• Does the problem occur with only one remote host, all remote hosts, or only certain groups of re-
mote hosts? If only one remote host is involved, the problem could easily be with that host. If all
remote hosts are involved, the problem is probably with the user'
s system. If only hosts on certain
subnets or external networks are involved, the problem may be related to routing.
• Does the problem occur on other local systems? Make sure you check other systems on the same
subnet. If the problem only occurs on the user's host, concentrate testing on that system. If the
problem affects every system on a subnet, concentrate on the router for that subnet.
Once you know the symptoms of the problem, visualise each protocol and device that handles the
data. Visualising the problem will help you avoid oversimplification, and keep you from assuming that
you know the cause even before you start testing.
Troubleshooting Hints:
• Approach problems methodically, don' t jump into another test scenario based on a hunch, without
ensuring that you can pick up your original test scenario where you left off.
• Keep a historical record of the problems in case it reappears.
• Don'
t assume a problem seen at the application level is not caused by a problem at a lower level.
• Test each possibility and base your actions on the evidence of the tests.
• Pay attention to error messages.
• Duplicate the reported problem yourself.
• Most problems are caused by human errors.
• Keep your users informed, users want solutions to their problems, they'
re not interested in specula-
tive techno-babble.
• Don'
t speculate about the cause of the problem while talking to the users.
• Stick to a few simple troubleshooting tools.
• Don't neglect the obvious, a loose Ethernet cable is a very common network problem. Check plugs,
connectors, cables, and switches.
• Small things can cause big problems.
Diagnostic tools:
Most network problems can be solved using the free diagnostic software. Large networks probably
need a network analyser, or at least a hardware tester such as a Time Domain Reflectometer (TDR).
ifcongif : Provides information about the basic configuration of the interface. It is useful
for detecting bad IP addresses, incorrect subnet masks, and improper broad-
cast addresses.
arp : Provides information about Ethernet/IP address translation. It can be used to
detect systems on the local network that are configured with the wrong IP
address.
netstat : Provides a variety of information. It is commonly used to display detailed sta-
tistics about each network interface, network sockets, and the network rout-
ing table.
ping : Indicates whether a remote host can be reached.
nslookup : Provides information about the DNS name service.
dig : Provides information about name service.
ripquery : Provides information about the contents of the RIP update packet being sent
or received by your system.
traceroute : Tells you which route packets take going from your system to a remote sys-
tem. Information about each hop is printed.
etherfind : Analyses the individual packets exchanged between hosts on the network. It
is most useful for analysing protocol problems.
The ping command tests whether a remote host can be reached from your computer. This simple
function is extremely useful for testing the network connection, independent of the application in which
the original problem was detected. Ping allow you to determine whether further testing should be di-
rected toward the network connection (the lower layers) or the application (the upper layers). If ping
shows that packets can travel to the remote system and back, the user' s problem is probably in the
upper layers. If packets can't make the round-trip, lower protocol layers are probably at fault.
Abbreviations:
AC Access Control
ACK Acknowledgement
ADS Acknowledged Datagram Service
AFS Andrew File System
API Application Programming Interface
ARP Address Resolution Protocol
AS Autonomous Systems
ASN.1 Abstract Syntax Notation One
BIOS Basic Input Output System
BNC Bus Network Connector
BOOTP BOOT Protocol
CD Collision Detection
CRC Cyclic Redundancy Checksum
CSMA Carrier Sence Multiple Access
CSMA/CA Carrier Sence Multiple Access/Collision Avoid
CSMA/CD Carrier Sence Multiple Access/Collision Detection
CSU Channel Service Unit
DA Destination Address
DDS Digital Data Service
DFS Distributed File System
DHCP Dynamic Host Configuration Protocol
DLP Data Link Protocol
DNS Domain Name Service
DSAP Destination Service Access Point
DSU Digital Service Unit
ED Ending Delimiter
EFS End-of-Frame Sequence
EGP Exterior Gateway Protocol
ETR Early Token Release
FC Frame Control
FCS Frame Check Sequence
FS Frame Status
FTP File Transfer Protocol
GGP Gateway to Gateway Protocol
ICMP Internet Control Message Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPX Internetwork Packet eXchange
IPX/SPX Internetwork Packet eXchange/Sequenced Packet eXchange
ISDN Integrated Services Digital Network
ISN Initial Sequence Number
ISO International Standards Organisation
LAN Local Area Network
LLC Logical Link Control
LSAP Link Service Access Point
LSL Link Support Layer
MAC Media Access Control
MAU Media Access Unit
MIME Multipurpose Internet Mail Extensions
MLID Multiple Link Interface Drivers
MTU Maximum Transmission Unit
NBF NetBIOS Frame Protocol
NBT NetBIOS over TCP/IP
NCP NetWare Core Protocols
NDIS Network Driver Interface Specification
NetBEUI NetBIOS Extended User Interface
Abbreviations 113
4/4/2002 Alex Peeters
Abbreviations 114
4/4/2002 Alex Peeters
Table of Figures:
Index:
Bus ..................................................................................8
Bus Network Connector ..................................................8
—1— Bus Networks ..................................................................8
10BASE2 ........................................................................2
10BASE5 ........................................................................2 —C—
10BASET Network .......................................................12
Canonical form..............................................................70
Carrier Sence.................................................................27
—8— Carrier Sence Multiple Access ......................................27
802 LAN Physical Address ...........................................26 Carrier Sence Multiple Access/Collision Avoid............27
Carrier Sence Multiple Access/Collision Detection ......27
CD.................................................................................28
—A— Channel Service Unit ....................................................44
Abbreviations.............................................................113 Characteristics of Layered Architectures.......................13
Abstract Syntax Notation One.......................................96 Characteristics of Layered Protocols.............................22
AC.................................................................................34 Cheapernet ......................................................................2
Access Control ..............................................................34 Checking remote hosts ..................................................51
Access method’s ...........................................................24 Circuit ...........................................................................40
Accident-proof network ..................................................1 Circuit Switching ..........................................................40
Acknowledged Datagram Service .................................25 Circuit-Switched networks ............................................11
Activity Management....................................................21 Client...............................................................................4
Address Resolution .......................................................63 Client-Server model ........................................................5
Address Resolution Protocol...........48, 58, 63, 74, 75, 79 Coaxial cable...................................................................2
Addressing, Routing, and Multiplexing.....................58 Collision........................................................................28
ADS ..............................................................................25 Collision Detection .......................................................28
AFS ...............................................................................86 Communication Protocols.............................................13
An Internet ....................................................................17 Concentrator..............................................................6, 10
An Internetwork ............................................................17 Connectionless Protocols ..............................................41
An overview of TCP/IP components ..........................72 Connection-oriented......................................................41
Andrew File System......................................................86 Contention.....................................................................24
API....................................................................78, 87, 97 CRC ........................................................................29, 31
Application layer...........................................................21 Creating Domains and Subdomains ..............................68
Application Programming Interface ..................78, 87, 97 CSMA ...........................................................................27
Approaching a Problem ..............................................111 CSMA/CA.....................................................................27
Architecture of the IEEE 802 Standards .......................24 CSMA/CD.....................................................................27
Architecture of the Windows Internet Name Service..101 CSU...............................................................................44
ARP.................................................48, 58, 63, 74, 75, 79 Cyclic Redundancy Checksum................................29, 31
AS .................................................................................61
ASN.1 ...........................................................................96 —D—
Asynchronically ..............................................................1
Automatic allocation .....................................................81 DA.................................................................................34
Autonomous Systems....................................................61 Data Field......................................................................29
Data Frame ..............................................................15, 16
Data Link Layer ............................................................15
—B— Data Section ..................................................................33
Backbone ....................................................................7, 8 Data Stream Maintenance .............................................55
Backbone Network........................................................12 Data-communication .......................................................1
Backplane......................................................................10 Datagram.....................................................20, 41, 48, 72
Basic Input Output System............................................78 Datagram Delivery ........................................................20
BIOS .............................................................................78 Data-processing...............................................................1
BNC connectors ..............................................................2 Data-transmission............................................................1
B-node.........................................................................100 DDS ..............................................................................44
Boot Protocol ..........................................................74, 76 Decapsulation................................................................23
BOOTP ...................................................................74, 76 Dedicated Leased Lines.................................................44
BOOTREPLY packet....................................................80 Delivering Data Through Internetworks ...................39
BOOTREQUEST packet...............................................80 Demultiplexer................................................................39
Bootstrap Protocol ........................................................80 Demultiplexing..............................................................20
Bridge .......................................................................6, 41 Demux...........................................................................39
Bridges, Routers, and Switches.....................................41 Destination Address ......................................................34
Broadband.....................................................................39 Destination and Source address...............................29, 31
Building an Internet Server........................................91 Destination Service Access Point..................................26
Detecting unreachable destinations ...............................50
Index 118
4/4/2002 Alex Peeters
Index 119
4/4/2002 Alex Peeters
Index 120
4/4/2002 Alex Peeters
Index 121
4/4/2002 Alex Peeters
—U— —V—
UDP ............................................................19, 51, 72, 75 VCS...............................................................................25
UDS ..............................................................................25 Virtual Circuit Service ..................................................25
ULP...............................................................................24
Unacknowledged Datagram Service .............................25
UNC............................................................................105
—W—
Universal Naming Convention....................................105 WAN .............................................................................12
Unreliable......................................................................41 What TCP/IP provides ..................................................46
Unshielded Twisted-Pair.................................................2 Wide Area Networks .....................................................12
Upper-Layer Protocols..................................................24 Windows Internet Name Service.............................78, 99
Upper-Level Protocol driver ...................................36, 37 WINS ..............................................................78, 99, 101
User Datagram Protocol..............................19, 51, 72, 75
User services .................................................................76
UTP.................................................................................2 —X—
XDR ........................................................................57, 70
Index 122