Background
The Internet protocols are the world’s most popular open-system (nonproprietary) protocol suite
becausetheycanbeusedtocommunicateacrossanysetofinterconnectednetworksandareequally
well suited for LAN and WAN communications. The Internet protocols consist of a suite of
communication protocols, of which the two best known are the Transmission Control Protocol
(TCP) and the Internet Protocol (IP). The Internet protocol suite not only includes lower-layer
protocols (such as TCP and IP), but it also specifies common applications such as electronic mail,
terminalemulation,andfiletransfer.Thischapterprovidesabroadintroductiontospecificationsthat
comprise the Internet protocols. Discussions include IP addressing and key upper-layer protocols
used in the Internet. Specific routing protocols are addressed individually later in this document.
Internet protocols were first developed in the mid-1970s, when the Defense Advanced Research
ProjectsAgency(DARPA)becameinterestedinestablishingapacket-switchednetworkthatwould
facilitate communication between dissimilar computer systems at research institutions. With the
goal of heterogeneous connectivity in mind, DARPA funded research by Stanford University and
Bolt,Beranek,andNewman(BBN).TheresultofthisdevelopmenteffortwastheInternetprotocol
suite, completed in the late 1970s.
TCP/IPlaterwasincludedwithBerkeleySoftwareDistribution(BSD)UNIXandhassincebecome
the foundation on which the Internet and the World Wide Web (WWW) are based.
Documentation of the Internet protocols (including new or revised protocols) and policies are
specified in technical reports called Request For Comments (RFCs), which are published and then
reviewed and analyzed by the Internet community. Protocol refinements are published in the new
RFCs. To illustrate the scope of the Internet protocols, Figure 30-1 maps many of the protocols of
the Internet protocol suite and their corresponding OSI layers. This chapter addresses the basic
elements and operations of these and other key Internet protocols.
Internet Protocol (IP)
TheInternetProtocol(IP)isanetwork-layer(Layer3)protocolthatcontainsaddressinginformation
and some control information that enables packets to be routed. IP is documented in RFC 791 and
is the primary network-layer protocol in the Internet protocol suite. Along with the Transmission
Control Protocol (TCP), IP represents the heart of the Internet protocols. IP has two primary
responsibilities: providing connectionless, best-effort delivery of datagrams through an
internetwork;andprovidingfragmentationandreassemblyofdatagramstosupportdatalinkswith
different maximum-transmission unit (MTU) sizes.
IP Packet Format
An IP packet contains several types of information, The following discussion describes the IP packet fields:
• Version—Indicates the version of IP currently used.
• IP Header Length (IHL)—Indicates the datagram header length in 32-bit words.
• Type-of-Service—Specifies how an upper-layer protocol would like a current datagram to be
handled, and assigns datagrams various levels of importance.
• Total Length—Specifies the length, in bytes, of the entire IP packet, including the data and
header.
• Identification—Containsanintegerthatidentifiesthecurrentdatagram.Thisfieldisusedtohelp
piece together datagram fragments.
• Flags—Consists of a 3-bit field of which the two low-order (least-significant) bits control
fragmentation.Thelow-orderbitspecifieswhetherthepacketcanbefragmented.Themiddlebit
specifies whether the packet is the last fragment in a series of fragmented packets. The third or
high-order bit is not used.
• Fragment Offset—Indicates the position of the fragment’s data relative to the beginning of the
dataintheoriginaldatagram,whichallowsthedestinationIPprocesstoproperlyreconstructthe
original datagram.
• Time-to-Live—Maintains a counter that gradually decrements down to zero, at which point the
datagram is discarded. This keeps packets from looping endlessly.
• Protocol—Indicateswhichupper-layerprotocolreceivesincomingpacketsafterIPprocessingis
complete.
• Header Checksum—Helps ensure IP header integrity.
• Source Address—Specifies the sendingnode.
• Destination Address—Specifies the receiving node.
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets). Subnetting
provides the network administrator with several benefits, including extra flexibility, more efficient
use of network addresses, and the capability to contain broadcast traffic (a broadcast will not cross
a router).
Subnets are under local administration. As such, the outside world sees an organization as a single
network and has no detailed knowledge of the organization’s internal structure.
A given network address can be broken up into many subnetworks. For example, 172.16.1.0,
172.16.2.0,172.16.3.0,and172.16.4.0areallsubnetswithinnetwork171.16.0.0.(All0sinthehost
portion of an address specifies the entire network.)
IP Subnet Mask
A subnet address is created by “borrowing” bits from the host field and designating them as the
subnet field. The number of borrowed bits varies and is specified by the subnet mask. Figure 30-6
shows how bits are borrowed from the host address field to create the subnet address field.
SubnetmasksusethesameformatandrepresentationtechniqueasIPaddresses.Thesubnetmask,
however,hasbinary1sinallbitsspecifyingthenetworkandsubnetworkfields,andbinary0sinall
bits specifying the host field. Figure 30-7 illustrates a sample subnet mask.
Subnet mask bits should come from the high-order (left-most) bits of the host field.DetailsofClassBandCsubnetmasktypesfollow.ClassAaddressesarenotdiscussed
in this chapter because they generally are subnetted on an 8-bit boundary.
ThedefaultsubnetmaskforaClassBaddressthathasnosubnettingis255.255.0.0,whilethesubnet
mask for a Class B address 171.16.0.0 that specifies eight bits of subnetting is 255.255.255.0. The
8
reason for this is that eight bits of subnetting or 2 – 2 (1 for the network address and 1 for the
8
broadcast address) = 254 subnets possible, with 2 – 2 = 254 hosts per subnet.
The subnet mask for a Class C address 192.168.2.0 that specifies five bits of subnetting is
5
255.255.255.248.With five bits available for subnetting, 2 – 2 = 30 subnets possible, with
3
2 – 2 = 6 hosts per subnet.
Thereferencechartsshownintable30–2andtable30–3canbeusedwhenplanningClassBandC
networks to determine the required number of subnets and hosts, and the appropriate subnet mask.
How Subnet Masks are Used to Determine the Network Number
The router performs a set process to determine the network (or more specifically, the subnetwork)
address.First,therouterextractstheIPdestinationaddressfromtheincomingpacketandretrieves
the internal subnet mask. It then performs alogical AND operation to obtain the network number.
This causes the host portion of the IP destination address to be removed, while the destination
network number remains. The router then looks up the destination network number and matches it
with an outgoing interface. Finally, it forwards the frame to the destination IP address. Specifics
regarding the logical AND operation are discussed in the following section.
Logical AND Operation
Three basic rules govern logically “ANDing” two binary numbers. First, 1 “ANDed” with 1 yields
1.Second,1“ANDed”with0yields0.Finally,0“ANDed”with0yields0.Thetruthtableprovided
in table 30–4 illustrates the rules for logical AND operations.
TwosimpleguidelinesexistforrememberinglogicalANDoperations:Logically“ANDing”a1with
a 1 yields the original value, and logically “ANDing” a 0 with any number yields 0.
Figure30-9illustratesthatwhenalogicalANDofthedestinationIPaddressandthesubnetmaskis
performed, the subnetwork number remains, which the router uses to forward the packet.
Address Resolution Protocol (ARP) Overview
Fortwomachinesonagivennetworktocommunicate,theymustknowtheothermachine’sphysical
(orMAC)addresses.BybroadcastingAddressResolutionProtocols(ARPs),ahostcandynamically
discover the MAC-layer address corresponding to a particular IP network-layer address.
AfterreceivingaMAC-layeraddress,IPdevicescreateanARPcachetostoretherecentlyacquired
IP-to-MACaddressmapping,thusavoidinghavingtobroadcastARPSwhentheywanttorecontact
a device. If the device does not respond within a specified time frame, the cache entry is flushed.
InadditiontotheReverseAddressResolutionProtocol(RARP)isusedtomapMAC-layeraddresses
toIPaddresses.RARP,whichisthelogicalinverseofARP,mightbeusedbydisklessworkstations
thatdonotknowtheirIPaddresseswhentheyboot.RARPreliesonthepresenceofaRARPserver
with table entries of MAC-layer-to-IP address mappings.
Internet Routing
Internet routing devices traditionally have been called gateways. In today’s terminology, however,
thetermgatewayrefersspecificallytoadevicethatperformsapplication-layerprotocoltranslation
between devices. Interior gateways refer to devices that perform these protocol functions between
machines or networks under the same administrative control or authority, such as a corporation’s
internal network. These are known as autonomous systems. Exterior gateways perform protocol
functions between independent networks.
Routers within the Internet are organized hierarchically. Routers used for information exchange
within autonomous systems are called interior routers, which use a variety of Interior Gateway
Protocols(IGPs)toaccomplishthispurpose.TheRoutingInformationProtocol(RIP)isanexample
of an IGP.
Routers that move information between autonomous systems are called exterior routers. These
routersuseanexteriorgatewayprotocoltoexchangeinformationbetweenautonomoussystems.The
Border Gateway Protocol (BGP) is an example of an exterior gateway protocol.
IP Routing
IProutingprotocolsaredynamic.Dynamicroutingcallsforroutestobecalculatedautomaticallyat
regularintervalsbysoftwareinroutingdevices.Thiscontrastswithstaticrouting,whereroutersare
establishedbythenetworkadministratoranddonotchangeuntilthenetworkadministratorchanges
them.
AnIProutingtable,whichconsistsofdestinationaddress/nexthoppairs,isusedtoenabledynamic
routing. An entry in this table, for example, would be interpreted as follows: to get to network
172.31.0.0, send the packet out Ethernet interface 0 (E0).
IProutingspecifiesthatIPdatagramstravelthroughinternetworksonehopatatime.Theentireroute
is not known at the onset of the journey, however. Instead, at each stop, the next destination is
calculated by matching the destination address within the datagram with an entry in the current
node’s routing table.
Each node’s involvement in the routing process is limited to forwarding packets based on internal
information.Thenodesdonotmonitorwhetherthepacketsgettotheirfinaldestination,nordoesIP
provide for error reporting back to the source when routing anomalies occur. This task is left to
anotherInternetprotocol,theInternetControl-MessageProtocol(ICMP),whichisdiscussedinthe
following section.
Internet Control Message Protocol (ICMP)
TheInternet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides
message packets to report errors and other information regarding IP packet processing back to the
source. ICMP is documented in RFC 792.
ICMP Messages
ICMPsgenerateseveralkindsofusefulmessages,includingDestinationUnreachable,EchoRequest
andReply,Redirect,TimeExceeded,andRouterAdvertisementandRouterSolicitation.IfanICMP
messagecannotbedelivered,nosecondoneisgenerated.ThisistoavoidanendlessfloodofICMP
messages.
WhenanICMPdestination-unreachablemessageissentbyarouter,itmeansthattherouterisunable
tosendthepackagetoitsfinaldestination.Therouterthendiscardstheoriginalpacket.Tworeasons
exist for why a destination might be unreachable. Most commonly, the source host has specified a
nonexistent address. Less frequently, the router does not have a route to the destination.
Destination-unreachablemessagesincludefourbasictypes:networkunreachable,hostunreachable,
protocol unreachable, and port unreachable.Network-unreachable messages usually mean that a
failure has occurred in the routing or addressing of a packet.Host-unreachable messages usually
indicates delivery failure, such as a wrong subnet mask.Protocol-unreachable messages generally
mean that the destination does not support the upper-layer protocol specified in the packet.
Port-unreachable messages imply that the TCP socket or port is not available.
AnICMPecho-requestmessage,whichisgeneratedbythepingcommand,issentbyanyhosttotest
nodereachabilityacrossaninternetwork.TheICMPecho-replymessageindicatesthatthenodecan
be successfully reached.
An ICMP Redirect message is sent by the router to the source host to stimulate more efficient
routing. The router still forwards the original packet to the destination. ICMP redirects allow host
routingtablestoremainsmallbecauseitisnecessarytoknowtheaddressofonlyonerouter,evenif
that router does not provide the best path. Even after receiving an ICMP Redirect message, some
devices might continue using the less-efficient route.
An ICMP Time-exceeded message is sent by the router if an IP packet’s Time-to-Live field
(expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets from
continuouslycirculatingtheinternetworkiftheinternetworkcontainsaroutingloop.Therouterthen
discards the original packet.
ICMP Router-Discovery Protocol (IDRP)
IDRP uses Router-Advertisement and Router-Solicitation messages to discover the addresses of
routers on directly attached subnets. Each router periodically multicasts Router-Advertisement
messages from each of its interfaces. Hosts then discover addresses of routers on directly attached
subnets by listening for these messages. Hosts can use Router-Solicitation messages to request
immediate advertisements rather than waiting for unsolicited messages.
IRDPoffersseveraladvantagesoverothermethodsofdiscoveringaddressesofneighboringrouters.
Primarily, it does not require hosts to recognize routing protocols, nor does it require manual
configuration by an administrator.
Router-Advertisementmessages enable hosts to discover the existence of neighboring routers, but
notwhichrouterisbesttoreachaparticulardestination.Ifahostusesapoorfirst-hoproutertoreach
a particular destination, it receives a Redirect message identifying a better choice.
Transmission Control Protocol (TCP)
The TCP provides reliable transmission of data in an IP environment. TCP corresponds to the
transportlayer(Layer4)oftheOSIreferencemodel.AmongtheservicesTCPprovidesarestream
data transfer, reliability, efficient flow control, full-duplex operation, and multiplexing.
With stream data transfer, TCP delivers an unstructured stream of bytes identified by sequence
numbers.Thisservicebenefitsapplicationsbecausetheydonothavetochopdataintoblocksbefore
handing it off to TCP. Instead, TCP groups bytes into segments and passes them to IP for delivery.
TCPoffersreliabilitybyprovidingconnection-oriented,end-to-endreliablepacketdeliverythrough
an internetwork. It does this by sequencing bytes with a forwarding acknowledgment number that
indicates to the destination the next byte the source expects to receive. Bytes not acknowledged
within a specified time period are retransmitted. The reliability mechanism of TCP allows devices
to deal with lost, delayed, duplicate, or misread packets. A time-out mechanism allows devices to
detect lost packets and request retransmission.
TCP offers efficient flow control, which means that, when sending acknowledgments back to the
source, the receiving TCP process indicates the highest sequence number it can receive without
overflowing its internal buffers.
Full-duplex operation means that TCP processes can both send and receive at the same time.
Finally, TCP’s multiplexing means that numerous simultaneous upper-layer conversations can be
multiplexed over a single connection.
TCP Connection Establishment
Tousereliabletransportservices,TCPhostsmustestablishaconnection-orientedsessionwithone
another. Connection establishment is performed by using a “three-way handshake” mechanism.
Athree-wayhandshakesynchronizesbothendsofaconnectionbyallowingbothsidestoagreeupon
initialsequencenumbers.Thismechanismalsoguaranteesthatbothsidesarereadytotransmitdata
and know that the other side is ready to transmit as well. This is necessary so that packets are not
transmitted or retransmitted during session establishment or after session termination.
Each host randomly chooses a sequence number used to track bytes within the stream it is sending
and receiving. Then, the three-way handshake proceeds in the following manner:
The first host (Host A) initiates a connection by sending a packet with the initial sequence number
(X) and SYN bit set to indicate a connection request. The second host (Host B) receives the SYN,
records the sequence number X, and replies by acknowledging the SYN(with an ACK = X + 1).
HostB includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host has
received bytes 0 through 19 and expects byte 20 next. This technique is calledforward
acknowledgment.HostAthenacknowledgesallbytesHostBsentwithaforwardacknowledgment
indicating the next byte Host A expects to receive (ACK = Y + 1). Data transfer then can begin.
Positive Acknowledgment and Retransmission (PAR)
A simple transport protocol might implement a reliability-and-flow-control technique where the
source sends one packet, starts a timer, and waits for an acknowledgment before sending a new
packet. If the acknowledgment is not received before the timer expires, the source retransmits the
packet. Such a technique is calledpositive acknowledgment and retransmission (PAR).
By assigning each packet a sequence number, PAR enables hosts to track lost or duplicate packets
caused by network delays that result in premature retransmission. The sequence numbers are sent
back in the acknowledgments so that the acknowledgments can be tracked.
PAR is an inefficient use of bandwidth, however, because a host must wait for an acknowledgment
before sending a new packet, and only one packet can be sent at a time.
TCP Sliding Window
ATCP sliding window provides more efficient use of network bandwidth than PAR because it
enables hosts to send multiple bytes or packets before waiting for an acknowledgment.
In TCP, the receiver specifies the current window size in every packet. Because TCP provides a
byte-stream connection, window sizes are expressed in bytes. This means that a window is the
numberofdatabytesthatthesenderisallowedtosendbeforewaitingforanacknowledgment.Initial
window sizes are indicated at connection setup, but might vary throughout the data transfer to
provide flow control. A window size of zero, for instance, means “Send no data.”
InaTCPsliding-windowoperation,forexample,thesendermighthaveasequenceofbytestosend
(numbered 1 to 10) to a receiver who has a window size of five. The sender then would place a
window around the first five bytes and transmit them together. It would then wait for an
acknowledgment.
The receiver would respond with an ACK = 6, indicating that it has received bytes 1 to 5 and is
expectingbyte6next.Inthesamepacket,thereceiverwouldindicatethatitswindowsizeis5.The
sender then would move the sliding window five bytes to the right and transmit bytes 6 to 10. The
receiverwouldrespondwithanACK=11,indicatingthatitisexpectingsequencedbyte11next.In
this packet, the receiver might indicate that its window size is 0 (because, for example, its internal
buffersarefull).Atthispoint,thesendercannotsendanymorebytesuntilthereceiversendsanother
packet with a window size greater than 0.
TCP Packet Field Descriptions
The following descriptions summarize the TCP packet fields illustrated in Figure 30-10:
• SourcePortandDestinationPort—Identifiespointsatwhichupper-layersourceanddestination
processes receive TCP services.
• SequenceNumber—Usuallyspecifiesthenumberassignedtothefirstbyteofdatainthecurrent
message.Intheconnection-establishmentphase,thisfieldalsocanbeusedtoidentifyaninitial
sequence number to be used in an upcoming transmission.
• AcknowledgmentNumber—Containsthesequencenumberofthenextbyteofdatathesenderof
the packet expects to receive.
• Data Offset—Indicates the number of 32-bit words in the TCP header.
• Reserved—Remains reserved for future use.
• Flags—Carries a variety of control information, including the SYN and ACK bits used for
connection establishment, and the FIN bit used for connection termination.
• Window—Specifiesthesizeofthesender’sreceivewindow(thatis,thebufferspaceavailablefor
incoming data).
• Checksum—Indicates whether the header was damaged in transit.
• Urgent Pointer—Points to the first urgent data byte in the packet.
• Options—Specifies various TCP options.
• Data—Contains upper-layer information.
User Datagram Protocol (UDP)
The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4) that
belongs to the Internet protocol family. UDP is basically an interface between IP and upper-layer
processes.UDPprotocolportsdistinguishmultipleapplicationsrunningonasingledevicefromone
another.
UnliketheTCP,UDPaddsnoreliability,flow-control,orerror-recoveryfunctionstoIP.Becauseof
UDP’s simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.
UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in
cases where a higher-layer protocol might provide error and flow control.
UDPisthetransportprotocolforseveralwell-knownapplication-layerprotocols,includingNetwork
FileSystem(NFS),SimpleNetworkManagementProtocol(SNMP),DomainNameSystem(DNS),
and Trivial File Transfer Protocol (TFTP).
The UDP packet format contains four fields, as shown in Figure30-11. These include source and
destination ports, length, and checksum fields.
Internet Protocols Application-Layer Protocols
The Internet protocol suite includes many application-layer protocols that represent a wide variety
of applications, including the following:
• File Transfer Protocol (FTP)—Moves files between devices
• Simple Network-Management Protocol (SNMP)—Primarily reports anomalous network
conditions and sets network threshold values
• Telnet—Serves as a terminal emulation protocol
• X Windows—Serves as a distributed windowing and graphics system used for communication
between X terminals and UNIX workstations
• Network File System (NFS), External Data Representation (XDR), and Remote Procedure Call
(RPC)—Work together to enable transparent access to remote network resources
• Simple Mail Transfer Protocol (SMTP)—Provides electronic mail services
• Domain Name System (DNS)—Translates the names of network nodes into network addresses
Internet Protocols
