TCP/IP Protocol Architecture
- TCP/IP protocols map to a four-layer conceptual model known as the DARPA model, named after the U.S. government agency that initially developed TCP/IP.
- The four layers of the DARPA model are:
(iv) Network Interface
- Each layer in the DARPA model corresponds to one or more layers of the seven-layer Open Systems Interconnection (OSI) model.
- The following figure shows the TCP/IP protocol architecture:
Try yourself:Which of the following are layers in the TCP/IP model?
5. Data Link
This seems like a hard question at first because it doesn't make sense. The listed answers are from the OSI model and the question asked about the TCP/IP protocol stack (DoD model). However, let's just look for what is wrong. First, the Session layer is not in the TCP/IP model; neither are the Data Link and Physical layers. This leaves us with the Transport layer (Host-to-Host in the DoD model), Internet layer (Network layer in the OSI), and Application layer (Application/Process in the DoD).
➢ Network Interface Layer
- The Network Interface Layer (also called the Network Access Layer) handles placing TCP/IP packets on the network medium and receiving TCP/IP packets off the network medium.
- TCP/IP was designed to be independent of the network access method, frame format, and medium. In this way, TCP/IP can be used to connect differing network types.
- These include local area network (LAN) media such as Ethernet and Token Ring and WAN technologies such as X.25 and Frame Relay. Independence from any specific network media allows TCP/IP to be adapted to new media such as asynchronous transfer mode (ATM).
- The Network Interface layer encompasses the Data Link and Physical layers of the OSI model. Note that the Internet layer does not take advantage of sequencing and acknowledgement services that might be present in the Network Interface layer. An unreliable Network Interface layer is assumed, and reliable communication through session establishment and the sequencing and acknowledgement of packets is the function of the Transport layer.
➢ Internet Layer
- The Internet layer handles addressing, packaging, and routing functions.
- The core protocols of the Internet layer are IP, ARP, ICMP, and IGMP.
1. The Internet Protocol (IP) is a routable protocol that handles IP addressing, routing, and the fragmentation and reassembly of packets.
2. The Address Resolution Protocol (ARP) handles resolution of an Internet layer address to a Network Interface layer address, such as a hardware address.
3. The Internet Control Message Protocol (ICMP) handles providing diagnostic functions and reporting errors due to the unsuccessful delivery of IP packets.
4. The Internet Group Management Protocol (IGMP) handles the management of IP multicast group membership.
- The Internet layer is analogous to the Network layer of the OSI model.
Try yourself:ICMP works on which layer
➢ Transport Layer
- The Transport layer (also known as the Host-to-Host Transport layer) handles providing the Application layer with session and datagram communication services. The core protocols of the Transport layer are Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
- TCP provides a one-to-one, connection-oriented, reliable communications service. TCP handles the establishment of a TCP connection, the sequencing and acknowledgement of packets sent, and the recovery of packets lost during transmission.
- UDP provides a one-to-one or one-to-many, connectionless, unreliable communications service. UDP is used when the amount of data to be transferred is small (such as data that fits into a single packet), when you do not want the overhead of establishing a TCP connection, or when the applications or upper-layer protocols provide reliable delivery.
The TCP/IP Transport layer encompasses the responsibilities of the OSI Transport layer.
➢ Application Layer
- The Application layer lets applications access the services of the other layers and defines the protocols that applications use to exchange data.
- There are many Application layer protocols and new protocols are always being developed.
The most widely known Application layer protocols are those used for the exchange of user information:
- The Hypertext Transfer Protocol (HTTP) is used to transfer files that make up the Web pages of the World Wide Web.
- The File Transfer Protocol (FTP) is used for interactive file transfer.
- The Simple Mail Transfer Protocol (SMTP) is used for the transfer of mail messages and attachments.
- Telnet, a terminal emulation protocol, is used for logging on remotely to network hosts.
Additionally, the following Application layer protocols help facilitate the use and management of TCP/IP networks:
- The Domain Name System (DNS) is used to resolve a host name to an IP address.
- The Routing Information Protocol (RIP) is a routing protocol that routers use to exchange routing information on an IP internetwork.
- The Simple Network Management Protocol (SNMP) is used between a network management console and network devices (routers, bridges, intelligent hubs) to collect and exchange network management information.
Examples of Application layer interfaces for TCP/IP applications are Windows Sockets and NetBIOS. Windows Sockets provides a standard application programming interface (API) under Windows Server 2003. NetBIOS is an industry-standard interface for accessing protocol services such as sessions, datagram’s, and name resolution. More information on Windows Sockets and NetBIOS is provided later in this chapter.
The TCP/IP Application layer encompasses the responsibilities of the OSI Session, Presentation, and Application layers.
➢ TCP/IP Core Protocols
- The TCP/IP protocol component that is installed in your network operating system is a series of interconnected protocols called the core protocols of TCP/IP.
- All other applications and other protocols in the TCP/IP protocol suite rely on the basic services provided by the following protocols: IP, ARP, ICMP, IGMP, TCP, and UDP.
- IP is a connectionless, unreliable datagram protocol primarily responsible for addressing and routing packets between hosts. Connectionless means that a session is not established before exchanging data. Unreliable means that delivery is not guaranteed.
- IP always makes a “best-effort” attempt to deliver a packet. An IP packet might be lost, delivered out of sequence, duplicated, or delayed. IP does not attempt to recover from these types of errors.
- The acknowledgement of packets delivered and the recovery of lost packets is the responsibility of a higher-layer protocol, such as TCP. IP is defined in RFC 791.
An IP packet consists of an IP header and an IP payload.
Table: Key Fields in the IP Header
➢ Fragmentation and Reassembly
- If a router receives an IP packet that is too large for the network to which the packet is being forwarded, IP fragments the original packet into smaller packets that fit on the downstream network.
- When the packets arrive at their final destination, IP on the destination host reassembles the fragments into the original payload. This process is referred to as fragmentation and reassembly.
- Fragmentation can occur in environments that have a mix of networking media, such as Ethernet and Token Ring.
The fragmentation and reassembly work as follows:
- When an IP packet is sent by the source, it places a unique value in the Identification field.
- The IP packet is received at the router. The IP router notes that the maximum transmission unit (MTU) of the network onto which the packet is to be forwarded is smaller than the size of the IP packet.
- IP divides the original IP payload into fragments that fit on the next network.
Each fragment is sent with its own IP header that contains:
- The original Identification field identifying all fragments that belong together.
- The More Fragments Flag indicating that other fragments follow. The More Fragments Flag is not set on the last fragment, because no other fragments follow it.
- The Fragment Offset field indicating the position of the fragment relative to the original IP payload.
When the fragments are received by IP at the remote host, they are identified by the Identification field as belonging together. The Fragment Offset field is then used to reassemble the fragments into the original IP payload.
- When IP packets are sent on shared access, broadcast-based networking media — such as Ethernet or Token Ring — the media access control (MAC) address corresponding to a forwarding IP address must be resolved.
- ARP uses MAC-level broadcasts to resolve a known forwarding or next-hop IP address to its MAC address. ARP is defined in RFC 826.
Try yourself:Which protocol finds the MAC address from IP address
- Internet Control Message Protocol (ICMP) provides troubleshooting facilities and error reporting for packets that are undeliverable.
Example: If IP is unable to deliver a packet to the destination host, ICMP sends a Destination Unreachable message to the source host.
- The following table shows the most common ICMP messages.
Table: Common ICMP Messages
Table: Common ICMP Destination Unreachable Messages
ICMP does not make IP a reliable protocol. ICMP attempts to report errors and provide feedback on specific conditions. ICMP messages are carried as unacknowledged IP datagrams and are themselves unreliable. ICMP is defined in RFC 792.
- Internet Group Management Protocol (IGMP) is a protocol that manages host membership in IP multicast groups on a network segment. An IP multicast group, also known as a host group, is a set of hosts that listen for IP traffic destined for a specific IP multicast address.
- IP multicast traffic is sent to a single MAC address but processed by multiple IP hosts. A specific host listens on a specific IP multicast address and receives all packets to that IP address.
The following are some of the additional aspects of IP multicasting:
- Host group membership is dynamic; hosts can join and leave the group at any time.
- A host group can be of any size.
- Members of a host group can span IP routers across multiple networks. This situation requires IP multicast support on the IP routers and the ability for hosts to register their group membership with local routers. Host registration is accomplished using IGMP.
- A host can send traffic to an IP multicast address without belonging to the corresponding host group.
For a host to receive IP multicasts, an application must inform IP that it will receive multicasts at a specified IP multicast address. If the network technology supports hardware-based multicasting, the network interface is told to pass up packets for a specific IP multicast address. In the case of Ethernet, the network adapter is programmed to respond to a multicast MAC address corresponding to the specified IP multicast address.
A host supports IP multicast at one of the following levels:
- Level 0: No support to send or receive IP multicast traffic.
- Level 1: Support exists to send but not receive IP multicast traffic.
- Level 2: Support exists to both send and receives IP multicast traffic. Windows Server 2003, Windows 2000, Microsoft Windows NT version 3.5 and later, and TCP/IP support level 2 IP multicasting.
The protocol to register host group information is IGMP, which is required on all hosts that support level 2 IP multicasting. IGMP packets are sent using an IP header.
IGMP messages take three forms:
1. Host Membership Report
- When a host joins a host group, it sends an IGMP Host Membership Report message to the all-hosts IP multicast address (188.8.131.52) or to the specified IP multicast address declaring its membership in a specific host group by referencing the IP multicast address.
- A host can also specify the specific sources from which multicast traffic is needed.
2. Host Membership Query
- When a router polls a network to ensure that there are members of a specific host group, it sends an IGMP Host Membership Query message to the all-hosts IP multicast address.
- If no responses to the poll are received after several polls, the router assumes no membership in that group for that network and stops advertising that multicast group information to other routers.
3. Group Leave
- When a host is no longer interested in receiving multicast traffic sent to a specific IP multicast address and it sent the last IGMP Host Membership Report message in response to an IGMP Host Membership Query, it sends an IGMP Group Leave message to the specific IP multicast address.
- Local routers verify that the host sending the IGMP Group Leave message is the last group member for that multicast address on that subnet.
- If no responses to the poll are received after several polls, the router assumes no membership in that group for that subnet and stops advertising that multicast group information to other routers.
For IP multicasting to span routers across an internetwork, multicast routing protocols are used by routers to communicate host group information so that each router supporting multicast forwarding is aware of which networks contain members of which host groups. IGMP is defined in RFCs 1112 and 2236.
- TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments. Connection-oriented means that a connection must be established before hosts can exchange data. Reliability is achieved by assigning a sequence number to each segment transmitted.
- An acknowledgement is used to verify that the data is received. For each segment sent, the receiving host must return an acknowledgement (ACK) within a specified period for bytes received. If an ACK is not received, the data is retransmitted. TCP is defined in RFC 793.
TCP uses byte-stream communications, wherein data within the TCP segment is treated as a sequence of bytes with no record or field boundaries.
Table: Key Fields in the TCP Header
➢ TCP Ports
- A TCP port provides a specific location for delivery of TCP segments. Port numbers below 1024 are well-known ports and are assigned by the Internet Assigned Numbers Authority (IANA). The following table lists a few well-known TCP ports.
Table: Well-Known TCP Ports
➢ TCP Three-Way Handshake
- A TCP connection is initialized through a three-way handshake.
- The purpose of the three-way handshake is to synchronize the sequence number and acknowledgement numbers of both sides of the connection and exchange TCP window sizes or the use of large window sizes or TCP timestamps.
The following steps outline the process:
- The initiator of the TCP connection, typically a client, sends a TCP segment to the server with an initial Sequence Number for the connection and a window size indicating the size of a buffer on the client to store incoming segments from the server.
- The responder of the TCP connection, typically a server, sends back a TCP segment containing its chosen initial Sequence Number, an acknowledgement of the client’s Sequence Number, and a window size indicating the size of a buffer on the server to store incoming segments from the client.
- The initiator sends a TCP segment to the server containing an acknowledgement of the server’s Sequence Number.
TCP uses a similar handshake process to end a connection. This guarantees that both hosts have finished transmitting and that all data was received.
- UDP provides a connectionless datagram service that offers unreliable, best-effort delivery of data transmitted in messages. This means that neither the arrival of datagrams nor the correct sequencing of delivered packets is guaranteed. UDP does not recover from lost data through retransmission. UDP is defined in RFC 768.
- UDP is used by applications that do not require an acknowledgement of receipt of data and that typically transmit small amounts of data at one time. NetBIOS name service, NetBIOS datagram service, and SNMP are examples of services and applications that use UDP. The following table describes the key fields in the UDP header.
Table: Key Fields in the UDP Header
➢ UDP Ports
- To use UDP, an application must supply the IP address and UDP port number of the destination application.
- A port provides a location for sending messages. A port functions as a multiplexed message queue, meaning that it can receive multiple messages at a time. Each port is identified by a unique number.
- It is important to note that UDP ports are distinct and separate from TCP ports even though some of them use the same number.
Table: Well-Known UDP Ports
So that is about TCP/IP and the protocols we use in TCP/IP.