chapter 1 A protocol is a set of rules that governs communication.

A protocol defines what is communicated, how it is communicated, and when it is communicated. The key e lements of a protocol are syntax, semantics, and timing. standards provide guidelines to manufacturers, vendors, government agencies, and other service providers to ensure interconnectivity and conformance. #### chapter 2 #### OSI Model: - OSI model is not a protocol; it is a model for understanding and designing a network architecture that is flexible, robust, and interoperable. Layers 1,2,3 - move data Layers 5,6,7 - user support layers Layer 4 - links the two, ensures lower layers have transmitted is in a form that the upper layers can use.

1) physical 2) data link framing physical address mac flow control error control access control - who has access to a shared link at a time

3) network - source-to-destination delivery of packets ( to correct computer) 4) Transport - process-to-process delievery ( to correct process) msg arrives in order, intact service-point addressing - tcp/udp port that points to a process segmenation and resassembly - sequence numbers connection control - connectionless and connection orineted flow control - end-to-end rather than across a single link error control - process-to-process rather than a single link

5) Session - network dialog controller. It establishes, maintains, and synchroni zes the interaction between communicating systems - dialog control - 2 systems enter dialog, half duplex, full duplex - synchronization - allows a process to add checkpoints (synchronization points ) into a stream of data. i.e. send 500 pg pdf, check every 100 all recieved. 6) presentation - syntax and semantics of the information exchanged between two systems. - translation - encoding systems - encryption - compression

7) Application: - enables the user, whether human or software, to access the net work. USer interface. TCP/IP Protocol Suite: - 5 layers, developed before OSI. TCP/IP ____________ Application ___________ Transport ) ___________ Internet ___________ Network Interface ___________ Physical Hardware ___________ ____________ Applicaton Presentation Session ____________ Transport ____________ Network ____________ Data Link ____________ Physical ____________ end-to-end node-to-node node-to-node

data segment ( whole message datagram (packet) frames bits

- IP transports data in packets called datagrams, each of which is transported separately. - Stream Control Transmission Protocol (SCTP), transport layer like udp/tcp ~~~~ addressing 2.4 ~~~~~ MAC - 6 byte ( 48 bit) 12 hexidecimal digits - 1 byte - 2 digits - 07:01:02:01:2C:4B - The physical addresses (MAC) will change from hop to hop, but the logical add resses(IP) an port(tcp/udp) addreses remain the same. Port - 16 bit port address, one decimal number #### chapter 3 ####

data link layer subdivided into 2 sublayers: Logical Link Control LLC & MAC preamble - pattern of laternativing 1's 0's - pattern provides an alaert and a t iming pulse. SFD - start frame delimiter DA - dst address SA - start address Minium frame length = 512bits ( 64 bytes ) Maximum fram length = 12,144 bits or 1518 bytes

mac address: 8th bit is 0 = unicast, 1 = multicast look at second hexidecimal digits, If it is even, the address is unicast. If it is odd, the address is multicast. a. This is a unicast address because A in binary is 1010 (even). b. This is a multicast address because 7 in binary is 0111 (odd). c. This is a broadcast address because all digits are F s. Fast ethernet = 802.3u - added autoneg gigabit ethernet = 802.3z 10 gig = 802.3ae ~~~~ 3.2 wirelesss ~~~~ CSMA\CA wait period of time = Distributed interframe sapce (DIFS) request to send (RTS) - includes time it needs to occupy to send short interfram space (SIFS) wait peroid of time CTS - destination sends clear to send send acknowledge ment after sending (CSMA\CD does not use ack, and it means i t recieved it). - networl allocation vector - rts timer that stations must wait before they can send :hidden station : A is in range of B and C, C and B are not in range of each other B A C -

B and c send to A ... collission The fix is the RTS and CTS. Expsed station problem" B A C D

is transmitting to station B. Station C has some data to send to station D, which can be sent without interfer ing with the transmission from A to B. However, station C is exposed to transmission from A; it hears what A is sending and thus refrains from sending. In other words, C is too conservative and wastes the capacity of the channel. ~~~~~~ bluetooth ~~~~

802.15 PAN - personal area network piconet - small bluetooth network - up to 8 stations, won is primary, rest is s econdary scatternet - combined piconets 1 Mbps with 2.4ghz band ( interferance with 802.11b) ~~~ ptp ~~~~ Synchronous Optical Network (SONET) ~~~~ switched wans ~~~~~~ Switched WAN technology is a connection-oriented technology. Before a sender can send a packet, a connection must be established between the sender and the receiver. After the co nnection is established, it is assigned an identifier (sometimes called a label) used dur ing the transmission. X.25 - three layers ( has its own network layer ) - extensive error contorl - slow transmission Frame Relay - no error checking or acknoledgements, left to higher layers. ATM - uses fixed size cells - asynchronous time division multiplexing Transmission path -set of all highways virtual path - path between 2 endpoints virtua netowrk - All cells belonging to a single message follow the same virtua l circuit and remain in their original order until they reach their destination. Think of a virtual circuit as the lanes of a highway (virtual path) Virtual path identifier (VPI) virtual cicuit identifier (VCI) A virtual connection is defined by the VPI and the VCI ( label) ATM layers - application layer ( application addaption layer AAL or simple and efficient a daption layer SEAL) - atm layer - physical layer IP uses AAL5 sublayer

A CELL IS 53 bytes, 5 byte header ( label (vpi vci)), 38 byte payload

~~~ connecting devices ~~~~~ repeater(hub) = physical layer 1 bridge = physical and data (1 +2) - table used for filtering decisions #### chapter 4 ##### ~~~~~~~~ Switching ~~~~~~~~ a packet switching network can be connection oriented ( uses flow lables ) or co nnectionless ... typically connectionless. connection oriented: setup - assign flow label - acknoledge from dst to source transfer teardown Packet switching can be described as connectionless transport. Each packet (data gram) is sent individually (one-by-one) and can take an independent path from th e other packets in the transmission. Packets switching relies on upper layer pro tocols ( i.e tcp) for reliable communications ( sequencing, acknowledgements, re transmissions) because packets can arrive out of order and can be lost during tr ansmission. Multiple transmissions can use the same paths and flow at the same t ime. Circuit switching is connection oriented. A connection is established from sourc e to destination before any message is sent. The message is sent as a whole, it is not subdivided into individual packets. After the transmission is complete, t he connection is gracefully torn down. Circuit switching creates a circuit ( pat h) between source and destination. Resources remain dedicated to the transmissio n and no other traffic can use this path as all devices in the path maintain the circuit. In this way, circuit switching can guarantee full bandwidth and qualit y of service to the transmission. ############# u chapter 5 example 5.5 for assign a q2. lol typo in figure 5.6 to figure out the number of addr in a clasful block N-32 , 2^n i.e. class a = 8, -32 = 24...2^24 a subnet has more bits than the default mask a supernet has less bits than the default mask

g139 pg 145/146 assignment subnets example 5.35 directed broadcast: i.e. 192.168.0.255 .. The last address in a block or subblo ck (with the suffix set all to 1s) can be used as a direct broadcast address. This address is usually used by a router to send a pac ket to all hosts in a specific network. limited broadcast: The block 255.255.255.255/32, which contains one single addre ss, is reserved for limited broadcast address in the current network. A host tha t wants to send a message to every other host can use this address as a destinat ion address in an IPv4 packet ###### chapter 6 layer 2 _ mac& llc to deter Ine if mac addr is uni or multicast look at the second hex digit. If ev en is unicast if odd it is multicast **some examples of the subetting question in this chapter !!! #### chapter 7 Packets in the network (internet) layer are called datagrams. ip header is 20-60 bytes a total datagram is 20-65535 bytes Service type: right most 3 bits ares zeros - precedence - 0-7 - If a router is c ongested and needs to discard some datagrams, those datagrams with lowest preced ence are discarded first. The total length field defines the total length of the datagram including the he ader. ICMP/IGMP are apparently l3. ICMP is ip 1 IGMP is ip 2 TCP is ip 6 UDP is ip 17 eigrp is ip 88 OSPF is ip 89 Packets in the network (internet) layer are called datagrams. FRAGEMENTS: takes place at layer 3, marks packets that are fragmented in the ip header. maxiumu ip dtagram is 65535 bytes, but MTU of fram is 1500 bytes ... need to fra gemnet

Only data in a datagram is fragmented. fragrements are representing in 8bytes, a s in the fragement size needs to be divisble by 8. flags field, 3 bits. first bit is not used, second bit do not fragment, 1 = do n ot, 0 = you can. third bit is more fragment. if it is 1, then it is not the last fragment. MSS is used to prevent fragmentation --- checksum 7.5 The checksum is calculated at the sender and the value obtained is sent with the packet. The receiver repeats the same calculation on the whole packet including the checksum. If the result is satisfactory (see below), the packet is accepted; oth erwise, it is rejected. Checksum in IP covers only the header, not the data. --- 7.6 atm The AAL layer used by the IP protocol is AAL5. #### chapter 8 An ARP packet is encapsulated directly into a data link frame. An ARP request is broadcast; an ARP reply is unicast. PROXY ARP: arp that acts on behalf of hosts, when the router recieves an arp for the ip add ress of one of the hosts, the router replies with its own physical address. ATMARP: ATM is a non-broadcast network, cant do arp. ATM requires the virtual circuits t o be setup before it can atmarp. ARP table: STATE: - FREE - ttl has expired, space can be used for something else - PENDING - request sent - RESOLVED - complete #### chapter 9 - ICMPv4 An ICMP message has an 8-byte header and a variable-size data section. Note that all error messages contain a data section that includes the IP header of the original datagram plus the first 8 bytes of data in that datagram. The origi nal datagram header is added to give the original source, which receives the error message,

information as we will see in de information information the error.

about the datagram itself. The 8 bytes of data are included because, Chapters 14 and 15 on UDP and TCP protocols, the first 8 bytes provi about the port numbers (UDP and TCP) and sequence number (TCP). This is needed so the source can inform the protocols (TCP or UDP) about

icmp error messages are alwasy sent back to the orig source icmp error messages are only generated for fragments when the fragement is the f irst one. desintaiton unreachable - if a router cant route the packet, the datagram is dis carded and a destination unreachble message is sent back to the source. - has various codes 0-15, port/protcol unreachble, framentation required, admin prohibited(acl) etc.. - only 2 and 3 can be created by dest host (port/protocol down) source quench: - There is no flow-control or congestion-control mechanism in the IP protocol. - A source-quench message informs the source that a datagram has been discarded due to congestion in a router or the destination host (somewhere in the path). The sour ce must slow down the sending of datagrams until the congestion is relieved. A source-quench is sent for each pac ket that is discarded and the source slows down until it stops recieving sourcequenches. time exceeded: - when ttl is zero, discard, send time-exceeded. - also generated when all fragments that make up a datagram do not arrive withi n a timelimit Parameter Problem: - f a router or the destination host discovers an ambiguous or missing value in any field of the datagram, it discards the datagram and send s a parameter-problem message back to the source. redirection message: - router accepts packet and sends to correct router, send redirect message to h ost to update its routing table to correct router. - A redirection message is sent from a router to a host on the same local networ k. Timestamp-request and timestamp-reply messages can be used to calculate the round-trip time between a source and a destination machine even if their clocks are not synchronized. The timestamp-request and timestamp-reply messages can be used to synchronize tw o clocks in two machines if the exact one-way time duration is known. In ICMP the checksum is calculated over the entire message (header and data). traceroute begins with a ttl of 1 and increments for each hop so that a time-exc eeded comes back from eahc host.

#### chapter 10 mobile ip - 2 addresses, home and foreign - home agent - The home agent acts on behalf of the mobile host when a remote host se nds a packet to the mobile host. The home agent receives the packet and sends it to the foreign agent. - home agent proxy arps as mobile host home address. - foreing agent - The foreign agent receives and delivers packets sent by the home agent to the mobile host. The mobile host can also act as a foreign agent. When the mobile host and the foreign agent are the same, the care-of address is called a colocated care-of address. - packets from mobile host to outside are sent as the home address. - The movement of the mobile host is transparent to the rest of the Internet. Phases: Agent discovery: - mobile hosts finds home agent and foreign agent, and care-of-addresses ( seco nd address) - sends agent solicitaion and recieves agent advertisement - agent advertisement/soclicitaion uses existing icmp Registration: - once moved to forieng netwokr must register - registration request/reply - The foreign agent, after receiving and registering the request, relays the message to the home agent. Note that the home agent now knows the add ress of the foreign agent because the IP packet that is used for relaying has the IP address of the foreign agent as the source address. - A registration request or reply is sent by UDP using the well-known port 434.

#### chapter 11 An autonomous system (AS) is a group of networks and routers under the authority of a single administration. Routing inside an autonomous system is referred to as intra-domain routing. Routing between autonomous systems is referred to as inter-domain routing.

Count-to-infinity

any increase in cost (bad news) propagates slowly. For a routing protocol to work properly, if a link is broken (cost becomes infinity), every other route r should be aware of it immediately, but in distance vector routing, this takes so me time. The problem is referred to as count to infinity. It takes several updates before the cost for a broken link is recorded as infinity by all routers.

two node loop problem ( count to infinity example) Ra - Rb - Rc link to a goes down Rb loses route, but router c still has the route, adv to rb ( before Rb sends it s updated table to Rc), ROuter B now has a the route to the broken network via R c ( which doesnt have connectivity). they advertise the route to each other incr ementing the metric Infinity = 16, maxium hops = 15 Split horizon - dont send information about routes from where they originate ( b ack down an interface to the adv router) Posion reverse RIP: - infintiy = 16 - max 15 hops - updates sent every 30 ( 25-35s) seconds, or when there is a change in the rou ting table - route experiation - 180s - garbage clean upo - 120s - annouce as infinite metic, after 120 seconds delet e - broadcast updates Ripv2: - classeless addressing - all router multicast - authentication RIP uses the services of UDP on well-known port 520. OSPF:

... #### chapter 13 transport-layer protocol is to provide process-to-process communication

emphemeral port number >1023 - 65535 combination of an IP address and a port number is called a socket address. Whenever an entity accepts items from more than one source, it is referred to as multiplexing (many to one) whenever an entity delivers items to more than one source, it is referred to as demultiplexing (one to many). Transport layer error control: 1. Detect and discard corrupted packets. 2. Keep track of lost and discarded packets and resend them. 3. Recognize duplicate packets and discard them. 4. Buffer out-of-order packets until the missing packets arrive.

### chapter 14 no flow control mechanism and there is no acknowledgment for received packets. U DP, however, does provide error control to some extent. If UDP detects an error in the received packet, it silen tly drops it. simple protocol using a minimum of overhead. has length field in header, but not needed: UDP length = IP length - IP headers length udp has a checksum !!!! Only those processes sending short messages, messages less than 65,507 bytes (65,535 minus 8 bytes for the UDP header and minus 20 bytes for the IP header), can use UDP. the protocol field for UDP is 17. connectionless service provides less delay; the connection-oriented service creates more delay UDP does not provide error control; ... but it has a checksum .... streaming audio, video, and voice applications that run over UDP must reorder or drop frames that are out of sequence UDP is suitable for a process that requires simple request-response communicatio n with little concern for flow and error control. UDP is suitable for a process with internal flow and error-control mechanisms. F or example, the Trivial File Transfer Protocol (TFTP) (see Chapter 21) process includes flow and error control. It can easily use UDP.

#### chapter 14 - tcp stream-oriented protocol connection-oriented protocol TCP groups a number of bytes together into a packet called a segment. TCP adds a header to each segment (for control purposes) and delivers the segment to the IP layer for transmission. no field for a segment number value in the segment header, Instead, there are two fields called the sequence number and the acknowledgment number The bytes of data being transferred in each connection are numbered by TCP. The numbering starts with an arbitrarily generated number. The sequence number for each segment is the number of the first byte of data carried in that segment. If a segment does not carry user data, it does not logically define a sequence number. The field is there, but the value is not val id. However, some segments, when carrying only control information, need a sequence number to allow an acknowledgment from the receiver. These segments are used for connec tion establishment, termination, or abortion. Each of these segments consume one sequ ence number as though it carries one byte, but there are no actual data. The value of the acknowledgment field in a segment defines the number of the nex t byte a party expects to receive. The acknowledgment number is cumulative. A packet in TCP is called a SEGMENT !!! The header is 20 bytes if there are no options and up to 60 bytes if it contains options. Windowing: maximum size of the window is 65,535 bytes. This value is normally referred to as the receiving wind ow (rwnd) and is determined by the receiver. The sender must obey the dictation of the receiver in this case. the use of the checksum in the UDP datagram is optional, whereas the use of the checksum for TCP is mandatory. uses pseudoheader ( src ip, dst ip, tc p lenth, protocl field) as part of checksum calc. a window size definition makes sense only when a segment includes an acknowledgm ent there are occasions in which an application program needs to send urgent bytes, some bytes that need to be treated in a special way by the applica tion at the other end. The solution is to send a segment with the URG bit set.

TCP flows: pg 445 -> 448 look at the diagrams !!!! A SYN segment cannot carry data, but it consumes one sequence number. A SYN + ACK segment cannot carry data, but does consume one sequence number. An ACK segment, if carrying no data, consumes no sequence number. The data segments sent by the client have the PSH (push) flag set so that the se rver TCP tries to deliver data to the server process as soon as they are received. The segment from the server, on the other hand, does not set the push flag. Note that a FIN segment can include the last chunk of data sent by the client or it can be just a control segment as shown in the figure. If it is only a control se gment, it consumes only one sequence number. Any of the two parties involved in exchanging data (client or server) can close the connection, although it is usually initiated by the client. Most implementations today allow two options for connection termination: three-way handshaking and four-way hands haking with a half-close option. three way handshake close: The FIN segment consumes one sequence number if it does not carry data. The FIN + ACK segment consumes one sequence number if it does not carry data. 4 way ( half close): After half closing the connection, data can travel from the server to the client and acknowledgments can travel from the client to the server. The client cannot send any more data to the server. C FIN -> seq:x acK: y <S

ACK seq: y-1 ACK: x+1 any data from server FIN seq: z

<only acks -> <-

ack: x+1 ACK Seq: x -> acl: z+1 COnnection resets: - tcp may deny a request or abort existing session, or terminate ilde connectio n with RST. - deny to non existing port RST - abort due to abnormal situation RST - idle for too long RST pg 449 ##### chapter 18 DHCP four pieces of information are normally needed: 1. The IP address of the computer 2. The subnet mask of the computer 3. The IP address of a router 4. The IP address of a name server RARP ARP maps an IP address to a physical address: RARP maps a physical address to an IP address. RARP used the broadcast service of the data link layer, which means that a RARP server must be present in each network RARP can provide only the IP address of the computer, but a computer today needs all four pieces of information mentioned above. BOOTP: - bootp server can be anywhere in the network - can probide all info - static configured protocol, mapping must exist ( mac - ip) DHCP: - udp port 67 for server, udp port 68 for client - uses "relay agent" for dhcp server in another network because broadcast cant get through rotuers.