LO1 Web Designe
LO1 Web Designe
LO1 Web Designe
Most hosting companies require that you own your domain in order to host
with them. If you do not have a domain, the hosting companies will help you
purchase one.
FTP Access The use of FTP lets you upload files from your local
computer to your web server. If you build your website using
your own HTML files, you can transfer the files from your
computer to the web server through FTP, allowing your
website to be accessed through the internet.
DNS is an essential part of the Internet. It manages to translate all the inquiries
into IP addresses, and like this, it can identify different devices that are
connected to the network.
1.Information request
You want to visit our website and you know the domain name. You write it in
your browser, and the first thing it does is to check for local cache if you have
visited it before, if not it will do a DNS query to find the answer.
The Domain Name System is a hierarchical system, and at the top of the
hierarchy is the DNS root zone. IANA manages the DNS root zone - with
oversight provided by ICANN - by administrating the data (root zone file) in the
root name servers. Alongside maintaining the Root Zone File, ICANN also
maintains the Root Zone Database (information published in the WHOIS
service) and manages the Key Signing Key (KSK): which provides DNS
security using DNSSEC. ICANN creates policy for root zone management
through advice provided by two technical bodies: Root Server System Advisory
Committee (RSSAC) and the Security and Stability Advisory Committee
(SSAC).
ICANN assigns organisations to manage Top Level Domains (such as the com
domain) and accredits registrars who buy and manage namespace - on behalf of
companies and individuals - within these Top Level Domains. There are
currently in the region of 1000 accredited registrars (such as GoDaddy); some
of who assign third party registrars. Global policy for Top Level Domains is
developed by two ICANN organisations: Generic Names Supporting
Organization (GNSO) and Country Code Names Supporting Organization
(ccNSO).
ICANN also delegates responsibility for IP number assignment, and some DNS
functions, to five regional Internet registries; who comprise the Number
Resource Organization. While ICANN is the ultimate authority for managing
the Domain Name System (DNS), it does so be delegating administrative
responsibility to a range of organisations and also sets policy by taking advice
from a range of committees; some of which are comprised of representatives
from national governments and super-national bodies.
The DNS root zone is the highest zone within the Domain Name System, and is
name-less.
There are two kinds of name servers: authoritative name servers and cache
name servers.
The purpose of authoritative name servers is to store DNS records for domain
zones and to respond to queries. DNS resource records have different record
types, such as 'AAAA', which is a 128-bit IPv6 address. Authoritative name
servers are structured in a hierarchy, with the highest level being the root name
servers; listed below. The root name servers store data - in a root zone file -
about the Top level domains; this data is provided to the root name servers by
the Internet Assigned Numbers Authority (IANA). Therefore, the root name
servers are an authoritative source for any query related to a Top Level Domain.
The operators of Top Level Domains - assigned by ICANN - run authoritative
name servers for their zone and also creates and publish a zone file for all the
active domain names in their zone. Therefore, the DNS zone descends like a
tree structure with individual organisations and authoritative name servers
responsible for each zone.
(Pictured: DNS servers come in different varities, such as root servers and dns
resolvers.
The DNS root zone is currently served by thirteen authoritative root name
servers, which are: a.root-servers.net VeriSign, Inc.; b.root-servers.net
University of Southern California (ISI); c.root-servers.net Cogent
Communications; d.root-servers.net University of Maryland; e.root-
servers.net NASA (Ames Research Center); f.root-servers.net Internet
Systems Consortium, Inc.; g.root-servers.net US Department of Defense
(NIC); h.root-servers.net US Army (Research Lab); i.root-servers.net
Netnod; j.root-servers.net VeriSign, Inc.; k.root-servers.net RIPE NCC;
l.root-servers.net ICANN; and m.root-servers.net WIDE Project. There is no
single server for each root name server, the burden is spread across multiple
locations; for example, the LINX (London Internet Exchange) provides services
for the k.root-servers.net RIPE NCC root nameserver.
The other type of name server is a cache name server: these are operated by
DNS resolvers - DNS resolvers are typically operated by Internet Service
Providers. Cache name servers store DNS lookup queries from its users to
improve performance and lessen the burden on the authoritative name servers.
DNS Resolvers
The Domain Name System (DNS) is run on a client-server model, with end-
users using a client to query authoritative name servers that store data records
for domain names. The client side of the DNS process is referred to as a DNS
resolver or a DNS lookup. The purpose of the resolver is to initiate and finish a
DNS query, and does so by translating a domain name (inserted into the client)
into an IP address (stored on a name server). DNS resolvers can resolve a query
by using one of three query processes: non-recursive, recursive, or iterative
queries. Non-recursive queries will only query a single name server, recursive
queries will be passed to more than one name server if they receive an
inadequate response from the first name server, and iterative queries will query
name servers in a chain process. DNS resolvers typically cache their queries
locally in a cache name server. A reverse DNS lookup can also be performed:
this is when a IP address is known but not the domain name(s) operating on it.
DNS queries use the User Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) to serve their request.
The DNS resolver is not directly interacted with by users; their web client
(browser) will handle the process in combination with their local operating
system. Most modern operating systems include networking software; such as
Windows 10. Typically, the networking software of an operating system can be
manually configured. Generally speaking, the network settings will be set to use
the DNS server of the users Internet Service Provider, but it can be manually
changed to a third party DNS server. What are the reasons for doing so? To
improve performance, improve security, bypass censorship, protect against
phishing, and to implement parental controls. Not all Internet Service Providers
provide good DNS resolvers and caching services.
The question may arise, why aren't all domain queries routed through the root
nameservers: for performance, the root nameservers could not handle billions of
requests, and, therefore, the burden is spread amongst a hierarchy of name
servers that store DNS records and respond to queries. Therefore, the Domain
Name System is often described as a distributed database. Name servers
typically use the BIND (Berkeley Internet Name Domain) DNS software to
handle DNS queries.
There are currently over 1000 Top Level Domains and over 900 accredited
ICANN registrars who can facilitate the registration process.
Abuse of domain names and the Domain Name System does occurred. Cyber
squatting is usually viewed as one such abuse: where end-users buy a domain
name just so that another interested "party" cannot, and then, either extorts a fee
to sell it, or hold onto it out of spite (the ethical version of cyber squatting is
DNS parking: registering a domain name with the intention of using it in the
future).
Domain name disputes occur for a multitude of reasons: when a registrar goes
out of business, cannot be contacted, or purposely/mistakenly registers a domain
names in their own name instead of the registrant's. ICANN publish guidelines
for registrar's, and they accredit registrar's; therefore, ICANN is the ultimate
authority for resolving disputes for gTLD's. For ccTLD's (like the uk domain
administered by Nominet) guidelines and disputes are resolved by the country
code manager.
Transfer a Domain Name
In the diagram above showing the representation of a TCP header, identify the
fields that allow TCP to carry out its main function:
sequencing
multiplexing
error detection
flow control
sequence number
window/acknowledgement
source/destination port
check-sum/acknowledgement
Using the following two lists, match each numbered item with the correct letter.
1. sequencing
2. flow control
3. multiplexing
4. error detection
a.check-sum/acknowledgement
b.sequence number
c.window/acknowledgement
d.source/destination port
1=b
2=c
3=d
4=a
TCP reliability
Sequence numbers are also used by TCP to ensure that data is delivered
reliably. The diagram below shows the same client and server exchange with
a window size of 2000. However, the second segment, sequence number
1001, is lost during transmission and is not received by the server:
The server will send an ACK segment to the client, with a sequence
number of 1001. The client will interpret this to mean only the first segment,
with sequence number 1, has been successfully received by the server. The
client will now wait a short timeout interval, in the hope a delayed ACK will
be received from the server confirming the receipt of 1001. If this is not
received, the client will retransmit segment 1001, and await the ACK with
sequence number 2001 from the server, confirming its receipt. The same
procedure is followed for segments that are received with checksums
indicating the presence of errors.
UDP is a lightweight transport layer protocol that offers the same data
segmentation and reassembly services as TCP, but without TCP’s reliability
and flow control mechanisms. The advantage of using UDP is that it can
rapidly send data through the transport layer without the delays that are
introduced by TCP’s reliability mechanisms. This is important for real-time
programs, such as voice and video services, which work best with minimal
delay between communicating devices.
UDP does not use sequence numbers or windowing, so there is no need
for a three-way handshake to set initial values. If a device using UDP
becomes swamped by an excessive number of datagrams, it will simply drop
those that it cannot process.
Because UDP does not use sequence numbers, it is unable to re-order
datagrams that it receives in the wrong order.
Although we talk about UDP segmenting data, the PDUs it creates are
referred to as datagrams to differentiate them from TCP segments:
The image above illustrates a UDP datagram header, which is very simple
when compared to the TCP segment header shown earlier. It is also much
smaller, containing only 8 bytes of data. This is a factor in reducing the
delay of processing UDP datagrams. The only field it shares with TCP
headers are the source and destination port fields, which are used to identify
the application layer protocol being supported, and a check-sum field for
detecting data errors in received datagrams.
In the description above, you can see that PC1 is also sending an email to
the WWW server. Note that it selects another registered range port, 1041, as
a source for the local SMTP process, and well-known port 25 as its
destination.
The WWW server is also running an email server process, which by
default monitors well-known port 25 for incoming email requests. Because
of the way TCP is coded, it will accept this connection based on the well-
known port being used.
Because PC1 is running web browser and email software, every time you
open a new browser tab or send an email it selects different registered range
source ports. This allows the local TCP process to track the multiple
application layer services it is supporting.
As the WWW server is a server, it will always associate application layer
protocols with the well-known ports assigned to them by IANA. Thus, the
WWW server can support multiple client PCs via a single well-known port.
You may be wondering why the WWW server is able to communicate
with multiple devices via a single port. This is because all clients have a
unique IP source address, which can be combined with the source port they
have chosen to form a socket. In our example, PC1 has an IP address of
211.14.16.99, and is using source port 1025. This results in a socket of
211.14.16.99:1025, which will uniquely identify PC1 to the WWW server.
The image above shows the many fields that make up an IPv4 header.
The important fields to note are:
o Source address: the 32-bit address assigned to the NIC of the host
that created a packet.
o Destination address: the 32-bit address of the device to which the
packet is sent. This field is used by routers when they make a packet
forwarding decision.
o Data: this is the payload that an IP carries, typically a segment or
datagram from the transport layer. The payload can vary in size, but
should not exceed 1480 bytes.
o Protocol: this is the identity of the transport layer protocol
encapsulated within the packet. Protocols are identified using a service
access point (SAP) number, which is 06 for TCP and 17 for UDP.
Because the SAP of the transport layer protocol is identified in each
packet, IP can deliver segments to the correct transport layer protocol on
the receiving device.
o Header check-sum: this allows IPv4 to determine if the header has
been damaged during transmission. If IPv4 discovers a damaged header,
the entire packet is dropped. Because IPv4 does not guarantee reliable
delivery of packets, it relies on TCP to arrange for retransmission of the
segment encapsulated within the dropped packet.
o Time to live (TTL): provides a lifetime for each packet, which if
exceeded will cause the packet to be dropped. The actual value initially
placed in the TTL field depends on a computer’s operating system, but
the maximum value is 255. Each router that receives a packet as it is
forwarded towards its destination will reduce the value of the TTL field
by ‘1’. If a router receives a packet with a TTL value of ‘1’, it will
discard the packet. This protects the Internet from endlessly forwarding
packets that have become stuck in a loop.
Encapsulating a segment or datagram within an IPv4 header adds an
additional 20 bytes of data, and this can sometimes be exceeded if some of
the optional fields are used.
Within Local Area Networks (LANs), Ethernet has become the most
common network access technology. Ethernet is a family of related
protocols standardised by the Institute of Electrical and Electronics
Engineers (IEEE) in the IEEE 802.2 and 802.3 standards.
Ethernet standards define the protocols and technology used within the
network access layer. The network access layer accepts packets from the
Internet layer and prepares them for transmission over a wide range of
physical transmission media.
Unlike the other layers of the TCP/IP protocol model, which are software
based, network access is implemented in both hardware and software. When
you install an Ethernet NIC, it provides appropriate hardware for physical
connectivity and signalling for a particular type of transmission media, and
provides software for framing and media access control services.
Ethernet has evolved to support the demands of modern networks, and
can operate over a wide range of speeds. Originally designed to operate at 10
Mbps over coaxial cable, it now supports both unshielded twisted pair (UTP)
and fibre optic media, and commonly supported data rates within LANs are
100 Mbps, 1 Gbps and 10 Gbps, although it can support much greater speeds
in specialised environments such as data centres.
One function of Ethernet is to encapsulate Internet layer packets into
PDUs called frames. The frame format remains consistent across all the
popular Ethernet speeds, allowing older Ethernet systems to operate
alongside newer variants:
The bus topology required the connected devices to take it in turn to send
frames. This was because multiple frames travelling across the coaxial cable
simultaneously would cause a collision, and this would prevent them being
delivered to their destinations.
To manage this process, Ethernet implements a media access control
technique called carrier sense multiple access with collision detection
(CSMA/CD). This forces devices to monitor the coaxial cable for the
presence of frames (carrier sensing), and to wait until the cable is clear prior
to transmitting their own. It also provides a mechanism for recovering from
collisions in case the carrier sensing fails to prevent multiple frame
transmission.
Bus topology systems using coaxial cables have been superseded by star
topology networks that use UTP cabling.
Because UTP contains separate wires that support transmission and
reception of frames, a star topology network connected by an Ethernet
switch allows all devices to send and receive frames simultaneously without
the risk of causing frame collisions. This means that CSMA/CD is not
typically utilised in a modern network, although it is still available to
provide compatibility with older systems.
Ethernet is capable of connecting to coaxial, fibre optic and UTP
transmission media, each of which requires a particular type of physical
interface. The physical interface provides a suitable socket allowing the
connection of a particular type of transmission media. It also contains
hardware capable of converting the Ethernet frame into a signal suitable for
transmission over the media. For example, Ethernet UTP connections use
electrical signals for frame transmission, whereas fibre optic uses pulses of
light.
Ethernet NICs typically only support one type of physical interface, so it
is important to select the correct card based on the transmission media in
use.
Ethernet UTP NICs are the most common, and most cards can support a
range of Ethernet speeds. For example, a 1 Gbps (Gigabit Ethernet) NIC will
also be able to support 10 Mbps (Ethernet) and 100 Mbps (Fast Ethernet)
operation. When you connect an NIC to an Ethernet switch, the two devices
will negotiate the data rate and adopt the highest rate supported by both.
Note that although the frame used by Ethernet is currently the same for
most common varieties of the protocol, the actual physical signalling
requirements are dependent on the data rates used. For example, 100 Mbps
(Fast Ethernet) utilises four of the wires in a UTP cable, whereas 1 Gbps
(Gigabit Ethernet) utilises all eight wires. Ethernet frames use a unique
identifier called a MAC address to identify source and destination devices
within an Ethernet network. An Ethernet MAC address is a 48-bit binary
value, written as 12 hexadecimal digits, and every NIC card has a MAC
address assigned to it during the manufacturing process.
MAC addresses are globally unique. They are controlled by the IEEE,
who allocate addresses to vendors. Vendors must register with the IEEE,
who assign them unique a 24-bit (3-byte) code called an organizationally
unique identifier (OUI).
All MAC addresses assigned to an NIC or other Ethernet device must use
that vendor’s assigned OUI as the first 3 bytes. The remaining 3 bytes are
assigned a unique vendor code (serial number):
Ethernet uses MAC addresses to manage the delivery of frames locally
with a LAN, as opposed to IP addresses, which are used to provide end-to-
end connectivity across multiple networks.
The diagram above shows the PC1 accessing a webpage from a WWW
server, which you saw previously when you examined the role of transport
layer ports. In this version the diagram shows the MAC addresses assigned
to the Ethernet NICs of PC1 and the server.
In the diagram, PC1 creates a segment containing the HTTP GET request,
and selects appropriate source and destination ports. The segment is passed
to IPv4, which encapsulates it within a packet containing the source IP
address of PC1 and the destination IP address of the server.
The packet is passed to the NIC, which encapsulates it within a frame
containing the source MAC address of PC1’s NIC and the destination MAC
address of the server NIC. The frame is converted to an appropriate signal
for the transmission media and transmitted into the network.
Network Ethernet switches use the destination MAC address within the
frame to forward it towards the server. When the frame arrives at the server,
it is accepted because the destination address it contains matches the MAC
address of the server’s NIC.
The server performs de-encapsulation to recover the packet and checks it
to ensure that the destination IP address matches that assigned to the server.
If it does, then the frame is again de-encapsulated and the segment is passed
to the transport layer.
Broadcast transmission
The diagram above shows PC1 sending the same information to three
different PCs in the same IP network. It is using the Address Resolution
Protocol (ARP), which operates as a broadcast within an IP network. (Note
that you will explore ARP further in the next course.)
ARP creates a segment, which is encapsulated within a packet address,
using the source IP address of PC1. However, the destination IP address is
the ‘255.255.255.255’ address reserved by IPv4 for broadcasting to all
devices within an IP subnet.
The broadcast packet is encapsulated by the NIC into a frame, again
using the source IP address of PC1. The destination MAC address is
FF:FF:FF:FF:FF:FF, which is reserved by Ethernet for broadcasts to all
devices within the local network.
Network Ethernet switches forward the broadcast frame to all devices
within the IP network, so client devices PC2, PC3 and PC4 all receive copies
of the frame. Each device examines the frame, and although the broadcast
destination address does not match the MAC address of their NIC, they de-
encapsulate it and pass the packet to IPv4.
IPv4 also accepts the packet because it recognises and accepts the
broadcast IP address, and passes the segment to ARP.
Activity: ARP
Read the description of broadcast transmission in the box above. Can ARP use a
broadcast to return information to PC1?
You can type text here, but this facility requires a free OU account. Sign in or
register.
Interactive feature not available in single page view (see it in standard view).
Answer
ARP could use a broadcast, but it will be able to identify PC1 using the source
MAC address it finds in the frame carrying the ARP request, so it will use this
instead.
Modern Ethernet LANs are typically laid out in star and extended star
topologies using Ethernet switches:
The diagram above shows an Ethernet switch with four ports that is
connected to four PCs. Each PC has an Ethernet NIC with a unique MAC
address which, in the diagram, is simplified for clarity. (Although each PC is
also assigned a unique IP address, they are not relevant to how the switch
operates so are not shown.) The switch contains a MAC address table. In the
diagram above it is empty as the PCs have not sent any frames.
PC1 transmits a frame towards PC3, including its own MAC address as
the source and PC3’s MAC address as the destination. The frame is received
by the port 1 of the switch, which examines the frame and records the source
address against the port it was received at within the MAC address table.
However, the switch makes its frame forwarding decisions based on
destination addresses, and as it does not have an entry for 33:33:33:33:33:33,
it is unable to select an exit port.
Ethernet switches cannot drop frames if they cannot find an exit port, and
so it forwards frames with unknown destinations out of all ports (flooding),
in the hope that the frame will be delivered. In the example above, the frame
is forwarded from ports 2, 3 and 4. Note that the switches do not send the
frame out of port 1, as it has an entry in its MAC address table for MAC
11:11:11:11:11:11 and knows that this is the source of the frame.
PC2 and PC4 ignore the frame as the destination MAC address it contains
does not correspond to the MAC address of their NIC cards.
The destination address of the frame matches the MAC address of PC3’s
NIC, and the frame is accepted, de-encapsulated and processed by the
relevant protocols. If a response is required, PC3 will generate a frame to
carry the response back to PC1:
The frame from PC3 arrives at port 3 of the switch, which records the
source MAC address against the entry for port 3 in the MAC address table.
The switch makes a switching decision based on the destination MAC
address of the frame, which corresponds to the port 1 entry in the MAC
address table. This time the switch knows where the destination MAC
address is located, so it only forwards the frame to PC1.
The switch will add MAC addresses to its table as frames arrive
containing new source addresses, and if all the PCs are exchanging frames,
the MAC table will quickly learn the MAC addresses of all connected PCs:
This will ensure every received frame is delivered to the correct port,
with the exception of frames that have a broadcast MAC destination address.
The broadcast address cannot be associated with a port, so the switch
behaves as it would for any destination address that doesn’t have an entry in
the table – it floods the frame from all ports, except the one through which
the frame was received.
Ethernet switches learn MAC addresses in the same way as described
above when connected via an extended star topology:
In the diagram above the topology includes a second Ethernet switch,
which is connected to the existing switch via port 3. Devices PC3 and PC4
have been moved to switch 2, and their MAC addresses have been added
dynamically (or automatically) to the MAC address table against the new
ports to which they are connected.
Because switch 1 connects to switch 2 via port 3, the MAC addresses for
PC3 and PC4 are listed against port 3 on switch 1 – this is the path switch 1
will use to forward frames destined for either of these PCs. Similarly, the
MAC addresses of PC1 and PC2 are listed against port 3 on switch 2.
Because switches dynamically add source MAC addresses to their MAC
address tables, the switches have a mechanism for dynamically unlearning
them. This prevents the table being filled with MAC address entries for
devices that have been disconnected from the network. Thus most switches
only maintain entries that are currently being used for frame forwarding.
Once frame forwarding finishes, switches delete MAC address entries after a
short delay of typically 5 minutes.
12 Router operation
Packet switching
Remember, when the host field of an IP address is all zeroes when read in
binary, it identifies the particular IP network to which individual devices
may be assigned:
o PC1a has IP address 192.168.10.1/24, so it is within IP network
192.168.10.0/24.
o PC2 has IP address 192.168.2.2/24, so it is within IP network
192.168.2.0/24.
Router R1 connects the two IP networks, allowing packets to be
forwarded between them. The router needs to have interfaces that have IP
addresses within the IP network to which it is directly connected:
o R1 Gigabit Ethernet 0/1 interface has IP address
192.168.10.254/24, so it is in the same IP network as PC1.
o R1 Gigabit Ethernet 0/0 interface has IP address 192.168.2.254/24,
so it is in the same IP network as PC2.
PC1a and PC2 use R1 as their default gateways (DG) to reach other IP
networks. This means that each PC must know the IP address of the router
interface that is within its IP network:
o PC1a uses R1 G0/1 as its default gateway.
o PC2 uses R1 G0/0 as its default gateway.
Note that the PCs are connected to the router via Ethernet switches, so all
the packets are transported across the network using Ethernet frames.
However, the switches are not required to have IP addresses to do this.
You may have noticed that PC1b is also connected to the same switch as
PC1a, and is configured with an IP address and DG indicating it is in the
same IP subnet. It does not need to go to R1 to exchange packets with PC1a
because they are both in the same subnet – PC1a and PC1b can exchange
packets in frames via the switch without using a default gateway.
However, when PC1a and PC1b send packets to PC2, they will realise
that the destination IP address is in another IP network, and will encapsulate
their packets in frames that the switch will send towards R1 G0/1. You will
investigate how this is achieved in more detail in the next module.
Routing table
Routers record all IP networks that they are aware of within an IP routing
table. This is an important difference between switches and routers. A switch
needs to learn which ports individual devices are connected to within the
local network, whereas a router is only concerned with locating the IP
networks connected to its interfaces.
Note that because the router is using Gigabit Ethernet interfaces, they are
assigned MAC addresses. These are shown below the IP addresses of each
interface and have been simplified for clarity. The IP, MAC and default
gateway of PC1a and PC3 are also shown.
In the diagram above, PC1a creates a packet destined for PC2. It uses its
own IP (192.168.10.1) as the source, and PC2’s IP (192.168.2.1) as the
destination. PC1 recognises that PC2 is on a different IP network, so it
encapsulates the packet in a frame with the destination MAC address of its
default gateway, R1 G0/1 (00:00:00:11:11:11).
The packet is forwarded across the local network by S1 to R1 G0/1. R1
de-encapsulates the frame, and examines the packet’s destination IP address
and compares it with the entries in its routing table. R1 has an entry for the
IP network 192.168.2.0/24 which PC2 is within, which allows it to identify
the exit interface for the network as G0/0.
R1 switches the packet to interface G0/0, which encapsulates it within a
frame using PC2’s MAC address as its destination:
The frame is forwarded to S2, which will deliver it to PC2 based on the
destination MAC address it finds in the frame.
In the previous example, the source address used in the frame identified R1
G0/0 as the source of the frame. Can you work out which source MAC address
will be used when PC3 replies to PC1a?
You can type text here, but this facility requires a free OU account. Sign in or
register.
Interactive feature not available in single page view (see it in standard view).
Answer
PC3 will need to direct the frame to its default gateway using the MAC address
of R1 G0/0 – 00:00:00:00:00:00.
You have already come across NAT while learning about IP packet
forwarding. Here you will learn about it in more detail to see how a router
can provide NAT for multiple devices within the LAN.
Home routers use a private IPv4 address range for devices within the
home network. A private address cannot be routed over the Internet as it is
used in millions of other networks across the world, and is therefore not
unique.
However, you will have a unique, public IP address assigned to your
home router on the interface that connects to the Internet service provider.
This is shown as 82.10.250.19 in the diagram below:
The idea of NAT is to convert the source address from all outgoing LAN
packets into the unique public address assigned to the home router, and vice
versa for incoming packets from the Internet. You learnt about this
previously in the context of a home network with only one PC. Here you
will learn how NAT operates when there are multiple devices using a single
public IP address as their source address.
The image below shows packets transmitted from PC1 and PC2 towards a
web server, which need to be routed towards the Internet by the home router:
Note that both packets have private IP source addresses, which cannot be
routed towards the public IP address of the web server. The packet
encapsulates a TCP segment, which uses port numbers to identify the
application layer protocols carried in the segment.
PC1 selects a random source port (2000), and a well-known destination
port (DP) of 80, as it is communicating via HTTP with a web server.
PC2 selects a random source port (3000), and a well-known destination
port of 80, as it is also communicating via HTTP with the same web server.
The packets are received by the home router, which performs NAT,
converting the source addresses to its own Wide Area Network (WAN)
interface public IP address (82.10.250.19). It also notes the source ports used
in both packets and records them in its NAT table:
The publicly addressed packets are forwarded through the Internet to the
destination web server, which establishes two TCP connections with what it
believes is the same device using two different source ports. It returns the
requested webpage in a series of packets to the two different TCP destination
ports:
The returned IP packets are addressed with the web server as the source
and the public address of the home router WAN interface as the destination.
The TCP port numbers have also been reversed, with port 80 indicating the
segment is from a web server, and port 2000 and 3000 identifying the ports
used by PC1 and PC2 respectively.
The home router accepts the incoming packets. It examines the
destination ports and tries to match them with the source ports it has
recorded in its NAT table in order to replace the public source address with
the correct, private IP address for PC1 or PC2:
Activities
TCP/IP protocols use check-sums to detect errors in the data they are
responsible for transmitting. But how do errors occur and can we do anything
about them?
We have several techniques for detecting when an error occurred, and some
techniques can say where the error occurred in the data. If we know where it
occurred, we can simply ‘flip’ the bit back over.
By signing in and enrolling on this course you can view and complete all
activities within the course, track your progress in My OpenLearn Create. and
when you have completed a course, you can download and print a free
Statement of Participation - which you can use to demonstrate your learning.
Complete the activities in the Black Lab Book to put into practice what you
have learned in this course about the complex interaction between the TCP/IP
suite protocols.