MODULE 1

Protocol Stack
Layered Architecture

OSI layers
Hop to Hop delivery of data link layer

Network Layer
Network Layer: end to end delivery

Transport Layer
Transport Layer: process to process delivery

OSI: Session Layer

Introduction 1-5
Summary of OSI Layers

Introduction 1-6
Internet protocol stack
• application: supporting network
applications application
• FTP, SMTP, HTTP
• transport: process-process data transfer transport
• TCP, UDP
• network: routing of datagrams from network
source to destination
• IP, routing protocols
link
• link: data transfer between neighboring
network elements
• Ethernet
physical
• physical: bits “on the wire”

ISO/OSI reference model

application
• presentation: allow applications to
interpret meaning of data, e.g., presentation
encryption, compression, machine-
specific conventions session
transport
• session: synchronization, checkpointing network
link
• Internet stack “missing” these layers! physical
• these services, if needed, must be
implemented in application layer

Introduction 1-7
 message M
source
applicatio
Encapsulation
segment Ht M n
datagram Hn Ht M transport
frame Hl Hn Ht M network
link
physical link
physical

switch

destination Hn Ht M network
M applicatio
Hl Hn Ht M link Hn Ht M
Ht M n physical
Hn Ht M transport
Hl Hn Ht M network router
link
physical

Three traffic profiles

Introduction 1-8
 Flow characteristics

FIFO queue

Priority queuing
Weighted fair queuing

Leaky bucket
Leaky bucket implementation

The Token Bucket Algorithm

5-34

(a) Before. (b) After.

Token bucket

Passive Attacks
Active Attacks

Distributed denial of service attack

 The bad guys can sniff packets
Packet sniffing

A C

src:B dest:A
payload B

The bad guys can use false source addresses

• IP spoofing: send packet with false source address

A C

src:B dest:A
payload
B

Introduction 1-14
 MODULE 2

Figure 2 Application processes, sockets, and underlying transport

protocol

Introduction 1-15
Figure : Keeping user state with cookies

Figure Clients requesting objects through a Web cache

HTTP/1.1 304 Not Modified

Date: Sat, 15 Oct 2011 15:39:29

Server: Apache/1.3.0 (Unix)

(empty entity body)

5. File Transfer: FTP

In a typical FTP session, the user is sitting in front of one host (the local host) and wants
to transfer files to or from a remote host. In order for the user to access the remote
account, the user must provide a user identification and a password. After providing this
authorization information, the user can transfer files from the local file system to the
remote file system and vice versa. As shown in Figur , the user interacts with FTP
through an FTP user agent. The user first provides the hostname of the remote host,
causing the FTP client process in the local host to establish a TCP connection with the
FTP server process in the remote host. The user then provides the user identification and
password, which are sent over the TCP connection as part of FTP commands. Once the
server has authorized the user, the user copies one or more files stored in the local file
system into the remote file system (or vice versa).

Figure: FTP moves files between local and remote file systems

Control and data connections

18
6. Electronic Mail in the Internet

SMTP is the principal application-layer protocol for Internet electronic mail. It uses the
reliable data transfer service of TCP to transfer mail from the sender’s mail server to the
recipient’s mail server. As with most application-layer protocols, SMTP has two sides: a
client side, which executes on the sender’s mail server, and a server side, which executes
on the recipient’s mail server. Both the client and server sides of SMTP run on every mail
server. When a mail server sends mail to other mail servers, it acts as an SMTP client.
When a mail server receives mail from other mail servers, it acts as an SMTP server.

A high-level view of the Internet e-mail system

the basic operation of SMTP,

Mail transfer phases

⦿ The process of transferring a mail message occurs in three phases:

1. connection establishment

2. mail transfer
3. Connection termination.

Connection establishment

After a client has made a TCP connection to the well-known port 25, the SMTP server
starts the connection phase.

1. The server sends code 220 (service ready) to tell the client that it is ready to
receive mail. If the server is not ready, it sends code 421 (service not available).

2. The client sends the HELO message to identify itself using its domain name
address. This step is necessary to inform the server of the domain name of the
client.

3. The server responds with code 250 (request command completed) or some
other code depending on the situation.

Message Transfer
After connection has been established between the SMTP client and server, a single
message between a sender and one or more recipients can be exchanged.

1. The client sends the MAIL FROM message to introduce the sender of the
message. It includes the mail address of the sender (mailbox and the domain
name).

2. The server responds with code 250 or some other appropriate code.

20
3. The client sends the RCPT TO (recipient) message, which includes the mail
address of the recipient.

4. The server responds with code 250 or some other appropriate code.

5. The client sends the DATA message to initialize the message transfer.
6. The server responds with code 354 (start mail input) or some other appropriate
message.

7. The client sends the contents of the message in consecutive lines. Each line is
terminated by a two-character end-of-line token (carriage return and line feed).
The message is terminated by a line containing just one period.

8. The server responds with code 250 (OK) or some other appropriate code.

21
Connection Termination
After the message is transferred successfully, the client terminates the connection. This
phase involves two steps.

1. The client sends the QUIT command.

2. The server responds with code 221 or some other appropriate code.

After the connection termination phase, the TCP connection must be closed.

7. MESSAGE ACCESS AGENT: POP

⦿ The third stage of mail delivery uses a message access agent; the client must pull
messages from the server. Currently two message access protocols are available:
Post Office Protocol, version 3 (POP3) and Internet Mail Access Protocol

⦿ SMTP is used to transfer mail from the sender’s mail server to the recipient’s mail
server;

⦿ SMTP is also used to transfer mail from the sender’s user agent to the sender’s
mail server.

⦿ A mail access protocol, such as POP3, is used to transfer mail from the
recipient’s mail server to the recipient’s user agent.

POP3

⦿ POP3 begins when the user agent (the client) opens a TCP connection to the mail
server (the server) on port 110.
⦿ With the TCP connection established, POP3 progresses through three phases’
authorization, transaction, and update.
Application Layer

Client server architecture

Peer to peer architecture

Application process
url (uniform resource locator)

http request response

Non-Persistent Connections

Persistent Connections
http transaction

http request message

methods

HTTp Request
http response message

Status Codes and Status Phrases

Response Header Names

http transaction EXAMPLE

Proxy server
File Transfer: FTP

File Transfer: FTP

File transfer

ftp example
PURPOSE OF DNS

Dns server
• The root, TLD, and authoritative DNS servers all
belong to the hierarchy of DNS servers.
Root DNS servers
Iterative resolution

recursive resolution
Dns message format

Dns message format

 MODULE 3
Figure 15.1 TCP/IP protocol suite

Figure 15.2 Stream delivery

TCP/IP Protocol Suite 38

TCP/IP Protocol Suite 39
 Figure 15.3 Sending and receiving buffers

Stream of bytes

Figure 15.4 TCP segments

Segment N Segment 1
H H

TCP/IP Protocol Suite 40

 Figure 15.5 TCP segment format

Figure 15.6 Control field

TCP/IP Protocol Suite 41

 Figure 15.7 Pseudoheader added to the TCP segment

Figure 15.8 Encapsulation

TCP Application-layer data

header

IP
header

Frame
header

TCP payload
IP payload
Data-link layer payload

TCP/IP Protocol Suite 42

 Figure 15.9 Connection establishment using three-way handshake

Passive
Active open
open seq: 8000

UAPRS F
SYN
seq: 15000
Connection ack: 8001
opened nd: 5000
U A P R S F rw
SYN + ACK
seq: 8000
ack: 15001
UAPRS F
rwnd: 10000
ACK

Figure 15.10 Data Transfer

Connection Termination

seq: 8001
Send
request ack: 15001
UAPRS F
Data Receive
bytes: 8001-9
000

Send seq: 9001

request ack: 15001
UAPRS F
Data Receive
bytes: 9001-1
0000

seq: 15001 Send

ack: 10001 request
UAP S F
R
Data
17000
bytes: 15001-
seq: 10000
ack: 17001
UAPRS F
rwnd:10000

TCP/IP Protocol Suite 43

 Figure 15.11 Connection termination using three-way handshake

Figure 15.12 Half-Close

TCP/IP Protocol Suite 44

 Figure 15.13 State transition diagram

TCP/IP Protocol Suite 45

 Figure 15.14 Transition diagram for connection and half-close termination

Figure 15.15 Time-line diagram for Figure 15.14

TCP/IP Protocol Suite 46

 Figure 15.16 Transition diagram for a common
scenario

Figure 15.17 Time line for a common scenario

TCP/IP Protocol Suite 47

Figure 15.18 Simultaneous open

Figure 15.19 Simultaneous close

 Figure 15.20 Denying a connection

Figure 15.21 Aborting a connection

TCP/IP Protocol Suite 49

Figure 15.22 Send window in TCP

Figure 15.23 Receive window in TCP

 Figure 15.24 TCP/IP protocol suite

Messages 1 Flow control

are pushed 5 3 Messages
feedback are pulled

2
Segements are pushed
4
Flow control feedback

Figure 15.25 An example of flow control

TCP/IP Protocol Suite 51

 Figure 15.27 Simplified FSM for sender site

Figure 15.28 Simplified FSM for the receiver site

TCP/IP Protocol Suite 52

Figure 15.29 Normal operation

Figure 15.30 Lost segment

 Figure 15.31 Fast retransmission

Figure 15.32 Lost acknowledgment

TCP/IP Protocol Suite 54

 Figure 15.33 Lost acknowledgment corrected by resending a segment

Figure 15.34 Slow start, exponential increase

1
cwnd
RTT
2
cwnd

RTT
4
cwnd

RTT
8

cwnd

TCP/IP Protocol Suite 55

 Figure 15.35 Congestion avoidance, additive increase

Figure 15.36 TCP Congestion policy summary

TCP/IP Protocol Suite 56

 Figure 15.37 Congestion example

Figure 15.39 Example 15.3

TCP/IP Protocol Suite 57

 Figure 15.40 Example 15.4

Figure 15.41 Options

TCP/IP Protocol Suite 58

 Figure 15.42 End-of-option option

Figure 15.43 No-operation option

TCP/IP Protocol Suite 59

 Figure 15.44 Minimum-segment-size option

Figure 15.45 Window-scale-factor option

TCP/IP Protocol Suite 60

Figure 15.46 Timestamp option

Figure 15.47 Example 15.5

 Figure 15.48 SACK

Figure 15.49 Example 15.6

TCP/IP Protocol Suite 62

Figure 15.50 Example 15.7

Figure 15.51 Example 15.8

 Figure 15.52 TCBs

Figure 15.53 TCP/IP protocol suite

TCP/IP Protocol Suite 64

 Figure 15.34 Slow start, exponential increase

1
cwnd
RTT
2
cwnd

RTT
4
cwnd

RTT
8

cwnd

Figure 15.35 Congestion avoidance, additive increase

TCP/IP Protocol Suite 65

 TCP Congestion policy summary

Figure 15.37 Congestion example

TCP/IP Protocol Suite 66

 Figure 15.27 Simplified FSM for sender site

Figure 15.28 Simplified FSM for the receiver site

TCP/IP Protocol Suite 67

 Figure 15.29 Normal operation

Figure 15.30 Lost segment

TCP/IP Protocol Suite 68

 Figure 15.31 Fast retransmission

Figure 15.32 Lost acknowledgment

TCP/IP Protocol Suite 69

 Figure 15.33 Lost acknowledgment corrected by resending a segment

Send window in TCP

TCP/IP Protocol Suite 70

 Figure 15.23 Receive window in TCP

TCP/IP protocol suite

Messages 1 Flow control

are pushed 5 3 Messages
feedback are pulled

2
Segements are pushed
4
Flow control feedback

TCP/IP Protocol Suite 71

 An example of flow control

Shrinking of Windows

New advertised ackno=210 210+4 >= 206+12 (condition

failed )
Process-to-Process Communication

Process-to-Process Communication

ICANN Ranges

ICANN has divided the port numbers into three ranges: well-known,
registered, and dynamic (or private)
 Process-to-Process Communication

Encapsulation and Decapsulation

Multiplexing and Demultiplexing

Connectionless Multiplexing and Demultiplexing

Flow Control
Flow Control at Transport Layer
Socket Programming with TCP

The client-server application using TCP

Popular Internet applications and
their underlying transport protocols

UDP Segment Structure

UDP Checksum
0110011001100000
0101010101010101
1000111100001100

The sum of first two of these 16-bit words is

0110011001100000
0101010101010101
1011101110110101

Adding the third word to the above sum gives

1011101110110101
1000111100001100
1,0100101011000001

0100101011000001
1
-----------------------
0100101011000010

UDP Checksum

0110011001100000
0101010101010101
1000111100001100
1011010100111101
----------------------------
1111111111111111
Message is accepted.
 Transport Layer

Figure 2.11, Network layer versus transport layer

Figure 2.12, Port numbers

It should be clear by now that the IP addresses and port numbers play
different roles in selecting the final destination of data. The destination IP address
defines the host among the different hosts in the world. After the host has been
selected, the port number defines one of the processes on this particular host (see
Figure 2.13).

Figure 2.13, IP addr e sse s versus port numbers

81
Socket Addresses

Figure 2.16, Encapsulation and Decapsulation

Figure 2.17, Multiplexing and demultiplexing

 Figure 2.24, Simple protocol

Figure 2.25, Stop-and-Wait protocol

83
 Figure 2.26, Go-Back-N protocol

Figure 2.27, Outline of Selective-Repeat

Bidirectional Protocols: Piggybacking

Figure 2.28, Design of piggybacking in Go-Back-N

84
Figure 2.22, Connectionless service

Figure 2.23, Connection-oriented service

Figure 2.30, User datagram format

Figure 2.36, Stream delivery Sending and Receiving Buffers

Figure 2.38, TCP segment format

86
 Figure 2.39, Control field

Figure 2.40, Pseudoheader a d d e d to the TCP datagram

Figure 2.41, Encapsulation

Figure 2.42, Connection establishment using three-way handshaking

Figure 2.44, Connection termination using three-way handshaking

WINDOWS IN TCP

Send Window

Receive Window
 MODULE4 Network Layer

Figure 4.1, Communication at the network layer

Figure 4.2, Internet a s a black box

Figure 4.3, Internet a s a combination of LAN and WANs connected together

Figure , A d d r e ss e s in the TCP/IP Protocol Suite.
 Port Addresses

Figure , Example 1.5: port numbers

4 . 4 Internet Protocol Version 4 IPv4).

Position of IP in TCP/IP protocol suite

MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Figure 4.D, IP datagram

Figure 4 E , Service type

4.4.2 Fragmentation

Figure:E: Maximum Transfer Unit

93
Figure.F , Fragmentation example

Figure G , Option format

Figure 1.64, Categories of options

Figure H , Dotted-decimal notation

MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Classful Addressing ClasseS

Figure:J, Occupation of the a d d r e s s space

Recognizing Classes
We can find the class of an address when the address is given either in binary
or dotted- decimal notation. In the binary notation, the first few bits can immediately
tell u s the class of the address; in the dotted-decimal notation, the value of the first
byte can give the class of an address. (Figure K).

Figure K , Finding the class of an address

Figure L, finding the a d d r e s s class using continuous checking

Figure.M, Netid and hosted

 Figure N, Two-level addressing in classful addressing

Extracting Information in a Block

Figure 1.33, Information extraction in classful addressing

Figure 4.34, Network a d d r e s s

Figure 1.35, Network m as k

MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Figure 4.36, Finding a network a d d r e s s using the default m as k

Three-Level Addressing: Subnetting

Figure 4.38, Network m as k and subnetwork m as k

Supernet Mask

Figure 1.39, Comparison of subnet, default, and supernet m a s k s

MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Classless Addressing Variable-Length Blocks

Figure O , Variable-length blocks in classless addressing

Two-Level Addressing

Figure P, Prefix and suffix

Figure Q , Slash notation

98
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Network Mask All-Zeros Address

Figure R , Examples of using the all-zeros a d d r e s s

All-Ones Address: Limited Broadcast Address

Figure S , Example of limited broadcast a d d r e s s

Loopback Addresses

Figure T, Example of loopback a d d r e s s

99
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Private Addresses

Table 1, A d d r e ss e s for private networks

Figure T, Example of a direct broadcast a d d r e s s

Figure , Autonomous s y s t e m s
100
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Figure , Popular routing protocols

Figure , The fact behind Bellman-Ford algorithm

3. Routing Information Protocol (RIP)

RIP Message Format

The format of the RIP message is shown in Figure D .

Figure , RIP Message Format

101
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

4.6.4 Link State Routing

Figure x, Concept of link state routing

4.6.5 The Open Shortest Path First (OSPF)

Areas

Figure 1.83, Areas in an autonomous system

102
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Multicast Routing Protocols

Multicasting

Figure X 1 , Multicasting

Multicasting versus Multiple Unicasting

Figure X 3 , Multicasting versus Multiple Unicasting

103
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

Multicast Routing

Figure Y , Shortest path tree in unicast routing

Source-Based Tree

Figure Z, Source-based tree approach

Figure X , Group-shared tree approach

104
MODULE IV RLMCA-301 – COMPUTER NETWORKS ADMN 2016-‘18

4.6.8 Routing Protocols

Multicast Link State Routing: MO S P F
Multicast Link State Routing

Figure , Taxonomy of common multicast protocols

Network layer
applicatio
• Transport segment from n
transport

sending to receiving host network

data link
physical network network

• On sending side network

data link
data link
physical
data link
physical

encapsulates segments into physical network network

datagrams
data link data link
physical physical

• On receiving side, delivers network

data link
network
data link
segments to transport layer physical
network
physical
data link

• Network layer protocols in

physical
applicatio

every host, router network

data link network
n
transport
network physical data link network

• Router examines header data link

physical
physical data link
physical

fields in all IP datagrams

passing through it

105
 Interplay between routing and forwarding

routing algorithm routing algorithm determines

end-end-path through network

local forwarding table forwarding table determines

header value output link local forwarding at this router
0100 3
0101 2
0111 2
1001 1

value in arriving
packet’s header
0111 1

3 2

VC forwarding table
12 22 32

1 3
2
VC number
interface
forwarding table in number
router:
Incoming interface Incoming VC # Outgoing interface Outgoing VC #

1 12 3 22
2 63 1 18
3 7 2 17
1 97 3 87
… … … …

VC routers maintain connection state information!

Network Layer 4-106

Virtual circuit setup

Setup request in a virtual circuit

 Acknowledgment Phase

VC Data Transfer
Datagram networks

application application
transport transport
network 1. send datagrams 2. receive datagrams network
data link data link
physical physical

Datagram forwarding table

4 billion IP addresses, so
routing algorithm rather than list individual
destination address list
local forwarding table
range of addresses
dest address output (aggregate table entries)
address-range 1 3 link
address-range 2 2
address-range 3 2
address-range 4 1

IP destination address in
arriving packet’s header
1
3 2

Network Layer 4-109

Datagram forwarding table
Destination Address Range Link Interface

11001000 00010111 00010000 00000000

through 0
11001000 00010111 00010111 11111111

11001000 00010111 00011000 00000000

through 1
11001000 00010111 00011000 11111111

11001000 00010111 00011001 00000000

through 2
11001000 00010111 00011111 11111111

otherwise 3

Datagram network

Network Layer 4-110

 NAT: Network Address Translation

NAT translation table

2: NAT router WAN side addr LAN side addr 1: host 10.0.0.1
changes datagram
138.76.29.7, 5001 10.0.0.1, 3345 sends datagram to
source addr from
10.0.0.1, 3345 to
…… …… 128.119.40, 80
138.76.29.7, 5001,
S: 10.0.0.1, 3345
updates table D: 128.119.40.186, 80
10.0.0.1
1
S: 138.76.29.7, 5001
2 10.0.0.4
D: 128.119.40.186,
80 10.0.0.2
138.76.29.7 S: 128.119.40.186, 4
80
S: 128.119.40.186,
3 D: 10.0.0.1, 3345 10.0.0.3
80 4: NAT router
3: Reply arrives5001
D: 138.76.29.7,
changes datagram
dest. address: dest addr from
138.76.29.7, 5001 138.76.29.7, 5001 to 10.0.0.1, 3345
NAT: Network Address Translation

The Internet network layer

host, router network layer functions:

transport layer: TCP, UDP

routing protocols IP protocol

• path selection • addressing conventions
• RIP, OSPF, BGP • datagram format
network • packet handling conventions
layer forwarding
table ICMP protocol
• error reporting
• router “signaling”

link layer

physical layer
IPv4 datagram format

IP datagram format
IP protocol version 32 bits
number total datagram
header length type of length (bytes)
ver head. length
(bytes) len service for
“type” of data fragment fragmentation/
16-bit identifier flgs
offset reassembly
max number time to upper header
remaining hops live layer checksum
(decremented at
32 bit source IP address
each router)
32 bit destination IP address
upper layer protocol
to deliver payload to options (if any) e.g. timestamp,
record route
how much overhead? data taken, specify
(variable length, list of routers
 20 bytes of TCP
typically a TCP to visit.
 20 bytes of IP
or UDP segment)
 = 40 bytes + app
layer msg
 IP fragmentation, reassembly
• Network links have MTU
(max.transfer size) - largest
possible link-level frame
fragmentation:
• different link types,

…
in: one large datagram
different MTUs out: 3 smaller datagrams
• large IP datagram divided
(“fragmented”)
• one datagram reassembly
becomes several
datagrams
• “reassembled” only at
final destination
…

• IP header bits used to

identify, order related
fragments

IP Fragmentation and reassembly

Network Layer 4-114

 MTUs for some networks

Fields Related to Fragmentation

1. Identification
2. Flags
3. Fragmentation offset

Flags used in fragmentation

20.115
 IP fragmentation, reassembly
length ID fragflag offset
example: =4000 =x =0 =0
 4000 byte datagram
one large datagram becomes
 MTU = 1500 bytes several smaller datagrams

1480 bytes in length ID fragflag offset

data field =1500 =x =1 =0

offset = length ID fragflag offset

1480/8 =1500 =x =1 =185

length ID fragflag offset

=1040 =x =0 =370

Dotted-Decimal Notation: Base 256

Finding the class of address

Network Layer 4-116

 Netid and hostid

Blocks in Class An EXAMPLE

Two-level addressing in classful addressing

Netid : Define the netwok.

Hostid: define a particular host connected to that network

TCP/IP Protocol Suite 117

 Information extraction in classful addressing

netid 000 ... 0

First address

TCP/IP Protocol Suite 118

 Network addresses

Network mask

TCP/IP Protocol Suite 119

 Finding a network address using the default mask

Three-Level Addressing: Subnetting

Before Subnetting

TCP/IP Protocol Suite 120

 After Subnetting

Network mask and subnetwork mask

TCP/IP Protocol Suite 121

Classless Addressing
Variable-length blocks in classless addressing

In classless addressing, the prefix defines

the network and the suffix
defines the host.

The prefix length in classless addressing

can be 1 to 32.
The number of addresses in a block is inversely related to the
value of the prefix length, n. A small n means a larger block; a
large n means a small block.

In classless addressing, we need to know

one of the addresses in the block
and the prefix length to define the block.

IPv6 datagram

TCP/IP Protocol Suite 123

IPv6 Datagram Format

Transition From IPv4 To IPv6:dual

stack
Transition From IPv4 To IPv6: Tunneling

Routing Protocols
An example of interconnected autonomous systems
 Popular routing protocols

RIP ( Routing Information Protocol)

• distance vector algorithm
• distance metric: # hops (max = 15 hops), each link has cost 1
• DVs exchanged with neighbors every 30 sec in response message.
• each advertisement: list of up to 25 destination subnets

from router A to destination subnets:

u v subnet hops
w u 1
A B
v 2
w 2
x x 3
z C D y 3
y z 2

TCP/IP Protocol Suite 126

RIP: example

z
w x y
A D B

C
routing table in router D
destination subnet next router # hops to dest
w A
2
y B
2
z B
7
x --
1
…. ….
....

A-to-D advertisement
dest next hops
w - 1
x - 1
z C 4
…. … ... z
w x y
A D B
Network Layer 4-127

C
routing table in router D
destination subnet next router # hops to dest
w A
2
A 5
y B
2
z B
7
x --
1
…. ….
....
RIP table processing

routed routed

transport transprt
(UDP) (UDP)
network forwarding forwarding network
(IP) table table (IP)
link link
physical physical

OSPF (Open Shortest Path First)

Hierarchical OSPF
boundary router
backbone router

backbone
area
border
routers

area 3

internal
routers
area 1
area 2

4-128
 BGP basics
 BGP session: two BGP routers (“peers”) exchange BGP
messages:
 advertising paths to different destination network prefixes (“path vector”
protocol)
 exchanged over semi-permanent TCP connections

• when AS3 advertises a prefix to AS1:

• AS3 promises it will forward datagrams towards that prefix
• AS3 can aggregate prefixes in its advertisement

3c
BGP
3a message
3b
AS3 2c other
1c 2a networks
other 1a 2b
networks 1b AS2
AS1 1d

BGP basics: distributing path information

using eBGP session between 3a and 1c, AS3 sends prefix
reachability info to AS1.
 1c can then use iBGP do distribute new prefix info to all routers in AS1
 1b can then re-advertise new reachability info to AS2 over 1b-to-2a
eBGP session
when router learns of new prefix, it creates entry for prefix in
its forwarding table.

eBGP session
3a iBGP session
3b
AS3 2c other
1c 2a networks
other 1a 2b
networks 1b AS2
AS1 1d

Network Layer 4-129

MODULE 5

Type of Errors

Type of Errors(cont’d)
• Single-Bit Error
~ is when only one bit in the data unit has
changed
Type of Errors(cont’d)
• Burst Error
~ means that two or more consecutive bits in
the data unit have changed

Detection
Detection(cont’d)

• Redundancy
Detection(cont’d)
• Detection methods
• VRC(Vertical Redundancy Check)
• LRC(Longitudinal Redundancy)
• CRC(Cyclic redundancy Check)
• Checksum

Detection(cont’d)
• VRC(Vertical Redundancy Check) Row Parity

Detection(cont’d)

• Even parity VRC concept

 Detection(cont’d)
• LRC(Longitudinal Redundancy Check) Column Parity

Performance
Parity Checking
Two Dimensional Bit
Parity:
Single Bit Parity: Detect and correct single bit errors
Detect single bit errors

0 0
 Detection(cont’d)
• CRC(Cyclic Redundancy Check)
~ is based on binary division.

Detection(cont’d)

• CRC generator
~ uses modular-2 division.y Division
in a
CRC Generator
Detection(cont’d)

Binary Division
in a
CRC Checker

Detection(cont’d)

• Polynomials
• CRC generator(divisor) is most often represented
not as a string of 1s and 0s, but as an algebraic
polynomial.
Detection(cont’d)

• A polynomial representing a divisor

Detection(cont’d)

• Checksum Generator
 ETHERNET

802.3 MAC frame

Ethernet Frame

Minimum and maximum lengths

 Frame length:
Minimum: 64 bytes (512 bits)
Maximum: 1518 bytes (12,144 bits)

Example of an Ethernet address in hexadecimal

notation
Ethernet evolution through four generations

Categories of Standard Ethernet

Encoding in a Standard Ethernet implementation

Manchester encoding
5-139

• Used in 10BaseT
• Each bit has a transition
• Allows clocks in sending and receiving nodes to
synchronize to each other
• no need for a centralized, global clock among nodes!
10Base5 implementation

10Base2 implementation
10Base-T implementation

10Base-F implementation
 Summary of Standard Ethernet implementations

Data link layer divided into two functionality-oriented sub layers

Responsible for error

and flow control

Responsible framing
and MAC address and
Multiple Access
Control
Frames in a pure ALOHA network

12.143
 Procedure for pure ALOHA protocol

Vulnerable time for pure ALOHA protocol

Vulnerable time: the length of time in which there is a possibility of collision.

12.144
 Random Access – Slotted ALOHA
Frames in a slotted ALOHA network

Nonpersistent CSMA

Random
Waiting
times Wasted time

1-persistent CSMA
P-persistent CSMA

Flow diagram for three persistence methods

Random Access – Carrier Sense Multiple Access (CSMA)

Collision of the first bit in CSMA/CD

Flow diagram for the CSMA/CD

12.147
Timing in CSMA/CA

Flow diagram for CSMA/CA

Controlled Access or Scheduling

• Three methods for controlled access:
• Reservation
• Polling
• Token Passing

12.148
 Reservation access method

Select and poll functions in polling access method

Token-passing procedure
 Client/Sever Architecture
• Well known,
powerful, reliable
server is a data source
• Clients request data
from server
• Very successful model
• WWW (HTTP), FTP,
Web services, etc.

P2P Architecture

• All nodes are both

clients and servers
• Provide and consume data
• Any node can initiate a
connection
• No centralized data
source
BitTorrent – joining a torrent
metadata file
new leecher .torrent website
1

2 join peer list 3 data

request seed/leecher
tracker 4

Peers divided into:

• seeds: have the entire file
• leechers: still downloading
1. obtain the metadata file
2. contact the tracker
3. obtain a peer list (contains seeds & leechers)
4. contact peers from that list for data

BitTorrent – exchanging data

leecher B leecher A I !
have
seed

leecher C

● Verify pieces using hashes

● Download sub-pieces in parallel
● Advertise received pieces to the entire peer list
● Look for the rarest pieces
P2P file distribution: BitTorrent
 file divided into 256Kb chunks
 peers in torrent send/receive file chunks

tracker: tracks peers torrent: group of peers

participating in torrent exchanging chunks of a
file

Alice arrives …
… obtains list
of peers from tracker
… and begins exchanging
file chunks with peers in torrent

P2P file distribution: BitTorrent

• peer joining torrent:

• has no chunks, but will
accumulate them over time
from other peers
• registers with tracker to get
list of peers, connects to
subset of peers (“neighbors”)

 while downloading, peer uploads chunks to other peers

 peer may change peers with whom it exchanges chunks
 churn: peers may come and go
 once peer has entire file, it may (selfishly) leave or remain in
torrent

Application Layer 2-152

 Repeaters
A repeater connecting two segments of a LAN

A repeater connects segments of a LAN.

A repeater forwards every frame – there is no filtering.
.

Function of a repeater

15.153
 Hubs
A hierarchy of hubs

A hub is a multi-port repeater, used in star-wired LANs (Ethernet).

Because of the amount of traffic and collisions, hubs can only be
used in small network configurations.

Self learning
Switches vs. Routers

• both store-and-forward devices

• routers: network layer devices (examine network layer headers)
• switches are link layer devices
• routers maintain routing tables, implement routing
algorithms
• switches maintain switch tables, implement filtering,
learning algorithms

155
 MODULE 6
Firewalls
firewall
Isolates organization’s internal net from larger Internet, allowing
some packets to pass, blocking others

administered public
network Internet
trusted “good guys” untrusted “bad guys”
firewall

Stateless packet filtering

Should arriving
packet be allowed
in? Departing packet
let out?

• internal network connected to Internet via router firewall

• router filters packet-by-packet, decision to forward/drop
packet based on:
• source IP address, destination IP address
• TCP/UDP source and destination port numbers
• ICMP message type
• TCP SYN and ACK bits
Stateless packet filtering: more examples

Policy Firewall Setting

No outside Web access.
No incoming TCP connections,
except those for institution’s
public Web server only.
Drop all outgoing packets to any IP
address, port 80
Drop all incoming TCP SYN
packets to any IP except
130.207.244.203, port 80

Application gateways
 Components of Network management
Architecture

network
managemen
t
protocol

Infrastructure for network management

definitions:
managing entity agentdata managed devices
managing contain
entity data managed device
managed objects
agentdata whose
network
data is gathered into
management managed device
protocol agentdata a
managed device Management
Information
agentdata
agentdata Base (MIB)
managed device
managed device

Network Management 9-158

 SNMP MIB
MIB module specified via SMI
MODULE-IDENTITY

MODULE OBJECT TYPE:

OBJECT TYPE:OBJECT TYPE:

objects specified via SMI

OBJECT-TYPE construct

SNMP protocol

Two ways to convey MIB info, commands:

managing managing
entity entity

request
trap msg
response

agent data agent data

managed device managed device

request/response mode trap mode

SNMP protocol: message types

Message type Function

GetRequest
Mgr-to-agent: “get me data”
GetNextRequest
(instance,next in list, block)
GetBulkRequest

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to

Request
Trap Agent-to-mgr: inform manager
of exceptional event

SNMP protocol: message formats

SNMPv2 defines seven types of messages, known generically as protocol
data units—PDUs—
Get/set header Variables to get/set
PDU Error
Request Error
type Status Name Value Name Value ….
ID Index
(0-3) (0-5)

SNMP PDU
PDU Trap
type Enterprise Agent Type
Specific Time
Name Value ….
Addr code stamp
4 (0-7)

Network Management 9-160

 SSL Protocol Stack

SSL Record Protocol

SSL/TLS Basic Protocol

•
PKI as Deployed by SSL
• A public key infrastructure (PKI) is a set of policies, hardware, software and
procedures needed to create, manage, distribute, use, store and revoke digital
certificates and manage public-key encryption.

• In cryptography, a PKI is an arrangement that binds public keys with respective

identities of entities .
• The binding is established through a process of registration and issuance of
certificates at and by a certificate authority (CA).

An introduction to Network Analyzers

Port Monitoring
Virtual Private Network
IPsec Protocol

IPSec in transport mode

IPSec in Tunnel mode

Tunnel Mode
• In tunnel mode, IPSec protects the entire IP packet.
• It takes an IP packet, including the header, applies IPSec security
methods to the entire packet, and then adds a new IP header.
Transport mode versus tunnel mode

Authentication header protocol

Encapsulating Security Payload (ESP)

Security associations (SAs)

Example SA from R1 to R2
headquarters Internet
branch office

200.168.1.100 193.68.2.23

R1 security association
172.16.1/24
R2
172.16.2/24

Security Association Database (SAD)

Ipsec Datagram
headquarters Internet
branch office

200.168.1.100 193.68.2.23

R1 security association
172.16.1/24
R2
172.16.2/24

authenticated Portion
encrypted
new IP ESP original Original IP ESP ESP
header hdr IP hdr datagram payload trl auth

Seq pad next

SPI padding
# length header

Ipsec Datagram
authenticated
encrypted
new IP ESP original Original IP ESP ESP
header hdr IP hdr datagram payload trl auth

Seq pad next

SPI padding
# length header

• ESP trailer: Padding for block ciphers

• ESP header:
• SPI 32-bit SA identifier: Security Parameter Index (SPI)
• Sequence number
• MAC in ESP auth field is created with shared secret key
IEEE 802.11

Wireless communication is one of the fastest-growing

technologies.

The demand for connecting devices without the use of cables is

increasing everywhere.

IEEE has defined the specifications for a wireless LAN, called

IEEE 802.11, which covers the physical and data link layers.

Summary of IEEE 802.11 standards

The 802.11 Architecture

Basic service sets (BSSs)

802.11: passive/active scanning

BBS 1 BBS 2 BBS 1 BBS 2

1
6-169

1 1 2 2 AP 2
AP 1 AP 2 AP 1
2 3
3 4

H1 H1

passive scanning: active scanning:

(1) beacon frames sent from APs
(2) association Request frame sent:
H1 to selected AP
(3) association Response frame sent
from selected AP to H1
(1) Probe Request frame broadcast
from H1
(2) Probe Response frames sent
from APs
(3) Association Request frame sent:
H1 to selected AP
(4) Association Response frame
sent from selected AP to H1
 IEEE 802.11 MAC Protocol: CSMA/CA

1. If initially the station senses the channel idle, it

transmits its frame after a short period of time
known as the Distributed Inter-frame Space
(DIFS).
2. Otherwise, the station chooses a random backoff
value using binary exponential backoff and counts
down this value when the channel is sensed idle.
While the channel is sensed busy, the counter value
remains frozen.
3. When the counter reaches zero, the station
transmits the entire frame and then waits for an
acknowledgment.
4. If an acknowledgment is received, the transmitting
station knows that its frame has been correctly
received at the destination station. If the station has
another frame to send, it begins the CSMA/CA
protocol at step 2. If the acknowledgment isn’t
received, the transmitting station reenters the
backoff phase in step 2, with the random value
chosen from a larger interval.

Dealing with Hidden Terminals: RTS and

CTS

• The 802.11 MAC protocol also includes an optional

reservation scheme that helps avoid collisions even in
the presence of hidden terminals.
• Both of the wireless stations are within range of the AP
(whose coverage is shown as a shaded circle) and both
have associated with the AP.
• However, due to fading, the signal ranges of wireless
stations are limited .
• Each of the wireless stations is hidden from the other,
although neither is hidden from the AP.
 Dealing with Hidden Terminals: RTS and CTS

Dealing with Hidden Terminals: RTS and CTS

• Thus, before transmitting a DATA frame, H1 first broadcasts an

RTS frame, which is heard by all stations in its circle, including
the AP.

• The AP then responds with a CTS frame, which is heard by all

stations within its range, including H1 and H2.

• Station H2, having heard the CTS, refrains from transmitting for
the time specified in the CTS frame.
RTS and CTS

RTS and CTS

• The use of the RTS and CTS frames can improve
performance in two important ways:

1. The hidden station problem is mitigated, since a long DATA frame is

transmitted only after the channel has been reserved.
2. Because the RTS and CTS frames are short, a collision involving an
RTS or CTS frame will last only for the duration of the short RTS or
CTS frame. Once the RTS and CTS frames are correctly transmitted,
the following DATA and ACK frames should be transmitted without
collisions.
Collision Avoidance: RTS-CTS exchange

A B
AP

reservation collision

DATA (A) defer

time

The IEEE 802.11 Frame

 802.11 frame: addressing

2 2 6 6 6 2 6 0 - 2312 4
frame address address address seq address
duration payload CRC
control 1 2 3 control 4

Address 4: used
only in ad hoc
Address 1: MAC address mode
of wireless host or AP Address 3: MAC address
to receive this frame of router interface to which
AP is attached
Address 2: MAC address
of wireless host or AP
transmitting this frame

The IEEE 802.11 Frame: Address Field

BLUETOOTH

Bluetooth is a wireless LAN technology designed to connect

devices of different functions such as telephones, notebooks,
computers, cameras, printers, coffee makers, and so on.

A Bluetooth LAN is an ad hoc network, which means that the

network is formed spontaneously.

• Piconet
• Each piconet has one master and up to 7 simultaneous
slaves
• Master : device that initiates a data exchange.
• Slave : device that responds to the master
• Scatternet
• Linking of multiple piconets through the master or slave
devices
• Bluetooth devices have point-to-multipoint capability to
engage in Scatternet communication.

Piconet
Scatternet