Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 3 Data Link And Network Layer TCP/IP Protocols

Guide to TCP/IP, Second Edition2 Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various Ethernet and token ring frame types Understand how hardware addresses work in a TCP/IP environment, and the services that ARP and RARP provide for such networks Appreciate the overwhelming importance of the Internet Protocol (IP) and how IP packets behave on TCP/IP networks

Guide to TCP/IP, Second Edition3 Objectives (cont.) Understand the lifetime of an IP datagram, and the process of fragmentation and reassembly Appreciate service delivery options Understand IP header fields and functions

Guide to TCP/IP, Second Edition4 Data Link Protocols Data Link layer performs several key jobs: –Media Access Control (MAC) –Logical Link Control (LLC) Point-to-point data transfer Wide area network (WAN) links and WAN protocols

Guide to TCP/IP, Second Edition5 Data Link Protocols (cont.) Data encapsulation techniques Special handling for X.25, frame relay, and Asynchronous Transfer Mode (ATM) WAN links WAN encapsulation of frames at the Data Link layer involves –Addressing –Bit-level integrity check –Delimitation –Protocol identification (PID)

Guide to TCP/IP, Second Edition6 Serial Line Internet Protocol (SLIP) Original point-to-point protocol Management through a dial-up serial port Supports only TCP/IP 0xC0, 0xDB, 0xDC compressed SLIP (C-SLIP)

Guide to TCP/IP, Second Edition7 Point-to-Point Protocol (PPP) WAN data link encapsulation PPP encapsulation and framing techniques Fields in the PPP header and trailer include the following values: –Flag –Protocol Identifier –Frame Check Sequence (FCS) Synchronous technologies use bit substitution Support for a multi-link PPP implementation

Guide to TCP/IP, Second Edition8 Special Handling for PPP Links Additional control and addressing in PPP headers to manage X.25, frame relay, or ATM X.25: RFC 1356 –Public packet-switched data network using noisy, narrow-bandwidth, copper telephone lines Frame Relay: RFC 2427 –Logical point-to-point and multi-point connections through a single physical interface ATM: RFC 1577 and 1626 –High-speed cell-switched networking technology

Guide to TCP/IP, Second Edition9 Frame Types Ethernet frames types –Ethernet II –Ethernet Logical Link Control (LLC) –Ethernet Sub-Network Access Protocol (SNAP) The de facto standard is Ethernet II frame type Ethernet II frame fields and structure –Preamble –Source/Destination Address –Type/Data –Frame Check Sequence

Guide to TCP/IP, Second Edition10 Frame Types (cont.)

Guide to TCP/IP, Second Edition11 Frame Types (cont.) Ethernet LLC frame structure –Preamble –Start Frame Delimiter (SFD) –Destination Address/Source Address –Length –Destination Service Access Point (DSAP) –Source Service Access Point (SSAP) –Control –Data –Frame Check Sequence (FCS)

Guide to TCP/IP, Second Edition12 Frame Types (cont.)

Guide to TCP/IP, Second Edition13 Frame Types (cont.) Ethernet SNAP frame structure –Preamble/Start Frame Delimiter (SFD) –Destination Address/Source Address –Length –Destination Service Access Point (DSAP) –Source Service Access Point (SSAP) –Control –Organization Code –Ether Type –Data –Frame Check Sequence (FCS)

Guide to TCP/IP, Second Edition14 Frame Types (cont.)

Guide to TCP/IP, Second Edition15 Frame Types (cont.) Token Ring frame –IEEE –Physical star design –Logical ring transmission path –Token ring workstation acts as a repeater –Two variations of token ring frames Token Ring LLC frames Token Ring SNAP frames

Guide to TCP/IP, Second Edition16 Frame Types (cont.)

Guide to TCP/IP, Second Edition17 Frame Types (cont.) Token Ring LLC frame format –Start Delimiter –Access Control/Frame Control –Destination Address/Source Address –Destination Service Access Point (DSAP) (LLC 802.2) –Source Service Access Point (SSAP) (LLC 802.2) –Control (LLC 802.2) –Data –Frame Check Sequence –End Delimiter/Frame Status

Guide to TCP/IP, Second Edition18 Frame Types (cont.)

Guide to TCP/IP, Second Edition19 Frame Types (cont.) Token Ring SNAP frame format –Start Delimiter –Access Control/Frame Control –Destination Address/Source Address –Destination Service Access Point (DSAP) (LLC 802.2) –Source Service Access Point (SSAP) (LLC 802.2) –Control (LLC 802.2)/Organization Code –Ether Type/Data –Frame Check Sequence –End Delimiter/Frame Status

Guide to TCP/IP, Second Edition20 Frame Types (cont.)

Guide to TCP/IP, Second Edition21 Hardware Addresses In The IP Environment ARP ARP Cache Test for a duplicate IP address Routing tables Route resolution process

Guide to TCP/IP, Second Edition22 Hardware Addresses In The IP Environment (cont.)

Guide to TCP/IP, Second Edition23 Hardware Addresses In The IP Environment (cont.)

Guide to TCP/IP, Second Edition24 ARP Packet Fields and Functions Field types –Hardware Type Field –Protocol Type Field –Length of Hardware Address Field –Length of Protocol Address Field –Opcode Field –Sender’s Hardware Address Field –Sender’s Protocol Address Field –Target Hardware Address Field –Target Protocol Address Field

Guide to TCP/IP, Second Edition25 ARP Packet Fields and Functions (cont.)

Guide to TCP/IP, Second Edition26 ARP Packet Fields and Functions (cont.)

Guide to TCP/IP, Second Edition27 ARP Cache Kept in memory –Windows 2000 and Windows XP systems, 120 seconds –Other kinds of networking equipment, 300 seconds ARP cache entries –Automatic –Manual adding or deletion –WINIPCFG –IPCONFIG

Guide to TCP/IP, Second Edition28 ARP Cache (cont.)

Guide to TCP/IP, Second Edition29 Proxy ARP and Reverse ARP Proxy ARP –Enables a router to “ARP” in response to an IP host’s ARP broadcasts Reverse ARP (RARP) –Obtain an IP address for an associated data link address –Diskless Workstations –RARP Server

Guide to TCP/IP, Second Edition30 About Internet Protocol A Network Layer protocol Datagrams or Packets End-to-end communications IPv4/IPv6

Guide to TCP/IP, Second Edition31 Sending IP Datagrams Connectionless service Certain requirements to send a datagram –IP addresses of the source and destination –Hardware address of the source and next-hop router Manually entered destination IP address DNS to obtain a destination’s IP address

Guide to TCP/IP, Second Edition32 Sending IP Datagrams (cont.)

Guide to TCP/IP, Second Edition33 Route Resolution Process Local or remote destination? If Remote, which router? –Two types of route table entries Host route entry Network route entry –Default Gateway Gateway does one of the following: –Forwards the packet –Sends an ICMP reply - an ICMP redirect –Sends an ICMP reply - destination is unreachable

Guide to TCP/IP, Second Edition34 Lifetime of an IP Datagram Time to Live (TTL) –Cannot indefinitely circle a looped internetwork –Routing protocols prevent loops TTL Value –Defined as number of seconds or hop counts –Recommended TTL of 64 –Windows 2000/XP is 128 –Switches and hubs do not decrement the TTL value

Guide to TCP/IP, Second Edition35 Fragment and Reassembly Large packet fragmented by a router into smaller packets Reassembled at the Transport layer at the destination Same TTL value Fragment retransmission process causes more traffic Takes processing time

Guide to TCP/IP, Second Edition36 Service Delivery Options Packet priority and route priority Precedence –Eight levels from 0-7 Type of Service (TOS) –Six possible types of service Differentiated Services (Diffserv) Early Congestion Notification (ECN)

Guide to TCP/IP, Second Edition37 IP Header Fields And Functions IP Header fields –Version Field –Type of Service Field New TOS Field Function: Differentiated Services and Congestion Control –Total Length Field/Flags Field –Fragment Offset Field/Time to Live (TTL) Field –Protocol Field/Header Checksum Field –Source/Destination Address field –Options Field

Guide to TCP/IP, Second Edition38 IP Header Fields And Functions (cont.)

Guide to TCP/IP, Second Edition39 Chapter Summary Because they manage access to the networking medium, data link protocols also manage the transfer of datagrams across the network Normally, this means negotiating a connection between two communications partners and transferring data between them Such transfers are called point-to-point because they move from one interface to another on the same network segment or connection

Guide to TCP/IP, Second Edition40 Chapter Summary (cont.) When WAN protocols, such as SLIP or PPP, come into play, it’s possible to use analog phone lines; digital technologies that include ISDN, DSL, or T-carrier connections; or switched technologies, such as X.25, frame relay, or ATM, to establish links that can carry IP and other datagrams from a sender to a receiver At the Data Link layer, this means that protocols must deliver services, such as delimitation, bit-level integrity checks, addressing (for packet-switched connections), and protocol identification (for links that carry multiple types of protocols over a single connection)

Guide to TCP/IP, Second Edition41 Chapter Summary (cont.) Ethernet II frames are the most common frame type on LANs, but a variety of other frame types exist that carry TCP/IP over Ethernet or token ring networks Other Ethernet frame types that can carry TCP/IP include Ethernet LLC frames and Ethernet SNAP frames; token ring frame types include Token Ring LLC frames and Token Ring SNAP frames

Guide to TCP/IP, Second Edition42 Chapter Summary (cont.) Understanding frame layouts is crucial for proper handling of their contents, regardless of the type of frame in use Such frame types typically include start markers or delimiters (sometimes called preambles), destination and source MAC layer addresses, a Type field that identifies the protocol in the frame’s payload, and the payload itself, which contains the actual data inside the frame Most TCP/IP frames end with a trailer that stores a Frame Check Sequence field used to provide a bit-level integrity check for the frame’s contents

Guide to TCP/IP, Second Edition43 Chapter Summary (cont.) By recalculating a special value called a Cyclical Redundancy Check (CRC), and comparing it to the value stored in the FCS field, the NIC can accept the frame for further processing, or silently discard it when a discrepancy occurs At the lowest level of detail, it’s important to understand the differences in field layouts and meanings when comparing various frame types for any particular network medium

Guide to TCP/IP, Second Edition44 Chapter Summary (cont.) You should understand the differences between Ethernet II frames, Ethernet LLC frames, and Ethernet SNAP frames, and the differences between Token Ring LLC frames and Token Ring SNAP frames Because hardware/MAC layer addresses are so important when identifying individual hosts on any TCP/IP network segment, it’s imperative to understand how TCP/IP manages the translation between MAC layer addresses and numeric IP addresses For TCP/IP, the Address Resolution Protocol (ARP) provides this all-important role and helps create and manage the ARP cache

Guide to TCP/IP, Second Edition45 Chapter Summary (cont.) Because ARP can check the validity of the address assigned to any machine by performing an ARP request for a machine’s own address, ARP can also detect IP address duplication when it occurs on a single network segment Understanding ARP packet fields greatly helps to illuminate the address resolution process, particularly the use of the “all-zeroes” address in the Target Hardware Address field to indicate that a value is needed

Guide to TCP/IP, Second Edition46 Chapter Summary (cont.) ARP also includes information about hardware type, protocol type, length of hardware address (varies with the type of hardware), length of protocol address, and an Opcode field that identifies what kind of ARP or RARP packet is under scrutiny A more advanced mechanism called proxy ARP permits a router to interconnect multiple network segments and make them behave like a single network segment

Guide to TCP/IP, Second Edition47 Chapter Summary (cont.) Because this means that hardware addresses are required from all segments that act like a single network segment, proxy ARP’s job is to forward ARP requests from one actual network segment to another, when required; enable hardware address resolution; and then to deliver corresponding replies to their original senders Also, when a router configured for proxy ARP receives an ARP broadcast, it responds with its own address When it receives the subsequent data packet, it forwards this along, according to its routing tables

Guide to TCP/IP, Second Edition48 Chapter Summary (cont.) Network layer protocols make their way into the Data Link layer through a process known as data encapsulation Building IP datagrams, therefore, depends on understanding how to map the contents of an IP packet into a datagram that carries an IP packet as its payload This process requires obtaining a numeric IP address for the destination (and may involve initial access to name resolution services such as DNS), and then using ARP (or the ARP cache) to map the destination address to a hardware address

Guide to TCP/IP, Second Edition49 Chapter Summary (cont.) It is possible to use the hardware address of a known router or a default gateway instead, which can then begin the routing process from the sending network to the receiving network When a frame must travel from one network segment to another, a process to resolve its route must occur Local destinations can be reached with a single transfer at the Data Link layer, but remote destinations require forwarding and multiple hops to get from sender to receiver

Guide to TCP/IP, Second Edition50 Chapter Summary (cont.) Thus, it’s important to understand the role of local routing tables that describe all known local routes on a network, and the role of the default gateway that handles outbound traffic when exact routes are not known Here, ICMP comes into play to help manage best routing behaviors and report when destinations may be unreachable

Guide to TCP/IP, Second Edition51 Chapter Summary (cont.) Other important characteristics of IP datagrams include: Time to Live (TTL) values, which prevent stale frames from persisting indefinitely on a network; fragmentation of incoming frames when the next link on a route uses a smaller MTU than the incoming link (reassembly of fragments always occurs when frames ultimately arrive at the destination host); and service delivery options to control packet and route priorities (seldom used, but worth understanding) IP traffic can be prioritized using Differentiated Services or Type of Service designations

Guide to TCP/IP, Second Edition52 Chapter Summary (cont.) Although Type of Service was defined in the original specification, current network prioritization implementations are based on Differentiated Services functions that place a DSCP value in the IP header This DSCP value is examined by routers along a path, and the traffic is forwarded according to the router configuration for that DSCP traffic type In addition, Explicit Congestion Notification enables routers to notify each other of congested links before they must drop packets

Guide to TCP/IP, Second Edition53 Chapter Summary (cont.) These services streamline IP traffic to ensure minimal delay for high-priority traffic and a minimum of packet loss The chapter concludes with an overview of all fields in an entire IP header It brings together all the topics discussed in earlier sections, and permits inspection of entire IP datagram headers to map out their contents Ultimately, this provides the map by which it is possible to examine and decode the addressing and handling instructions associated with any IP datagram