TCP/IP and Routing

This contains links to information used in the lectures.

Overview

The TCP/IP protocol suite includes:

Internet Protocol (IP) which is the low level protocol, which transports raw data over networks
Internet Control Message Protocol (ICMP), which provides low level support for IP, including, eror messages, routing assistance, and echo requests.
Address Resolution Protocol (ARP), which translates logical network addresses (internet addresses) to hardware addresses (ethernet addresses)
User Datagram Protocol (UDP) and Transmission Control Protocol (TCP), which send data between programs using IP. UDP is unverified (unreliable) datagram oriented, and TCP is reliable and connection-oriented.

The Evolution of TCP/IP

TCP and IP were developed by a Department of Defense (DOD) research project to connect a number different networks designed by different vendors into a network of networks (the "Internet"). It was initially successful because it delivered a few basic services that everyone needs (file transfer, electronic mail, remote logon) across a very large number of client and server systems. Several computers in a small department can use TCP/IP (along with other protocols) on a single LAN. The IP component provides routing from the department to the enterprise network, then to regional networks, and finally to the global Internet.On the battlefield a communications network will sustain damage, so the DOD designed TCP/IP to be robust and automatically recover from any node or phone line failure. This design allows the construction of very large networks with less central management. However, because of the automatic recovery, network problems can go undiagnosed and uncorrected for long periods of time. As with all other communications protocol, TCP/IP is composed of layers:

Link Layer
ARP, and network device drivers such as ethernet drivers.
Network Layer
- IP - is responsible for moving packet of data from node to node. IP forwards each packet based on a four byte destination address (the IP number). The Internet authorities assign ranges of numbers to different organizations. The organizations assign groups of their numbers to departments. IP operates on gateway machines that move data from department to organization to region and then around the world.
- ICMP - which provides low level support for IP, including, eror messages, routing assistance, and echo requests.
Transport Layer
- TCP - is responsible for verifying the correct delivery of data from client to server. Data can be lost in the intermediate network. TCP adds support to detect errors or lost data and to trigger retransmission until the data is correctly and completely received.
- UDP - provides a simpler protocol which as lower overhead for single messages or for software which wishes to do its own error checking.
Application layer
Application programs such as telnet, ftp, rlogin (based on TCP), NFS, DNS, ntp (based on UDP), ping and traceroute (based on ICMP and UDP).

Internet - network of networks

The Internet Protocol was developed to create a Network of Networks (the "Internet"). Individual machines are first connected to a LAN (Ethernet or Token Ring). TCP/IP shares the LAN with other uses (a Novell file server, Windows for Workgroups peer systems). One device provides the TCP/IP connection between the LAN and the rest of the world.

To insure that all types of systems from all vendors can communicate, TCP/IP is absolutely standardized on the LAN. However, larger networks based on long distances and phone lines are more volatile. In the US, many large corporations would wish to reuse large internal networks based on IBM's SNA. In Europe, the national phone companies traditionally standardize on X.25. However, the sudden explosion of high speed microprocessors, fiber optics, and digital phone systems has created a burst of new options: ISDN, frame relay, FDDI, Asynchronous Transfer Mode (ATM). New technologies arise and become obsolete within a few years. With cable TV and phone companies competing to build the National Information Superhighway, no single standard can govern citywide, nationwide, or worldwide communications.

The original design of TCP/IP as a Network of Networks fits nicely within the current technological uncertainty. TCP/IP data can be sent across a LAN, or it can be carried within an internal corporate SNA network, or it can piggyback on the cable TV service. Furthermore, machines connected to any of these networks can communicate to any other network through gateways supplied by the network vendor.

Addresses

Each technology has its own convention for transmitting messages between two machines within the same network. On a LAN, messages are sent between machines by supplying the six byte unique identifier (the "MAC" address). In an SNA network, every machine has Logical Units with their own network address. DECNET, Appletalk, and Novell IPX all have a scheme for assigning numbers to each local network and to each workstation attached to the network.

On top of these local or vendor specific network addresses, TCP/IP assigns a unique number to every workstation in the world. This "IP number" is a four byte value that, by convention, is expressed by converting each byte into a decimal number (0 to 255) and separating the bytes with a period. For example, the intrepid is 131.123.2.25, nimitz is 131.123.2.136, and lich.osnet.mcs.kent.edu is 131.123.42.7.

An organization begins by sending electronic mail to Hostmaster@INTERNIC.NET requesting assignment of a network number. Internet addresses are divided into 3 classes A, B, and C and there are 2 additional classes for special use:

Class	1st byte	Comments
A	1-127		N.H.H.H		Major networks
B	128-191		N.N.H.H		Large sites
C	192-223		N.N.N.H		Small cites, or groups for midsize sites
D	224-239				Multicast addressing
E	240-254				Experimental

where N is network and H is host. It is still possible for almost anyone to get assignment of a number for a small "Class C" network in which the first three bytes identify the network and the last byte identifies the individual computer. Larger organizations can get a "Class B" network where the first two bytes identify the network and the last two bytes identify each of up to 64 thousand individual workstations. Kent's Class B network is 131.123, so all computers with IP address 131.123.*.* are at or connected through Kent. There are only about 2 million class A, B and C addresses. Almost all the "B" class addresses are assigned.

As a result there is a proposal to enlarge the address space to 128 bits, called IPng. It also removes certain non-essential features of the IP protocol making it it faster and easier to implement.

Certain addresses have special meanings. In particular 0, 127 and 255 are usually reserved for special use. 255 indicates a broadcast address (for example 131.123.2.255), which is listened for by all machines on the net or subnet. Note that some vendors use 0 as the broadcast address by default (e.g. Sun) whereas others use 255. All systems on a network must be configured to use the same broadcast address. This is set with the ifconfig command. 0 is not assigned to any machine or network. The network address with 127 as the first byte is the "loopback network", which is fictitious. The address 127.0.0.1 is called "localhost" and means the current host machine.

The organization then connects to the Internet through one of a dozen regional or specialized network suppliers. The network vendor is given the subscriber network number and adds it to the routing configuration in its own machines and those of the other major network suppliers.

ARP and RARP

Internet addresses are assigned arbitrarily on Internet networks. Each host's implementation must know its own Internet address and respond to Address Resolution requests appropriately. It must also use ARP to translate Internet addresses to IEEE 802 addresses when needed. It can be used on any network which supports broadcasting. ARP can only be used on a network to which the destination host is connected. It may be used iteratively at every hop. Each machine maintains an ARP cache. ARP broadcasts a request for the ethernet address for a specific Internet addres e.g. 131.123.2.1. The ARP requests contains the INternet and ethernet address of the requestor and this is cached by reciever. The arp command can be used to examine and manipulate the arp cache. Example: arp -a on chaos

wraith.mcs.kent.edu (131.123.2.1) at 8:0:9:99:b:5 ether
banshee.mcs.kent.edu (131.123.2.2) at 8:0:9:65:83:57 ether
mcs.kent.edu (131.123.2.130) at 8:0:9:83:db:18 ether
phantom.mcs.kent.edu (131.123.2.35) at 8:0:9:32:72:ce ether
prowler.mcs.kent.edu (131.123.2.3) at 8:0:9:0:36:aa ether
aegis.mcs.kent.edu (131.123.2.132) at 8:0:9:8c:89:b9 ether
amber.mcs.kent.edu (131.123.2.133) at 8:0:9:87:32:12 ether
rabbit.mcs.kent.edu (131.123.2.229) at 8:0:9:27:c2:f5 ether
strat.mcs.kent.edu (131.123.2.135) at 8:0:9:49:d5:c9 ether
nimitz.mcs.kent.edu (131.123.2.136) at 8:0:20:11:4d:b8 ether
condor.mcs.kent.edu (131.123.2.137) at 8:0:9:16:5e:2d ether
pandora.mcs.kent.edu (131.123.2.138) at 8:0:9:9d:b:d4 ether
sunr.mcs.kent.edu (131.123.2.45) at 8:0:20:d:f8:a8 ether
farrell.mcs.kent.edu (131.123.2.46) at 8:0:20:b:66:83 ether
warschineck.mcs.kent.edu (131.123.2.79) at 8:0:20:3:1a:8b ether
gartland.mcs.kent.edu (131.123.2.47) at 8:0:9:49:d5:8a ether
jeep.mcs.kent.edu (131.123.2.48) at 8:0:20:d:31:b6 ether
batcher.mcs.kent.edu (131.123.2.49) at 8:0:20:10:d:56 ether
etna.mcs.kent.edu (131.123.2.50) at 8:0:9:49:d5:36 ether
reichel.mcs.kent.edu (131.123.2.51) at 8:0:9:19:5b:7e ether
ogion.mcs.kent.edu (131.123.2.53) at 8:0:69:6:e5:73 ether
hummvee.mcs.kent.edu (131.123.2.54) at 8:0:20:d:f8:55 ether
warp.mcs.kent.edu (131.123.2.22) at 8:0:20:7:d2:e1 ether
dune.mcs.kent.edu (131.123.2.55) at 8:0:9:62:84:da ether
stealth.mcs.kent.edu (131.123.2.24) at 8:0:9:78:45:90 ether
intrepid.mcs.kent.edu (131.123.2.25) at 8:0:9:4e:78:fb ether
sitharam.mcs.kent.edu (131.123.2.58) at 8:0:9:4a:86:e0 ether
goat.mcs.kent.edu (131.123.2.219) at 8:0:20:a:fd:8a ether
monkey.mcs.kent.edu (131.123.2.220) at 8:0:20:11:10:d2 ether
dragon.mcs.kent.edu (131.123.2.221) at 8:0:20:a:fe:85 ether
snake.mcs.kent.edu (131.123.2.222) at 8:0:20:a:fe:27 ether
tiger.mcs.kent.edu (131.123.2.223) at 8:0:20:a:d6:e1 ether

RARP

RARP is used to translate hardware addresses into internet addresses. The server is called rarpd and the information is in /etc/hosts or /etc/ethers

Routing

Every time a message arrives at an IP router, it makes an individual decision about where to send it next. There is concept of a session with a preselected path for all traffic. Consider a company with facilities in New York, Los Angeles, Chicago and Atlanta. It could build a network from four phone lines forming a loop (NY to Chicago to LA to Atlanta to NY). A message arriving at the NY router could go to LA via either Chicago or Atlanta. The reply could come back the other way.

How does the router make a decision between routes? There is no correct answer. Traffic could be routed by the "clockwise" algorithm (go NY to Atlanta, LA to Chicago). The routers could alternate, sending one message to Atlanta and the next to Chicago. More sophisticated routing measures traffic patterns and sends data through the least busy link.

If one phone line in this network breaks down, traffic can still reach its destination through a roundabout path. After losing the NY to Chicago line, data can be sent NY to Atlanta to LA to Chicago. This provides continued service though with degraded performance. This kind of recovery is the primary design feature of IP. The loss of the line is immediately detected by the routers in NY and Chicago, but somehow this information must be sent to the other nodes. Otherwise, LA could continue to send NY messages through Chicago, where they arrive at a "dead end." Each network adopts some Router Protocol which periodically updates the routing tables throughout the network with information about changes in route status.

If the size of the network grows, then the complexity of the routing updates will increase as will the cost of transmitting them. Building a single network that covers the entire US would be unreasonably complicated. Fortunately, the Internet is designed as a Network of Networks. This means that loops and redundancy are built into each regional carrier. The regional network handles its own problems and reroutes messages internally. Its Router Protocol updates the tables in its own routers, but no routing updates need to propagate from a regional carrier to the NSF spine or to the other regions (unless, of course, a subscriber switches permanently from one region to another). Example: netstat -r -n

Routing tables
Destination      Gateway            Flags     Refs     Use  Interface
224.0.0.9        127.0.0.1          UH          0        0  lo0
127.0.0.1        127.0.0.1          UH          0 18101305  lo0
131.123.4.202    131.123.2.2        UGHD        0     1609  lan0
default          131.123.2.1        UG          8  1790785  lan0
131.123.40       131.123.2.1        UG          0        0  lan0
131.123.41       131.123.2.132      UG          0        0  lan0
131.123.42       131.123.2.2        UG          0     7647  lan0
131.123.2        131.123.2.131      U           9 91005382  lan0
131.123.43       131.123.2.3        UG         13 21321959  lan0
131.123.4        131.123.2.2        UG          0   106873  lan0
131.123.44       131.123.2.2        UG        121 30666912  lan0
131.123.45       131.123.2.1        UG          0        0  lan0
131.123.46       131.123.2.1        UG          0        0  lan0

Paul A. Farrell
Thu Mar 7 15:10:34 EST 1996