Network Technology Foundation - Chapter 4 Notes

Network Layer

  • The network layer facilitates data exchange between end devices across a network.
  • It involves four primary processes:
    • Addressing end devices: Assigning a unique IP address to each device for network identification.
    • Encapsulation: Adding an IP header to the Protocol Data Unit (PDU) received from the transport layer.
    • Routing: Directing packets to a destination host on another network.
    • De-encapsulation: Removing the IP header from the packet upon arrival at the destination and passing it to the transport layer.
  • Two common network layer protocols:
    • Internet Protocol version 4 (IPv4)
    • Internet Protocol version 6 (IPv6)
  • Basic characteristics of IP:
    • Connectionless: No prior connection is established before sending data packets.
    • Best Effort (unreliable): Packet delivery is not guaranteed.
    • Media Independent: Operates independently of the medium carrying the data.

IPv4 Header

The IPv4 header is 20 bytes long and includes the following fields:

  • Version
  • Header Length
  • Total Length
  • Identification
  • Flags
  • Fragment Offset
  • Time-to-Live
  • Protocol
  • Header Checksum
  • Source IP Address
  • Destination IP Address

IPv4 Issues

  • IPv4 has three major issues:
    • IP address depletion: Limited number of unique public IP addresses.
    • Lack of end-to-end connectivity: Sharing of public IP addresses hides internal network hosts.
    • Increased network complexity: Network Address Translation (NAT) adds complexity, latency, and troubleshooting difficulties.

IPv6

  • IPv6 overcomes the limitations of IPv4:
    • Increased address space: 128-bit addresses.
    • Improved packet handling: Simplified header with fewer fields.
    • Eliminates the need for NAT: Large number of public IPv6 addresses.
    • Integrated security: Natively supports authentication and privacy.

IPv6 Header

The IPv6 header is 40 bytes long and includes the following fields:

  • Version
  • Traffic Class
  • Flow Label
  • Payload Length
  • Next Header
  • Hop Limit
  • Source IP Address
  • Destination IP Address

Routing

  • A host can send a packet to:
    • Itself: Loopback interface (127.0.0.1 or ::1) to test the TCP/IP protocol stack.
    • Local host: A destination on the same local network.
    • Remote host: A destination on a remote network.
  • The host determines if the destination IP address is on the same network by:
    • Checking its own subnet mask along with its own IPv4 address and the destination IPv4 address (IPv4).
    • In IPv6, the local router advertises the local network address (prefix) to all devices on the network.
  • If the host is sending a packet to a device on a different IP network, it forwards the packet through the default gateway.
    • The default gateway routes traffic from the local network to remote networks.
  • Router is the device that connects to multiple networks.
  • Each router contains a routing table with three types of route entries:
    • Directly-connected networks: Active router interfaces.
    • Remote networks: Connected to other routers, learned manually or via dynamic routing protocols.
    • Default route: Used when no better match is found in the IP routing table.
  • Static routes are manually configured and do not automatically update with network topology changes.
  • Dynamic routing protocols allow routers to automatically learn about remote networks and adjust to topology changes.

Example of Static Route Configuration:

R1 (config)# ip route 10.1.1.0 255.255.255.0 209.165.200.226

  • Remote network address: 10.1.1.0/2410.1.1.0/24
  • IP address of next hop router: 209.165.200.226209.165.200.226

Routing Table Codes:

  • L - local
  • C - connected
  • S - static
  • R - RIP
  • M - mobile
  • B - BGP
  • D - EIGRP
  • EX - EIGRP external
  • O - OSPF
  • IA - OSPF inter area
  • N1 - OSPF NSSA external type 1
  • N2 - OSPF NSSA external type 2
  • E1 - OSPF external type 1
  • E2 - OSPF external type 2
  • i - IS-IS
  • su - IS-IS summary
  • L1 - IS-IS level-1
  • L2 - IS-IS level-2
  • * - candidate default
  • U - per-user static route
  • o - ODR
  • P - periodic downloaded static route
  • H - NHRP
  • l - LISP
  • + - replicated route
  • \& - next hop override
  • p - overrides from PfR
  • a - application route

ICMPv4

  • ICMP (Internet Control Message Protocol) is used for testing network connectivity and reporting errors.
  • An ICMP Echo Message can test the reachability of a host (ping command).
  • If the host is available, the destination host responds with an Echo Reply.
  • When a host or gateway cannot deliver a packet, it uses an ICMP Destination Unreachable message.
  • An ICMPv4 Time Exceeded message indicates that a packet's Time to Live (TTL) field reached 0 (routing loop).
  • Types of connectivity tests performed include:
    • Pinging the local loopback
    • Pinging the default gateway
    • Pinging the remote host
  • Traceroute (tracert) lists hops successfully reached along the path for verification and troubleshooting.
  • Traceroute sends three separate packets.
  • The round-trip time (RTT) is the time a packet takes to reach the remote host and for the response to return.
  • An asterisk (*) indicates a lost or unreplied packet.

Transport Layer

  • The transport layer manages temporary communication sessions between applications and delivers data.
  • It segments data and controls the reassembly of segments into communication streams.
  • It identifies the proper application for each communication stream.
  • TCP (Transmission Control Protocol) is a reliable transport protocol that provides:
    • Tracking transmitted data segments
    • Acknowledging received data
    • Retransmitting any unacknowledged data
  • UDP (User Datagram Protocol) provides basic functions for delivering data segments with minimal overhead.
  • Both TCP and UDP are valid transport protocols; the choice depends on application requirements.
  • When a message is delivered via TCP or UDP, protocols and services are identified by a port number.
  • A port number is a numeric identifier within each segment used to track specific conversations and requested destination services.

Destination Port:

  • The client includes a destination port number in the segment to specify the requested service on the destination server (e.g., port 80 for HTTP).

Source Port:

  • The source port number is randomly generated by the sending device to identify a conversation between two devices, allowing multiple simultaneous conversations.
  • Source and destination ports are placed within the segment, which is then encapsulated in an IP packet.

Example:

  • An FTP client might use source port 1305 and destination port 21 (FTP server).
  • A web client might use source port 1099 and destination port 80 (web server).

Netstat

  • The netstat command displays active network connections.
  • It shows the protocol (Proto), local address, foreign address, and state of each connection.

TCP (Transmission Control Protocol)

  • Establishing a Session
    • TCP is connection-oriented.
    • Negotiates and establishes a permanent connection (or session) between source and destination devices prior to forwarding any traffic.
  • Reliable Delivery
    • TCP can ensure that all pieces reach their destination by having the source device retransmit lost or corrupted data.
  • Same-Order Delivery
    • By numbering and sequencing the segments, TCP can ensure that these segments are reassembled into the proper order.
  • Flow Control
    • Network hosts have limited resources, such as memory or bandwidth. When TCP is aware that these resources are overtaxed, it can request that the sending application reduce the rate of data flow.
    • Flow control can prevent the loss of segments on the network and avoid the need for retransmission.
  • TCP incurs additional overhead.
    • Each TCP segment has 20 bytes of overhead in the header encapsulating the application layer data. This is considerably more than a UDP segment, which only has 8 bytes of overhead
TCP Segment

The TCP segment includes the following fields:

  • Source Port (16 bits)
  • Destination Port (16 bits)
  • Sequence Number (32 bits)
  • Acknowledgement Number (32 bits)
  • Header Length (4 bits)
  • Reserved (6 bits)
  • Control Bits (6 bits)
  • Window (16 bits)
  • Checksum (16 bits)
  • Urgent (16 bits)
  • Options (0 or 32 bits, if any)
  • Application Layer Data (size varies)

TCP Connection Establishment (Three-Way Handshake):

  1. SYN: The client sends a segment with the SYN (synchronize sequence number) control flag.
  2. SYN, ACK: The server acknowledges the SYN segment with a SYN-ACK segment.
  3. ACK: The client responds with an ACK segment to establish the connection.

TCP Connection Termination:

  • To close a connection, the Finish (FIN) control flag must be set in the segment header.
  • To end each one-way TCP session, a two-way handshake is used, consisting of a FIN segment and an ACK segment.

TCP Reordering:

  • When services send data using TCP, segments may arrive at their destination out of order.
  • The receiving TCP process places the data from a segment into a receiving buffer.
  • Segments are placed in the proper sequence number order and passed to the application layer when reassembled.

TCP Acknowledgement:

  • One of the functions of TCP is ensuring that each segment reaches its destination.

  • The TCP services on the destination host acknowledge the data that it has received by the source application.

  • When TCP at the source host has not received an acknowledgement after a predetermined amount of time, it returns to the last ACK number received and retransmits the data from that point forward.

  • The amount of data that a source can transmit before an acknowledgement must be received is called the window size, which is a field in the TCP header that enables the management of lost data and flow control.
    TCP Window Size:

  • Managed during the three-way handshake

TCP Congestion Control:

  • If acknowledgements are not received as expected, the sending host will reduce the number of bytes sent before getting an acknowledgement.

Examples of Applications That Use TCP:

  • Hypertext Transfer Protocol (HTTP)
  • File Transfer Protocol (FTP)
  • Simple Mail Transfer Protocol (SMTP)
  • Telnet

UDP (User Datagram Protocol)

  • Connectionless

    • UDP does not establish a connection between the hosts before data can be sent and received.

  • Unreliable Delivery

    • UDP does not provide services to ensure that the data will be delivered reliably.

  • No Ordered Data Reconstruction

    • Occasionally data is received in a different order than it was sent. UDP does not provide any mechanism for reassembling the data in its original sequence.

  • No Flow Control

    • There are no mechanisms within UDP to control the amount of data transmitted by the source.

  • UDP’s low overhead data delivery makes it an ideal transport protocol for applications that can tolerate some data loss.

  • The pieces of communication in UDP are called datagrams. These datagrams are sent as best effort by the transport layer protocol.

  • A few applications that use UDP are Domain Name System (DNS), video streaming, Voice over IP (VoIP), TFTP and SNMP.

UDP Datagram Format

  • Source Port (16 bits)
  • Destination Port (16 bits)
  • Length (16 bits)
  • Checksum (16 bits)
  • Application Layer Data (variable size)