Internet Basics

(How your email gets to you)

Richard G. Clegg

What we will cover

The "layers model" of the internet Internet addresses Internet protocols The basics of rout(e)ing The journey of email

For more information

Tanenbaum (Computer Networks) Stevens (TCP/IP illustrated) RFCs (requests for comments) IETF (Internet Engineering Task Force)

The Internet - emailing a friend

your computer university of york G/169

router
transatlantic cable

JANET LAN

US backbone

your friend's computer

Models of the Internet

OSI/ISO reference model Application Presentation Session Transport Network Data Link Physical

TCP/IP Reference Model

Application

Model Layers

Transport Internet Host-to-network

open systems interconnection (international standards office) transmission control protocol/internet protocol

Physical layer
Think "wires in the ground". This is the physical hardware of the internet. Wires/optical cables/wireless links and other technologies provide a way for transmission of raw bits (0s and 1s). Routers and switches connect these cables and direct the traffic.

Data link layer

Groups raw bits into packets of data. Basic error checking for lost data. In TCP/IP the "Physical layer" and the "Data Link" layer are grouped together and called the host-to-network layer.

Network Layer/Internet Layer

Tells data which link to travel down. Addresses the problem known as

routing.

Deals with the question "where do I go next to get to my destination?" Ensures packets get from source A to destination B.

Transport Layer
Accepts data splits it into packets. Ensures a connection between source and destination. If necessary ensure that connection is lossless (resend missing data). Provides flow control if necessary (send data faster or slower depending on the network conditions).

Session Layer (not TCP/IP)

Provides a single connection for one application. This connection may be two way or may be synchronised.

Presentation Layer (not TCP/IP)

Provides extra functions which are used quite often. E.g. exchange of character strings.

Application layer
The computer programs which actually do things with the network. For example, your email program which will talk to the email server at the other end. At this layer, we have many protocols (http, snmp, smtp, ftp, telnet) which different bits of software use. We often talk in terms of client and server architecture for the software.

TCP/IP model in summary

Internet (IP) addresses

richard@manor.york.ac.uk (email) http://www.apoptygma.eu.org (www) ftp://ftp.uk.debian.org (file transfer) telnet://towel.blinkenlights.nl (telnet) 144.32.108.74 These are the real IP addresses 148.122.211.110 of the above sites. IP addresses are 32 bits grouped into 4 octets. 195.224.53.39 (Octet = 8 bits a number from 0-255) 62.250.7.101

IP Networks(1)
IP addresses use less significant bits first to indicate sub-networks. IP address: 123.45.67.89 Netmask:255.255.255.0 If two IP addresses are the same when bitwise ORd against the inverse (bitwise NOT) of the netmask then they are on the same subnet 123.45.67.?? is always on the same subnet in the above example.

IP Networks(2)
IP networks were originally subdivided into class A, B, C, D and E networks.
Start End
127.255.255.255
191.255.255.255 223.255.255.255 239.255.255.255 247.255.255.255

Networks

Hosts/network

A
B C D E

1.0.0.0
128.0.0.0 192.0.0.0 224.0.0.0 240.0.0.0

126
16,382 2 million Multicast Reserved

16 million
64K 254

The IP header
IP packets all have a header as shown

About the IP header

Type of Service: (Best efforts, immediate delivery etc) Total length (of whole packet) Identification (number of packet for later reassembly) Fragment offset sometimes the network splits a packet into fragments. Flags (information about fragments). DF= Dont Fragment MF= More Fragments to come

About the IP header (2)

Time To Live (TTL) reduced by one every hop. When it reaches zero packet is killed. (This is to ensure that the network doesnt fill up with lost packets). Protocol identified by a number (usually TCP or UDP). Checksum to ensure that the packet is not corrupted.

IPv6
IPv4 allows over 4 billion computers (but not really) inefficient subnetting is using these up. IPv6 allows 16 octet addresses (4 octets in IPv4). 3x1038 addresses (> Avogadros number). 7x1023 IP addresses per square meter of the earths surface. Why so many? Electrical devices may want IP addresses your house could be its own subnetwork. Why NOT have so many?

IPv6(2)
Better security than current IP(v4). Allow roaming hosts. Permits the old and new protocols to co-exist. Pay more attention to type of service (for real time data).

Domain Name System (DNS)

DNS takes the human readable name and converts it to octets. On a unix machine you can try this using nslookup.
manor.york.ac.uk 1% nslookup www.ntk.net Server: castle2.york.ac.uk Address: 144.32.128.5 Question Non-authoritative answer: Name: vwww.flirble.org Address: 195.40.6.34 Aliases: www.ntk.net

Answer

DNS(2)
net

generic/US national TLDs (Top Level Domains) com org gov mil jp uk
sun vnvnation www www york ac co ic

nl

org
musicnonstop doc www

eng

manor

src

DNS (3)

Routing Tables
How do packets know where to go? This problem is known as routing. The oldest (and easiest) solution is static routing. Each computer has a table saying where to go to get to each other computer. On a Local Area Network (LAN) list all machines on your subnet and the address of the external router for everything else. Most machines only need to know how to get to their nearest router.

Dynamic Routing
Distance Vector Routing (Bellman-Ford) Each router stores a distance metric to various network locations. Routers exchange routing packets periodically to update their route information (routing table). Each router measures how far their neighbours are away and learns how far the neighbours are from various destinations.

Dynamic Routing (2)

B A knows that it is 2 units from B and 4 from C. 1 It also knows that C takes 4 4 units to get to D and C B takes 5. 4 Therefore, to get packets to D, D A will first send them to B. If things change, then the routing tables are updated. For example, if congestion increases the B to C cost to 3 then B will tell A the new price to get to D is 7. A will send things directly to C instead of via B. If the link A-C breaks A will send via B again. A 2

Routing problems
A 1 1 D
Iteration 1

1 1 C

The count to infinity problem. 1) All links cost 1. 2) Link C-D breaks. 3) What happens?

Assumed Cost to D
From B 2 (via C) From C 1 (direct)

From A 2 (via C)

2 (link breaks)
3 4 etc

3 (via B)
4 (via B) 5 (via B or C) etc

3 (via A)
4 (via A) 5 (via A or C) etc

Infinity *
4 (via B or A) 5 (via B or A) etc

* split horizon hack

Open Shortest Path First (OSPF)

Common internet routing algorithm. Uses three metrics, throughput, delay and reliability. Allows some load balancing. Accounts for the fact that routers cannot know the entire internet. Works within an Autonomous System (AS) assumed to be run by the same organisation. Border Gateway Protocol (BGP) connects these (I will not describe BGP here).

TCP and UDP

Once weve got our IP packet safely to its destination what happens next? Having stripped off the header, the first thing we find is another header. The second header provides information on which port to enter the machine on and where to send the reply. It also provides a checksum to check the data is valid. UDP will do nothing else. TCP will ensure that the connection is lossless.

What are ports?

Ports are conceptual points of entry into a host computer. They do not correspond with real hardware. Usually a service is associated with a port (e.g. http on port 80). Servers listen on a port for connection attempts. Ports provide one level of internet security. Generally, low level ports are reserved for special services.

Common Services and Ports

Service ftp telnet smtp (mail) finger http Listens on Port 21 23 25 79 80

User configured services (your Half-Life server?) will listen on high numbered ports which are usually left open to all users.

UDP data
User Datagram Protocol the header is shown below. Length and checksum are as for IP.

About UDP
Provides a lossy connection (data may vanish). Does not guarantee packets are delivered in order. Useful for real time applications. (It is no use having your Quake III information arriving correctly but ten seconds late). UDP applications can implement their own packet loss checking but it is best to use TCP for this.

The TCP header

The TCP header is shown below

About the TCP header

Sequence number (what is the order of this packet) incremented by 1 for every packet. Acknowledgement number (what packet sequence number does this acknowledge). Header length (how many 32 bit words are in options). Flags: SYN = start connection, ACK = acknowledge packet, FIN= finish connection. (Three other flags, URG, RST, PSH).

TCP header (2)

Window size will be described in more detail later (it sets how many unacknowledged packets may exist). Checksum is as for IP and UDP. Urgent Pointer points to part of the data that must be looked at by the receiver before the TCP session (rarely used).

About TCP
TCP provides a lossless connection (or flags an error when losses occur). Data packets are given an order and can be reassembled. TCP provides some limited congestion control. TCP is most useful for applications where data validity is important but real-time is not critical (email, www, ftp). TCP packets are part of a TCP session.

TCP connections
This diagram shows the start of a TCP connection.
A sends packet X with SYN. Hello I would like to talk. B sends a SYN, ACK pair I got your message. I would also like to talk A sends an ACK (and some data) I got your message, here is some data.

TCP mechanisms
The window size is the number of outstanding (unacknowledged) packets that that a TCP session can send. The window size provides a crude method for congestion control. The window size increases to allow more packets to be sent (it increases throughput). If a packet is lost then the window is reduced again.

TCP lost packets

When a packet is received out of sequence the receiver sends an ACK with the same number as the previous. If the sender receives three duplicate ACKs then it assumes the packet has been lost and resends. If the sender has not received an ACK for a packet within a certain amount of time then it times out and assumes the packet lost. Packet loss causes the packet to be resent and the congestion window to be reduced.

TCP Window Increase/Decrease

Congestion window Timeout The initial doubling of the window size is called slow start.

Threshold

Threshold Transmission no

ICMP
Internet Control Message Protocol packets are used for various control purposes. Here are some common ones: Time exceeded: TTL hit 0. Echo request: Can you hear me out there? Echo reply: Yes I can hear you. Source Quench: Stop sending so much data. Timestamp request/reply (as echo but with times).

The story of ping

Ping is a handy utility for checking if a computer is alive using ICMP echo request/reply (or timestamp if we want).
manor.york.ac.uk 20% ping -s castle.york.ac.uk PING castle2.york.ac.uk: 56 data bytes 64 bytes from castle2.york.ac.uk (144.32.128.5): 64 bytes from castle2.york.ac.uk (144.32.128.5): 64 bytes from castle2.york.ac.uk (144.32.128.5): 64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=0. icmp_seq=1. icmp_seq=2. icmp_seq=3. time=1. time=1. time=1. time=1. ms ms ms ms

Ping is a first test if a computer is networked. We can even measure the speed of light using ping. http://xxx.lanl.gov/abs/physics/0201053 Hacking makes it increasingly unused.

Traceroute
Traceroute neatly combines ping and the TTL flag to get a route to a computer. If the TTL is one the the packet will die after one hop. ICMP will return a Time exceeded flag. This will tell us where the first hop of our journey is. Increase the TTL by one to find the next hop.

ICMP tourism (with traceroute)

This shows the trip from Estonia to my flat in Fulford via my Internet Service Provider (ISP) V21 in Rochdale
traceroute to host213-121-67-224: (213.121.67.224): 2-20 hops, 38 byte packets 2 213.180.11.162 tondi-CR.online.ee 1.62 ms (ttl=127) 3 213.180.25.1 liiva-CR.online.ee 1.82 ms (ttl=126) 4 213.180.11.189 tix-CR.online.ee 2.16 ms (ttl=125) 5 212.47.215.6 r1-Fa4-0-80-Tln-TIX.EE.KPNQwest.net 2.28 ms (ttl=251) 6 134.222.224.5 r5-AT3-1.105.sthm-KPN1.SE.kpnqwest.net 12.2 ms (ttl=250) 7 134.222.119.226 r2-Ge0-2-0-0.Sthm-KQ1.SE.KPNQwest.net 34.3 ms (ttl=246!) 8 134.222.230.157 r2-Se0-3-0.hmbg-KQ2.DE.KPNQwest.net 33.4 ms (ttl=247!) 9 134.222.230.117 r2-Se0-2-0.0.ffm-KQ1.DE.kpnqwest.net 34.1 ms (ttl=249!) 10 134.222.230.29 r2-Se0-3-0.0.ledn-KQ1.NL.kpnqwest.net 39.6 ms (ttl=248!) 11 134.222.230.169 r1-Se0-0-0.0.ldn-KQ1.UK.kpnqwest.net 43.7 ms (ttl=246!) 12 134.222.231.14 r1-Se0-0-0.0.Ldn-KQ4.UK.KPNQwest.net 44.9 ms (ttl=245!) 13 134.222.109.241 r13-Gi5-0.200.ldn-KQ4.UK.kpnqwest.net 45.4 ms (ttl=245!) 14 195.66.225.10 linx-l1.ukcore.bt.net 45.2 ms (ttl=244!) 15 194.74.65.126 core2-pos14-0.ilford.ukcore.bt.net 45.3 ms (ttl=243!) 16 194.74.65.222 core2-pos5-0.reading.ukcore.bt.net 46.7 ms (ttl=242!) 17 62.6.196.109 core2-pos8-0.birmingham.ukcore.bt.net 54.3 ms (ttl=241!) 18 194.74.16.194 core2-pos9-0.rochdale.ukcore.bt.net 51.0 ms (ttl=240!) 19 217.32.168.5 vhsaccess1-gig1-0.rochdale.fixed.bt.net 51.1 ms (ttl=239!) 20 213.121.156.22 ugint0066-p.vhsaccess1.rochdale.fixed-nte.bt.net 51.3 ms (ttl=238!)

The journey of email

To: dave@distant.com From: richard@manor Dave, Great to see you the other day...

Look up IP name for distant.com

Dav eat

e, Gr to s

Packetise the data

Dav

SYN SYN,ACK ACK Set up the TCP connection

Dav

Get first Add IP hop from header to routing table front of that Send the first packet to its first hop And so on for further hops.

Add TCP header to first packet

Destination gets packet and returns ACK Start sending rest of data

How can we model this?

As mathematicians we want to be able to say something about these systems. How can we apply what we have learned in this and other courses to the internet? In a future lecture I hope to outline some open research questions about the net and show how mathematics can help solve some of these problems.