TCP/IP Overview

Initiated by ARPA of DOD in 1969 to establish a packetswitching network linked by point-to-point leased lines
A standard protocol used for interoperability among
different types of computers (internetworking). An internet
under TCP/IP operates like a single (virtual) network
connecting computers of any size and type
Primary disadvantages of TCP/IP are its size and speed
(twice the size of NetBEUI)

TCP/IP Protocol Suite vs. OSI

Internet Protocol Suite

PDUs in TCP/IP Architecture

Transport Layer Protocols

Transport layer protocols are port-to-port protocols
A protocol port is a destination point (a buffer) for storing
data for use by a particular process. The interface between
processes and their corresponding ports is provided by the
operating system of the host (ex. socket programming)
Port address 16 bits
Standard TCP/IP transport protocols include
UDP: connectionless (3% of IP traffic)
TCP: connection-oriented (95% of IP traffic)

Connection-Oriented vs.
Connectionless Service
Connection mapped
through network (requires
call setup)
Abbreviated addressing
(virtual circuit identifier)
Usually fixed routing
(virtual circuit) between
networks
More reliable (flow & error
control)

Limited end-to-end mapping

Full addressing (IP)
Use of alternate routing
Limited accountability,
unreliable delivery
More flexible and robust

Internet Ports
A TCP upper-layer application in a host machine is
identified by a port number. The port number is
concatenated with the IP address to form a socket. A pair of
sockets uniquely identifies each end point connection
The port numbers are divided into:
The well-known ports (0 1023), assigned by IANA
The registered ports (1024 49151)
The dynamic and/or private ports (49152 65535)

Well-Known Port Number

User Datagram Protocol (UDP)

UDP uses IPs services and provides services to NFS, DNS,
TFTP, RPC, and SNMP
UDP provides connectionless delivery service and does not
send or receive acknowledgements to guarantee the
successful transmission of data
UDP does not provide any sequencing or reordering
functions and cannot specify the damaged packet when
reporting an error (ICMP 1% of IP traffic)
UDP has the ability to demultiplex data to an application
process based on the destination port number. For example,
if an SNMP manager wants to obtain management
information, it sends its request to UDP port 161 on the
destination port

UDP Datagram Format

(Including header)

(optional)

Transmission Control Protocol (TCP)

Major clients of TCP are Telnet, FTP, SMTP
Combination of an IP address and a port number is called a
socket. Two sockets uniquely define a TCP connection
TCP provides reliable transport service
Connection oriented
FDX, point-to-point communication
Complete reliability (flow and error control to recover
data that is damaged, lost, duplicated, or out of sequence)
Reliable connection startup: three-way handshake
Graceful connection shutdown: all data delivered before
termination occurs

TCP Operation
TCP is an end-to-end protocol and uses IP to carry traffic
TCP is network-independent

TCP Segment

TCP header

Source/destination port address defines application program

Sequence/Acknowledgement number is used for flow control
Header length: measured in 32-bit words, usually 5 (20 B)
Control field
URG: validates the urgent pointer
ACK: validates the acknowledgement number
PCH: push function to indicate the need for higher throughput
RST: reset the connection
SYN: synchronize sequence numbers, used with connection setup
FIN: no more data from sender, comparable to EOT
Checksum: segment discarded if error is detected
Urgent pointer: significant if URG is set, point to the end of
urgent data

TCP Connection Management

Three-Way Handshake:
Source TCP (client) sends an initial SYN segment to
remote TCP (server), sets a retransmission timer, and waits
for ACK
Remote TCP verifies the SYN flag and valid checksum,
extracts Internet addresses, records the initial sequence
number and sends a SYN-ACK segment to the client. It
also sets a retransmission timer and waits for ACK
After receiving SYN-ACK, the initiator sends an ACK
packet confirming the receipt of SYN-ACK
The handshake guarantees that TCP will not open or close
a connection until both ends have interacted

TCP Three-Way Handshake

Connection establishment

Connection termination

TCP Flow Control

Flow control - sliding windows protocol with variable
receive window size
Each entity implements flow control using a credit
mechanism, also called a window advertisement. A credit
specifies the maximum number of bytes the entity sending
this segment can receive and buffer from the other entity
Each octet of data is assigned a unique sequence number.
Individual octets are grouped into segments for transmission
and a single sequence number is provided for each segment

TCP ARQ Error Control

TCP uses ARQ (automatic repeat request) for error
control to achieve reliable data transfer

acknowledgements
retransmissions
Timers (frame retransmit timer, delayed Ack timer, etc.)
Sequence numbers

Flow & Error Control Exercise

For a window size of 8K and a segment size of 1K, after
the sender sends 8 K of data, what happens when
1. the sender receives ACK 3001?
2. the retransmit timer for the 4th data segment
expires?
3. the delayed ACK timer for the 6th data segment
expires?

TCP Retransmission Schemes

Ack all traffic up to 302

Assuming 900 octets

window size

Go back n or selective
repeat?

IP, UDP, and TCP Protocols

Network Layer Protocols

Internetwork Protocol (IP)

Address Resolution Protocol (ARP)
Reverse Address Resolution Protocol (RARP)
Internet Control Message Protocol (ICMP)
Internet Group Message Protocol (IGMP)

IP
To accommodate heterogeneity, an internet must define a
hardware-independent packet format
IP is connectionless service, no circuit is established
In IPv4, a datagram can contain as little as a single octet of
data or at most 64K octets, including header
Routers extract destination address from header and use
routing table to determine the next hop. Each destination in a
routing table is a network, not an individual host
Best-effort delivery: because IP is designed to operate over
all types of network hardware, the underlying hardware may
misbehave and datagrams may be lost, duplicated, delayed,
delivered out of order, or delivered with corrupted data.
There is no retransmission mechanism. Higher layers of
protocol software are required to handle each of these errors

IP Datagram (IP v4)

IP Header

IP version
Header length: measured in 32-bit words, usually 5 (20 B)
TOS: identify several QOS functions requested by sender
Total length: measured in octets (max: 65,536)
Identification, flags, and fragmentation offset are used to
control datagram fragmentation and reassembly
TTL: number of hops to prevent endless loops
Protocol: to identify the next-layer protocol (UDP, TCP,
ICMP, IGMP, OSPF)
Header checksum is used to detect header error
Options: record route, source route, and timestamp option

IP Type of Service (TOS)

Not all vendors support TOS. Typically, RIP ignores TOS bits,
but OSPF can route according to TOS requests

Examples of TOS Use

Fragmentation
All fragments have the same identification field
Flags are used
as follows:

Fragmentation offset is used to reassemble the fragments in

order

Time-to-Live Field

IP Protocol Numbers

Header Checksum
The following checksum procedure is used in IP,
TCP, UDP, ICMP, and IGMP:
Set checksum field to 0
Calculate 16-bit 1s complement sum of the header
Store the sum in the checksum field
At receiver, calculate 16-bit 1s complement of the
header
5. The sum should be all 1s if header has not been
changed
1.
2.
3.
4.

Checksum Exercise
To send data string 110011111011101101110010
with segment length of eight, compute the
checksum ________________. Verify your answer
if you are the receiver
_______________________

Major IP Services
Header Check Routine
Valid IP header length, version number, message length,
header checksum, nonzero TTL
Routing (based on destination IP address)
Fragmentation and reassembly

Processing the Datagram

IP Addressing
An addressing scheme that assigns each host a unique
protocol address
Uniform addressing for all hosts, an internet addressing
scheme is an abstraction created by software and is
independent of the underlying physical addresses
Addressing scaling issues: address space and ability to route
Solutions:
Subnetting
Private addressing
CIDR
IPv6: 32 bit (IPv4), 128 bit (IPv6)

Classes of IP Addresses
32-bit IP address is divided into two parts: a prefix
(identifies network) and suffix (identifies an individual
computer on that network) to make routing efficient, ex.
128.10.255.54
1st octet
1 -126
128 -191
192 -223
224 -239
240 -255

Division of Address Space

Virtually all class A addresses have been assigned.
Relatively few class B addresses remain available.
Multicast are packets typically exchanged between routers
One class E address (255.255.255.255) is used to identify a
broadcast message. Routers do not forward broadcast
messages to other networks

-2
-2
-2

-2
-2
-2

Special IP Addresses
Special addresses are reserved and should never be assigned
to host computers

Limited broadcasts traverse repeaters and bridges and

should never pass through a router
Directed broadcasts may pass through a router and will be
broadcast to all hosts on the target network

Examples of Special IP Addresses

0.0.0.0 refers to the default router to simplify routing tables
145.67.0.0 refers to the network 145.67 itself. This notation
is used within routing tables
0.0.0.34 refers to node 34 on the local network
145.67.255.255 refers to all hosts on the network 145.67
255.255.255.255 refers to all hosts on the local network
127.0.0.0 is reserved for loopback. 127.0.0.1 often is used
to refer to the local host

Authority for IP Addresses

For networks connected to the global Internet, an
organization obtains network numbers from ISPs.
ISPs coordinate with a central organization, the
Internet Assigned Numbers Authority (IANA), to
ensure each network prefix is unique
For a private internet, the assignment is often the
responsibility of the network administrator (nonroutable private Internet addresses are used)

Private IP Addresses (RFC 1918)

10.0.0.0 10.255.255.255
172.16.0.0. 172.31.255.255
192.168.0.0 192.168.255.255

1 class A private address

16 class B private addresses
256 class C private address

Not routable addresses, reserved for isolated test or

experimental networks. These addresses are unique to an
organization, but not globally unique
When the organization needs to connect to Internet, it would
get official registered IP addresses and insert a NAT
(Network Address Translation) device at the boundary
(RFC1631). Local host addresses need not be reassigned

NAT
NAT has another advantage security. Attackers cant go
after machines they cant see and private addresses arent
visible on the Internet
The trade-off is added cost, extra administration, and a
performance penalty

Subnetting
Class A and sometimes class B addresses can be wasteful. In
1985, RFC 950 defined a standard procedure to support
subnetting
The subnet structure of a network is never visible outside.
All subnets use the same network-prefix and only the
routers within the private organization need to differentiate
between the individual subnets. This allows the local
administrator to introduce arbitrary complexity into the
private network without affecting the size of Internets
routing tables. For example, a class B address such as
172.16.0.0, the organization could split this address into up
to 254 subnets by using addresses like 172.16.1.0,
172.16.2.0, and so forth up to 172.16.254.0

Subnet Example
The host portion of the internet address is partitioned into a
subnet number and a host number by using a subnet mask to
accommodate subnetting

CIDR
Classless Inter-Domain Routing (CIDR) was documented in
1993 in RFCs 1517 - 1520
Instead of having 3 classes, CIDR allows the division
between prefix and suffix to occur on an arbitrary boundary.
This gives ISPs more flexibility in handing out addresses.
For example, an ISP could elect to subdivide the /16 block
into two /17 blocks, or into four /18 blocks
CIDR is required for operations between autonomous
systems (network administered by a single ISP). It permits
networks to be grouped together logically, and to use one
entry in a routing table for multiple networks. For example,
with a mask of 254.0.0.0 (/7), all addresses between
194.0.0.0 and 195.255.255.255 can be identified by a single
entry in the routing table (route aggregation)

Calculating a Subnet Mask

1.
2.
3.
4.

Decide how many subnets (n) you need

Solve for x where 2 x > = n + 2
Reserve x bits from the top of the host position
Be sure that enough host addresses to be usable are left
over
According to RFC1122 and RFC950, subnets with all 0s and 1s
must be reserved. However, most industry implementations of
subnet masking allow the use of all 0s and 1s

Subnet Example
Assume that you have been assigned the IP address 128.1.0.0.
a). Identify the IP address class. How many host addresses are
there?
b). If the above address has the CIDR block prefix of /20,
give the subnet mask. How many subnets are there? How
many host addresses are there? How many addresses are
lost by the subnetting process?
c). What are the range of addresses you may assign for subnet
#1?

Supernets
Subnets divide address into segments and supernets
combine addresses into a block (address aggregation)
Supernets steal bits from the network portion of an IP
address to lend those bits to the host part it permits
multiple IP addresses to be combined and make them
function as a single logical network
In order to create supernets from class C IP addresses, the
network addresses must be consecutive and the first
addresss third octet must be evenly divisible by 2
Classless routing protocols are needed to support supernets
Supernetting is a useful tool for ISPs who can combine
multiple Class C addresses to serve a larger population than
might seem possible

Supernet Examples
201.41.18.0 and 201.41.19.0 can be combined into a
supernet 201.41.18.0/23 and 201.41.18.0 network being
supernet 0 and 201.41.19.0 network being supernet 1
201.41.15.0 and 201.41.16.0 cannot be combined into a
supernet
For additional examples of supernets, refer to the RFCs
1338, 1518, and 1519

An Example of IP Routing
1st match eliminates all entries in which
the masked part of the destination address
is not identical to the masked part of the
destination address field in the table
Keep the remaining entries in the pruned
table that have the longest mask
Perform the longest match. If more than
one entry remains, the route taken may
depend on TOS metrics or network
administrators policy
Because of this overhead, the high-end
routers use label-switching (MPLS)

Internet Node Addresses

After obtaining a set of Internet addresses, an
organization must allocate the addresses in its
subnet to nodes:
Statically assigned: a node is assigned a
permanent IP
Dynamically assigned: DHCP (dynamic host
configuration protocol) With dynamic addressing,
an ISP can have a modem-to-user ratio of 10 to 1
or more

IP Address Configuration
For a computer to connect to the Internet, it must have the
following information in its configuration file:
IP address
Subnet mask
Routers IP address
Name servers IP address

Internet Naming Conventions

Dotted decimal notation is too cumbersome, most Internet
users use URL
A URL consists of two parts: the protocol (http, ftp, etc.)
used to access a resource, followed by the resource name
(domain name) such as iona.edu
Domain names must be resolved to the IP addresses
Domain names and IP addresses are stored in databases on a
number of Internet nodes called domain name servers

Domain Name Space

Domain name space is structured as an inverted tree. Each
block on the tree represents a domain
The domain name can be up to 255 characters long and is
not case-sensitive

Host Names, Host Tables, and DNS

IP networks rely on DNS to translate host names to IP
addresses on the Internet
A host table is an ASCII file specific to each IP node
containing the names and addresses of systems one
commonly access

Operations with Name Servers

Routers and IP Addressing Principle

An IP address identifies a connection between a computer
and a network. A computer with multiple network
connections (a router) must be assigned multiple IP
addresses, one for each connection

IP Forwarding Process

If destination address is not found in

the routing table, packets are routed
via the default route to the default
gateway (border router)

via host table/ DNS

An IP Network
Example

Router As routing table

Address Resolution
IP address must be translated to an equivalent hardware
address (MAC address) when transmitting frames across
physical network hardware
Mapping between an IP address and a MAC address is
called address resolution
A host or router uses address resolution when it needs to
send a packet to another computer on the same physical
network. A computer never resolves the address of a
computer that attaches to a remote network (ARP is not an
IP protocol, namely ARP datagrams do not have IP headers
and will not be forwarded by routers)

How ARP Works

RARP
Allows a host to discover its IP address when it
knows only its physical MAC address
Used when the host is a diskless computer (usually a
host has its IP stored in a configuration file on its
hard disk where the OS can find it at boot), when
the computer is connected to the network for the
first time (when it is being booted), etc.

MTU & Fragmentation

A datagram cannot be larger than the max. transmission
unit (MTU) of a network over which it is sent. When a
router receives a large datagram, it divides the datagram
into smaller pieces called fragments and each fragment has
an IP datagram format
A bit in the flags field of IP header indicates whether a
datagram is a fragment or a complete datagram. Other
fields in the header contain information that is used to
reassemble the fragments to reproduce the original
datagram
Intermediate routers do not reassemble fragments, only the
ultimate destination does. IPs reassembly timer is all-ornothing

Packet Fragmentation

Fragmentation Example

Reassembly Example
The following figure shows the fragmented datagrams
arrive from gateways Y and Z in the order depicted by the
time from n to n + m

The length of IP datagram is not known

until the reassembling host receives the
4th fragment 160 * 8 + 220 = 1500

ICMP
Internet Control Message Protocol (ICMP) is required for a
standard implementation of IP (RFC0792)
IP uses ICMP when it sends an error message (from router
to source) and ICMP uses IP to transport messages
ICMP error messages can be used to test an internet to
obtain information (reachable destination? Trace a route?
Path MTU discovery?)
In addition to error reporting, ICMP can diagnose some
network problems through query messages such as echo
request and reply, time-stamp request and reply, address
mask request and reply, and router solicitation and
advertisement

ICMP Error Messages

Source quench: sent when a router runs out of buffer space
and discards a datagram. A host is required to reduce
transmitting rate
Time exceeded: sent when time to live (# of max. hops)
field becomes zero or when reassembly timer expires
Destination unreachable: sent when a router determines the
datagram cannot be delivered, the message specifies
whether the host is unreachable or the network to which the
destination attaches is unreachable
Parameter problem: wrong IP header checksum
Redirect: sent when a router wants to inform a source host
of a better route

Using ICMP to Test Reachability

ping program sends an ICMP echo request message to the specified
destination and waits for a reply. If no reply arrives, ping retransmits
the request. If no reply arrives for the retransmission (or if an ICMP
destination unreachable message arrives), ping declares the remote
machine is not reachable. The process is helpful for troubleshooting
serial link problems
ping causes a security hole on servers, so ping may be disabled by
that hosts administrator

Using ICMP to Trace a Route

tracert program sets the time to live value to 1 and sends the
datagram. The first router discards the datagram and sends
back ICMP time exceeded message. tracert can extract
router address from the IP source address
tracert then increment the time to live value to 2 and repeat
the process

Using ICMP for Path MTU Discovery

Host can sent a probe datagram that has the header
bit set to prevent fragmentation. If the datagram is
larger than the MTU of a network along the path,
the router connected to that network will discard the
datagram and send the appropriate ICMP message to
the host. The host then can send a smaller probe
until one succeeds

IGMP
IP addressing supports multicasting. All 32-bit IP addresses
that start with 1110 (class D) are multicast addresses. 228 =
256 M group addresses are available
IGMP is designed to help a multicast router identify the
hosts in a LAN that are members of a multicast group. IP
hosts and multicast routers communicate multicast group
membership information by exchanging IGMP messages
IP multicasting is critical to many applications, such as
interactive teleconferencing, on-line training, and electronic
distribution of software and information

Network Access Layer

TCP/IP does not specify the implementations of lower two
layers
Various standards are used to encapsulate the IP packet to
interconnect different networks LANS, WANs, or
dedicated lines (PPP)

IPv6 (IPng)
IPv4 has been extremely successful the protocol has
accommodated changes in hardware technologies and
heterogeneous networks
Motivations for changes (IP v4 deficiencies):
Limited address space
New Internet applications
real-time delivery of audio and video
collaboration technologies to allow group
communications that require more complex addressing
and routing capabilities
Accommodate data encryption and authentication of
data
Refers to RFCs 1924, 1883

IPv6 Packet Format

IPv6 Header Format

Eliminate error checking (for faster throughput)

Add header extension (for more functionality)

IPv6 Priority Field

The following table shows the permitted values for IPv6
priority field and the types of traffic the values identify

Extension Header Types

IPv6 Key Upgrades

Expanded address space: 128 bits (32 bits for IPv4)
IP header changes: 40 octets (20 octets for IPv4)
Allow header extensions: a datagram consists of the base
header followed by zero or more extension headers
(separate headers for each function), followed by data.
Extension headers are used to reduce datagram size and for
extensibility (experimenting and testing new functionalities)
Support for audio and video by prioritizing the flow of data
and using flow label to request special handling of packet
Extensible protocol: provides a scheme to allow new
features to be added as needed
Support for more security encryption and authentication
options

Fragmentation
Fragmentation information is not in the base
header, IPv6 places them in a separate fragment
extension header
In IPv6, a sending host is responsible for
fragmentation instead of routers. The host must
learn the MTU of each network along the path to
the destination and choose a size to fit the smallest
(path MTU discovery procedure)

IPv6 Addressing

IPv6 includes addresses with a multilevel hierarchy (ISP,

organization, site, etc.)
Each IPv6 address is one of 3 basic types:
Unicast: single host
Multicast: a group of computers that nay or may not be
connected to the same network
Anycast: a group of hosts whose addresses have the
same prefix, all computers connected to the same
network

IPv6 Address Hexadecimal Colon Notation

16 bytes - FDEC:BA98:0074:3210:000F:BBFF:0000:FFFF
Abbreviation FDEC:BA98:74:3210:F:BBFF:0:FFFF
FF0C:0:0:0:0:0:0:B1
FF0C::B1

IPv6 addresses hierarchy

Compatibility with IPv4

IPv4 and IPv6 routers must be able to coexist and maintain
all necessary connections. IPv6 protocols are designed to
recognize IPv4 protocols
How to push the packet through a network that has no
concept of a 128-bit address? Tunneling

Comparison between IPv4 and IPv6 Headers

Summary of IPv6
Same primary functions as IPv4, providing a connectionless
routing capability
Added capabilities such as authentication and encryption to
provide security
Increases the address space dramatically
Simplifies the headers to make routing more efficient
Intermediate nodes no longer fragment packets
There is no error detection (checksum) capability in IPv6,
thus relieving routers of another time-consuming task

Example of
TCP/IP
Topology

Routers A and F
are multi-protocol
routers who can
process either
SNA or IP packet

Other Network Protocols

NetBEUI: nonroutable, limited to Microsoft-based networks
XNS: Xerox Network System for Ethernet LANs, large and
slow protocol
IPX/SPX: Novell networks, a derivative of XNS, yet
relatively small and fast protocol, proprietary
DECnet: developed by DEC
VINES: developed by Banyan Corp.

Advantages and Disadvantages of TCP/IP

Broad connectivity
Direct access to Internet
Strong support for routing
SNMP
Support for DHCP
Support for most other
Internet protocols

Centralized TCP/IP domain

assignment, which requires
registration and cost
Difficulty of setup
Relatively high overhead
Slower than IPX and
NetBEUI

Review Questions
1.
2.
3.
4.
5.
6.
7.

Distinguish between TCP/IP and OSI model

What is the maximum size of an IP datagram?
Distinguish among Class A, B, and C IP address.
What is CIDR? What are the advantages?
Distinguish between subnetting and supernetting.
What is address resolution? How does ARP work?
What is MTU and whos responsible for packet
fragmentation and reassembly?
8. What is ICMP (ICGP) and what is it for?
9. Distinguish between IPv4 and IPv6
10. Distinguish between TCP and UDP

Homework
1.

2.
3.
4.

What is the maximum number of subnets in class B networks using

the following masks?
a. 255.255.192.0
b. 255.255.224.0
Find the subnetwork address and host address for the following:
IP: 200.34.22.156 /28
The IANA assigns you a Class B Internet address of 128.1.0.0. You
need to establish six subnets with each subnet capable of supporting
up to 8190 hosts
Explain all the information that you can obtain from the 5 host bits
on the following IP address:
1101 0110 1001 0010 1110 0111 0100 1101
a. How many subnets are possible on the 214.146.231.0/27
network?
b. How many addresses are lost by the subnetting process?