Anda di halaman 1dari 210

[Introduction of TCP/IP Model]


An increasing number of people are using the Internet and many
for the first time, are using the tools and utilities that at one time
were only available on a limited number of computer systems
(and only for really intense users). One sign of this growth in use
has been the significant number of TCP/IP and Internet books,
articles, courses and even TV shows that have become available
in the last several y ears; there are so many such books that
publishers are reluctant to authorize more because bookstores
have reached their limit of shelf space! This memo provides a
broad overview of the Internet and TCP/IP, with an emphasis on
history, terms and concepts. It is meant as a brief guide and
starting point, referring too many other sources for more detailed

TCP and IP were developed by a Department of Defense (DOD)

research project to connect a number different networks
designed by different vendors into a network of networks (the
"Internet"). It was initially successful because it delivered a few
basic services that everyone needs (file transfer, electronic mail,
remote logon) across a very large number of client and server
systems. Several computers in a small department can use
[Introduction of TCP/IP Model]

TCP/IP (along with other protocols) on a single LAN. The IP

component provides routing from the department to the
enterprise network, then to regional networks, and finally to the
global Internet. On the battlefield a communications network will
sustain damage, so the DOD designed TCP/IP to be robust and
automatically recover from any node or phone line failure. This
design allows the construction of very large networks with less
central management. However, because of the automatic
recovery, network problems can go undiagnosed and uncorrected
for long periods of time.
As with all other communications protocol, TCP/IP is composed of

• IP - is responsible for moving packet of data from node to

node. IP forwards each packet based on a four byte
destination address (the IP number). The Internet
authorities assign ranges of numbers to different
organizations. The organizations assign groups of their
numbers to departments. IP operates on gateway machines
that move data from department to organization to region
and then around the world.
• TCP - is responsible for verifying the correct delivery of data
from client to server. Data can be lost in the intermediate
network. TCP adds support to detect errors or lost data and
to trigger retransmission until the data is correctly and
completely received.
[Introduction of TCP/IP Model]

• Sockets - is a name given to the package of subroutines

that provide access to TCP/IP on most systems.

Network of Lowest Bidders

The Army puts out a bid on a computer and DEC wins the bid.
The Air Force puts out a bid and IBM wins. The Navy bid is won by
Unisys. Then the President decides to invade Grenada and the
armed forces discover that their computers cannot talk to each
other. The DOD must build a "network" out of systems each of
which, by law, was delivered by the lowest bidder on a single

The Internet Protocol was developed to create a Network of

Networks (the "Internet"). Individual machines are first connected
to a LAN (Ethernet or Token Ring). TCP/IP shares the LAN with
other uses (a Novell file server, Windows for Workgroups peer
[Introduction of TCP/IP Model]

systems). One device provides the TCP/IP connection between

the LAN and the rest of the world.
To insure that all types of systems from all vendors can
communicate, TCP/IP is absolutely standardized on the LAN.
However, larger networks based on long distances and phone
lines are more volatile. In the US, many large corporations would
wish to reuse large internal networks based on IBM's SNA. In
Europe, the national phone companies traditionally standardize
on X.25. However, the sudden explosion of high speed
microprocessors, fiber optics, and digital phone systems has
created a burst of new options: ISDN, frame relay, FDDI,
Asynchronous Transfer Mode (ATM). New technologies arise and
become obsolete within a few years. With cable TV and phone
companies competing to build the National Information
Superhighway, no single standard can govern citywide,
nationwide, or worldwide communications.
The original design of TCP/IP as a Network of Networks fits nicely
within the current technological uncertainty. TCP/IP data can be
sent across a LAN, or it can be carried within an internal
corporate SNA network, or it can piggyback on the cable TV
service. Furthermore, machines connected to any of these
networks can communicate to any other network through
gateways supplied by the network vendor.
[Introduction of TCP/IP Model]

Each technology has its own convention for transmitting
messages between two machines within the same network. On a
LAN, messages are sent between machines by supplying the six
byte unique identifier (the "MAC" address). In an SNA network,
every machine has Logical Units with their own network address.
DECNET, Appletalk, and Novell IPX all have a scheme for
assigning numbers to each local network and to each workstation
attached to the network.
On top of these local or vendor specific network addresses, TCP/IP
assigns a unique number to every workstation in the world. This
"IP number" is a four byte value that, by convention, is expressed
by converting each byte into a decimal number (0 to 255) and
separating the bytes with a period. For example, the PC Lube and
Tune server is
An organization begins by sending electronic mail to
Hostmaster@INTERNIC.NET requesting assignment of a network
number. It is still possible for almost anyone to get assignment of
a number for a small "Class C" network in which the first three
bytes identify the network and the last byte identifies the
individual computer. The author followed this procedure and was
assigned the numbers 192.35.91.* for a network of computers at
his house. Larger organizations can get a "Class B" network
where the first two bytes identify the network and the last two
bytes identify each of up to 64 thousand individual workstations.
Yale's Class B network is 130.132, so all computers with IP
address 130.132.*.* are connected through Yale.
[Introduction of TCP/IP Model]

The organization then connects to the Internet through one of a

dozen regional or specialized network suppliers. The network
vendor is given the subscriber network number and adds it to the
routing configuration in its own machines and those of the other
major network suppliers.
There is no mathematical formula that translates the numbers
192.35.91 or 130.132 into "Yale University" or "New Haven, CT."
The machines that manage large regional networks or the central
Internet routers managed by the National Science Foundation can
only locate these networks by looking each network number up in
a table. There are potentially thousands of Class B networks, and
millions of Class C networks, but computer memory costs are low,
so the tables are reasonable. Customers that connect to the
Internet, even customers as large as IBM, do not need to
maintain any information on other networks. They send all
external data to the regional carrier to which they subscribe, and
the regional carrier maintains the tables and does the
appropriate routing.
New Haven is in a border state, split 50-50 between the Yankees
and the Red Sox. In this spirit, Yale recently switched its
connection from the Middle Atlantic regional network to the New
England carrier. When the switch occurred, tables in the other
regional areas and in the national spine had to be updated, so
that traffic for 130.132 was routed through Boston instead of New
Jersey. The large network carriers handle the paperwork and can
perform such a switch given sufficient notice. During a conversion
[Introduction of TCP/IP Model]

period, the university was connected to both networks so that

messages could arrive through either path.
Although the individual subscribers do not need to tabulate
network numbers or provide explicit routing, it is convenient for
most Class B networks to be internally managed as a much
smaller and simpler version of the larger network organizations. It
is common to subdivide the two bytes available for internal
assignment into a one byte department number and a one byte
workstation ID.

The enterprise network is built using commercially available

TCP/IP router boxes. Each router has small tables with 255 entries
to translate the one byte department number into selection of a
destination Ethernet connected to one of the routers. Messages
to the PC Lube and Tune server ( are sent
through the national and New England regional networks based
on the 130.132 part of the number. Arriving at Yale, the 59
[Introduction of TCP/IP Model]

department ID selects an Ethernet connector in the C& IS

building. The 234 selects a particular workstation on that LAN.
The Yale network must be updated as new Ethernets and
departments are added, but it is not affected by changes outside
the university or the movement of machines within the

What are TCP/ IP and the Internet?

While the TCP/ IP protocols and the Internet are different, their
histories are most definitely interwingled! This section will discuss
some of the history. For additional information and insight,
readers are urged to read two excellent histories of the Internet:
Casting the Net: From ARPANET to INTERNET and beyond…. By
Peter Salus (Addison- Wisely, 1995) and Where Wizards Stay Up
Late: The origins of the Internet by the Katie Hafner and Mark
Lyon (Simon & Schuster, 1997). In addition, the Internet society
maintains a number of on- line “Internet history” papers at

The evolution of TCP/ IP (and the Internet)

While the Internet today is recognized as a network that is

fundamentally changing social, political and economic structures,
and in many ways obviating geographic boundaries, this potential
is merely the predictions that go back nearly forty years. In a
[Introduction of TCP/IP Model]

series of memos dating back to August 1962, J.C.R. Licklider of

MIT discussed his “Galactic network” and how social interactions
could be enabled through networking. The Internet certainly
provides such a national and global infrastructure and, in fact,
interplanetary Internet communication has already been seriously

Prior to the 1960s, what little computer communication existed

comprised simple text and binary data carried by the most
common telecommunications networks foe nearly the day;
namely, circuit switching, the technology of the telephone
networks for nearly a hundred years. Because most data traffic is
bursty in nature (i.e. most if the transmissions occur during a
very short period of time). Circuit switching results in highly
inefficient use of network resources.

The fundamental technology that makes the internet work is

called packet switching, a data network in which all components
(i.e. hosts and switches) operate independently, eliminating
single point- of- failure problems. In addition, network
communication resources appear to be dedicated to individual
users but, in fact, statistical multiplexing and an upper limit on
the size of a transmitted entirely result in fast, economical

In the 1960s, packet was ready to be discovered. In 1961,

Leonard Kleinrock of MIT published the first paper on packet
[Introduction of TCP/IP Model]

switching theory (and the first book on the subject in 1964). In

1962, Paul Baran of the Rand Corporation described a robust,
efficient, store- and- forward data network in a report of the U.S.
Air Force. At about the same time, Donald Davies and Roger
Scantlebury suggested a similar idea from work at the national
Physical Laboratory (NPL) in the U.K. The research at MIT (1961-
1967), RAND (1962- 1965), and NPL (1964- 1967) occurred
independently and the principal researchers did not all meet
together until the Association for Computing machinery (ACM)
meeting in 1967). The term packet was adopted from the work at

The modern Internet began as a U.S. Department of Defense

(DoD) funded experiment to interconnect DoD- funded research
sites in the U.S. The 1967 ACM meeting was also where the initial
design for the so- called ARPANET- named for the DoD’s
advanced Research projects Agency (ARPA) – was first published
by larry Roberts. In December 1968, ARPA awarded a contract to
Bolt Beranek and Newman (BBN) to design and deploy a packet
switching network with a proposed line speed of 50 kbps. In
September 1969, the first node of the ARPANET was installed at
the University of California at los Angles (UCLA), followed monthly
with nodes Stanford Research institute (SRI), the University of
California at Santa Barbara (USCB), and the University of Utah.
With four nodes by the end of 1969, the ARPANET spanned the
continental U.S. by 1971 and had connections to Europe by 1973.
[Introduction of TCP/IP Model]

The original ARPANET gave life to a number of protocols that

were new topacket switching. One of the most lasting results of
the ARPANET was the development of a user- network protocol
that has become the standard interface between users and
packet switched networks; namely, ITU-T (formerly CCITT)
Recommendation X.25. This “standard” interface encouraged
BBN to start Telnet, a commercial packet- switched data service,
in 1974; after much renaming, Telnet become a part of Sprint’s
X.25 services.

The initial host- to- host communications protocol introduced in

the ARPANET was called the network Control Protocol (NCP). Over
time, however, NCP proved to be incapable of keeping up with
the growing network traffic load. In 1974, a new, more robust
suite of communications protocols was proposed and
implemented trough out the ARPANET, based upon the
Transmission Control protocol (TCP) for end- to- end network
communications. But it seemed like overkill for the intermediate
gateways (what we would today call routers) to needlessly have
to deal with an end- to- end protocol so in 1978 a new design
split responsibilities between a pair of protocols; the new internet
protocol (IP) for routing packets and device- to- device
communication (i.e., host- to- gateway- to- gateway) an TCP for
reliable, end- to- end host communication.

Since TCP and IP were originally envisioned as a single protocol,

the protocol suite, which actually refers to large collection of
[Introduction of TCP/IP Model]

protocols and applications, is usually referred to simply as TCP/


The original version of both TCP and IP that are in common use
today were written in September 1981, although both have had
several modifications applied to them (in addition, the IP version
6, or IPv6, specification was released in December 1995). In
1983, the DoD mandated that all of their computer systems
would use the TCP/ IP protocol suite for long- haul
communications, further enhancing the scope and importance of

In 1983, the ARPANET was split into two components. One

component, still called ARPANET, was used to interconnect
research/ development and academic sites; the other, called
MILNET, was used to carry military traffic and became part of the
defense Data network. That year also saw a huge boost in the
popularity of TCP/ IP with its inclusion in the communications
Kernel for the University of California UNIX implementation,
4.2BSD (Berkeley software Distribution) UNIX.

In 1986, the National Science Foundation (NSF) built a backbone

network to interconnect four NSF- funded regional supercomputer
centers and the National center for Atmospheric Research
(NCAR). This network, dubbed the NSFNET, was originally
intended as a backbone for other networks, not as an
interconnection mechanism for individual systems. Furthermore,
[Introduction of TCP/IP Model]

the “Appropriate Use policy” defined by the NSF limited traffic to

non- commercial use. The NSFNET continued to grow and provide
connectivity between both NSF- funded and non- NSF regional
networks, eventually becoming the backbone that we know today
as the Internet. Although early NSFNET applications were largely
multi protocol in nature, TCP/IP was employed for
interconnectivity (with the ultimate goal of migration to Open
System interconnection).

The NSFNET originally comprised 56-kbps links and was

completely upgraded to T1(1.544 Mbps) links in 1983. Migration
to a “professionally- managed” network was surprised by a
consortium comprising merit (a Michigan state regional network
headquartered at the university of Michigan), IBM and MCI, was
responsible for managing the NSFNET and supervising the
transition of the NSFNET backbone to T3 (44.736 Mbps) rates by
the end of 1991. During this period of time, the NSF also funded a
number of regional Internet service providers (ISPs) to provide
local connection points for educational institutions and NSF-
funded sites.

In 1993, the NSF decided that it did not want to be in the

business of running and funding of research in the areas of
supercomputing and high- speed communications. In addition,
there was an increased pressure to commercialize the Internet; in
1889, a trail gateway connected MCI, CompoServe, and Internet
mail services, and commercial users were now finding out about
[Introduction of TCP/IP Model]

all of the capabilities of the Internet that once belonged

exclusively to academic and hard- core users! In 1991, the
Commercial internet Exchange (CIX) Association was formed by
General Atomics, performance Systems International (PSI), and
UUNET Technologies to promote and provide a commercial
Internet backbone service.

Nevertheless, there remained intense pressure from non- NSF

IPS’s to open the network to all users.

In 1994, a plan was put in place reduce the NSF’s role in the
public Internet. The new structure comprises three parts:

1. Network Access Points (NAPs), where individual ISPs would

interconnect, as suggested. The NSF originally funded four
such NAPs. Chicago (operated by Ameritech), New York
(really Pensauken, NJ, operated by Sprint), San Francisco
(operated by pacific Bell, now SBC), and Washington, D.C.
(MAE- East, operated by MFS, now part of worldcom).
2. The very High Speed Backbone network Service, a network
interconnecting the NAPs and NSF- funded centers,
operated by MCI. This network was installed in 995 and
operated at OC-3 (155.52 Mbps); it was completely
upgraded to OC-12 (622.08 Mbps) in 1997.
3. The routing Arbiter, to ensure adequate routing protocols
for the internet.
[Introduction of TCP/IP Model]

In addition, NSF- funded ISPs were given five years of reduced

funding to become commercially self- sufficient. The funding
ended by 1998 and a proliferation of additional NAPs has created
a “melting pot” of services. Today’s terminology refers to three of

• Tier 1 refers to national ISPs, or those have a national

presence and connect to least three of the original four
NAPs. National ISPs include AT&T, Sprint and Worldcom.
• Tier 2 refers to regional ISPs, or those that have primarily a
regional presence and connect to less than three of the
original four NAPs. Regional ISPs include Adelphia,, and
• Tier 3 refers to local ISPs, or those that do not connect to a
NAP but offer services via an upstream ISP.

It is worth saying a few words about the NAPs. The NSF provided
major funding for the four NAPs mentioned above but they
needed to have a additional customers to remain economically
viable. Some companies- such as then- metropolitan Fiber system
(MFS) – decided to build other NAP sites. One of MFS’ first sites
was MAE- East, where “MAE” stood for “Metropolitan Area
Ethernet”. MAE- East was merely a point where ISPs could
interconnect which they did by buying a router and placing it at
the MAE- East facility. The original MAE- East provided a 10 Mbps
Ethernet LAN was eventually replaced with a 100 Mbps FDDI ring
and the “E” then became “Exchange.” Over the years, MFS/ MCI
[Introduction of TCP/IP Model]

Worldcom has added sites in San Jose, CA (MAE-West), Los

Angles, Dallas and Houstan.

Other companies also operate their own NAPs. Savvis, for

example, operates an international internet service and has built
more than a dozen private NAPs in North America. Many large
service providers go around the NAPs entirely by creating
bilateral agreement whereby the directly route traffic coming
from one network and going to the other. Before their merger in
1998, for example, MCI and LDDS Worldcom had more than 10
DS-3 (44.736 Mbps) lines interconnecting the two networks.

The North American network operators Group (NSNOG) provides

a forum for the exchange of technical information and the
discussion of implementation issues that require coordination
among network service providers. Meeting three times a year,
NANOG is an essential element in maintaining stable Internet
services in North America. Initially funded by the NSF, NANOG
currently receives funds from conference registration fees and
vendor donations.

In 1998, meanwhile, the DoD and the U.S. Government choose to

adopt OSI protocols. TCP/IP was now viewed as an interim,
proprietary solution since it ran only on limited hardware
platforms and OSI products were only a couple of years away.
The DoD mandated that all computer communications products
would have to use OSI protocols by august 1990 and use of
[Introduction of TCP/IP Model]

TCP/IP would be phased out. Subsequently, the U.S. Government

OSI profile (GOSIP) defined the set of protocols that would have
to be supported by products sold to the federal government and
TCP/IP was not included.

Despite this mandate, development of TCP/IP continued during

the late 1980s as Internet grew. TCP/IP development had always
been carried out in an open environment (although the size of
this open community was small due to the small number of
ARPA/NSF sites), based upon the creed “we reject kings,
presidents, and voting. We believe in rough consensus and
running code “[Dave Clarke, M.I.T.]. OSI products were still a
couple of years away while TCP/IP became, in the minds of many,
the real open systems interconnection protocol suite.

It is not the purpose of this memo to take a position in the OSI vs.
TCP/IP debate (although it is absolutely clear that TCP/IP offers
the primary foals of OSI; namely, a universal, non- proprietary
data communications protocol. In fact, TCP/IP does far more than
was ever envision for OSI- or for TCP/ IP itself, for that matter).
But before TCP/IP prevailed and OSI sort of dwindled into
nothingness, many efforts were made to bring the two
communities together. The ISO Development Environment
(ISODE) was developed in 1990, for example, to provide an
approach for OSI migration for the DoD. ISODE software allows
OSI applications started to work together to bring about the best
both words as many TCP and IP features started to migrate into
[Introduction of TCP/IP Model]

OSI protocols, particularly the OSI transport protocol class 4 (TP4)

and the Connectionless Network layer Protocol (CLNP),
respectively. Finally, a report from the National Institute for
Standards and Technology (NIST) in 1994 suggested that GOSIP
should incorporate TCP/IP and drop the “OSI-only” requirement
[NOTE: some industry observers have pointed out that OSI
represents the ultimate example of a sliding window; OSI
protocols have been “two years away” since about 1986.]

None of this meant to suggest that the NSF is not funding

Internet- class research networks anymore. That is just the
function of, a consortium of nearly 200
universities working in partnership with industry and government
to develop advanced network applications and technologies for
the next generation Internet. Goals of Internet2 are to create a
leading edge network capability for the national research
community, enable the development of new Internet- based
applications, and to quickly move these new network services
and applications to the commercial sector.

Internet Growth

In Douglas Adams’ the Hitchhiker’s Guide to the Galaxy (Pocket

Books, 1979), the hitchhiker describes outer space as being “…
big. Really big…vastly hugely mind- bogglingly big…” A similar
description can be applied to the Internet. To paraphrase the
[Introduction of TCP/IP Model]

hitchhiker, you may think that your 750 node LAN is big, but
that’s just peanuts compared to the Internet.

The ARPANET started with four nodes in 1969 and grow to just
under 600 nodes before it was split in 1983.The NSFNET also
started with a modest number of Internet growth between 1981
and 1991 is documented in “Internet Growth (198- 1991)” (RFC

Internet Domain Survey Host Count





100000000 Adjusted

80000000 New




'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan- 'Jan-
91 92' 93' 94' 95' 96 97' 98' 99' 00' 01' 02' 03'

Source: Internet Software Consortium (

The Internet Software Consortium hosts the Internet Domain

Survey (with technical support from network wizards, who
originated the survey). According to their chart, the internet had
[Introduction of TCP/IP Model]

nearly 30 million reachable hosts by January 1998 and over 56

million July 1999. Dedicated residential access methods, such as
cable modem and asymmetrical digital subscriber line (ADSL)
technologies are undoubtedly the reason that this number has
shot up to over 171 million by January 2003. During the boom-
1990s, the Internet was growing at a rate of about a new network
attachment every half- hour, interconnecting hundreds of
thousands of networks. It was estimated that a Internet was
doubling in size every ten to twelve months and traffic year, the
number of nodes has been growing at a rate of about 50% annual
and traffic continues to keep pace with that growth.

And what of the original ARPANET? It grew smaller and smaller

during the late 1980s as sites and traffic moved to the Internet,
and was decommissioned in July 1990. Cerf & Kahn (“Selected
ARPANET Maps, “Computer Communications Review, October
1990) re- printed a number of network maps documenting the
growth (and demise) of the ARPANET.

Internet Administration

The Internet has no single owner, yet everyone owns (a portion

of) the Internet. The internet has no central operator, yet
everyone operates (a portion of) the Internet. The internet has
been compared to anarchy, but some claim that it is not nearly
that well organized!
[Introduction of TCP/IP Model]

Some central authority is required for the Internet, however, to

manage those things that can be managed centrally, such as
addressing naming, protocol development, standardization, etc.
Among the significant internet authorities are:

• The internet society (ISOC), chartered in 1992, a non-

governmental international organization providing
coordination for the internet, and its internetworking
technologies and applications. ISOC also provides oversight
and communications for the Internet Activities Board.
• The Internet activities Board (IAB) govern administrative
and technical activities on the internet.
• The Internet Engineering Task Force (IETF) is one of the two
primary bodies of the IAB. The IETF’s working groups have
primary responsibility for the technical activities of the
Internet, including writing specifications and protocols. The
impact of these specifications is significant enough that ISO
accredited the IETF as an international standards body at
the end of 1994. RFCs 2028 and 2031 describe the
organizations involved in the IETF standards process and
the relationship between the IETF and ISOC, respectively,
while RFC 2418 describes the IETF working group guidelines
and procedures. The background and the history of the IETF
and the Internet standards process can be found in “IETF-
History , Background, and role in today’s Internet.”
• The Internet Engineering Steering Group (IESG) is the other
body of the IAB. The IESG provides direction to the IETF.
[Introduction of TCP/IP Model]

• The Internet Research Task Force (IRTF) comprises a

number of long- term reassert group, promoting research of
importance to the evolution of the future Internet.
• The Internet Engineering planning Group (IEPG) coordinates
worldwide internet operations. This group also assists
internet Service providers (ISPs) to interoperate within the
global internet.
• The Forum of Incident Response Teams is the coordinate of
a number of Computer Emergency Response Teams (CERTs)
representing many counties, governmental agencies, and
ISPs throughout the world. Internet network security is
greatly enhanced and facilitated by the FIRST member
• The World Wide Web Consortium (W3C) is not an Internet
administrative body, per se, but since October 1994 has
taken a lead role in developing common protocols for the
World Wide Web to promote its evolution and ensure its
interoperability. W3C has more than 400 member
organizations internationally. The W3C, then, is leading the
technical evolution of the Web, having already developed
more than 20 technical specifications for the web’s

Domain Name and IP Addresses (and Politics)

Although not directly related to the administration of the Internet

for operational purposes, the assignment of Internet domain
[Introduction of TCP/IP Model]

names (and IP addresses) is the subject of some controversy and

a lot of current activity. Internet hosts use a hierarchical naming
structure comprising a top- level domain (TLD), domain and sub
domain (optional), and host name. the IP address space, and all
TCP/ IP- related members, have historically been managed by the
Internet Assigned numbers Authority; until April 1998, the
Internet network Information Center (InterNIC) U.S. domains. The
InterNIC had overall authority of these names, with NICs around
the world handling non- U.S. domains. The InterNIC was also
responsible for the overall coordination and management of the
Domain name System (DNS), the distributed database that
reconciles host name and IP addresses on the internet.

The InterNIC is an interesting example of the recent changes in

the internet. Since early 1993, network Solutions, Inc. (NSI)
operated the registry tasks of the InterNIC on behalf of the NSF
and had exclusive registration authority for the .com, .org, .net,
and .edu domains. NSI’s contract ran out in April 1998 and was
extended several times because no other agency was in place to
continue the registration for those domains. In October 1998, it
was decided the NSI would remain the sole administration for
those domains but that a plan needed to be put into place so that
users could register names in those domain with other firms. In
addition, NSI’s contract was extended to September 2000,
although the registration business was opened to competition in
June 1999. Nevertheless, when NIC’s original InterNIC contract
expired, IP address assignments moved to a new entry called the
[Introduction of TCP/IP Model]

American Registry for Internet Numbers (ARIN). (And NSI itself

was purchased by VeriSign in March 2000.)

The newest body to handle government of global Top Level

Domain (gTLD) registrations is the internet Corporation for
Assigned Names and Numbers (ICANN). Formed in October 1998,
ICANN is the organization designated by the U.S. National
Telecommunications and Information Administration (NTIA) to
administer the DNS. Although surrounded in some early
controversy (which is well beyond the scope of the paper!),
ICANN has received wide industry support. ICANN has created
several support organizations (SOs) to create policy for the
administration of its areas of responsibility, including domain
names (DNSOP), IP address (ASO), and protocol parameter
assignments (PSO).

On April 21, 1999, ICANN announced that five companies had

been selected to be part of this new competitive Shared Registry
System for the .com, .net, and .org domains.

• .com: Commercial organizations (administered by VeriSign

Global Registry Services through the Shared Registry
• .edu: Educational institutions; largely limited to 4- year
colleges and universities from about 1994 to 2001, but also
includes some community colleges (administered by
[Introduction of TCP/IP Model]

• .net: Network providers; largely limited to hosts actually

part of an including the author of this paper! (administered
by VeriSign Global Registry Services through the Shared
Registry system)
• .org: Non- profit organizations (administered by VerSign;
after January 2003, will be administered by the Public
Interest Registry (PIR), an organization formed by ISOC by
operational control subcontracted to Afilias, the operator of
the .info domain)
• .int: organizations established by international treaty
• .gov: U.S. federal government agencies (managed by the
U.S. General Services Administration, including the
• mil: U.S. military (managed by the U.S. Department of
Defense network information center)

The host name, for example, is assigned to

a computer named poodle (don’t ask why…) in the Accounting &
Computing Systems Division at Champlain College (champlain),
within the educational TLD (edu). The host name
refers to a host (mail) in the SoverNet domain (sover) within the
network provider TLD (net). Guidelines for selecting host names
in the subject of RFC 1178.

Other top- level domain names use the two- letter country codes
defined in ISO standard 3166;, for example, is the
address of the internet gateway to Australia and
[Introduction of TCP/IP Model] is a host at the Science and technology

Department of keio University in Yokohama, Japan. Other ISO
3166-based domain country codes are ca (Canada), de
(Germany), es (Spain), fr (france), gb (Great Britain) [NOTE: for
dome historical reasons, the TLD .gb is rarely used; the TLD .uk
(United Kingdom) seems to be preferred although UK is not an
official ISO 3166 country code.], ie (Ireland), il (Israel), mx
(Mexico), and us (United Kingdom). It is important to note that
there is not necessarily any correlation between a country code
and where a host is actually physically located.

There are several registries responsible for block of IP addresses

and domain naming policies around the globe. The American
Registry for Internet Numbers (ARIN), was originally responsible
for the Americas (Western hemisphere) and part of Africa. In
2002, the Latin America and Caribbean Internet Addresses
Registry (LACNIC) was officially recognized and now covers
Central and South America, as well as some Caribbean nations.
The African Regional Internet Registry (AfriNIC), still on a
provisional status, will be assuming responsibility for sub- Sahara
Africa. Eventually, ARIN will only cover North America and parts
of the Caribbean. The European and Asia- Pacific naming
registries are managed by Reseaux IP European (RIPE) and the
Asia Pacific NIC (APNIC), respectively.

These authorities in turn, delegate most of the country TLDs to

national registries (such as RNP in Brazil and NIC- Maxico), which
[Introduction of TCP/IP Model]

have ultimate authority to assign local domain names. An

excellent overview of the recent history and anticipated future of
the registry system can be found in “Development of the
Regional Internet Registry System” (D. Karrenberg et al.) in the IP
journal, vol. 4 no. 4.

Different countries may organize the country- based sub domains

in any way that they want. Many countries use a sub domain
similar to the TLDs, so that and are the suffixes
for commercial and educational institutions in Mexico, and
and are the suffixes for commercial and educational
institutions in the United Kingdom.

The us domain is largely organized on the basis of geography or

function. Geographical names in the us name space use names of
the form entity- name. city- telegraph- code.state-postal- the domain name, for example, refers
to the Cooperation for National Research Initiatives in Reston,
Virginia. Functional branches are also reserved within the name
space for schools (K12), community colleges (CC), technical
schools (TEC), state government agencies (STATE), councils of
government (COG), libraries (LIB), museums (MUS), and several
other generic types of entities. Domain names in the state
government name space usually take the form
department.state.state-postal- (e.g., the domain name points to the Vermont department of Public
Safety). The K12 name space can very widely, usually using the
[Introduction of TCP/IP Model]

form (e.g. the

domain refers to the Chorlatte Central School
in the Chittenden South School District which happens to be in
charlotte, Vermont). More information about the us domain may
be found in RFC 1480

In any case, suppose that Microsoft decided that someone using

their services mark was not in their best interest and they
pursued the issue; could they wrestle that if an organization
believes that it’s name or mark is being used in someone else’s
domain name in an unfair or misleading way, then they can take
legal action against the name holder and assignment of the name
will be held up pending the outcome of the legal action. More
information about this issue can be found at ICANN’s Uniform
Domain- Name Dispute- Resolution Policy Web page. By the way,
this is, of course, the question behind the new industry of
cybersquatting; someone registers a domain name hoping that
someone else with buy it them later on!

And what about IP addresses? Prior to the widespread use of

CIDR (see Section 3.2.1), individual organizations were assigned
an address (usually a Class C!) and domain name at the same
time. In general, the holder of the domain name owned the IP
address and if they changed ISP, routing tables throughout the
Internet were updated.
[Introduction of TCP/IP Model]

Today, ISPs are assigned addresses in blocks called CIDR blocks.

A customer today, whether they already own a domain name or
are obtaining a new one, will be assigned an IP address from the
ISP’s CIDR block. If the customer changes ISP, they have to
relinquish the IP address.

A good overview of the naming and addressing procedures can

be found in RFC 2901, titled “Guide to Administrative procedures
of the internet infrastructure.”

The TCP/IP protocol Architecture

TCP/IP is most commonly associated with the UNIX operating

system. While developed separately, they have been historically
tied, as mentioned above, since 4.2BSD UNIX started bonding
TCP/IP protocols with the operating system. Nevertheless, TCP/IP
protocols are available for all widely- used operating systems
today and native TCP/IP support is provided in OS/2, OS/400, and
Windows 9x/NT/2000, as well as most Unix variations.

Figure 2 shows the TCP/IP protocol architecture; this diagram is

by no means exhaustive, but shows the major protocol and
application components common to most commercial TCP/IP
software package and their relationship.
[Introduction of TCP/IP Model]


Gopher Archie
Layer Trace route
BGP Ping
Time/ NTP Whols TFTP

Layer IP ARP

Network Ethernet/ 802.3 Token Ring (802.5) SNAP/802.2 X.25 FDDI ISDN
Interface Frame Relay SMDS ATM Wireless (WAP, CDPD, 802.11)
Layer Fibre Channel DDS/ DSO/ T- carrier/ E- carrier SONET/ SDH DWDM

FIGURE 2 Abbreviated TCP/ IP Protocol Stack

The sections below will provide a brief overview of each of the

layers in the TCP/ IP suite and the protocols that compose those
layers. A large number of books and papers have been written
that describe all aspects of TCP/ IP as a protocol suite, including
detailed information about use and implementation of the
protocols. Some good TCP/ IP reference are.

• TCP/ IP illustrated, volume 1: The protocols by W.R. Stevens

(Addision- Wesely, 1994)
• Troubleshooting TCP/ IP by Mark Miller (John Willey & Sons,
[Layers of TCP/IP]

• Guide to TCP/ IP, 2/e by Laurna A. Cappell and Ed Tittle

(Thomson Course Technology, 2004)
• TCP/ IP: Architecture, Protocols, and Implementation with
IPv6 and IP security by S. Feit (McGraw- Hill, 2000)
• Internetworking with TCP/ IP, Vol. I: Principles, Protocols,
and Architecture, 2e, bby D. Comer (Prentice- Hall, 1991)
• “TCP/ IP and Tutorial” by T.J. Socolofsky and C.J. kale (RFC
1180, jan. 1991)
• “TCP/ IP and tcpdump Pocket Reference Guide”, developed
by the author for the SANS Institute.

The TCP/IP Layers

The TCP/IP model does not exactly match the OSI

model. There is no universal agreement regarding
how to describe TCP/IP with a layered model but it is
generally agreed that there are fewer levels than the
seven layers of the OSI model. Most descriptions
present from three to five layers. In this technical
reference document the layers of the TCP/IP model
are defined as follows:

Application Layer
In TCP/IP the Application Layer also includes
the OSI Presentation Layer and Session Layer.
[Layers of TCP/IP]

In this document an application is any process

that occurs above the Transport Layer. This
includes all of the processes that involve user
interaction. The application determines the
presentation of the data and controls the
session. In TCP/IP the terms socket and port
are used to describe the path over which
applications communicate. There are
numerous application level protocols in TCP/IP,
including Simple Mail Transfer Protocol (SMTP)
and Post Office Protocol (POP) used for e-mail,
Hyper Text Transfer Protocol (HTTP) used for
the World-Wide-Web, and File Transfer Protocol
(FTP). Most application level protocols are
associated with one or more port number.

Transport Layer
In TCP/IP there are two Transport Layer
protocols. The Transmission Control Protocol
(TCP) guarantees that information is received
as it was sent. The User Datagram Protocol
(UDP) performs no end-to-end reliability

Internet Layer:
In the OSI Reference Model the Network Layer
isolates the upper layer protocols from the
[Layers of TCP/IP]

details of the underlying network and manages

the connections across the network. The
Internet Protocol (IP) is normally described as
the TCP/IP Network Layer. Because of the Inter-
Networking emphasis of TCP/IP this is
commonly referred to as the Internet Layer. All
upper and lower layer communications travel
through IP as they are passed through the
TCP/IP protocol stack.

Network Access Layer

In TCP/IP the Data Link Layer and Physical
Layer are normally grouped together. TCP/IP
makes use of existing Data Link and Physical
Layer standards rather than defining its own.
Most RFCs that refer to the Data Link Layer
describe how IP utilizes existing data link
protocols such as Ethernet, Token Ring, FDDI,
HSSI, and ATM. The characteristics of the
hardware that carries the communication
signal are typically defined by the Physical
Layer. This describes attributes such as pin
configurations, voltage levels, and cable
requirements. Examples of Physical Layer
standards are RS-232C, V.35, and IEEE 802.3.

The four layer structure of TCP/IP is built as

[Layers of TCP/IP]

information is passed down from applications to the

physical network layer. When data is sent, each
layer treats all of the information it receives from the
layer above as data and adds control information to
the front of that data. This control information is
called a header, and the addition of a header is
called encapsulation. When data is received, the
opposite procedure takes place as each layer
removes its header before passing the data to the
layer above.

Network Access Layer

The Network Access layer is the lowest level of the
TCP/IP protocol hierarchy. It is often ignored by users
as it is well hidden by the better known mid-level
protocols such as IP, TCP, and UDP, and higher level
protocols such as SMTP, HTTP, and FTP. Functions
[Layers of TCP/IP]

performed at the network access layer include

encapsulation of IP datagrams into frames to be
transmitted by the network, and mapping IP
addresses to physical hardware addresses.

Much of the work that takes place at the network

access layer is handled by software applications and
drivers that are unique to individual pieces of
hardware. Configuration often consists of simply
selecting the appropriate driver for loading, and
selecting TCP/IP as the protocol for use. Many
computers come with this driver software pre-loaded
and configured, or can automatically configure
themselves via "plug-and-play" applications.

A good example of configuration at the network

access layer would be setting up a Windows NT
system to use a 3-Com Etherlink III network interface
card (NIC) with Ethernet. Under normal
circumstances the NIC would be detected by the
operating system at installation time. If this does not
occur, or if the card is added at a later time, the
installation procedure would consist mostly of
installing the card and selecting the driver by
[Layers of TCP/IP]

choosing the manufacturer and model of the card

from a list of available drivers. Some cards might
additionally require minimal hardware configuration,
such as selecting an I/O port, IRQ setting, and
possibly whether to use the Twisted Pair or Co-Ax
connector on the card. Once the correct driver is
selected for the card and configured, the next step is
to select TCP/IP from a list of available protocols to
be used on the interface. Once this is done, the
network access layer configuration is complete.
Many configuration programs automatically move on
to configuring the IP address, netmask, DNS servers,
default gateways, and other parameters which
actually relate to other layers and protocols.

Some network access layer protocols do require

extensive configuration. It is good to have an
understanding of the more common of these and
how they work. If a network manager will be dealing
with remote access across serial communications
lines, using POTS modems or ISDN lines for example,
it is important to be familiar with serial point-to-point
protocols such as SLIP and PPP. If these will be used
on Network Access Server equipment, like modem
stacks or terminal servers, it is valuable to be
familiar with remote authentication protocols such
[Layers of TCP/IP]

Internet Layer

The Internet Layer of the TCP/IP architecture model

resides just above the Network Access Layer and
below the Transport Layer. The primary concern of
the protocol at this layer is to manage the
connections across networks as information is
passed from source to destination. The Internet
Protocol (IP) is the primary protocol at this layer of
the TCP/IP architecture model.
The Internet Protocol, defined by RFC 791, is the
core of TCP/IP. It provides the packet delivery
system on which all TCP/IP networking is based. All
information that flows through TCP/IP networks
passes through IP.
IP is a connectionless protocol. This means it
does not use a handshake to provide end-to-end
control of communications flow. It relies on other
layers to provide this function if it is required. IP also
relies on other layers to provide error detection and
correction. Because of this IP is sometimes referred
to as an unreliable protocol. This does not mean
that IP cannot be relied upon to accurately deliver
data across a network, it simply means that IP itself
does not perform the error checking and correcting
[Layers of TCP/IP]

The functions that IP performs include:
Defining a datagram and an addressing scheme
Moving data between transport layer and network
access layer protocols
Routing datagrams to remote hosts
The fragmentation and reassembly of datagrams
The only other protocol that is generally described
as being at the Internet Layer of the TCP/IP model is
the Internet Control Message Protocol (ICMP), a
protocol used to communicate control messages
between IP systems.

Transport Layer
Between the Internet layer and Application layer of
the TCP/IP architecture model is the Transport Layer.
This layer has two primary protocols, the
Transmission Control Protocol (TCP) and the User
Datagram Protocol (UDP).

TCP is a connection based protocol that provides

error detection and correction with reliable delivery
of data packets. UDP is a connectionless protocol
with low overhead.

When writing application software a developer

normally chooses TCP or UDP based on whether it is
[Layers of TCP/IP]

more important to have a reliable connections with

bi-directional communication and error
management, or if it is more important to develop a
low overhead, streamlined application.

With the explosive expansion of the Internet, more
and more network administrators are finding
themselves deeply involved in configuring,
maintaining, and troubleshooting TCP/IP networks.
Though there are many books available on TCP/IP,
some of them quite good and comprehensively
written, there are few that focus on the needs of a
network administrator trying to make a TCP/IP
network function in a commercial Internet
environment. That is precisely the goal of this
technical reference: to provide a concise and
searchable information base so that a network
administrator or technician who has questions about
TCP/IP can find the answers that they need in a
timely fashion.

The technical reference material is designed so that

it can be read as an educational text to provide a
working knowledge of TCP/IP terminology and
concepts. It has also been developed to be used as a
[Layers of TCP/IP]

searchable reference for design, operations, and

support of a working TCP/IP network.

TCP/IP is a suite of protocols used to support data
communications between computer equipment on
Local Area Networks (LANs) and between systems on
interconnected networks. TCP/IP is also the primary
protocol used on the global Internet. It is important
to have a good understanding of TCP/IP to install and
maintain network services on a network that is
connected to the Internet, or on an Internet style
TCP/IP gets its name from two of the more important
members of a large suite of protocols: Transmission
Control Protocol (TCP) and Internet Protocol (IP). As
these names suggest, the primary purpose of TCP/IP
is to provide communications across interconnected
The TCP/IP protocol suite is popular because it has
the features used to meet worldwide networking
needs. These features include:

• Hardware and software independence

• Publicly documented, freely available
• A large and flexible addressing scheme
[Layers of TCP/IP]

The standards for TCP/IP protocols are developed

and maintained independently from any specific
hardware type or operating system, and have been
implemented for most popular platforms. TCP/IP is
available on Intel and Macintosh personal
computers, DEC servers, HP and Tandem
minicomputers, IBM mainframes, and most other
major computer systems. TCP/IP is the native
network protocol for UNIX and is available for all
Microsoft operating systems, the Macintosh O/S, IBM
OS/2, and most popular operating systems. It can be
run on many different network types, including
Ethernet, token ring, X.25, serial lines, and wireless
The documentation on TCP/IP protocol standards is
freely available and widely published. Most of the
information on these standards is published as
Requests For Comments (RFCs) which are available
at the Internet Network Information Center
(InterNIC) as well as many Universities and other
networking information centers. Some of the RFCs
that are referenced in this document are included in
the section at the end of this technical reference for
the reader's convenience.
The addressing scheme implemented in IP version 4
(IPv4), which is used throughout the Internet, allows
for over a billion devices to be uniquely identified
[Layers of TCP/IP]

and contacted across a network. The design allows

for networks as simple as two computers connected
by a single cable, to networks as complex as the
global Internet.
It is traditional when teaching TCP/IP to begin by
discussing the OSI Reference Model of networking,
to compare this model to the TCP/IP networking
architecture model, and to discuss all protocols as
they relate to the various layers of the model. In
actual practice the OSI Reference Model is seldom
used when working with networks, and most of the
protocols in the TCP/IP suite cross the traditional
layer boundaries. Partly in deference to tradition,
and partly just to lend some degree of organization
to this document, the authors have chosen to organize
the sections along the TCP/IP networking model, and
have included the obligatory discussion of OSI and the
comparison to the TCP/IP model.
To discuss network communication it is often
necessary to use terminology that is unique to the
networking world. A model developed by the
International Standards Organization (ISO) is
normally used when discussing data
communications protocols. It is called the Open
Systems Interconnect (OSI) Reference Model. This
model defines seven distinct layers, each with its
own specific functions. TCP/IP architecture is based
[Layers of TCP/IP]

on the OSI model, but as is often the case when

applying theory to a practical application, TCP/IP
does not follow the OSI model exactly. TCP/IP is
usually described as having fewer layers than the
OSI model, and many of the functions that are
distinct to a layer in OSI cross layer boundaries in

The network interface layer

The TCP/ IP protocols have been designed to operate over nearly

any underlying local or wide area network technology. Although
certain accommodations may need to be made, IP messages can
transported over all of the technologies shown in the figure, as
well as numerous others. It is beyond the scope of this paper to
describe most of these underlying protocols and technologies.

Two of the underlying network interface protocols, however are

particularly relevant to TCP/ IP. The Serial Line Internet Protocol
(SLIP, RFC 1055) and point- to- point protocol (PPP, RFC 1661),
respectively, may be used to provide data link layer protocol
services where no other underlying data link protocol may be in
use, such as in leased line or dial- up environments. Most
commercial TCP/ IP software packages for PC- classes systems
include these two protocols. With SLIP or PPP, a remote computer
can attach directly to a host server and, therefore, connect to the
[Layers of TCP/IP]

Internet using IP rather than being limited to an Asynchronous



It is worth spending a little bit of time discussing PPP because of

its importance in Internet access today. As its name implies, PPP
was designed to be used over point- to- point links. In fact, it is
the prevalent IP encapsulation scheme for dedicated Internet
access as well as dial- up access. One of the significant strengths
of PPP is its ability to negotiate a number of things upon initial
connection, including passwords, IP addresses, compression
schemes, and encryption schemes. In addition, PPP provides
support for simultaneous multiple protocols over a single
connection, an important consideration in those environments
were dial- up users can employ either IP or another network layer
protocol. Finally, in environments such as ISDN, PPP supports
inverse multiplexing and dynamic bandwidth allocation via the
multilink- PPP (ML- PPP) described in RFCs 1990 and 212.

Flag Address Protocol Information Padding FCS

01111110 11111111 8/16 bits * * 8 bits

Figure 3.PPP Frame Format (using HDLC).

[Layers of TCP/IP]

PPP generally uses an HDLC- like (bit- oriented protocol) frame

format as shown in figure 3, although RFC 1661 does not demand
use of HDLC. HDLC defines the first and last two fields in the

• Flag: The 8- bit pattern “01111110” used to delimit the

beginning and end of the transmission.
• Address: For PPP, uses the 8- bit broadcast address,
• Frame Check Sequence (FCS): An 8- bit remainder from a
cyclic redundancy check (CRC) calculation, used for bit error

RFC 1661 actually describes the use of the three other fields in
the frame:

• Protocol: An 8- or 16- bit value that indicates the type of

datagram carried in this frame’s Information field. This field
can indicate use of a particular Network Layer Protocol
(such as IP, IPX, or DDP), a Network Control Protocol (NCP)
in support of one of the Network layer protocols, or a PPP
[Layers of TCP/IP]

Link- layer control Protocol (LCP). The entire list of possible

PPP values in this field can be found in the IANA list of PPP
• Information: contains the datagram for the protocol
specified in the protocol field. This field is zero or more
octets in length, up to a (default) maximum of 1500 octets
(although a different value can be negotiated).
• Padding: optional padding to add length to the information
field. May be required in some implementations to ensure
some minimum frame length and/ or ensure some
alignment on computer word boundaries.

The operation of PPP is basically as follows:

• After the link is basically established, each host sends LCP

packets to configure and test the data link. It is here where
the maximum frame length, authentication protocol
(Password Authentication Protocol, PAP, or Challenge-
Handshake Authentication Protocol, CHAP), link quality
protocol, compression protocol, and other configuration
parameters are negotiated. Authentication, if it used, will
occur after the link has been established.
• After the link is established, one or more network layer
protocol connections are configured using the appropriate
NCP. If IP is to be used, for example, it will be set up using
PPP’s IP Control Protocol (IPCP).
[Layers of TCP/IP]

• One each of the Network Layer Protocol has been

configured, datagrams from those protocols can be sent
over the link. Control protocols may be used for IP, IPX
(NetWare), DDP (Apple Talk), DECnet, and more.
• The link will remain configured for communications until LCP
and/ or NCP packets close the link down.

The Internet Layer

The Internet Protocol (RFC 791) provides services that are

roughly equivalent to the OSI Network layer. IP provides a
datagram (connectionless) transport service across the network.
This service is sometimes referred to as unreliable because the
network does not guarantee delivery nor notify the end host
system about packets lost due to errors or network congestion. IP
datagram contain a message, or one fragment of a message, that
may be up to 65,535 bytes (octets) in length. IP does not provide
a mechanism for flow control.
[Layers of TCP/IP]

1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
01234567 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Version | IHL | TOS | Total Length |

Identification | Flags | Fragment Offset |

TTL | Protocol | Header Checksum |

Source Address |

| Destination Address |

| Options…. (Padding) |


Figure 4. IP packet (datagram) header format.

The basic IP packet header format is shown in figure 4. The

format of the diagram is consistent with the RFC; bits are
numbered from left- to- right, starting at 0. Each row represents a
single 32- bit word; note that an IP header will be at least 5 words
(20 bytes) in length. The fields contained in the header, and their
functions, are:

• Version: Specifies the IP version of the packet. The current

version of IP is version 4, so this field will contain the binary
value 0100. [NOTE: Actually, many IP version numbers have
been assigned besides 4 and 6; see the IANA’s list of IP
Version numbers.]
[Layers of TCP/IP]

• Internet Header length (IHL): Indicates the length of the

datagram header in 32 bit (4 octet) words. A minimum-
length header is 20 octets, so this fields always has a value
of at least 5 (0101) since the maximum value of this field is
15, the IP Header can be no longer than 60 octets.
• Type of service (TOS): allows an originating host to request
different classes of service for packets it transmits.
Although not generally supported today in IPv4, the TOS
fields can be set by the originating host in response to
service interface, and can specify a service priority (0-7) or
can request that the route be optimized for cost, delay,
throughput, or reliability.
• Total length: indicates the length (in bytes, or octets) of the
entire packet, including both header and data. Given the
size of this field, the maximum size of an IP packet is 64 KB,
or 65535 bytes. In practice, packet size are limited to the
maximum transition unit (MTU).
• Identification: Used when a packet is fragmented into
smaller pieces while traversing the Internet, this identifier is
assigned by the transmitting host so that different
fragments arriving at the destination can be associated with
each other for reassembly.
• Flags: Also used foe fragmentation and reassembly. The
first bit is called the More Fragment (MF) bit, and is used to
indicate the last fragment of a packet so that the receiver
knows that the packet can be reassembled. The second bit
[Layers of TCP/IP]

is the Don’t Fragment (DF) bit, which suppresses

fragmentation. The third bit is unused (and always set to 0).
• Fragment Offset: Indicates the position of this fragment in
the original packet. In the first packet of a fragment stream,
the offset will be 0; in subsequent fragments, this field will
indicates the offset in increments of 8 bytes.
• Time- to- Live (TTL): A value from 0 to 255, indicating the
number of hops that this packet is allowed to take before
discarded within the network. Every router that sees this
packet will decrement the TTL value by one; if it gets to 0,
the packet will be discarded.
• Protocol: Indicates that higher layer protocol contents of the
data carried in a complete list of IP protocol numbers can be
found at the IANA’s list of Protocol Numbers. An
implementation- specific list of supported protocols can be
found in the protocol file, generally found in the / etc (Linux/
Unix), C:\windows (windows 9x, ME), or
C:\winnt\system32\drivers\etc (windows NT, 2000) directory.
• Header Checksum: Carries information to ensure that the
received IP header is error- free. Remember that IP provides
an unreliable service and, therefore, this field only checks
the header rather than the entire packer.
• Source Address: IP address of the host sending the packet.
• Destination Address: IP address of the host intended to
receive the packet.
• Options: A set of options which may be applied to any given
packet, such as sender- specified source routing or security
[Layers of TCP/IP]

indication. The option list may use up to 40 bytes (10

words), and will be padded to a word boundary; IP option

IP Addresses

IP addresses are 32 bit in length (figure 5). They are typically

written as a sequence of four numbers, representing the decimal
value of each of the address bytes. Since the values are
separated by periods, the notation is referred to as dotted
decimal. A simple IP address is
[Layers of TCP/IP]

01234567890123456789012345678 9

Class A |0| NET_ID | HOST_ID

Class B |1|0| NET_ID | HOST_ID
Class C |1|1|0| NET_ID | HOST_ID
Class D |1|1|1|0| MULTICAST_ID
Class E |1|1|1|1| EXPERIMENTAL_ID

FIGURE 5. IP Address Format.

IP addresses are hierarchical for routing purposes and are

subdivided into two subfields. The network identifier (NET_ID)
subfields identify the TCP/ IP sub network connected to the
Internet. The NET_ID is used for high- level routing between
networks, much the same way as country code, city code, or area
code is used in the telephone network. The Host identifier (HOST_
ID) subfield indicates the specific host within a sub network.
[Layers of TCP/IP]

To accommodate different size networks, IP defines several

address classes. Class A, B, and C are used for host addressing
and the only difference between the classes is the length of the
NET_ID subfield:

• A class A address has an 8- bit NET_ID and 24- bit HOST_ID.

Class A addresses are intended for very large networks and
can address up to 16,777,214 (224-2) hosts per network.
The first bit of a Class A address is a 0 and the NETID
occupies the first byte, so there are only 128 (27) possible
class A NETIDs. In fact, the first digit of a class A address
will be between 1 and 126, and only about 90 or so class A
address have been assigned.
• A class B address has a 16- bit NET_ID and 16- bit HOST_ID.
Class B addresses are intended for moderate sized networks
and can address up to 65,534 (216-2) hosts per network.
The first two bits of a class B address are 10 so that the first
digit of a class B address will be a number between 128 and
191; there are 16, 384(214) possible class B NETIDs. The
class B address space has long been threatened with being
used up and it is has been very difficult to get a new class B
address for some time.
• A class C address has a 24- bit NET_ID and 8- bit HOST_ID.
These addresses are intended for small networks and can
address only up to 254 hosts per network. The first three
bits of a class C address are 110 so that the first digit of a
[Layers of TCP/IP]

Class C address will be a number between 192 and 223.

There are 2,097,152 possible classes C NETIDs and most
addresses assigned to networks today are class C (or sub-
Class C!).

The remaining two address classes are used for special functions
only and are not commonly assigned to individual hosts. Class D
addresses may begin with a value between 224 and 239 (the first
4 bits are 1110), and are used for IP multicasting (i.e. sending a
single datagram to multiple hosts); the IANA maintains a list of
internet multicast Address. Class E addresses begin with a value
between 240 and 225 (the first 4 bit are 1111), and are reserved
for experimental use.

Several address values are reserved and/ or have special

meaning. A HOST-ID of 0 (as used above) is a dummy value
reserved as a place holder when referring to as entire sub
network; the address, then, refers to the Class c
address with a NET_ID of 208.162.106. A HOST_ID of all ones
(usually written “255” when referring to an all ones byte, but also
denoted as “-1”) is a broadcast address and referring to an all
hosts on a network. A NET_ID value of 127 is used for loop back
testing and the specific host address refers to the

Several NET_IDs have been reserved in RFC 1918 for private

network addresses and packets will not be routed over the
[Layers of TCP/IP]

Internet to these networks. Reserved NET_IDs are the class A

address (formerly assigned to ARPANET), the sixteen
class B addresses, and the 256 class

An additional addressing tool is the subnet mask. Subnet masks

are used to indicate the portion of the address that identifies the
network (and/ or sub network) for routing purposes. The subnet
mask is written in dotted decimal and the number of 1s indicates
the significant NET_ID bits. For “classful” IP addresses, the subnet
mask and the number of significant address bits for the NET_ID

Class Subnet Mask Number of Bits

A 8
B 16
C 24

Depending upon the context and literature, subnet masks may be

written in dotted decimal form or just as a number representing
the number of significant address bits for the NET_ID. Thus, and both refer
to this 24- bit NET_ID as a “slash- 24”.

Subnet masks can also be used to subdivide a large address

space into sub networks or to combine multiple small address
spaces. In the former case, a network may subdivide their
[Layers of TCP/IP]

address space to define multiple logical networks by segmenting

the HOST_ID. For example, user assigned the class B address
space could segment this into a 16- bit NET_ID, 4- bit
SUBNET_ID, and 12- bit HOST_ID. In this case, the subnet mask
for Internet routing purposes would be (or “/16”),
while the mask for Internet routing purposes would the larger
class B address space would be (or “/20”).

But how a subnet masks work? To determine the subnet portion

of the address, we simply perform a bit- by- bit logical AND of the
IP address and mask. Consider the following example: suppose
we have a host with the IP address and a subnet
mask We write out the address and mask in decimal
and binary as follows:
[Layers of TCP/IP]

From this we can easily find the NET_ID (and can also
infer the HOST_ID 134.164).

As an inside, most ISPs use a /30 address for the WAN links
between the network and the customer. The router on the
customer’s network will generally have two IP addresses; one on
the LAN interface using an address from the customer’s public IP
address space and on the WAN interface leading back to the ISP.
Since the ISP would like to able to ping both sides of the router
for testing and maintenance, having an IP address for each router
port is a idea.

By using a /30 address, a single Class C address can be broken

up into 64 smaller addresses. Here’s an example: suppose an ISP
assign a particular customer the address and a
subnet mask That would like the following:
[Layers of TCP/IP]

So we find the NET_ID to be Since there’s a 30 bit

NET_ID, we are with a 2- bit HOST_ID; thus, there are four
possible host addresses in this subnet: (00), .129
(01), .130 (10), and .131 (11). The .128 address is not used
because it is all zeroes; 131 is not used because it is all ones.
That leaves .129 and .130, which is ok since we only have two
ends on the WAN link! So, in this case, the customer’s router
might be assigned and the ISP’s end of the link
might get Use of this subnet mask is very
common today (so common that there is a proposal to allow the
definition of 2- address NET_IDs specifically for point- to- point
WAN links).

A very good IP addressing tutorial can be found in Chunk

Semeria’s “Understand IP Addressing: Everything You Ever
Wanted to know”. If you really interested in subnet masks, there
are a number of subnet calculators on the Internet, including’s IP Subnet/ Supernet calculator, Net3 Group Inc.’s IP
Subnet Calculator, and Super Shareware’s Subnet calculator.

A last and final word about IP addresses is in order. Most Internet

Protocols specify that addresses be supplied in the form a fully-
qualified host name or an IP address in dotted decimal form.
[Layers of TCP/IP]

However, spammers and others have found a way to obfuscate IP

addresses by supplying as a single large decimal number.
Remember that IP addresses are 32- bit quantities. We write the
address in dotted decimal for the convenience of humans; the
computer still interprets dotted decimal as a 32 bit quantity.
Therefore, writing the address as a single large decimal number
will still allow the computer to see the address as a 32- bit
number. For that reason, the following URLs will all take you to
the same Web page:

• http://3519442719/

Conserving IP Addresses: CIDR, DHCP, NAT and PAT

The use of class- based (or classful) addresses in IP is one of the

reasons that IP address exhaustion has been a concern since the
early 1990s. Consider an organization, for example, that needs
1000 IP address would get assigned. But a class B address offers
more than 64000 address, so over 63000 addresses are wasted
in this assignment.

An alternative approach is to assign this organization a block four

Class C addresses, such as,,, and By using a 22- bit subnet
[Layers of TCP/IP]

mask (or/ “22”) for routing to this “block”, the

NET_ID assigned to this organization is

This use of variable- size subnet masks is called Classless

Inerdomain Routing (CIDR), described in RFCs 1518 and 1519. In
the example here, routing information for what are essentially
four class C addresses can be specified in a single router table

But this concept can be expanded even more. CIDR is an

important contribution to the Internet because it has dramatically
limited the size of the Internet backbone’s routing tables. Today,
IP addresses are not assigned strictly on a first come, first- serve
basis, but have been preallocated to various numbering
authorities around the world. The numbering authorities in turn,
assign blocks are called CIDR blocks. An ISP’s customer (which
includes ISPs that are customers of a first- tier ISP) will be
assigned an IP NET_ID that is part of the ISP’s CIDR block. So, for
example, let’s say that Gary Kessler ISP has a CIDR block
containing the 256 Class C addresses in the range This range of addresses could be represented in a
routing table with the single entry Once a packet
hits the Gary Kessler ISP, it will be routed it to the correct and

But don’t stop now! By shrinking the size of the subnet mask so
that a single NET_ID refers to multiple addresses (resulting in
[Layers of TCP/IP]

shrinking router table), we could extended the size of the subnet

mask to actually assign to an organization something smaller
than a Class C address. As the Class C address space falls in
danger of being exhausted, users are under increasing pressure
to accept assignment of this sub- class C addresses. An
organization with just a few servers, for example, might be
assigned, say, 64 addresses rather than the full 256. The
standard subnet mask for a class C is 24 bits, yielding a 24- bit
NET_ID and 8- bit HOST_ID. If we use a “/26” mask
(, we can assign the same “class C” to four
different users, each getting ¼ of the address space (and a 6- bit
HOST_ID). So for example, the IP address space
might be assigned as follows:


Range Host IDs 0-63 1-62 64-127 65-126 128-191 129-190 192-255 193-254

Note that in ordinary class C usage, we would lose two addresses

from space- 0 and 255- because addresses of all 0s and all 1s
cannot be assigned as a HOST_ID. In the usage above, we would
lose eight addresses from this space, because 0, 64, 128 and 192
have an all 0s HOST_ID and 63, 127, 191 and 255 have all 1s
[Layers of TCP/IP]

HOST_ID. Each user, than, has 62 addresses that can be assigned

to hosts.

The pressure on the class C address space is continuing in

intensity. Today, the pressure is not only to limit the number of
addresses assigned, but organizations need to show why they
need as many addresses as they want. Consider a company with
64 hosts and 3 servers. The ISP may request that company only
obtain 32 IP addresses. The rationale: the 3 servers need 3
addresses but the other hosts might be able to “share” the
remaining pool of 27 addresses (recall that we lost HOST_ID
addresses 0 and 31).

A pool of IP addresses can be shared by multiple hosts using a

mechanism called Network Address Translation (NAT). NAT,
described in RFC 1631, is typically implemented in hosts, proxy
servers, or routers. The scheme works because every host on the
user’s network can be assigned an IP address from the pool of
RFC 1918 private addresses; since these addresses are never
seen on the Internet, this is not a problem.
[Layers of TCP/IP]

Public address Private address



FIGURE 6: Network Address Transition (NAT).

Consider the scenario shown in figure 6. When the user accesses

a Web site on the Internet, the NAT server will translate the
“private” IP address of the host ( into a “public” IP
address ( from the pool of assigned addresses. NAT
works because of the assumption that, in this example, no more
than 27 of the 64 hosts will ever accessing the Internet at a
single time.

But suppose that assumption is wrong. Another enhancement,

called Port address Translation (PAT) or Network Address Port
Translation (NAPT), allows multiple hosts to share a single IP
[Layers of TCP/IP]

address by using different “port number” (ports are described

more in.

Port numbers are used by higher layer protocols (e.g. TCP and
UDP) to identify a higher layer application. A TCP connection, for
Destination Address: Port Public Address: port Private Address: Port
example, is uniquely identified on the Internet by the four values
4- tuple) <source IP
address, source port, destination IP
address, destination port>. The server’s port number is defined
by the standards while client port numbers can be any number
greater than 1023. The scenario in figure 7 shows the following
three connections:


FIGURE 7: Port
SRC: Address Translation (PAT). SRC: SRC:
[Layers of TCP/IP]

• The client with the “private” IP address

(using port number 12002) connects to a Web server at
address (port 80).
• The client with the “private” IP address (using
port number 22986) connects to the same Web server at
address (port 80).
• The client with the “private” IP address (using
port number 8931) connects to an FTP server at address (port 21).

PAT works in this scenario as fellows. The router (running PAT

software) can assign both local hosts with the same “public” IP
address ( and differentiate between the three packet
flows by the source port.

A final note about NAT and PAT, Both of these solutions work and
work fine, but they require that every packet be buffered,
disassembled, provided with a new IP address, a new checksum
calculated, and the packet reassembled. In addition, PAT requires
that a new port number be placed in the higher layer protocol
data unit and new checksum calculated at the protocol layer
above IP, too. The point is that NAT, and particularly PAT, results
in a tremendous performance hit.

One advantage of NAT is that it makes IP address renumbering a

thing of the past. If a customer has an IP NET-ID assigned from its
[Layers of TCP/IP]

ISP’s CIDR block and then they change ISPs, they will get a new
NET_ID. With NAT, only the servers need to be renumbered.

Another way to deal with renumbering is to dynamically assign IP

addresses to host systems using the Dynamic Host Configuration
Protocol (DHCP). DHCP is also an excellent solution for those
environments where users move around frequently; it prevents
the user from having to reconfigure their system when they move
from, say, the Los Angeles office network to the New York office.
For an introduction to DHCP, see RFC 2131 or “The Dynamic Host
Configuration Protocol (DHCP) and windows NT” by G. Kessler and
C. Monaghan.

The Domain Name System

While IP addresses are 32 bits in length, most users do not

memorize the numeric addresses of the hosts to which they
attach; instead people are more comfortable with host names.
Most IP hosts then have both a numeric IP address and a name.
While this is convenient for people, however, the name must be
translated back to a numeric address for routing purposes.

Either discussion in this paper described the domain naming

structure of the Internet. In the early ARPANET, every host
maintained a file called hosts that contained a list of all hosts,
included the IP address, host name, and alias (es). This was an
adequate measure while the ARPANET was small and had a slow
[Layers of TCP/IP]

rate of growth, but was not a scalable solution as the network


[NOTE: A hosts file is still found on Unix systems although usually

used to reconcile names of hosts on the local network to cut
down on local DNS traffic; the file can usually be found in the /etc
directory. On Microsoft Windows systems, the HOSTS file can
typically be found in the c:\windows folder; in Windows NT and
2000, it can be found in c:\winnt\system32\drivers\etc.]

To handle the fast rate of new names on the network, the Domain
Names System (DNS) was created. The DNS is a distributed
database containing host name and IP address information for all
domains on the Internet. There is a single authoritative name
server for every domain that contains all DNS- related
information about the domain; each domain also has at least one
secondary name server that also contains a copy of this
information. Thirteen root servers around the global (most in the
U.S. actually, with the remainder in Asia and Europe) maintain a
list of all these authoritative name servers.

When a host on the Internet needs to obtain a host’s IP address

based upon the host’s name, a DNS request is made by the initial
host to a local name sever. The local name server may be able to
respond to the request with the information that is either
configured or cached at the same server; if necessary information
is not available, the local name server forwards the request to
[Layers of TCP/IP]

one of the root servers. The root server, then, will determine an
appropriate name server for the target host and the DNS request
will be forwarded to the domain’s name server.

Name server data files contain the following types of record


• A- record: An address record maps a hostname to an IP

• PTR- record: A pointer record maps an IP address to a
• NS- record: A name server record lists the authoritative
name server(s) for a given domain.
• MX- record: A mail exchange record lists the mail servers for
a given domain. As an example, consider the author’s e-
mail address, Note that the
“” portion of the address is a domain name, not a
host name, and mail has to send to a specific host. The MX-
records in the name database specifies the host is the mail server for this domain.
• CNAME- record: Canonical name records provide a
mechanism of assigning aliases to host names, so that a
single host with a IP address can be known by multiple

More information about the DNS can be found from the world
Internetworking Alliance (WIA) Web site. Additional DNS
[Layers of TCP/IP]

references include DNS and BIND by P. Albitz and C. Liu (O’Reilly

& Associates) and “Setting up Your own DNS” by G. Kessler. The
concepts, structure and delegation of the DNS are described in
RFCs 1034 and 1591. In addition, the IANA maintains a list of DNS

[ANOTHER NOTE: For Microsoft NetBIOS applications, the moral

equivalent to the DNS is the Windows Internet Name Service
(WINS), used to reconcile the NetBIOS name of a computer (e.g.
\\ALTAMONT) to an IP address. A local WINS database can be
created in the LMHOSTS file.]

ARP and Address Resolution

Early IP implementation ran on host commonly interconnected by

Ethernet local area networks (LAN). Every transmission on the
LAN contains the local network, or medium access control (MAC),
address of the source and destination nodes. MAC addresses are
48- bit in length and are non- hierarchical, so routing cannot be
performed using the MAC address. MAC addresses are never the
same as IP addresses.

When a host needs to send a datagram to another host can be

same network, the sending application must know both the IP
and MAC addresses of the intended receiver; this is because the
destination IP address is placed in the IP packet and the
destination MAC address is placed in the LAN MAC protocol
[Layers of TCP/IP]

frame. (if the destination host is on another network, the sender

will look instead for the MAC address of the default gateway, or

Unfortunately, the sender’s IP process may not know the MAC

address of the intended receiver on the same network. The
address resolution protocol (ARP) described in RFC 826, provides
a mechanism so that a host can learn a receiver’s MAC address
when knowing only the IP address. The process is actually
relatively simple: the host sends an ARP Request packet in a
frame containing the MAC broadcast address; the ARP request
advertises the destination IP address and asks for the associated
MAC address. The station on the LAN that recognizes its own IP
address will send an ARP message are carried directly in the LAN
frame and ARP is an independent protocol from IP. The IANA
maintains a list of all ARP parameters.

Other address resolution procedures have also been defined,


• Reverse ARP (RARP), which allows a disk- less processor to

determine its IP address based on knowing its own MAC
• Inverse ARP (InARP), which provides a mapping between an
IP address and a frame relay virtually circuit identifier
• ATMARP and ATMnARP provides a mapping between an IP
address and ATM virtual path / channel identifier
[Layers of TCP/IP]

• LAN Emulation ARP (LEARP), which maps a recipient’s Arm

address to its LAN Emulation (LE) address (which takes the
form of an IEEE 802 MAC address).

[NOTE: IP hosts maintain a cache storing ARP information. The

ARP cache can be viewed from a UNIX or DOS (in Windows
95/98/NT) commanded line using the ARP – a command].

IP routing: OSPF, RIP, and BGP

As an OSI Network Layer protocol, IP has the responsibility to

route packets. It performs this function by looking up a packet’s
destination IP NET_ID in a routing table and forwarding based on
the information in the table. But it is routing protocols, and not IP,
that populate the routing tables with routing tables with routing
information. There are three routing protocols commonly
associated with IP and the Internet, namely, RIP, OSPF, and BGP.

OSPF and RIP are primarily used to provide routing within a

particular domain, such as within a corporate network or within
an ISP’s network. Since the routing is inside of the domain, these
protocols are generally referred to as interior gateways protocols.

The routing information protocol version 2 (RIP-2), described in

RFC 2453, describes how routers will exchange routing table
information using a distance vector algorithm. With RIP,
neighboring routers periodically exchange their entire routing
[Layers of TCP/IP]

tables. RIP uses hop count as the metrics of a path’s cost, and a
path is limited to 16 hops. Unfortunately, RIP has become
increasingly inefficient on the Internet as the network continues
its fast rate of growth. Current routing protocols for many of
today’s LANs are based upon RIP, including those associated with
NetWare, AppleTalk, VINES and DECnet. The IANA maintains a list
of RIP message types.

The open Shortest path First (OSPF) protocol is a link state

routing algorithm that is more robust than RIP, converges faster,
requires less network bandwidth, and is better able to scale to
larger networks. With OSPF, a router broadcasts only changes in
its links status rather than entire routing tables. OSPF Version 2,
described in RFC 1583, is rapidly replacing RIP in the Internet.

The Border Gateway Protocol version 4 (BGP-4) is an exterior

gateway protocol because it is used to provide routing
information between Internet routing domains. BGP is a distance
vector protocol, like RIP, but unlike almost all other distance
vector protocol, BGP tables store the actual route to the
destination network. BGP- 4 also support policy- based routing,
which allows a network’s administrator to create routing policies
based on political, security, legal or economic issues rather than
technical ones. GBP- 4 also supports CIDR. BGP- 4 is described in
RFC 1771, while RFC 1268 describes use of BGP in the Internet. In
addition, the IANA maintains a list of parameters.
[Layers of TCP/IP]

As an alternative to using a routing protocol, the routing table

can be maintained using “static routing”. One example of static
routing is the configuration of a default gateway at a host
system; if the host needs to send an IP packet off of the local LAN
segment, it is just blindly forwarded to the default gateway
(router). Edge router’s too, commonly use static routing; the
single router connecting a site to an ISP, for example, will usually
just have a static routing table entry indicating to an ISP, for
example, will usually just have a static routing table entry
indicating that all traffic leaving the local LAN be forwarded to the
ISP’s access router. Since there’s only a single path into the ISP, a
routing protocol is hardly necessary.

All IP hosts and routers maintain a table that lists the most up-to-
date routing information that device knows. On a Windows
system, you can examine the routing table by issuing a route
print command; on UNIX systems, use netstat – r.

Figure 2 shows the protocol relationship of RIP, OSPF and BGP to

IP. RIP message is carried in a UDP datagram which, in turn,
carried in an IP packet.

An OSPF messages, on the other hand, is carried directly in an IP

datagram. BGP messages, in a total departure, are carried
directly in an IP. Although all of the TCP/IP books mentioned
above discuss IP routing to some level of the detail, Routing in
[Layers of TCP/IP]

the Internet by Christian Hultema is one of the best available

references on this specific subject.

IP version 6

The official version of IP that has been in use since the early
1980s is version. Due to the tremendous growth of the Internet
and new emerging applications, it was recognized that a new
version of IP was becoming necessary. In late 1995, IP version 6
(IPv6) was entered into the Internet Standards Track. The primary
description of IPv6 is contained in RFC 1883 and a number of
related specifications, including ICMPv6.

IPv6 is designed as an evolution from IPv4, rather than a radical

change. Primary areas of change relate to:

• Increasing the address size to 128 bits

• Better support for traffic types with different quality-of-
service objectives
• Extensions to support authentication, data integrity, and
data confidentially

The architecture and structure of IPv6 addresses is described in

RFC 2373. In July 1999, the IANA delegated the initial IPv6
address space to the worldwide deployment of IPv6 addresses.
More information can be found at APNIC, ARIN and RIPE.
[Layers of TCP/IP]

For more information about IPv6, check out:

• IPng: Internet Protocol Next generation by Scott Bradner

and Allison Mankin (Addision- Wesley, 1996)
• IPv6: The New Internet Protocol by Christian Huitema
(prentice- Hall, 1996).
• “IPv6: The Next Generation Internet Protocol” by Gary
• IPng and the TCP/IP protocols by Stephen Thomas (John
Wiley & sons, 1996)
• IPng Working Group page (IETF)
• IP Next Generation Web Page (Sun)
• 6bone Web page (LBL)

The Transport Layer Protocols

The TCP/IP protocol suite comprises two protocols that

correspond roughly to the OSI Transport and Session Layers;
these protocols are called the transmission control protocol and
the user datagram protocol (UDP). One can argue that it is a
misnomer to refer to “TCP/IP applications,” as such applications
actually run over TCP or UDP, as shown in Figure 2.

[Layers of TCP/IP]

Higher- layer application are referred to by a port identifier in

TCP/UDP messages. The port identifier and IP address together
form a socket and the end- to- end communication between two
hosts is uniquely identified on the Internet by the four- tuple
(source port, source address, destination port, destination

Port numbers are specified by a 16- bit number. Port numbers in

the range 0-1023 are called Well Known Ports. These port
numbers are assigned to the server side of an application and, on
most systems, can only be used by processor with a high level of
privilege (such as root of administrator). Port numbers in the
range 1024- 49151 are called registered ports, and these are
numbers that have been publicly server or client applications can
use the port numbers in the range. The remaining port numbers,
in the range 49152-65535, are called Dynamic and/or Private
Ports and can be used freely by any client or server.

Some well- known port numbers include:

Port # Common Service Port # Common

Protocol Protocol

7 TCP echo 80 TCP

[Layers of TCP/IP]

9 TCP discard 110 TCP


13 TCP daytime 111 TCP


19 TCP chargen 119 TCP


20 TCP ftp-control 123 UDP


21 TCP ftp-data 137 UDP

23 TCP telnet 138 UDP

25 TCP smtp 139 TCP


37 UDP time 143 TCP


43 TCP whois 161 UDP

[Layers of TCP/IP]

53 TCP/UDP dns 162 UDP


67 UDP bootps 179 TCP


68 UDP bootpc 443 TCP


69 UDP tftp 520 UDP


70 TCP gopher 1080 TCP


79 TCP finger 33434 UDP


A complete list of port numbers that have been assigned can be

found in the IANA’s list of Port Numbers. An implementation-
specific list of supported port numbers and services can be found
in the services file, generally found in the /etc (Linux/ Unix),
C:\Windows (Windows 9x, ME), or C:\Winnt\system32\drivers\etc
(windows NT, 2000) directory.
[Layers of TCP/IP]

TCP, described in RFC 793, provides a virtual circuit (connection-

oriented) communication service across the network. TCP
includes rules for formatting messages, establishing and
terminating virtual circuits, sequencing, flow control, and error
correction. Most of the applications in the TCP/IP suite operate
over the reliable transport service provided by TCP.

1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
01234567 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

| Source Port | Destination Port |

| Sequence Number |

| Acknowledgement Number |

| offset | (reserved) | flags | Window |

| Checksum | Urgent Pointer |

| Options…. (Padding) |


FIGURE 8: TCP Segment Format.

The TCP data unit is called a segment; the name is due to the
fact that TCP does not recognize messages, per se, but merely
[Layers of TCP/IP]

sends a block of bytes from the byte stream between sender and
receiver. The fields of the segment (figure 8) are:

• Source Port and destination Port: identify the source and

destination ports to identify the end- to- end connection and
higher- layer application.
• Sequence Number: Contains the sequence numbers of this
segment’s first data type in the overall connection byte
stream; since the sequence numbers in contiguous TCP
segment are not numbered sequentially.
• Acknowledgment number: used by the sender to
acknowledgment receipt of data; this field indicates the
sequence number of the next byte expected from the
• Data offset: Points to the first data byte in this segment;
this field, then, indicates the segment header length.
• Control flag: A set of flag that control contains aspects of
the TCP virtual connection. The flags include:
o Urgent Pointer Field Significant (URG): When set,
indicates that the current segment contains urgent (or
high-priority) data and data that the Urgent Pointer
field value is valid.
o Acknowledgment Field Significant (ACK): When set,
indicates that the value contained in the
Acknowledgment number field is valid. This bit is
usually set, except during the first message during
connection establishment.
[Layers of TCP/IP]

o Push Function (PSH): Used when the transmitting

application wants to force TCP to immediately transmit
the data that is currently buffered without waiting for
the buffer to fill; useful for transmitting small units of
o Reset Connection (RST): When set, immediately
terminates the end- to- end TCP connection.
o Synchronize Sequence Number (SYN): Set in the initial
segments used to establish a connection, indicating
that the segments carry the initial sequence number.
o Finish (FIN): Set to request normal termination of the
TCP connection in the direction this segment is
traveling; completely closing the connection requires
one FIN segment in each direction.

• Window: Used for flow control, contains the value of the

receive window size which is the number of transmitting
bytes that the sender of this segment is willing to accept
from the receiver.
• Checksum: Provides rudimentary bit error direction for the
segment (including the header and data).
• Urgent Pointer: Urgent data is information that has been
marked as high priority by a higher layer application; this
data, in turn, usually bypasses normal TCP buffering and is
placed in a segment between the header and “normal”
data. The Urgent Pointer, valid when the URG flag is set,
[Layers of TCP/IP]

indicates the position of the first octet of non expedited

data in the segment.
• Option: Used at connection establishment to negotiate a
variety of options; maximum segment size (MSS) is the
most commonly used option and, if absent, default to an
MSS of 536. Another option is Selective Acknowledgment
(SACK), which allows out-of-sequence segments to be
accepted by a receiver. The IANA maintains a list of all TCP
Option Number.


UDP, described in RFC 768, provides an end-to-end datagram

(connectionless) service. Some applications, such as those that
involve a simple query and response, are better suited to the
datagram service of UDP because there is no time lost to virtual
circuit establishment and termination. UDP’s primary function is
to add a port number to the IP address to provide a socket for the

1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
01234567 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

| Source Port | Destination Port |

| Length | Checksum |

| Data….

FIGURE 9: UDP Datagram Format.

[Layers of TCP/IP]

The fields of a UDP datagram (Figure 9) are:

• Source Port: Identifies the UDP port being used by the

sender of the datagram; use of this field is optional in UDP
and may be set to 0.
• Destination Port: Identifies the port used by the datagram
• Length: Indicates the total length of the UDP datagram.
• Checksum: Provides rudimentary bit error detection for the
datagram (including the header and data).


The Internet Control Message Protocol, described in RFC 792, is

an adjunct to IP that notifies the sender of IP datagram about
abnormal events. This collateral protocol is particularly important
in the connectionless environment of IP. ICMP is not a classic
host-to-host protocols like TCP or UDP, but is host-to-host in the
[Layers of TCP/IP]

sense that one device (e.g. a router or computer) is sending a

message to another device (e.g. another router or computer.
The commonly employed ICMP message types include:

• Destination Unreachable: Indicates that a packet cannot be

delivered because the destination host cannot be reached.
The reason for the non- delivery may be that the host or
network is unreachable or unknown, the protocol or port is
unknown or unusable, fragmentation is required but not
allowed (DF-flag is set), or the network or host is
unreachable for this type of service.
• Echo and Echo Reply: These two messages are used to
check whether hosts are reachable on the network. One
host sends an Echo messages to the other, optionally
containing some data, and the receiving host responds with
an Echo Reply containing the same data. These messages
are the basis for the Ping command.
• Parameter Problem: Indicates that a router or host
encountered a problem with some aspect of the packet’s
• Redirect: Used by a host router to let the sending host
known that packets should be forwarded to another
address. For security reasons, Redirect messages should
usually be blocked at the firewall.
• Source Quench: Sent by a router to indicate that it is
experiencing congestion (usually due to limited buffer
space) and is discarding datagram.
[Layers of TCP/IP]

• TTL Exceeded: Indicates that a datagram has been

discarded because the TTL field reached 0 or because the
entire packet was not received before the fragmentation
timer expired.
• Timestamp and Timestamp Reply: These messages are
similar to the Echo messages, but place a timestamp (with
millisecond granularity) in the message, yielding a message
of how long remote systems spend buffering and processing
datagram, and providing a mechanism so that hosts can
synchronize their clocks.

ICMP messages are carried in IP packets. The INAA maintains a

complete list of ICMP parameters.

TCP Logical Connections and ICMP

It is imperative to understand how a TCP connection is

established to get a good feel for how TCP operates. TCP
connections have three main parts: connection establishment,
data exchange, and connection termination. The example below
shows a POP3 server (listening on TCP port 110) being contracted
by a client (using TCP port 1967).
[Layers of TCP/IP]


Syn, SEQ = 800 1

src_port = 1967, dst_port = 110 1
syn, ack, SEQ = 1567, ACK = 801 1 CONNECTION
ssrc_port = 110, dst_port = 1967 1 ESTABLISHMENT
ack, SEQ = 801, ACK = 1568 1
src_port = 1967, dst_port = 110 1

ack, SEQ = 1568, ACK = 801 2

src_port = 110, dst_port = 1967 2
DataLen = 18 (POP3 Server V1.12\n) 2
ack, SEQ = 801, ACK= 1586 2
src_port = 1967, dst_port = 110 2
DataLen = 5 (quit\n) 2 DATA
ack, SEQ = 1586, ACK = 806 2
src_port = 110, dst_port = 1967 2
DataLen = 9 (Sayonara \ n) 2
ack, SEQ = 806, ACK = 1595 2
src_port = 1967, dst_port = 110 2
[Layers of TCP/IP]

fin, ack, SEQ = 806, ACK = 1595 3

src_port = 1967, dst_port = 110 3
ack, SEQ = 1595, ACK = 807 3
src_port = 110, dst_port = 1967 3 CONNECTION
fin, ack, SEQ = 1595, ACK = 807 3 TERMINATION
src_port = 110, dst_port = 1967 3
ack, SEQ = 807, ACK = 1596 3
src_port = 1967, dst_port = 110 3

FIGURE 10: TCP Logical Connection Phase

The connection establishment phase comprise a three- way

handshake during which time the client and server exchange
their initial sequence number (ISN) and acknowledge the other
host’s ISN. In this example, the client starts by sending the server
a TCP segment with the syn- bit set a Sequence Number of 800.
the syn- bit tells the receiver (i.e. the server) that the sender (i.e.
client) is in “ISN initialization” mode and that the ISN hasn’t yet
been confirmed. The segment’s Acknowledgment Number is not
shown because its value is this point, invalid.

The server responds with a segment with the syn- and ack- bit
set, a Sequence Number of 1567, and an Acknowledgment
Number of 801. the syn- bit and ISN of 1567 have the same
[Layers of TCP/IP]

meaning as above. The ack- bit indicates the value of the

Acknowledgment Number field is valid and the ACK value of 801
is the way in which the server confirms the client’s ISN.

The final part of the three- way handshake id when the client
sends a segment with just the ack- bit set. Note that the
Acknowledgment Number field (1568) is one greater than the
server’s ISN.

This three- way handshake is sometime referred to as an

exchange of “syn, syn/ack, and ack” segment. It is important for
a number of reasons. For individuals looking at packet traces,
recognition of the three- way handshake is how to find the start
of a connection. For firewalls, proxy servers, intrusion detectors
and other systems, it provides a way of knowing the direction of a
TCP connection setup since rules may differ for outbound and
inbound connections.

The second part of the TCP is data exchange. The information

here is more or less made up for example purpose only; it shows
a POP server sending a banner message to the client system, the
user sending the “quit” command, and the server signing off.
(Note that the “/n” indicates an “end-of-line” indicator.)
These segments show the changing of, and relationship between,
the client’s and server’s sequence and acknowledgment
[Layers of TCP/IP]

The final phase is connection termination. Although TCP

connections are full-duplex (even if a given application does not
allow two-way simultaneous communication), the TCP protocol
views the logical connection as a pair of simplex links. Therefore,
connection termination requires four segments or, more properly,
two pair of segments. In this case, the client sends the server a
segment with the fin and ack- bits set; the server responds with a
segment with just the ack bit set and the acknowledgment
number is incremented. The server then sends a fin/ack segment
to the client.

The paragraphs above describe a normal scenario setting up a

TCP connection between a client and server. Two UDP hosts
communicate in a similar fashion; one host sends a UDP
datagram to the other which is presumably listening on the port
indicated in the datagram.

But what happens if a host isn’t listening on a port to which a

connection is attempted or the host doesn’t actually exist? Here’s
what happens in these “abnormal” conditions:

• Host not listening on TCP port: if Host A attempt to connect

Host B on a TCP port that Host B is not listening on, Host B
responds with a TCP segment with the reset (RST) and
acknowledge (ACK) flag set.
[Layers of TCP/IP]

• Host not listening on UDP port: if host A attempt to connect

Host B on a UDP port that Host B sends an ICMP port
unreachable message to Host A.
• Host does not exist: if Host A attempt to connect Host B and
Host B is not listening (e.g. Host B’s IP address either
doesn’t exist or is unavailable), Host B’s subnet’s router will
sends an ICMP host unreachable message to Host A.

The TCP/IP Application Layer

The TCP/IP Application Layer protocols support the applications

and utilities that are Internet. This section will list a number of
these applications and shows a sample packet decode of all
protocol layers.

TCP and UDP Applications

Commonly used protocols (as shown in figure 2) include:

• Archie: A utility that allows a user to search all registered

anonymous FTP sites for files on a specified topic. Largely
obsolete today, obviated by the World Wide Web.
• BGP: The Border Gateway Protocol Version 4 (BGP-4) is a
distance vector exterior gateway routing protocol,
commonly used between two ISPs or between a customer
site and ISP if there are multiple links.
[Layers of TCP/IP]

• DNS: The domain name system (described in slightly more

detail in above) defines the structure of Internet names and
their association with IP addresses, as well as the
association of mail and name servers with domains.
• Finger: Used to determine the status of other hosts and/or
users (RFC 1288).
• FTP: The File Transfer Protocol allows a user to transfer files
between local and remote host computers (RFC 959).
• Gopher: A tool that allows users to search through data
repositories using a menu- driven, hierarchical interface,
with links to other sites. Largely obsolete today, obviated by
the World Wide Web (RFC 1436).
• HTTP: The Hypertext transfer Protocol is the basis for
exchange of information over the WWW. Various version of
HTTP are in use over the Internet, with HTTP version 1.0
(RFC 1945) being the most current. WWW pages are written
in the Hypertext Markup Language (HTML), an ASCII- based
platform- independent formatting language (RFC 1866).
• IMAP: The Internet Mail Access Protocol defines an
alternative to POP as the interface between a user’s mail
client software and an e-mail server, used to download mail
from the server to the client and providing significant
flexibility in mailbox management.
• OSPF: The Open Shortest Path First version 2 (OSPFv2)
protocol is a link state routing protocol used within an
organization’s network. This is the preferred so-called
interior gateway protocol.
[Layers of TCP/IP]

• Ping: A utility that allows a user at one system to determine

the status of other hosts and latency in getting a message
to that host. Use ICMP Echo messages. For more information
and insight, see The Ping Page.
• POP: The post Office protocol defines a simple interface
between a user’s mail client software (e.g. Eudora, Outlook,
or the e-mail capability of your browser) and an e-mail
server, used to download mail from the server to the client
and allows the user to manage their mailboxes. The current
version is POP3 (RFC 1460).
• RADIUS: The Remote Authentication Dial-In User Service
(RADIUS) is a remote- access protocol.
• RIP: The Routing Information Protocol (RIP) is a distance
vector routing protocol used within an organization’s
• SSH: The Secure Shell is a protocol that allows remote logon
to a host across the Internet, much like Telnet. Unlike
Telnet, however, SSH encrypts passwords and data traffic.
• SMTP: The Simple Mail Transfer Protocol is the standard
protocol for the exchange of electronic mail over the
Internet (RFC 821). SMTP is used between e- mails to a
server. RFC 822 specifically describes the mail message
body format, and RFCs 1521 and 1522 describe MIME
(Multiple Internet Mail Extension). Reference books on
electronic mail systems include !%@:: Addressing and
Networks by D. Frey and R. Adams (O’Reilly & Associates,
[Layers of TCP/IP]

1993) and THE INTERNET MESSAGE: Closing the Book With

Electronic Mail by M. Rose (PTR Prentice Hall, 1993).
• SNMP: The Simple Network Management Protocol defines
procedures and management information databases for
managing TCP/IP-based network devices. SNMP Version 2
(SNMPv2, RFC 1441) adds security mechanisms that are
missing in SNMP, but is also very complex; widespread use
of SNMPv2 has yet to be seen. Additional information on
SNMP and TCP/IP-based network management can be found
in SNMP by S. Feit (McGraw-Hill, 1994) and THE SIMPLE
BOOK: An introduction to internet Management, 2/e, by M.
Rose (PTR Prentice Hall, 1994).
• SSL: The Secure Socket Layer (SSL), designed by Netscape,
provides a mechanism for secure communications over the
Internet, based on certificates and public key cryptography.
The most commonly known SSL application is HTTP over
SSL, commonly designated as https. The newest version of
SSL is called Transport Layer Security (TLS) (RFC 2246). FTP
is not however, HTTP-specific; protocols such as IMAP4
(imaps), FTP (ftps), Telnet (telnets), and POP3 (pop3s) all
have definition for operation over SSL.
• TACACS+: The Terminal Access Controller Access Control
System plus is a remote access protocol.
• Telnet: Short for Telecommunication Network, a virtual
terminal protocol allowing a user logged on to TCP/IP host to
access other hosts on the network (RFC 854).
[Layers of TCP/IP]

• TFTP: The Trivial File Transfer Protocol (TFTP) is used for

some specialized simple file transfer applications.
• Time/NTP: Time and the Network Time Protocol (NTP) are
used so that Internet hosts can synchronize their system
time from well-known Internet time servers.
• Traceroute: A tool that displays the route taken by packets
across the Internet between a local and remote host. The
traceroute command is available on Linux/Unix systems;
Windows systems starting with Windowa 95 have a tracert
command utility.
• Whois/NICNAME: utilities that search database for
information about Internet domains and domain contract
information (RFC 3912).

A guide to using many of these application can be found in “A

Promer on Internet and TCP/IP Tools and Utilities” (FYI 30/RFC
2151) by Gary Kessler & Steve Shepard (also available in HTML,
PDF, and Worth).

Protocol Analysis:

Full-blown protocol analysis is well beyond the scope of this

paper. But a little introduction is ok!!

Today’s protocol analyzers are usually software running on a

computer or a specialized piece of hardware. In either case, the
device’s network interface card (NIC) operates in promiscuous
[Layers of TCP/IP]

mode so that NIC captures every packet that files by on the wire
rather than only those packets addressed to this particular NIC.
Most protocol analyzers also provide a display with at least a
partial interpretation of the packets.

Figure 11 shows the display from a GN Nettest WinPharoah

protocol analyzer. In this case, we see contents of a packet
containing a POP3 message. The analyzer’s display has three

• The top part shows a summary of the frames in the capture

buffer. Note here that we see frames numbered 77-88
(column 1). The second column shows the frame length (in
bytes); all use the Ethernet II frame format (column 3). The
next two columns list the source and destination addresses;
in this example, there are two communicating stations,
named INSTRUCTOR (the server) and WINPHAROAH (the
client). The summary column shows that these are POP3
commands and responses.
• The middle section shows the packet decode; a detailed
discussion of this is below.
• The bottom section shows the frame in hexadecimal, as
transmitted over the line. This is the raw bit stream.
[Layers of TCP/IP]

The middle section is, indeed, the most interesting as this where
the frame contents are interpreted and displayed. The details of
the IP, TCP, and POP3 protocols of frame 80, the highlighted one,
are shown here; the interpretation of the Ethernet frame itself is
also available but is scrolled off the screen here.

Right after the Ethernet header information is the IP packet

header. Note that this particular packet uses IP version 4, is 53
bytes in length, and carries a TCP segment. Note also that this
packet was sent from the client (WINPHAROAH).

After IP is the TCP information. Note that the destination port

number is 110, the port associated with a POP3 server. Since the
POP3 server port is the destination, it means that this packet
contains a POP command to the server from the client (which we
knew anyway by looking at the summary of the frame 80 above).

Finally we see the POP3 command itself. When a POP3 client

connects to the server, the first thing it does is send the
username using the POP3 user command. If the username is
valid, the server asks for a password, which is sent from the
client in POP3 PASS command, which is shown here. Note that the
POP3 password is sent unencrypted!!!

The discussion here is only meant to readers a taste of one of the

coolest tools that we get to play with in data communications; it
[Layers of TCP/IP]

is also an important tool for network managers and security


There are a fair number of free or inexpensive software packet

sniffers that one can acquire for Linux or Windows systems. One
of the most popular is tcpdump, which comes with many Linux
distributions (e.g. Red Hat 7.1). WinDump is a tcpdump
implementation for Windows, and the same group distributes
Analyzer a GUI packet sniffer. Ethereal is another GUI analyzer,
with version for both Window and Linux. More information on
these packages can be found at my Packages can be found at my
Packet Sniffing and protocol Analysis Software page.
[Layers of TCP/IP]
[Introduction of OSI Model]

Merits and Demerits of TCP/IP

Merits of TCP/IP

There are some points of merits of TCP/IP

• TCP/IP is the most widely used interoperable architecture.

• TCP/IP protocol, it became very easy to interconnect those
networks which were talking the same language of
networking (TCP/IP).
• TCP/IP protocol gave the guidelines that should be followed
by the participating computer systems in order to
communicate as intended.
• TCP/IP is the core of today’s Internet.
• Protocols in the TCP/IP model are better hidden and can be
replacing relatively easily as technology change.
• In TCP/IP model protocols comes first, and the model is very
just as a description of existing protocol.
• In TCP/IP model, there are no problems with protocol fitting.
They fit perfectly that only trouble with that the model did
not fit any other protocol stack.
[Introduction of OSI Model]

Demerits of TCP/IP
There are some points of demerits of TCP/IP:
• TCP/IP model does not distinguish the concept of service,
interface and protocol.
• TCP/IP is not a general model. It is not comfortable during
establish another network.
• Host to network is not really a layer. It is a interface
between Network and DLL but it is not clearly define.
• Physical and Data link layer has specific task but they not
include in model.
[Introduction of OSI Model]

The OSI Model

The OSI model was developed by the International Organization
for Standardization (ISO) as a guideline for developing standards
to enable the interconnection of dissimilar computing devices. It
is important to understand that the OSI model is not itself a
communication standard. In other words, it is not an agreed-on
method that governs how data is sent and received; it is only a
guideline for developing such standards.

The OSI model was developed to standardize the procedures for

exchange of information between processing systems. The OSI is
a communications reference model that has been defined by the
International Standards Organization (ISO). It is a seven layer
communications systems worldwide.

Most vendors and suppliers of computer communications

equipment have agreed to support OSI in one form or another.
However, adherence to this standard is vital in order to achieve
universal communications. This model conceptually organizes the
process of communications between computers in term of seven
layers. The seven layers of the OSI model provide a way for you
to understand how communications across various protocols take
[Introduction of OSI Model]

The Importance of the OSI Model

It would be difficult to overstate the importance of the OSI model.

Virtually all networking vendors and users understand how
important it is that network computing products adhere to and
fully support the networking standards this model has generated.

When a vendor's products adhere to the standards the OSI model

has generated, connecting those products to other vendors'
products is relatively simple. Conversely, the further a vendor
departs from those standards, the more difficult it becomes to
connect that vendor's products to those of other vendors.

In addition, if a vendor were to depart from the communication

standards the model has engendered, software development
efforts would be very difficult because the vendor would have to
build every part of all necessary software, rather than being able
to build on the existing work of other vendors.

The first two problems give rise to a third significant problem for
vendors: a vendor's products become less marketable as they
become more difficult to connect with other vendors' products.
[Layers of OSI Model]

The 7 Layers of the OSI

The OSI, or Open System Interconnection, model defines a
networking framework for implementing protocols in seven
layers. Control is passed from one layer to the next, starting at
the application layer in one station, and proceeding to the bottom
layer, over the channel to the next station and back up the

This layer supports application and end-user

processes. Communication partners are identified,
quality of service is identified, user authentication
and privacy are considered, and any constraints on
Application data syntax are identified. Everything at this layer is
(Layer 7) application-specific. This layer provides application
services for file transfers, e-mail, and other network
software services. Telnet and FTP are applications
that exist entirely in the application level. Tiered
application architectures are part of this layer.
Presentatio This layer provides independence from differences
n in data representation (e.g., encryption) by
(Layer 6) translating from application to network format, and
vice versa. The presentation layer works to
transform data into the form that the application
layer can accept. This layer formats and encrypts
[Layers of OSI Model]

data to be sent across a network, providing freedom

from compatibility problems. It is sometimes called
the syntax layer.
This layer establishes, manages and terminates
connections between applications. The session layer
Session sets up, coordinates, and terminates conversations,
(Layer 5) exchanges, and dialogues between the applications
at each end. It deals with session and connection
This layer provides transparent transfer of data
Transport between end systems, or hosts, and is responsible
(Layer 4) for end-to-end error recovery and flow control. It
ensures complete data transfer.
This layer provides switching and routing
technologies, creating logical paths, known as
virtual circuits, for transmitting data from node to
node. Routing and forwarding are functions of this
(Layer 3)
layer, as well as addressing, internetworking, error
handling, congestion control and packet
Data Link At this layer, data packets are encoded and
(Layer 2) decoded into bits. It furnishes transmission protocol
knowledge and management and handles errors in
the physical layer, flow control and frame
synchronization. The data link layer is divided into
two sublayers: The Media Access Control (MAC)
[Layers of OSI Model]

layer and the Logical Link Control (LLC) layer. The

MAC sublayer controls how a computer on the
network gains access to the data and permission to
transmit it. The LLC layer controls frame
synchronization, flow control and error checking.
This layer conveys the bit stream - electrical
impulse, light or radio signal -- through the network
at the electrical and mechanical level. It provides
the hardware means of sending and receiving data
(Layer 1)
on a carrier, including defining cables, cards and
physical aspects. Fast Ethernet, RS232, and ATM
are protocols with physical layer components.
[Layers of OSI Model]

Figure: The OSI

Network Communications through the OSI

[Layers of OSI Model]

Using the seven layers of the OSI model, we can explore more
fully how data can be transferred between two networked
computers. Figure 3 uses the OSI model to illustrate how such
communications are accomplished.

Figure 3: Networked computers communicating

through the OSI

The figure represents two networked computers. They are

running identical operating systems and applications and are
[Layers of OSI Model]

using identical protocols (or rules) at all OSI layers. Working in

conjunction, the applications, the OS, and the hardware
implement the seven functions described in the OSI model.

Each computer is also running an e-mail program that is

independent of the OSI layers. The e-mail program enables the
users of the two computers to exchange messages. Our figure
represents the transmission of one brief message from Sam to

The transmission starts when Sam types in a message to Charlie

and presses the "send" key. Sam's operating system appends to
the message (or "encapsulates") a set of application-layer
instructions (OSI Layer 7) that will be read and executed by the
application layer on Charlie's computer. The message with its
Layer 7 header is then transferred to the part of the operating
system that deals with presentation issues (OSI Layer 6) where
a Layer 6 header is appended to the message. The process
repeats through all the layers until each layer has appended a
header. The headers function as an escort for the message so
that it can successfully negotiate the software and hardware in
the network and arrive intact at its destination.

When the data-link-layer header is added at Layer 2, the data

unit is known as a "frame." The final header, the physical-layer
header (OSI Layer 1) tells the hardware in Sam's computer the
electrical specifics of how the message will be sent (which
medium, at which voltage, at which speed, etc.). Although it is
[Layers of OSI Model]

the final header to be added, the Layer 1 header is the first in line
when the message travels through the medium to the receiving

When the message with its seven headers arrives at Charlie's

computer, the hardware in his computer is the first to handle the
message. It reads the instructions in the Layer 1 header,
executes them, and strips off the header before passing the
message to the Layer 2 components. These Layer 2 components
execute those instructions, strip off the header, and pass the
message to Layer 3, and so on. Each layer's header is
successively stripped off after its instructions have been read so
that by the time the message arrives at Charlie's e-mail
application; the message has been properly received,
authenticated, decoded, and presented.

Commonly Used Standards and Protocols

National and international standards organizations have

developed standards for each of the seven OSI layers. These
standards define methods for controlling the communication
functions of one or more layers of the OSI model and, if
necessary, for interfacing those functions with the layers above
and below.

A standard for any layer of the OSI model specifies the

communication services to be provided and a protocol that will be
used as a means to provide those services. A protocol is a set of
[Layers of OSI Model]

rules network devices must follow (at any OSI layer) to

communicate. A protocol consists of the control functions, control
codes, and procedures necessary for the successful transfer of

More than one protocol standard exists for every layer of the OSI
model. This is because a number of standards were proposed for
each layer, and because the various organizations that defined
those standards—specifically, the standards committees inside
these organizations—decided that more than one of the proposed
standards had real merit. Thus, they allowed for the use of
different standards to satisfy different networking needs. As
technologies develop and change, some standards win a larger
share of the market than others, and some dominate to the point
of becoming "de facto" standards.

To understand the capabilities of computer networking products,

it will help to know the OSI layer at which particular protocols
operate and why the standard for each layer is important. By
converting protocols or using multiple protocols at different
layers of the OSI model, it becomes possible for different
computer systems to share data, even if they use different
software applications, operating systems, and data-encoding

Figure 4 shows some commonly used standards and the OSI

layer at which they operate.

Figure 4: Important standards at various OSI layers

[Layers of OSI Model]

Further Perspective: Standards and Open

You probably noticed from looking at Figure 4 that most accepted
standards do not include all (and only) those services specified
for any OSI layer. In fact, most common standards encompass
parts of multiple OSI layers.

Product vendors' actual implementation of OSI layers is divided

less neatly. Vendors implement accepted standards—which
already include mixed services from multiple layers—in different

The OSI model was never intended to foster a rigid, unbreakable

set of rules: it was expected that networking vendors would be
free to use whichever standard for each layer they deemed most
[Layers of OSI Model]

appropriate. They would also be free to implement each standard

in the manner best suited to the purposes of their products.

However, it is clearly in a vendor's best interest to manufacture

products that conform to the intentions behind the OSI model. To
do this, a vendor must provide the services required at each OSI
model layer in a manner that will enable the vendor's system to
be connected to the systems of other vendors easily. Systems
that conform to these standards and offer a high degree of
interoperability with heterogeneous environments are called
open systems. Systems that provide interoperability with
components from only one vendor are called proprietary systems.
These systems use standards created or modified by the vendor
and are designed to operate in a homogeneous or single-vendor
[Layers of OSI Model]

OSI Model Layers

Application │ Presentation │ Session


Network │ Data Link │ Physical

Layer Function Protocols Network

Applicatio • Used for applications DNS; FTP; Gateway
n specifically written to TFTP;
run over the network BOOTP;
User • Allows access to SNMP;
Interface network services that RLOGIN;
support applications; SMTP;
• Directly represents MIME; NFS;
the services that FINGER;
directly support user TELNET;
applications NCP; APPC;

• Handles network AFP; SMB

access, flow control

[Layers of OSI Model]

and error recovery

• Example apps are file
transfer, e-mail,
NetBIOS- based

Presentati • Translates from Gateway

on application to
network format and Redirector
Translatio vice- versa
n • All different formats
from all sources are
made in to a
common uniform
format that the rest
of the OSI model can
• Responsible for
protocol conversion,
character conversion,
data encryption/
expanding graphics
commands, data
• Sets standards for
different systems to
[Layers of OSI Model]

provide seamless
communication from
multiple protocol
• Not always
implemented in a
network protocol
Session • Establishes, NetBIOS Gateway
maintains and ends
“syncs sessions across the Names
and network Pipes
session” • Responsible for name
recognition Mail Slots
(identification) so
only the designated RPC
parties can
participate in the
• Provides
services by planning
check points in the
data stream => if
session fails, only
data after the most
recent check point
need be transmitted
[Layers of OSI Model]

• Manages who can

transmit data at a
certain time and for
how long
• Example are
interactive login and
file transfer
connections, the
session would
connect and re-
connect if there was
an interruption;
recognize names in
sessions and register
names in history

Transport • Additional connection TCP, ARP, Gateway

below the session RARP;
Packets; layer Advanced
flow • Manages the flow SPX Cable
control & control of data Tester
error between parties NWLink
handling across the network Brouter

• Divides streams of NetBIOS/

data into chunks or NetBEUI

packets; the
transport layer of the ATP
[Layers of OSI Model]

receiving computer
reassembles the
message from
• “train” is a good
analogy=> the data
is divided into
identical units
• provides error
checking to
guarantee error- free
data delivery, with on
losses or duplications
• provides
acknowledgment of
transmission if some
packets don’t arrive
error- free
• provide flow control
and error handling
[Layers of OSI Model]

Network • translate logical IP; ARP; Brouter

network address and RARP,
Addressin names to their ICMP; RIP; Router
g; routing physical address OSFP;
(e.g. computer name Frame
==> MAC address) IGMP; Relay
• responsible for Device

o addressing IPX

o determining NWLink ATM Switch

routes for
sending NetBEUI Advanced

o managing Cable

network OSI Tester

problems such
as packet DDP

switching, data
congestion and DECnet

• if router can’t send
data frame as large
as the source
computer sends, the
network layer
compensates by
breaking the data
into smaller units. At
the receiving end,
[Layers of OSI Model]

the network layer

reassembles the data
• think of this layer
stamping the
addresses on each
train car

Data link • Turns packets into Logical Link Bridge

raw bits 100101 and Control
Data at the receiving end Error Switch
frames to turns bit into correcti
bits packets. on and ISDN
• Handles data frame flow Router
between the network control
and physical layers. Manages Intelligent

• The receiving end link Hub

packages raw data control

from the physical and NIC

layer into data defines

[Layers of OSI Model]

frames for delivery to SAPs Advanced

the network layer Cable
• Responsible for error 802.1 OSI Tester
free transfer of frame Model
to other computer via
the physical layer 802.2
• This layer defines the Logical
methods used to Link
transmit and receive Control
data on the network.
It consists of the media
wiring, the devices Access
use to connect the control
NIC to the wiring, the  Commu
signaling involved to nicates
transmit / receive with
data and the ability the
to detect signaling adapter
errors on the network card
media  Control
s the
type of

[Layers of OSI Model]


802.4 Token
Bus (ARCnet)

802.5 Token

[Layers of OSI Model]

Physical • Transmit raw bit IEEE 802 Repeater

Hardware; stream over physical

raw bit cable IEEE 802.2 Multiplexer
• Define cables, cards,
and physical aspects ISO 2110 HUB

• Defines NIC • Passiv

attachments to ISDN e
hardware, how cable • Active
is attached to NIC
• Define techniques to TDR
transfer bit stream to
cable Oscilloscop

[Layers of OSI Model]

The Physical Layer

The physical layer does not actually consist of protocols but the
physical components required connecting devices for networking.
It is broken down into several subcomponents which are
described as follow:

Transmission Media

Bound Media

Media is the path used for transferring data in a network. Bound

Media consists of physical substances used to transfer data. The
following is a list of the type of bound media and their
susceptibility to EMI – (Electrical Magnetic Interface).

• Coaxial Cable- copper core, shielding, used in LANs, EMI.

• Fiber Optic- light signal, glass core, no shielding (not
required) No EMI.
• Unshielded Twisted Pair (UTP) – No shielding, high EMI, very
common, cheap.
[Layers of OSI Model]

• Shielded Twisted Pair (STP) – Shielding, less EMI than UTP,

IBM networks.

Unbound Media

Media is the path used for transferring data in a network.

Unbound Media consists of the wireless path used to transfer
data. The following is a list of the types of unbound media and
their susceptibility to EMI – (Electrical Magnetic Interface).

• Radio Waves
• Micro Waves – Terrestrial and Satellite
• Infrared

Existing Networks

Media is the path used for transferring data in a network. Existing

Networks consists of the path already in place used for other
purposes that can be used to transfer data. The following is a list
of the types of existing networks.

• PSTN- 256k and T1 lines.

• Internet
[Layers of OSI Model]

Transmission Devices

Communication Devices

Communication devices describe the various devices used to

connect to a network and convert data for serial transfer.

• Modems
• Multiplexer- TDM, STDM of FDM.
• CSU/DSU- like modems with voltage protection

Interconnectivity devices

Interconnectivity Devices describes the various devices used to

connect network components as well as networks together.

• Repeaters- regenerate signals (with noise).

• Hubs- splitter.
• Bridges- regulates local traffic by physical address.
• Pouters- separate and connect Lans- different topologies.
• Gateways- connect dissimilar system (architecture).
[Layers of OSI Model]

Network Structure:

Multipoint structures

The BUS structure is the only type of multipoint structure. It

consists of a single cable with all the devices connected to it. It is
the main point of failure. If a break in the cable occurs, the entire
network goes down.

Ref: http://campus .champlain. edu/ faculty/ rogate/ osi/


Point to Point Structures

The Point to Point structure is consists of several variations. It is

defined by devices connected to the networks with more than
one connection or to each preventing a total network shutdown if
a cable break occurs. The different types are as follows:

[Layers of OSI Model]

Data Signals:

Analogue Signals

Analogue Signals are defined as the type of current used to

represent data transmitted over the network. An analogue signal
is called a SINE wave. Its state change constantly, rising above
zero and then below zero the same amount. An analogue signal
can be measured in three different ways:
• Amplitude- Strength
• Phases- Time between start of one signal and next-
measured in degree.
• Frequency – the time it takes to complete a cycle-
measured on Hertz (Hz- cycles/ second).

Digital Signals

Digital Signals are defined as a type of current used to represent

data transmitted over the network. A digital signal is called a
QUARE wave. It’s state change abruptly, rising above zero and
then back to zero theoretically over not time. The following can
be said about digital signal:


[Layers of OSI Model]

• State of Transition- (Trailing Edge Triggered) Embedded

Clock Signal.
• Asynchronous- Uses Sync field.

The physical later is concerned with transmitting raw bits

over a communication channel. The design issues have to
do with making sure that when one side sends a 1 bit, it is
received by the other side as a 1 bit, not as a 0 bit.
Typical questions here are how many volts should be used
to represent a 1 and how many for a 0, how many
microseconds a bit lasts, whether transmission may
proceed simultaneously in both directions, how the initial
connection is established and how it is torn down when
both sides are finished, and how many pins the network
connector has and what each pin is used for. The design
issues here deal largely with mechanical, electrical and
procedural interfaces, and the physical transmission
medium, which lies below the physical layer. Physical
layer design can properly be considered to be within the
domain of the electrical engineer.
[Layers of OSI Model]

The Data Link layer

• Introduction
• Point- to- point link protocols
• The multiple access problem
• Local area networks
• Required reading: TBD

Data Link layer: introduction

Services: reliably deliver a data link packet between two

physically connected machines

Two link types: point- to- point, broadcast

[Layers of OSI Model]


Point-to- point


point- to- point links: one sender, one receiver

• Framing: recognizing bits on the wire as packets

• Reliable communications

Broadcast links: many senders, potentially many receivers

• Framing
• Reliable communication
• Accessing a shared medium
• Addressing
• Many senders many

Data Link Layer: introduction

Many problems we have seen at higher layer occur here

[Layers of OSI Model]

• Reliable communication: ARQ, checksum, timers, sequence

• Addressing
o Data link level addresses different from network layer
o Why do we need different data link address?

DLCaddr DLCaddr
network network
DLCaddr link link DLCaddr

physical physical

Point- to- point Data Link Control

• Use same technique as in transport layer

• HDLC: high level data link protocol
• (it’s old-data link was “high- level” way back when)
• HDLC frame format:

Flag Addres Contro Data Checksu flag

s l m
8 bits 8 8 arbitrary 16 8
[Layers of OSI Model]

• Flag pattern (01111110) is used to mark beginning/ end of

• Bit suffering: if five consecutive 1’s in data, sender adds 1
0, receiver removes
• Address of receiving node (for broadcast links)

HDLC: control field

1 3 1 3 1 2 1 3
0 Seq P/F Ack 1 0 Cmd P/F Ack
# # #

Control field: data control field: supervisory

• Control field format for “data” frames:

o 3- bit seq number
o 3- bit ack number
o 1 bit P/F to indicate sender- to- receiver to vice- versa
• control field format for “supervisory” frames:

Receive Ready Ack
Receive not Ready Flow control: not ready
Reject Negative ack: resend go back N
Selective reject Negative ack: resend selective
[Layers of OSI Model]


Broadcast links: multiple Access Protocols

Single shared communication channel

• two or more simultaneous transmission by nodes:

• only one node can send successfully at a time
• question: how to share this broadcast channel
• examples of multiple access environments:
[Layers of OSI Model]

Cable (e.g. Ethernet)



Wireless (radio) Cocktail party

Multiple Access Protocols

Distributed algorithm which determines how stations share

channel, i.e. determine when station can transmit

Communication about channel sharing must use channel itself!

What to look in multiple access protocols:

[Layers of OSI Model]

• synchronous or asynchronous
• information needed about other stations
• robustness (e.g. channel errors)
• performance

Some Multiple Access Protocols

Claim: humans use multiple protocols all the time

• class can “guess” multiple access protocols

Multi access protocols 1:

Multi access protocols 2:

Multi access protocols 3:

Multi access protocols 4:

Taxonomy of multiple access protocols

Random access protocols: stations contend for channel, collisions

(overlapping transmissions can occur):

• aloha
[Layers of OSI Model]

• slotted aloha
• carrier sense multiple access: Ethernet
• group random access

Controlled access protocols: stations reserve or are assigned

channel, no collisions

• predetermined channel allocation: time division multiple

• demand adaptive channel allocation
• reservation protocols
• token passing (token bus, token ring)

The Aloha Protocol

• simple: if you have pkt to send, :just do it”

• if pkt suffers collision, will try resending later
[Layers of OSI Model]


Analyzing the Aloha Protocol

Goal: quantitative understanding of performance of Aloha


• fixed length pkts

• pkt transmission time is unit of time
• throughput: S: number pkts successfully (without collision )
transmitted per unit time
• in previous example, S=0.2 pkt/ unit time
• offered load: G: number pkt transmissions attempt per unit
• note: S<G, but S depend on G
[Layers of OSI Model]

• Poisson model: probability of k pkt transmission attempt in

time units:

Prob [k trans in t ] = ((Gt)**k)(e**(-Gt))/(k!)

• Capacity of multiple access protocol maximum value of S

over all value of G

Analyzing Aloha (cont)

Focus on a given attempt packet transmission

t -1 t t+1

S = rate attempt pkt trans * prob[trans successful]

= G*prob [no other pkt’s overlap with attempted trans]
= G*prob [ 0 other attempted trans in 2 time units]
= Ge*(-2G)
[Layers of OSI Model]

Aloha throughput


0.5 1.0 1.5

G (offered load)

Note: maximum throughput is 18% of physical channel capacity

• You buy 1 Mb link, though put will never be more than


Slotted Aloha

• Synchronous system: time divided into slots

• Slots size equals fixed packet transmission time
• When pkt ready for transmission, wait until start of next slot
[Layers of OSI Model]

• Packets overlap completely or not at all


Slotted Aloha performance

S = G*prob [no other transmissions overlap]

= G*prob [0 other attempted transmissions]

= G*prob [0 other arrivals in previous slot]

= Ge** (-G)
[Layers of OSI Model]



0.5 1.0 1.5

G (offered load)

Carrier Sensing Protocols

• Aloha is inefficient (and rude!): doesn’t listen before talking!

• Carrier Sense Multiple Access: CSMA

Non– persistent CSMA:

1. Sense (listen to) channel

2. if {channel sensed busy}

Then wait random packet

Else transmit packet

P-persistent CSMA
[Layers of OSI Model]

1. Sense (listen to ) channel

2. when {channel sensed idle}

Transmit with probability P

Else wait random, go to 1

Carrier sensing protocols (cont)

• channel sensing will not avoid collisions:

t = 0 A senses idle, sends


t = 0.25 D senses idle, sends


t = 1.0 detects collision with A


t = 1.25 A detects collision with D


• Performance will depend on channel length

• Large propagation delays: poor performance
[Layers of OSI Model]

• Length of CSMA networks must be limited

• Can we do better?


• CSMA with collision detection (CD):

• Listen while talking!
• Stop transmitting when another pkt has collided with your
• Wait random time before attempting to resend
• Worst- case time to detect a collision?
• Performance depends (as in CSMA) on channel length

Case Study: Ethernet

• CSMA/ CD, 1- persistent

• IEEE 802.3 standard
• Channel: coaxial cable (typically)
• T: minimum randomization interval
• Collision resolution: binary back off: pkt arrives (from upper
layer) for transmission.
o Set L = 1, mark pkt as “ready”
o After successful transmission, all hosts with “ready”
pkt can send
o If{collision}
[Layers of OSI Model]

 L = L*2 up to 1024
 Wait random amt of time over next L*T time units
 After waiting, pkt is again “ready”
 Go to 2

• Note: back off interval dynamically adjusts to load

• Different hosts will have different L values
• Light load: small L typically
• Heavy load: larger L

Ethernet: example

1.3 Successf 3
Pkt trans ul
Trans by
Successf Successf
ul ul
Pkt 3 Trans by Trans by
Pkt 1,2,3
Read collide 1,3 3 1
Read y collide
y ,
At 21,2,3 again, again
At 1Pkt backo
Read transmibacko ff
y t, ff
At 3 collide,

More on Ethernet

• 10 Mb/sec 100 Mb/sec standards

[Layers of OSI Model]

• packet format

Preamble Start Destination Source length data pad checksum

frame address address

• Preamble: 7 bytes to allow sender/ receiver clock synch

• Start- of- frame: 1 byte, denotes start of frame (like HDLC)
• Destination address:
o 48 bit address “physical address”
o Different from IP address!!!!
o Each Ethernet board in world has own unique address
hard wired- wired (IEEE and vendor assigned)
o Dest. Address all 1’s for broadcast pkt: will be received
by all hosts attached to LAN
• Source address: 48- bit physical address
• Length: 2 bytes, max packet length in 1500 bytes
o Recall IP fragmentation
• Data: contains (is) packet (e.g. , IP packet) handed down
from upper layer
• Padding: used to insure data plus padding>46 bytes
• Checksum

Group Random Access protocols

[Layers of OSI Model]

• Rather than back off to separate colliding stations,

structured “search for exactly one station
• Enable group of stations
• If collisions occur, divide group until only one ready station
is enabled
• Tree walk: think of stations at leaves on logical binary tree:

1 2 3 4 5 6 7 8

1. All stations rooted at root node enabled

2. if {no stations send)


Else if (one station sends)

[Layers of OSI Model]


Else /* collision */

Resolve (left child (root node))

Resolve (right child (root node))

Group Random Access: example

Suppose stations 2,3,7,8 ready with pkt



1 2 3 4 5 6 7 8

A enabled, collisions

B enabled collisions
[Layers of OSI Model]

D enabled, SUCCESS by 2

E enabled SUCCESS by 2

C enabled, collisions

F enabled, idle

G enabled, collisions (could have avoided!)

7 enabled, SUCCESS

8 enabled, SUCCESS

Token Passing Protocols

• token circulates among stations

• media:
o token ring connection: IEEE 802.5, FDDI
o token bus, IEEE 802.4
• to transmit
o station must seize token
o transmit packet while holding token
o release (send out ) token
[Layers of OSI Model]

OSI: The Network Layer

OSI Background

Created by the International Organizational Standardization (ISO)

to develop standards for data networking, the Open system
International (OSI) protocols represent an international
standardization program that facilitates multi vendor equipment
interoperability. This paper will familiarize you with common
terms and introduce you to the concepts of open system

In an OSI network there are four significant architecture entities:

hosts, areas, a backbone, and a domain. A domain is any portion
[Layers of OSI Model]

of an OSI network that is under common administrative

authority. Within any OSI domain, one or more areas can be
defined. An area is a logical entity: it is formed by a set of
contiguous routers in the same area exchange information about
all of the hosts that they can reach.

The areas are connected to form a backbone. All routers on the

backbone know how to reach all areas. The term end system
(ES) refers to any non routing host or node; intermediate system
(ES-IS) and intermediate-to-Intermediate System (IS-IS)
protocols, both of which are discussed later in this document.

OSI Network- Layer Service and Protocols

Two types of OSI network-Layer services are available:

Connectionless Network Service (CLNS) and Connection-
Oriented Network Service (CONS). CLNS uses a datagram data
transfer service and does not require a circuit to be established
before data is transmitted.

In contrast, CONS does require a circuit to be established before

transmitting data. While CLNS and CONS define the actual
services provided to the OSI transport layer entities that operate
immediately above the network layer, Connectionless Network
Protocol (CLNP) and Connection- Oriented Network Protocol
(CONP) name the protocols that these services use to convey
data at the network layer. CLNP is the OSI equipment of IP.
[Layers of OSI Model]

Knowledge of OSI network addressing is the next step toward an

understanding of routing. OSI network addresses are variable-
length entities designed to handle networks virtually any type
and size. OSI addressing encompasses two primary concepts:
Network Service Access points (NASPs) and Network Entity
Titles (NETs).

NSAPs specify usage points at which network- layer services can

be acquired. If there are multiple network–layer service users (for
example, OSI transport protocols Transport protocol 3 [TP-3]
and Transport Protocol 4 [TP- 4]) in a particular ES, then that ES
will have multiple NSAP addresses. In contrast, Nets specify
network -layer entities or process. NET entities represent the
active agents that operate within the network layer to carry out
assigned functions. CLNP is a network- layer entity and would
therefore have an associated NET. NSAP and NET structure is
very similar; in fact, in an ES, they typically differ only in the last
byte, called the selector. The NSAP selector is used to distinguish
between logical entities on the host (a transport entity in an ES or
a network entity in an IS).

NSAPs are hierarchical addresses consisting of two parts: an

initial domain part (IDP) and a domain- specific part (DSP). The
IDP consists of authority and format identifier (AFI) and initial
domain identifier (IDI) parts. The AFI provides information about
the structure and contents of the IDI and DSP fields, including
[Layers of OSI Model]

whether the IDI is of variable length and whether the DSP uses
decimal or binary notation. The IDI further specifies an entity that
can assign values to the DSP portion of the address.

When used in an environment where the OSI IS- IS protocol is

used for routing, the DSP specifies the area, the station ID within
the area, and the selector (port) number. Figure 1 illustrate the
NSAP address format for use with IS-IS routing.

Figure 1: NSAP Address Format for Use with IS-IS Routing


AFI IDI Area Station


OSI Routing Protocols

The OSI protocols suits includes several routing protocols and one
router discovery protocol (ES-IS). Although not explicitly a routing
[Layers of OSI Model]

protocol, ES-IS is include in this section because it is commonly

used with routing protocols to provide end- to- end data
movement through an internet work.

Routing within an area is called level 1 routing; routing between

areas is called level 2 routing. An IS that can route only within
area is known as a level 1 IS. A level 1 IS needs to know only
about the ESs and other level 1 IS in its own level 1 area and
about the nearest level 2 IS that it can use to forward traffic out
of its own area. Figure 2 illustrates the level view of the routing

Nearest Level 2

System End
(ES) System

Level 1
Level 1

Level 1

[Layers of OSI Model]

An IS that can route between areas is called a level 2 IS. A

level 2 IS must understand the topology of the areas in
which it resides, other level 2 ISs in its routing domain, and
how to reach all other level1 area. Figure 3 illustrates the
level 2 view of the routing domain.

Figure 3: Level 2 View of the Routing Domain

Area Level 2 Backbone


Area Area
2 3

In OSI Networks, each ES lives in a particular area. An ES

discovers an IS by listening to “hello” messages exchanged as
part of the ES-IS protocol (explained in the next section ).when
an ES wants to send a packet to another ES, it sends the packet
[Layers of OSI Model]

to any directly connected level 1 IS in its area. The IS looks up

the destination address and forwards the packet along the best
route. If the destination address is an ES in another area, the
Level 1 IS sends the packet to the nearest Level 2 IS. Forwarding
through Level 2 ISs continues until the packet reaches a Level 2
IS in the destination area. Within the destination area, Level 1
ISs forward the packet along the best path of Level1 ISs until the
destination ES is reached. Figure 4 illustrates the CLNP routing

Figure 4: CLNP Routing

[Layers of OSI Model]

Area A

(ES) Level 1

Level 2

Area B

Level 2

Level 1
End IS

Network – layer and routing protocols are both involved in the

routing process; these protocols are discussed in the two


ES- IS is the means through which an ES becomes acquainted

with an IS. It is a very simple protocols that use of three types of
[Layers of OSI Model]

messages: end- system hellos (ESHs), intermediate system hellos

(ISHs), and redirects. An ESH announces the presence os an ES.
An ESH is sent by all ESs to a special data- link layer address that
all ISs on that network segment listen to. An ISH announces the
presence of an IS. An ISH is sent by all ISs to a special data link-
layer address that all ESs on that segment listen to. Both ESHs
and ISHs provide network- layer and data link- layer addresses for
te source nodes. An IS sends a redirect to an ES to tell the ES that
is a more efficient path to the destination.

Figure 5 shows an instance in which a redirect message instructs

ES 1 to send a packet to IS 2 instead of IS 1. at time 1, ES 1 sends
a packet to IS 1. IS’s optimal path information, compiled with the
help of routing protocols, specifies that the packet should be
forward out the same port as the one from which the packet was
received. In this case, the best path is really through IS 2, which
is directly accessible to ES1. at time 2, after it has forwarded the
original packet to IS2, IS1 sends a redirect message to ES1 telling
it that IS2 is a better route for datagram designed for ES2. at time
3, ES1 direct a new packet to IS2.

Figure 5: Redirect Message Example

[Layers of OSI Model]

ES 2

Datagram 1
Datagram 2

ES 2 ES 2

Datagram 3

ES 2

Where an ES is connected to an IS via a point connection, ISHs

and redirects are not necessary. The ES simply sends the IS
periodic ESHs to let the IS know its network are not necessary.
The ES simply sends the IS periodic ESHs to let the IS know its
network layer address. The IS can then announces to the rest of
the network that it can forward datagram to that ES.

Where an ES is connected to a LAN, more complicated (but still

relatively simple) operations are required. All ESs send ESHs, and
all ISs send ISHs. ESHs allow ISs to identify all ESs on the LAN;
ISHs allow ESs to identify all ISs on the LAN. ESs maintain two
cashes: an IS cache that contains data link- layer addresses for all
ISs on the LAN and a destination cache that contains the network
layer/ data link layer address mapping for all destination ESs.
[Layers of OSI Model]

When an ES needs to transmit to a destination ES, it first checks

its destination cache. If the destination ES is listed in the cache,
the source ES addresses and sends the packet accordingly. If the
destination ES is not in the destination cache, the source ES looks
in its IS cache. If the IS cache is not empty, the source ES selects
an IS from the cache and addresses its packet to that IS. In other
words, the ES sends the packet to any directly connected IS in its
area. The IS May or not be the first step along the optimal path to
the destination. If the ID determines that the next hop is another
IS on the ES’s LAN, it forwards the packet to that IS and sends the
ES a redirect message. If the IS determines that the destination
ES is on the source ES’s LAN, it forward the packet to the
destination ES and sends a redirect message to the source ES.

If the IS cache is empty and there is no appropriate entry in the

destination cache, the ES sends the packet to a multicast address
indicating all ESs. All ESs on the LAN receive the multicast and
examine the network layer address. If an ES sees a network layer
address matching its own, it accepts the packet and sends an
ESH to the source ES. All ESs without a matching network layer
address discard the packet. Figure 6 shows a flowchart of ES-IS

Figure 6: ES – IS Operation

Transmit ion
[Layers of OSI Model]

Destinatio Datagram
n Addressed
Cache And Sent

Entries in

Datagram Datagram
Addressed to First IS Sent to “AII-ES”
in Multicast Address
Cache and Sent

Next ES With Matching

Hop on Network- Layer Address
YES ES’s NO Accept Datagram
Segment Sent to “AII-ES”

IS Forward Destination ES Sonic

Datagram IS Forwards Datagram ESH Message to
And Sends to Next Hop Source ES
Redirect on Rafting job Multicast Address

Source ES Put
Destination ES in
Destination Cache


[Layers of OSI Model]

IS-IS is the standard intra domain routing (routing with a domain)

protocol in the OSI protocol suite. It is a link state protocol,
meaning that it calls for each IS to “meet” its neighbor ISs and
proliferate information about the state of each neighbor link to all
other ISs. Each IS stores these link state advertisements (LSAs)
and can compute optimal routes to each ES from the complete
topological knowledge they yield. IS-IS is a cost-based routing
protocol. In other words, each IS that runs ISIS must be
configured with a cost each attached link. LSAs include costs to
allow straightforward calculation of optimal routes.

LSA distribution is a critical part of IS-IS operation. All ISs must

receive LSAs from all other ISs, or topological information is not
complete. LSAs are flooded to all IS ports except those on which
the LSA was received. LSAs also include remaining lifetime and
sequence number fields. ISs use these fields to help determine
whether received LSAs might be duplicates, too old, or otherwise
inappropriate. ISs send LSAs at regular intervals and when the
following special events occur:

• When an IS discover that its link to a neighbor is down.

• When an IS discovers that it has a new neighbor.
• When an IS discovers that the cost of a link to an existing
neighbor has formed.

Once LSAs have been distributed appropriately, an algorithm

must be run to compute optimal paths to each ES. The algorithm
[Layers of OSI Model]

most often chosen for this task is the Dijkstra algorithm. The
dijkstra algorithm iterates on the length of a path, examining the
LSAs of all ISs working outward from the host IS. At the end of the
computation, a connectivity tree yielding the shortest paths
(including all intermediate hops) to each IS is formed.

When a level 1 IS receives a packet, it examines the destination

area address in the network layer header. If this address matches
the leel1 IS’s area address, the IS routes based on the ID portion
of the address. Otherwise, the IS forward the packet to the closet
level 2 IS. Within an area, a level1 IS receiving a packet will look
in its routing table to see if an entry exists for the destination ES.
If an entry exists, the IS forward the packet appropriately. If an
entry does not exist, the packet is either dropped or forwarded to
a default IS designed for such purposes.

Integrated IS-IS

Integrated IS-IS is an implementation of the IS-IS protocol for

routing multiple network protocols. Today, integrated ISIS
standards exist that support CLNP and IP protocols.

Like all integrated routing protocols, integrated IS-IS calls for all
routers to run a single routing algorithm. LSAs sent by routers
running integrated IS-IS include all destinations running either IP
or CLNP network layer protocols. Protocols such as the Address
Resolution Protocol (ARP) and the Internet Control Message
[Layers of OSI Model]

Protocol (ICMP) for IP and the ES-IS protocol for CLNP still must be
supported by routers running integrated IS-IS.

Standard IS-IS packets must be modified to support multiple

network layer protocols. IS-IS packet formats were designed to
support the addition of new fields without a loss of compatibility
with nonintegrated version of IS-IS. The fields that are added to
IS-IS to support integrated routing:

• Tell ISs which network layer protocol are supported by other

• Tell ISs whether end stations running other protocols can be
• Include any other required network layer, protocol- specific

Most inter networks running integrated IS-IS support three

different IS configuration: those running only CLNP, and those
running both IP and CLNP. ISs running only one of the two
protocols ignore information concerning the other protocol. In
fact, such ISs will refuse to recognize other ISs as neighbors
unless they have at least one protocol in common. ISs running
both protocols can and will become neighbors with the other IS

Introduction Routing
[Layers of OSI Model]

Inter domain routing (routing between domain) is philosophically

different from intra domain routing; hence the separation of
these protocols into a new category. The primary philosophical
difference is that intra domain routing typically assumes a
trusted environment in which constant communication within a
single organization occurs. By contrast, inter domain routing
often occurs between different organization that want distinct
and essential controls over information sent and received.
Communication often is not as frequent and typically is a subject
to additional scrutiny.

The simplest type of inter domain routing is static routing. In

static routing system, routes between domains are manually
established and disestablished. Because it involves much more
administrative overhead than dynamic routing, static routing is
most often used when very few routes mist be maintained.

Cisco’s OSI Implementation

Cisco System was the first company to support dynamic inter

domain routing within OSI environments. Currently, Cisco’s OSI
implementation provides both static and dynamic packet
forwarding and routing and adheres to relevant ISO protocol
specifications, including.
• ISO 8473 (CLNP)
• ISO 8348 (CLNP)
• ISO 8348/Ad2 (NSAP addressing)
[Layers of OSI Model]

• ISO 8208 (packet- level CONS)

• ISO 8802-2(frame- level services on LAN media)
• ISO 8881 (CONS over ISO 8802-2)
• ISO 7776 (Link Access Procedure, Balanced)
• ISO 9542 (ES-IS)
• ISO 10589 (IS- IS)

Integrated IS-IS extensions for IP as defined in RFC 1195 also are

supported. Users can perform CLNP routing over Ethernet, Fiber
Distributed Data Interface (FDDI), Token Ring, and serial line
networks. Cisco’s OSI implementation is also complaint with the
United States Government Open System Interconnection profile
(US-GOSIP) version 2 specification, and Cisco is the first router
vendor to be certified and registered with the National Institute of
Standards and Technology (NIST).


The ability of protocol implementations to work with other

implementations of same protocol (often called interoperability)
is a critical feature of OSI implementation.

Cisco’s OSI implementation is interoperable, having been proven

so in OSI interoperability demonstrations with AT&T, General,
DEC, Frontier Technologies, HP, IBM, Intel, NCR, Novell,OSIWare,
[Layers of OSI Model]

Spinder, Sun, Tandem, Touch, Unisys, and Wollongong. Cisco

routers are able to interoperate with equipment from each of
these vendors, a fact that is particularly noteworthy in the case of
AT&T, which many people believe has the largest installed base
of CLNP end system. Cisco also participated successfully in a
European pilot demonstration of CLNP- protocol based inter-
domain routing (see Figure 7).

Figure 7: European CLNP Pilot



Ebone 92





[Layers of OSI Model]

As networks grow larger, administrator control of network access

becomes increasingly important. Such control is particularly
important in OSI networks, which were designed to provide a rich
feature set in support of large, heterogeneous networks. Cisco
provides many features are described in the next two sections.
Route Redistribution

Cisco routers support information sharing between multiple

routing protocols and between multiple instances of the same
routing protocol. Such sharing is know as route redistribution and
is supported among all of Cisco’s routing protocols. Route
redistribution ensures that can occur in networks that run
multiple routing protocols.

Over time, Cisco has enhanced its route redistribution support to

improve administrative control over methods by which routing
information moves between routing domains.
To ease configuration of route redistribution, Cisco created route
maps. A route map is a set of instructions that tell the router how
routing information is to be redistributed between two routing
protocols or between two instances of the same routing protocol.

Route map contain an ordered list of match conditions. Each item

in the list is matched in turn against any route that is a candidate
for redistribution. When a match is found, an item performs an
action associated with that match. The route can be permitted
(redistributed) or not permitted (not redistributed), but the action
[Layers of OSI Model]

also can mandate the use of certain administrative information

(called route tags) that can be attached to routing data to
augment routing decisions. Route maps also can mandate the
use of certain route metrics or route types and even can modify
the route’s destination in outgoing advertisement. Where
different networks share similar redistribution needs, network
administrators can conserve memory and save time by using the
same route map for more than one protocol pair.

Route maps give network managers unprecedented control over

the ways that routing information is propagated in their networks.
Redistribution configuration files that use route maps are easy to
create, understand and modify. Using route maps, Cisco users
are able to build larger, more robust, reliable net works, with
better traffic control than ever before.

OSI Filtering

Cisco offers advanced filtering that provide additional

administrative control of traffic flow in an OSI network. There are
four components to a Cisco OSI filter.

• Address templates
• Templates aliases
• Filter set
• Filter expression
[Layers of OSI Model]

Address templates are applied to NSAP address to provide

flexible filtering based on all or a portion of the address. The
simplest template is an address itself. Wildcard notation can be
used in an address template to denote a match with anything.
Address prefix and suffix matching is also possible. These
features are particularly useful with NSAP’s variable- length
addresses. Both bit- and level matching is also possible.

Because NSAP addresses can be relatively lengthy, address

templates sometimes can become unwieldy. In these cases,
address templates can be assigned names called template
aliases. Template aliases allow repetitive use of address
templates without concern for user typing mistakes and other
problems. Aliases are more meaningful to human administrator
than alphanumeric NSAP addresses are, so it is easier to look at a
template alias and know what it denotes. Finally, when an
address changes, administrator can simply modify the template

A filter is a named collection of address templates with

associated permit/deny indications. Filter expression are Boolean
combinations of filter sets, other filter expressions, and certain
logical operators (AND, OR, XOR, and NOT). Filter expressions
allow filtering combinations not possible with simple filter sets.
Further, they permit matches on source address. Filter sets and
filter expressions can be applied to inbound or outbound CLNP
datagram, ISIS adjacencies (ISO-IGRP routers that are on the
[Layers of OSI Model]

same segment), ES- IS adjacencies (ESs and ISs that are on the
same segment), and route redistribution. Together, they provide
an extensive set of filtering capabilities designed to ease network
administration while saving time and reducing the possibility of
configuration errors.

Integrated and Inter domain Routing

In addition to Cisco’s support of Integrated IS-IS, is standard IS-IS

implementation still can run simultaneously in the same router
with other routing protocols. For example, users can use IS-IS to
route CLNP and Enhanced IGRP to route IP. Both routing
processes (IS-IS and Enhanced IGRP) operate autonomously in
any router. This approach, which is
Often called ships- in- night routing, create multiple logical
routers within a single physical router. Physical routers analyze
all incoming datagram, identify the indicated network – layer
protocol in each, and assign the packet to the appropriate logical
router for processing.

In addition to Integrated IS-IS, Cisco continues to offer its ISOIGRP

implementation. ISO-IGRP is another integrated routing protocol
that accomplishes the same purpose as Integrated IS-IS. The
primary differences between the two is that ISO-IGRP is a
distance- vector protocol, whereas Integrated IS-IS is a link –
state protocol.
[Layers of OSI Model]

ISO-IGRP also gave Cisco the distinction of being the first

company to offer dynamic inter domain routing for CLNP. An ISO-
IGRP network can connect two or more IS-IS domains. Route
redistribution ensure that IS-IS routes can pass through the
“foreign” environment without information loss. Static routes
provide users with yet another way to effect inter- domain routing
in CLNP environments.

Other feature

To provide monitoring and troubleshooting capability, the Cisco

CLNP implementation supports both ping and race commands.
Ping commands are used to test the reach ability of remote
nodes. Trace commands allow an administrator to discover the
path a packet takes when it traverses the network. In addition to
these helpful and often- used commands, the show and debug
commands display such information as the contents of the
routing cache, lists of ES and IS neighbors, traffic statistics, and
significant CLNP event occurrences. These capabilities constitute
the industry’s most robust set of CLNP monitoring and diagnostic
feature and, for the user; they translate into less time spent
debugging network problems.

Routing paths through a network can be of equal cost. This is

particularly common in the case of serial interfaces, because the
speed of the lines is often the same. Rather than simply using
one or two paths and subjecting traffic on that line to possible
[Layers of OSI Model]

delay, Cisco supports per- packet load sharing between equal-

cost paths. In other words, packets can be multiplexed in a
round- robin fashion on up to four cost paths. This technique
provides better response through superior bandwidth utilization.

X.500 is the OSI name protocol. Since X.500 implementations are

not yet commonplace, Cisco offers system administrators a static
name- to- address translation capability. This feature allows
administrators to use convenient names rather than 20- byte
NSAP addresses in all router commands. Administrators provide
the router with name/NSAP address pairs, which are used for
name- to- address translation.

Domain name system (DNS) support for NSAP addresses, as

defined in RFC 1348, is currently in transition. Cisco is tracking
the transition and will support the standard that emerges. When
the standard is complete, administrators will simply load the
name- to- NSAP mapping into a DNS database. Therefore, when a
name that is not in the NSAP name database is encountered, a
DNS lookup is executed automatically.

X.25 Switching

Cisco’s support of ISO 8208 (CONS) provides the ability to extend

X.25 switching to different media, such as Ethernet, Token Ring,
and FDDI.CONS specifies the implementation of packet- level
X.25 over the Logical Link Control 2 (LLC2) connection oriented
[Layers of OSI Model]

data link service on LAN media. LAN- based OSI nodes can be
connected both to one another and to remote OSIbased DTE
devices via X.25 public data networks (PDNs) or point- to- point
lines. Figure 8 shows examples of each of these Cisco CONS


Figure 8: Example Cisco CONS Configuration

[Layers of OSI Model]

The Transport Layer

The basic function of the transport layer is to accept data from

the session layer, split it up into smaller units if need be, pass
these to the network layer, and ensure that pieces all arrive
correctly at the other end. Furthermore, all this must be done
efficiently, and in a way that isolates the session layer from the
inevitable changes in the hardware technology.

Under normal conditions, the transport layer creates a distinct

network connection for each transport connection required by the
session layer. If the transport connection requires a high
throughput, however, the transport layer might create multiple
network connections, dividing the data among the network
connections to improve throughput. On the other hand, if
creating or maintaining a network connection is expensive, the
transport layer might multiplex several transport connections
onto the same network connection to reduce the cost. In all
cases, the transport layer is required to make the multiplexing
transport to the session layer.

The transport layer also determines what type of transport

connection an error- free point- to- point channel that delivers
[Layers of OSI Model]

messages in the order in which they were sent. However, other

possible kinds of transport isolated messages with no guarantee
about the order of delivery, and broadcasting of messages to
multiple destinations. The type of services is determined when
the connection is established.

The transport layer is a true sources-to destination or end- to-

end layer. In other words, a program on the sources machine
carries on a conversation with a similar program on the
destination machine, using the message header and control

Many hosts are multiple- programmed, which implies that

multiple connections will be entering and leaving each host.
There needs to be some way to tell which message belongs to
which connection. The transport header is one place this
information could be put.

In addition to multiplexing several messages stream onto one

channel, the transport layer musk takes care of establishing and
deleting connections across the network. This requires some kind
of naming mechanism, so that process on one machine has a way
of describing with whom it wishes to converses. There must also
be a mechanism to regulate the flow of information, so that a fast
host cannot overrun a slow one. Flow control between hosts is
distinct from flow control between switches, although similar
principles apply to both.
[Layers of OSI Model]

Session Layer

From Wikipedia, the free encyclopedia

The session layer is level five of the seven level OSI model. It
responds to services requests from the presentation layer and
issues services requests to the transport layer.

The session layer provides the mechanism for managing the

dialogue between end- user application processes. It provides for
either duplex or half duplex operation and establishes check
pointing, adjournment, termination and restart procedures.

The session layer is typically completely unused, but it does have

a few places where it is useful. The idea is to allow information on
different streams, perhaps originating from different sources, to
be properly combined. In particular, it deals with synchronization
issues, and ensuring nobody ever sees inconsistent versions of
data, and similar things.

One application which is fairly clear is multimedia conferencing.

Here, we want to make sure that the streams of audio and video
[Layers of OSI Model]

match up- or in other words, that we do not have lip-sync

problems. We may also want to do “flow control”- ensuring that
the person displayed on screen and whose words are relayed is
the one selected by the speaker, or by some other criteria.

Another big application is in live TV programs, where streams of

audio and video need to be seamlessly merged from one to other
so that we do not have half a second of blank airtime, or half a
second when we transmit two pictures simultaneously.

In brief: Session Layer; Establishes, manages and terminates

connections (sessions) among cooperating applications. Also
adds traffic flow information.
[Layers of OSI Model]

Presentation layer
The presentation layer is concerned with preserving the meaning
of information sent across a network. The presentation layer may
represent (encode) the data in various ways (e.g. data
compression, or encryption), but the receiving peer will convert
the encoding back into its original meaning. The presentation
layer concern itself with the following issues:

1. data format: converting the complex data structure used by

an application- strings, integers, structures, etc. – into a
byte stream transmitted across the network.

Representing information in such a way that communicating

peers agree to the format of the data being exchanged.
E.g. how many bits does an integer contain?, ASCII or
EBCDIC character set?.

2. Compressing data to reduce the amount of transmitted data

(e.g., to save money).
3. security and Privacy issues:

[Layers of OSI Model]

: Scrambling the data so that only authorized participants

can unscramble the messages of a conversation. Recall,
that it’s easy to “wiretap” transmission media such as
: verifying that the remote party really is the party they
claim to be rather than an imposer.

Note: Encryption is the solution to these problems. Where

encryption should be done? Data link or presentation layer?.
It is not exactly clear. For instance, it is easy to add
encryption at the data link layer, encrypting every
transmitted frame. However, if you are concerned about
security, would you trust someone else to perform
encryption for you? On the other hand, having the
presentation layer perform encryption leaves the packet
headers of the lower layers unencrypted, allowing intruders
to perform traffic analysis.
Abstract Syntax Notation

Abstract Syntax Notation (ASN.1) is an ISO standard that

addresses the issues of representing, encoding, transmitting, and
decoding data structures. It consists of two parts:

1. An abstract syntax that describes data structures in an

unambiguous way. The syntax allows programmers to talk
[Layers of OSI Model]

about “integers”, “character strings”, and “structures”

rather than bits and bytes.
2. A transfer syntax that describes the bit stream encoding of
ASN.1 data objects.

Conceptually, applications exchange data structures called

Application Protocol Data Units (APDUs). Each APDU contains the
actual data being exchanged, along with additional fields that
describes the types of data values being exchanged. The
transmitted APDU is completely self- contained; the receiver
doesn’t have to guess at what the bits mean.

When an application has data to send, it hands them to the

presentation layer (together with an ASN.1 definition), and the
presentation layer converts them into the transfer syntax. Once
in transfer syntax form, the data can be handed to the transfer

Send: data and additional fields to describe the type of data.

Upon receipt of data, the reverse operation take place, with the
receiver converting from ASN.1 format to the internal
representation of the local machine.

Alternative approaches to the data representation problem:

[Layers of OSI Model]

1. Have the sender convert data into the format expected by

the receiver, so that the receiver doesn’t have to perform
any decoding. The disadvantage to this approach is that
every sender to know haw to encode data for every possible
target machine.
2. ASN.1 takes the approach of converting everything into a
common form, much like the “network standard
representation “of TCP/IP. However, this approach has the
disadvantage that communication between two identical
machines results in (needless) conversions.

ASN.1’s abstract syntax is similar in form to that of any level

programming language. For instance, consider the following C

Struct Student {
Char name[50]; /* “Foo Bar” */
Int grad; /*Grad student? (yes/no) */
Float gpa; /*1.1 */
Int id; /1234567890 */
Char bday[8]; /*mm/dd/yy */

its ASN.1 counterpart is:

[Layers of OSI Model]

student :: = SEQUENCE {
name OCTET STRING, - - 50 characters
grad BOOLEAN - - comments preceded
gpa REAL - - by “- -“
bday OCTET STRING - - birthday

ASN.1 consists of primitive types, and complex types are written

(by convention) in upper case, and the following primitive types
are defined:

: An integer (of arbitrary length).


: Sequence of zero or more bits. Bit string values are written
as ‘01001101’B (for binary) or ‘4D’H (in hex.).

: List of zero or more bytes. Used string values are
represents strings, they have no maximum length.
[Layers of OSI Model]

: A union of all types (e.g. one of several different possible

: A real number

: No type at all, corresponds to “NIL” in C.

: The name of an object (e.g. library). When a session is
established, both sides negotiate about which ASN.1 object they
will be using.

Primitive types can be combined into more complex types. ASN.1

provides the following constructions:

Ordered list of various types (like a C structure) can be
either primitive or complex types.

: ordered list of a single type (e.g. an array).

: Unordered collection of various types.
[Layers of OSI Model]

: Unordered collection of single type.

Note: SET and SET OF are similar to SEQUENCE and

SEQUENCE OF, except that the order of components is not
guaranteed to be preserved at the receiver. Using SET or
SET OF may reduce the amount of copying relative to

: Any one type taken from a given list.

ASN.1 allows fields to be declared OPTIONAL or DEFAULT. The

idea is to allow the sender to omit part of a data structure and let
the omitted fields taken on default values. For data structure
containing many components, this may lead to simultaneously
less actual data transferred.

However, the use of the OPTIONSL or DEFAULT types leads to

potential problems. Suppose that a SEQUENCE has ten fields, all
of them of types INTEGER and all OPTIONAL. If only three fields
were transferred, how would the receiver know which three they
[Layers of OSI Model]

ASN.1 uses tagging to solve this problem, allowing any data type
or field to have a tag that identifies it. Tags are written in square
brackets, and the following four types have been define:

: Tags that is universally defined and globally unique. Such
tags are defined in the ASN.1 standard.

: Tags those are unique within a given ASN.1 module. In any
particular ASN.1 module, only one data type may have a
given tag.

: The tag must be unique within a given enterprise, as
provided by bilateral agreement. Used between principles (e.g.
organizations) those have agreed to a set of tags that can be
used when communicating with each other (e.g. a library of tags).

: That are unique within a given constructor type, such as

For example [APPLICATION 4] refers to an APPLICATION tag;

[PRIVATE 12] refers to a PRIVATE tag; and [44] refers to a
PRIVATE tag (the default if no types is specified).
[Layers of OSI Model]

Now, if only three items of a 10-item sequence are transmitted,

the receiver can use the tags to determine which fields have
been transmitted.

Note: Whenever we send an item, we send its types, length, and

value. If it is tagged, we also transmit its tag. Thus we’ve added
redundancy to our representation. If we include a tag implicitly
specifies the type. To suppress the transmission of redundant
information, ASN.1 also allows an IMPLICIT keyword suppresses
transmission of the type information.

Back to our original example, all tags are of types CONTEXT


Student : : = SEQUENCE {

In addition to defining types, the ASN.1 syntax includes rules for

defining values. Sample values for our example are:
[Layers of OSI Model]

{“Wiz Kid”, TRUE {4,10,0}, 123456789, “11/11/65”}

{“Slow Learner”, FALSE,{12,10,-1}, 123456780, “12/24/88”)

Note: REAL values contain 3 components, a mantissa, base, and

exponent. Thus, 4,10,0

when transmitting a Student value, the following might be


{“Wiz Kid” [1], 123454321}

: Here, we omit the grad, gpa, and bday fields. Grad
defaults to FALSE, while gpa and bday are unspecified.

{“Slow Learner” [1], TRUE, “11/5/60” [4]}

: An error; we must send an id.

{“11/5/60” [4], 123454321}

: The tag [4] distinguishes bday from name.

Transfer Syntax

Programmers use the ASN.1 syntax to describe data structure,

and a compiler translates those descriptions into transfer syntax.
[Layers of OSI Model]

The transfer syntax defines the meaning of bytes that are sent
using a transport protocol.

Each transmitted value consists of four parts: an identifier (either

a type or tag), a length, the data field itself, and an optional end-
of- contents flag (if the length of the data field is unknown):

: Specifies what kind of data follows. It consists of three
Tag type (2 bits)
: An indication of whether the tag is of type UNIVERAL,
Primitive type (1 bit)
: Is the type primitive or constructed?
Tag value (5 bits)
: The tag’s number. If the tag is numbered 31 or more,
the low order bits contain all 1’s, and the true value follows
in the next bytes (or bytes).

Note: When the high order bit of a tag field is set, the value
continues in the next byte. Thus, 30 fits in the 5- bit field,
while 213 requires two additional bytes

Example UNIVERSAL types:

[Layers of OSI Model]

Length (1 or more bytes)

: The length of the data value. Lengths smaller than
128 fit in one byte, the setting of the high order cit extends
the length field into the next byte, as in the tag type field.

Data (arbitrary length)

: INTEGERS are encoded in two’s complement. A
positive number less than 128 requires only a single byte,
while a positive number less than 32768 requires two bytes
and so on.

BOOLEANS are encoded in one byte; 0 denotes false,

anything else denotes true.

BIT STRINGS use two length fields: the first gives the length
in bytes, the second indicates how many bits in the trailing
byte are unused.

ASN.1 is currently used in the Internet as part of the Simple

Network Monitoring protocol (SNMP), a protocol used to query
gateways. SNMP is used to ask a gateway about its routing
tables, the status of its interfaces, etc.
[Layers of OSI Model]

Sun’s XDR

Sun Micro system’s External Data Representation (XDR) is an

alternative to ASN.1 XDR is much simpler than ASN.1, but less
powerful. For instances:

1. XDR uses implicit typing. Communicating peers must know

the type of any exchanged data. In contrast, ASN.1 uses
explicit typing; it includes type information as part of the
transfer syntax.
2. In XDR, all data is transferred in units of 4 bytes. Numbers
are transferred in network order, most significant byte first.
3. Strings consist of a 4 bytes length, followed by the data
(and perhaps padding in the last byte). Contrast this with
4. Defined types include: integer, enumeration, Boolean,
floating point, fixed length array, structures, plus others.

One advantage that XDR has over ASN.1 is that current

implementations of ASN.1 execute significantly slower than XDR.

Data compression

Why do data compression? What is it? Trying to reduce the

amount of data sent. What is the tradeoff? Higher overhead on
each end.
[Layers of OSI Model]

Suppose that we wanted to transfer a 20 Mb file to another

machine. Would we really need to send 20 Mb of data? If the file
consisted entirely of the letter “A”, we could send the letter “A”,
followed by a count of the number of times it appears in the file,
and have the receiver regenerate the file.

There are three general approaches to data compression. Each

approach assumes that the data stream can be transferred into a
more compact representation, which the receiver reconstructs
back into the original data.

Approach 1: Finite of Symbols

Consider a library with many branch offers in which the previous

day transactions are sent to every other branch after closing.
Transactions consist of checked out and returned books. We
could exchange information in the following ways:

1. We could send the name of the book, its author, the copy
number, etc. together with the type of transaction.
2. Alternatively, the library could maintain a site wide table
assigning a unique ID number to every branch. Transactions
could than refer to the book’s ID number, rather than its
title. Because book IDs are small (e.g. a few bytes), less
data will be transmitted.
[Layers of OSI Model]

Note: The above technique is used throughput programming. We

frequently exchange pointers and array subscripts to avoid the
cost of transferring large amount of data between subroutines.

The previous approach assumes that all objects occur with equal
frequency, and that the set of object (e.g., books) is finite. If we
examine text, however, we immediately notice that some words
appear more often than others. We could reduce the number of
bits needed to represent a document by using a coding scheme
that employs small code words to represent common words and
longer code words to represent words the appear infrequently.

Approach 2: Huffman Encoding

Huffman encoding is a technique used to encode symbol, with a

node’s value given by the probability of its occurrence in the

1. Create a set of nodes, one node per symbol, with a node’s

value given by the probability of its occurrences in the data.
2. Find the two nodes having the smallest value, remove them
from the set, and create a new node having the two
removed nodes as children, and assign the new node a
value that is the sum of its children’s values. Add the new
node back to the set of nodes.
3. Repeat step 2 until only one node remains. We now have a
tree, whose probability value is one.
[Layers of OSI Model]

4. The encoding for each symbol is the path from the root to
the symbol. Using a code of 0 for a left child, 1 fore a right
child, the length of each symbol’s encoding is proportional
to the relative probability of its occurrences.

One drawback with Huffman encoding, however, is that symbols

have differing lengths, making it relatively expensive
(computationally) to decode. Also, A single- bit error can wipe out
the entire message.

Approach 3: context dependent Encoding

The last technique, context dependent encoding, recognizes that

the probability of a particular symbol occurring next depends on
the previous symbol. For instance, the probability that a “T”
directly follows a “Q” is a about 4 times less than the probability
of a “U” following a “Q”.

The main disadvantage of conditional probability method is the

increase in table space. Each symbol has its own table that gives
the codes for those symbols immediately following it. For K
symbols, the table will contain K2entires. All symbols have K
entires for the symbols that follow them.

One variation to this technique is as follows:

1. Use 5- bit code to represent symbols.

[Layers of OSI Model]

2. Have four different “modes”, where the current mode

determines the meaning of symbols. Four symbols are
reserved to denote a switch to another mode. For instance,
different modes could represent upper- case characters,
lower- case characters, numeric and special characters, and
control characters.
3. The underlying assumption is that lower- case letters are
likely to follow lower- case letters, numbers are likely to
occur in groups etc.
4. The occurrences of a mode symbol signify a mode change.
5. Our 5- bit code now represents 4*28 = 112 different values.

One advantage that the above technique has over Huffman

encoding is that symbols are all fixed length, making encoding
and decoding using table lookups very efficient. In addition, it is
more immune to transmission errors.

Run length Encoding

Another alternative, run length encoding, is used to encode data

containing repetitive symbols. Consider binary strings of 0s and
1s. One way to handle long runs of 0 is to use a k- bit symbol that
tells how many 0 bits occurred between consecutive 1s. A code
word of all 1’s means that the true distance is 2k-1 plus the value
of the following symbol(s).

For example:
[Layers of OSI Model]

00010000101001100000000000000000000000100000001 (47

Consists of runs of length 3, 4, 1, 2, 0, 23 and 7

Using 4- bit symbols, it would be encoded as:

001 0100 0001 0000 1111 0100 0111, for 32 bits and a savings
of 15/47=30%.

Using 3- bit symbols, it would be encoded as:

011 100 001 010 000 111 111 111 010 111 000 for 33 bits.

Yet another variation is to encoded the difference between the

current value and the previous value, as was used to reduce the
number of bits needed in pulse coded modulation (PCM).

Source Encoding

Another approach is to use a information. This transformation

may be an approximation of the original, but allows the image to
be stored/ transmitted more efficiently.

For example, selection of some terms of Fourier series

approximates a periodic function, but this approximation may be
good enough.
[Layers of OSI Model]

Joint Photographic Experts Group standard for compressing

continuous tone still pictures. Look at fig 7-80. Steps for lossy
(some data is lost) sequential mode. Divides image into blocks
and perform a set of transformations (include Huffman encoding
and run length encoding)


Motion Picture Experts Group MPEG-1, -2 and MPEG- 4

Video encodings for MPEG-1:

• I (intra coded) frames: self- contained JPEG- encoded still

pictures (send one of these every 1-2 secs)
• P (predictive) frames: block- by- block difference with at
• B (bidirectional) frames: difference with last and next frame
• D (DC- coded) frames: block averages used for fast forward
(not in MPEG-2)
[Layers of OSI Model]

Application layer
From wikipedia, the free encyclopedia

The application layer is the seventh level of the seven – layer

OSI model. It interfaces directly to and performs common
application services for the application processes; it also issues
requests to the presentation layer.

The common application layer services provide semantic

conversation between associated application processes. Note:
examples of common application services of general interest
include the virtual file, virtual terminal, and job transfer and
manipulation protocols.

Internet Protocol suite

[Layers of OSI Model]


SSL, Telnet, UUCP, Bit Torrent….

Transport lr. DHCP, SCTP, TCP, UDP…..


Network lr.

Data link lr. Ethernet, Wife, Token ring, FDDI, PPP

RS- 232, EIA- 422, RS-449, EIA- 485,

Physical lr.
10BASE2, 10BASE- T…
[Merits & Demerits of OSI

Merits and Demerits of OSI Model

Merits of OSI Model

There are some merits of OSI model:

• The OSI model is modular. Each successive layer of the OSI

model works with one above and below
• The OSI model is layered framework for the design of
network systems that allows communication between all
types of computer system.
• OSI consists of seven separate but related layers, each of
which defines a segment of the process of moving
information across a network.
• Understanding the fundamentals of the OSI model provides
a solid basis for exploring data communication.
• OSI model originally clearly distinguish between service,
interface and protocols.

Demerits of OSI Model

There are some points of demerits of OSI model:

• The OSI model is not real network architecture, because it

does not really specify the services and protocols each layer
should use.
[Merits & Demerits of OSI

• The OSI model is not a single definition of how data

communications actually takes place in the real world.
• The OSI model was devised before the protocol where
invented. Designer did not much experience with subject
and did not have idea of which functionally of which layer.
• OSI model designed to allow the interconnection of
heterogeneous systems for historical and economic
reasons. Besides, it should not support a particular provider.
• OSI model is not a standard network model.
[Comparison Between OSI &TCP/IP

Comparison between OSI and TCP/IP

In practice, OSI is a de-jure (according to law) standard and

TCP/IP is a de-facto (in reality) standard. The focus in TCP/IP world
is on agreeing on a protocol standard which can be made work in
diverse heterogeneous networks. The focus in the OSI world has
always been more on the standard than the implementation of
the standard.

The OSI reference model was devised before the protocols were
implemented. This ordering means that the model was not biased
toward one particular set of protocols, which made it quite
general. The down side of this generalization was standard
became quite complicated to implement and handle. Because of
the complications OSI never gained the popularity though it was
implemented several organizations. Nevertheless, since as a
standard it was a much generalized one, it has been used as a
reference model against which one can make comparison.

With the TCP/IP the reverse was true: the protocols came first,
and the model was just a description of the existing protocols.
There was no problem with the protocols fitting the model, but it
is hardly possible to be use to describe other models.

The TCP/IP protocol suite has always had an applied, get the job
done orientation. Over the years it has handled most challenges
[Comparison Between OSI &TCP/IP

by growing to meet the needs, and it is now the de-facto

standard for internetworking for several reasons, including:

• TCP/IP is simple and robust compared to alternatives such

as OSI.
• TCP/IP is available on virtually every hardware and
operating system platform, often free.
• It is the protocol suite on which the Internet depends.
• TCP/IP model did not originally clearly distinguish between
service, interface, and protocol.
• Protocols in the OSI model are better hidden in TCP/IP model
and can be replacing relatively easily as the technology
• The OSI model was devised before the protocol where
invented. In TCP/IP model protocols comes first, and the
model is very just as a description of existing protocols.
• The major difference between them is that the OSI model
has seven layers while TCP/IP model has four layers.
• The OSI model support both connectionless and connection
oriented communication is network layer, but only
connection oriented in the transport layer while TCP/IP
model has only one transmission service more in the
network layer is connectionless. But in transport layer
support both the connectionless and connection oriented
[Comparison Between OSI &TCP/IP
[Merits & Demerits of TCP/IP]


As this discussion has shown, TCP/IP is not merely a pair of

communication protocol but is a suite of protocols, applications,
and utilities. Increasingly, these protocols are referred to as
Internet Protocol Suite, but the older name will not disappear
anytime soon.

Application end-to-end connection Application

TCP Virtual Circuit TCP


Subnetwork 1 Subnet | Subnet 2 Subnetwork 2


FIGURE 12: TCP/IP Protocol Suite Architecture

Figure 12 shows the relationship between the various protocol

layers of TCP/IP. Applications and utilities reside in host, or end-
communicating, systems. TCP provides a reliable, virtual circuit
connection between the two hosts. (UDP, not shown, provides an
end-to-end datagram connection at this layer). IP provides a
datagram (DG) transport service over any intervening
subnetworks, including a local and wide area networks. The
[Merits & Demerits of TCP/IP]

underlying subnetworks may employ any common local or wide

are network technology.

Note that the term gateway is used for the device

interconnecting the two subnets, a device usually called a router
in LAN environments or intermediate system in OSI
environments. In OSI terminology, a gateway is used to provide
protocol conversion between two networks and/or applications.

Which Model is used for quaintly?

There are two protocol architecture models; OSI standardized by

the ISO committee. This model is very good reference model
though it is not widely used one. Another model is the TCP/IP
model which is the outcome of longstanding research activities at
the universities and research laboratories. TCP/IP model is the
most widely used architecture and is the technology behind the
today’s Internet. OSI has seven layers where as TCP/IP defines
only five. The seven layer of the OSI are the physical, data link,
network, transport, session and presentation layers but if there
functionalities are required by any application then it is
implemented in that particular application. There are various
protocol specified at each layers and there interface is well
defined so that if required one can just change one
implementation of particular protocol with the other
[Merits & Demerits of TCP/IP]

Other Information Sources

This memo has only provided background information about the

TCP/IP protocols and the Internet. There is a wide range of
additional information that the reader can access to further use
and understand the tools and scope of the Internet. The real life
begins now!

Internet specifications, standards, reports, humors, and tutorials

are distributors as Request for Comments (RFC) documents. RFCs
are all freely available on-line, and most are available in ASCII
text format.

Internet standards are documented in a subset of the RFCs,

identified with an “STD” designation. RFC 2026 describes the
Internet standards process and STD 1 always contains the official
list of the Internet standards.

For Your Information (FYI) documents is RFC subset, specifically

provided background information for the Internet community. The
FYI notes are described in RFC 1150.

Frequently Asked Question (FAQ) lists may be found for a number

of topics, ranging from ISDN and cryptography to the Internet and
Gopher. Two such FAQs are of particular interest to Internet
users: “FYI on Question and Answers- Answers to commonly
asked ‘New Internet User’ Question” (RFC 1594) and “FYI on
[Merits & Demerits of TCP/IP]

questions and Answers: Answers to commonly Asked

‘Experienced Internet User’ Questions” (RFC 1207). All three of
these documents point to even more information sources.

Acronyms and Abbreviations

ARP Address Resolution Protocol

ARIN American Registry for Internet Number
ARPANET Advanced Research Project Agency Network
ASCII American Standard Code for Information
ATM Asynchronous Transfer Mode
BGP Border Gateway Protocol
BSD Berkeley Software Development
CCITT International Telegraph and Telephone
Consultative Committee
CIX Commercial Internet Exchange
CDPD Cellular Digital Packet Data Protocol
CSLIP Compressed Serial Line Internet Protocol
DARPA Defense Advanced Research Project Agency
DDP Datagram Delivery protocol
DDS Digital Data Service
DOCSIS Data over Cable System Interface Specification
DoD U.S. Department of Defense
DWDM Dense Wave Division Multiplexing
FAQ Frequency Asked Question lists
FDDI Fiber Distribution Data Interface
[Merits & Demerits of TCP/IP]

FTP File Transfer Protocol

FYI For Your Information series of RFCs
GOSIP U.S. Government Open system Interconnection
HDLC High-Level Data Link Control
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IAB Internet Activities Board
IANA Internet Assigned Number Authority
ICANN Internet Corporation for Assigned Names and
ICMP Internet Control Message Protocol
IESG Internet Engineering Steering Group
IETF Internet Engineering Task Force
IMAP Internet Message Access Protocol
InterNIC Internet Network Information Center
IP Internet protocol
IPX Internetwork Packet Exchange
ISDN Integrated Services Digital Network
ISO International Organizational for Standardization
ISOC Internet Society
ITU-T International Telecommunication Union Telecommunication
Standardization Sector
MAC Medium (or media) Access Control
Mbps Megabits (millions of bits) per second
NICNAME Network Information Center Name Service
NSF National Science Foundation
[Merits & Demerits of TCP/IP]

NSFNET National Science Foundation Network

NTP Network Time Protocol
OSI Open Systems Information
OSPF Open Shortest Path First
PING Packet Internet Gopher
POP3 Post Office protocol v3
PPP Point-to-point Protocol
RADIUS Remote Authentication Dial-In User Service
RARP Reverse Address Resolution Protocol
RIP Routing Information Protocol
RFC Request For comments
SDH Synchronous Digital Hierarchy
SLIP Serial Line Protocol
SMDS Switched Multimegabit Data Service
SMTP Simple Mail Transfer Protocol
SNAP Subnetwork Access Protocol
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SSL Secure Socket Layer
STD Internet Standards series of RFCs
TACACS+ Terminal Access Controller Access control
System plus
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TLD Top-Level Domain
UDP User Datagram Protocol
WAP Wireless Application Protocol
[Merits & Demerits of TCP/IP]

xDSL Digital Subscriber Line Family of Technology