Saturday, 16 April 2016

Routing and Switching Thread..

Routing and Switching Thread..

In my last TCP/IP thread we talked about the TCP/IP stack which describes common ground/platform of network data communication. So as we discussed network layer corresponds to IP addressing scheme provides a virtual numeric area consist of IP address range calculated by subnet.

Before understanding what is Routing and Switching we need to understand IP Addressing scheme.

IP Addressing Concepts..

IP addressing is essential part to perform IP protocol operations, one of them is media independent architecture. IP addressing assigns addresses to individual network interfaces of a device (link-based approach) instead of using a single address for the whole device (host-based approach) This provides us routing capability. The various interfaces of a device are connected to network links that are designated as sub-networks (or subnets) and are assigned subnet addresses.

An interface's IP address is assigned from the subnet address space of the connecting link. The advantage of this link-based addressing approach is that it allows routers to summarize routing information by keeping track of only IP subnets in the routing tables instead of every host on the network. This is advantageous especially for broadcast links such as Ethernet that might have many devices connected at the same time. The Address Resolution Protocol (ARP) is used in IP networking for resolving the IP addresses of directly connected hosts to the corresponding data-link addresses.

Lets take an example here to understand link-based addressing approach.

                                                         

    network link group--10.0.0.0/24--------1(Router)2--------20.0.0.0/24---network link group

This Router is connected to 2 network links, one link resides under sub-network 10.0.0.0/24 and another one in 20.0.0.0/24. The devices which are connected to these network links gets the IP addresses from the range of sub-networks of either 10.0.0.0 or 20.0.0.0 and how many IP address we can actually assign depends on the subnet-mask of that sub-network.

Currently, two types of IP addresses exist: IP Version 4 addresses (IPv4) and IP Version 6 addresses
(IPv6). IPv4 addressing, which was in place before IPv6 was adopted, uses 32 bits to represent each
IP address. This 32-bit addressing scheme provides up to 232 (4,294,967,295) unique host
addresses, mathematically speaking. With the ever increasing size of the global Internet, the 32-bit
IPv4 addressing scheme has turned out to be insufficient for the foreseeable future, prompting the
introduction of the 128-bit IPv6 addressing scheme.

1. IPv4 address classes

As explained in the previous section, the 32-bit IPv4 addressing scheme allows a large number of host addresses in it. However, the link-based addressing scheme adopted by IP requires
network links to be associated with groups of addresses from which the connected hosts are assigned specific addresses. These address groups, described also as address prefixes/network number, are referred to in classical IP terminology as IP network numbers.

Five address classes—A, B, C, D, and E—were defined to enable efficient allocation of IP addresses in one network links group.

IP Address Classes and Representation

Address   Bit pattren of      First Byte               Dotted Decimal host allocation range
Class        first byte              Decimal range

A              0xxxxxxx             1 to 127                   1.0.0.1 to 126.255.255.254

B              10xxxxxx             128 to 191               128.0.0.1 to 191.255.255.254

C             110xxxxx              192 to 223               192.0.0.1 to 223.255.255.254

D             1110xxxx              224 to 239               224.0.0.1 to 239.255.255.254

E             11110xxx              240 to 255               240.0.0.1 to 255.255.255.255

Specific Bit pattern of first byte defines decimal range and than we can defines dotted decimal range but always remember that first IP address is always network prefix and last one is broadcast address.

out of five classes there are only class A, B and C are used for unicast IP addressing and D is for multicast IP address group. E is for testing purpose.

classfull network scheme.

Class A— 8-bit network ID, 24-bit host ID

Class B— 16-bit network ID, 16-bit host ID

Class C— 24-bit network ID, 8-bit host ID

As I said earlier IP address resides under a group called network and to define that group network id is required.

Network part defines the start and end of the boundary and host part is just a number in that boundary. IP addresses use masks to separate host bits from the network number bits.  In classfull network scheme the network bits are predefined and we can not change it. For example class A network scheme first 8 bits are reserved for network id that means from 1 to 126 that number could be anything but you can not change it and rest of the 24 bits are host bits that means there are 232 unique host same goes with other network classes as mentioned above.

How to calculate subnet-mask?
The network bits are actually represent subnet-mask. lets take an example of class C where 24 bits from left to right out of 32 are reserved, and you can select any number in the range from 192 to 223 representing your network bits in classful scheme. To calculate subnet mask we need to understand in dotted decimal architecture of IP addressing scheme, we need to understand dotted decimal scheme.

Dotted decimal architecture divide complete 32 bits into 4 octets separated by dots example 10.10.10.10, Every octet contains 8 bits and 2(8) is 255 starting from 0, So every octet can assign a number from 1 to 255, subnet 0 we do not use these days. subnet mask is calculated on how many bits out of 32 are assigned to network id so lets say for IP address 10.10.10.10 
8 bits are assigned to network id portion that means first octet is reserved for network portion which left 24 bits to select your host portion that means your subnet mask would be 255.0.0.0 because first octet is fully utilized which is represented by 255 (2(8) remember every octet 8 bits) but host octet is free to use. So as you see here how the subnet-mask helps  us to find the network portion and host portion of any IP address. 

example 
        0             8              16            24             32
BIT 00000000.00000000.00000000.00000000
        ---A------                                   
        -----------B-----------
        -------------------------C----------

These bits are either 0 or 1,  0 means not utilised and 1 means utilised.
example..
100.100.100.100 class A mask is 255.0.0.0
150.100.100.100 class B mask is 255.255.0.0
200.100.100.100 class c mask is 255.255.255.0 

Classless IP addressing scheme.

In classless addressing, any IP network number is interpreted as a prefix of any certain length.
There is no boundation as such like classful that only from 1 to 126 number prefix can have  /8 bit subnet mask you can literally use any number out of 1 to 255 for any length out of classful subnet range. example 192.168.0.1/8 or 10.0.0.1/24 this type of scheme is called CIDR and helpful in assigning IP address more efficiently.

With classless inter-domain routing now we can assign any certain length to any network prefix number, but still there are only 3 class of subnet /8, /16 and /24, in order to further divide them into multiple sub-networks we need different approach called VLSM (variable length subnet mask) and to achieve this approach we need to understand sub-netting. 

Sub-netting

IP sub-netting introduces another level of hierarchy into the structure of IP address classes by moving  some of the host bits into the network bis which represent network ID. The extended network ID is referred to as a sub-network number or simply as an IP subnet.

example..

ip address bits of class B 

11111111.11111111.00000000.00000000
------------B-------- 
To further make subnets of this network we need to turn the host bits to network bits.

11111111.11111111.11111111.11111100
---------Subnetted class-------------

so if the ip address prefix is 130.0.0.0/30 since 30 bits are network bits and only 2 bits are available to avail the space for host that means only four IP address fall in this subnet range and out of 4 only 2 can assign to host machines as IP addresses. 
When an IP address is subnetted, the address mask is adjusted to reflect the new demarcation
between the network and host bits.  I have shown the new mask which is derived from class B after subnetting is 255.255.255.252

How this mask is calculated.

11111111.11111111.11111111.11111100
A string of ones in the mask represent the network bits, and the zeros represent the host bits.
1st octet all bits are 1 that means dotted decimal number is 255 and same for the 2nd and 3rd octet but in fourth octet only 6 bits are network bits so to calculate the dotted decimal number try the below formula.

1     1    1   1   1   1  1  1
128 64 32 16  8  4   2  1  add all those = 255 

1  1  1  1  1  1  0  0

128+64+32+16+8+4  = 252 = 30 bits ON

How to calculate the range of IP addresses after subnetting.




How network device communication happens in single IP network.

As we know for Network layer to work we need IP Addressing scheme and for Network connectivity that means we need to follow the rules of  TCP/IP layer headers. 

For example:   (Computer1---ethernet---Computer2)   network 10.1.1.0/24 
                             10.1.1.1                             10.1.1.2
Computer 1 is connected to Computer 2 through Ethernet cable which states we are trying to maintain network connectivity over Ethernet cable ie to reach from 1 to  2 we need to know the physical mac address, IP address and application port numbers of both computer 1 and 2.

How to connect between same network.

When a user on 1 wants to download some data from 2  the application ftp is used on both computers. 
user opens up ftp application on 1 and enter an IP address of 2 in the address bar now 1 knows  the destination ip address of 2 for network layer header information, and for transport header information a well know ftp port number 21 is already hard-coded in the program of ftp application and finally the network interface header to complete we need to run the ARP process on Ethernet for corresponding IP address of 2. 

With all the information provided 1 calculates if the destination IP address falls in 1's network or not if yes then it runs the ARP process to know the destination mac address for 2's NIC. 
and after filling all the information it converts all the data into bit pattern and then physical layer converts into electrical signals and send it over to ether net wire, when 2 receives it confirms all the destination header field in all the layer headers starting from network interface with its own network information since it is expecting to receive its own information in headers from 1. 2 replies the same way by gathering the 1's information in the incoming  headers.

Network layer header information : source IP address (manually configured or learned via DHCP) and destination IP address (manually entered or learned via incoming network layer header)

Network interface header : source mac (hard-coded on NIC) and destination mac (learned via ARP)

Transport header : source port (random no. generated via computer) and destination port no. (well known assigned via IANA)

How network device communication happens in different IP network.

A network host can only communicate to the different network resident host when it is connected to at-least one network device which is equipped with the routing and switching capabilities and connect to both the network prefixes at the same time. The device is called Router.

what is Routing and Switching capability.

Routing means to learn the network/sub-network information on an interface and store it in memory called routing table and Switching means to switch data from ingress to egress interface by considering information learnt in routing table or mac-address-table. 



Posted by at No comments:

Saturday, 9 April 2016

TCP/IP Thread

Understanding TCP/IP fundamentals.

How does TCP/IP Model work?

TCP/IP network infrastructure model provides common platform/ground to communicate/exchange data over any physical  media technology (data link layer).

What is IP Network Infrastructure?

After the evolution of computers there was a need to exchange data/information between them upon common platform, however underlying layer 2 (data link layer/physical layer) technologies were not common and different vendors using different technologies to transfer data over different media.  In order to exchange data on common platform they created virtual areas called networks where networking devices can live and exchange information between them by using  any physical layer technology.. forgot to mention that before the invention of IP/networks (virtual areas) we still had layer 2 infra to transfer information from one station/computer to another. So now we know that IP/layer 3 provides common infra to communicate over the different layer 2 technologies. we will cover Layer 2 physical technologies later in this thread under TCP/IP model.

What is IP addressing scheme or Network layer?

As we know that network layer provides common ground to communicate over any physical infra example Ethernet, serial links, ATM, apple talk etc. So we know it exists but what is it?

It is not a wrong statement to say that an IP Addressing scheme is equivalent to network layer.
Network layer = IP Addressing scheme.

let's try to understand IP Addressing Scheme/how network layer works.

IP addressing Scheme is a range of numbers, where first and last number represent a boundary of that range, for example the range starting form 1 and ending at 10, so 1 and 10 representing the first and last number of this range and the numbers in between from 2 to 9 fall under this range.
In simple words 1 represents network number.prefix and from 2 to 9 are the actual IP addresses of this range and 10 represent broadcast IP address, which is used to transfer information to all the IP address in this range.

How do we decide the range? (what should be the first and last number of that range)

The range is decided through subnet-mask in ip addressing scheme that we will discuss later in next post of ip addressing thread.

Lets's take an example of real world...

                                                  [1 (computer 2 ------------ computer 5) 10 ]

computer 2 and computer 5 are connected to any physical media (Ethernet,serial etc) that is not are concerns since we have network layer which provides common number system to exchange data.
number 2 and number 5 are assigned to computers which shows their existence in the network of 1 since it is start of a range and if we will send traffic to 10 address then both 2 and 5 will receive it,  So as you see as far as TCP/IP stack concerns, one IP address can transfer information to other IP address in same network range irrelevance of underlying physical layer.

OSI reference model and TCP/IP stack


OSI reference Model                                                      TCP/IP stack (actually being used)


7. Application                                                                   Application  (Includes layer 7,6 & 5)
6. Presentation                                                              
5. Session
4. Transport                                                                      Transport  (layer 4 only)
3. Network                                                                        Internet layer  ( layer 3 & 2 )
2. Data Link Layer
1. Physical                                                                        Network Interface ( Ethernet 802.3, 802.5, FDDI etc. )


Discuss TCP/IP Model.

IP operates at the Internet layer of the TCP/IP suite, which corresponds to the network layer of the OSI reference model. IP provides connectionless data-delivery services, which involve transmission of information from one part of a network to another in units of data known as packets or datagrams.

IP Addressing is an important part of internet layer to provide end to end communication between end devices in same or different network. For any communication the source and destination IP address is required in Internet protocol layer header to understand the target of bi-directional communication.

IP Header caries this source and destination information in the network world, below I am referring the information mentioned in IP header.

So now we know that internet layer provides common ground through IP addressing scheme for two network devices to communicate over any physical media.

IP Header


For now we just need to concern about the source and destination network layer IP address field which represents the existence of any device in a network which is necessary to communicate between devices in virtual network area, rest of the field will be discussed separately in IP protocol thread.
Let's try to understand that what is Network interface layer?

 So as the name suggest Network interface layer means Network interface card and every interface card is associated with link layer technology for example Ethernet NIC which is used to connect devices over Ethernet cable uses Ethernet as link layer technology.

Serial NIC connects network devices over serial cable called wan interface uses either PPP or HDLC as link layer protocol.

So why they use link layer protocol if they are already using network layer?

 TO understand this we have to admit that network/internet layer is virtual layer, however in order to copy datagram from one device to another some link layer information is required and these protocol provide this information and then further NIC converts this information to electrical signals and send over to the wire.

what is this link layer information?

To understand the link layer information we need to understand the different types of link layer technology.

1. Ethernet also called broadcast technology.
2. serial also called Point to Point technology.
3. Fiber uses Ethernet technology etc.

Link layer information depends upon the link layer technology, that means Ethernet link layer header information is different than serial because of the nature of technology ! whether it is point to point or broadcast.

Point to Point network type
Only 2 network devices can be in same network and connect together irrelevance of IP address range.
The subnet mask can represent more than 2 IP address but in p2p network type only 2 physical network devices can connect together, so if we assign bigger subnet range we are literally wasting the ip addresses in that range that we can assign somewhere else.


Broadcast network type
More than 2 network devices can connect together here through layer 2 switch.


Lets check the difference through actual packet capture of Ethernet frame or serial frame.

 Link layer information of Ethernet Physical media.


1. Encapsulation is Ethernet which tells networking device to gather link layer information for Ethernet broadcast network type only to fill in this header.
2. Source and Destination mac address, since Ethernet is a broadcast type many network device can connect over to same physical media through switch, so on media level we need a separate hardware address information to reach network devices, same as network layer IP address but on physical layer.
3. Type information field is used to understand what should be the next protocol the device should refer in TCP/IP stack in network layer. example of network layer protocols IPv4, Apple talk, IPX, IPv6 etc.


 Link layer information of Serial physical media. 

PPP Encapsulation Type for serial link

Echo request Packet in ppp frame



Echo reply packet in PPP frame

HDLC Encapsulation type for serial link.
Echo request Packet in HDLC frame


Echo reply packet in HDLC frame



As you can see that we do not need any source and destination mac address in point to point network type, but it is predefined software coded address not like Ethernet which is hard coded on NIC it self, In PPP/HDLC.  It is software based predefined address same for both device connected through physical media.

Let's focus on Transport layer of TCP/IP stack.

Up till now we understand about network/internet layer which provides common platform for devices to communicate over different physical media, but then what is transport layer.

Before understanding transport layer we need to understand traffic/data generated by network applications. Network applications are those applications which are capable of exchanging data over network foundation example FTP (file transfer protocol), email, web-browsing, whats app etc.
These application generates network traffic and send it across the network to destination network device.

So now we know that network communication is not only happens in between network devices but one level ahead which is application level communication.

Network layer helps reaching to network devices over any physical media but how to reach any application installed on that network device?  The answer available in transport layer header information which is source and destination port numbers. Destination port number is always a well known port number and source is random generated by host machine.



Let's take a real world example to understand how Transport layer works.

computer-A-------------------------computer-B
  FTP client                                   FTP server
 10.1.1.1/24                                   10.1.1.2/24

A is connected to B in network 10 where more than 200 host can connect. FTP is network application which is installed on both A and B to transfer data between A and B. One of the computer becomes source and other one becomes destination for this transfer. Since we already know network layer IP address so network layer connectivity is there but how to reach an FTP app on B, the answer is through well known port number of FTP app.

So A should know the well known port no. of ftp (21) which becomes destination port no. and source port no. is randomly generated on A out of 65535 number. So once the traffic is received on B then after having all the below TCP/ip stack layer checked we finally reached to transport layer which takes out the destination port no. from transport header to understand the network application and send the traffic on that specific application session.

How do Network devices use TCP/IP stack practically?

 lets take real world example.

 computer-A---Ethernet--Cable------computer-B
  FTP client 36281                             FTP server 21
  10.1.1.1/24                                      10.1.1.2/24
  MAC A                                            MAC B


Network communication happens when any network device receives its own TCP/IP stack information in packet/datagram. If A wants to send network datagram to B it has to put B's TCP/IP stack headers information like its MAC address (B), ip address (10.1.1.2) and application port no. 21 and send it across physical Ethernet cable and B also does the same thing with A's information.

Once the network device receives its own information in TCP/IP stack headers only then it allows the data communication. So now we know once a device receives network datagram it compares it's own TCP/IP stack information  with datagram on every layer and if its matching only then data connection is allowed.

Let's try to understand the comparison process the device does after receiving the network datagram.




1. when network device receives datagram it first checks data link layer frame to verify if it is receiving it's own mac address or not. Ethernet the mac address should be burnt in mac address and in serial link it should be software coded.
2. To verify the information on network layer the device first needs to identify the network layer protocol types like ipv4, ipv6, ipx, apple talk etc since every protocol describes the ip address differently in its own format. This type field information it receives it from the type field of layer 2 frame.
3. Once the device knows that the network layer protocol is IP from type field it compares the destination IP address field with its own one and that should be matching.
4. Once the comparison is done on the network layer device follows the same process of identifying transport layer protocol like TCP, UDP. from the protocol field of IP header.
5. To further defines the application it compares the port no. in either TCP/UDP protocol destination port no. field and decides which application session we need to refer to. example ftp, http, dns etc.

comparison process explains communication between the layers of TCP/IP stack within same network device.

you can follow the packet capture outputs to refer the information mentioned in this thread.





Please follow my next thread to understand the IPv4 IP addressing and transport layer port numbers.

Thanks for reading.

Ankit Arora



































Posted by at 1 comment:
Subscribe to: Comments (Atom)