Understanding TCP/IP fundamentals.
How does TCP/IP Model work?
TCP/IP network infrastructure model provides common platform/ground to communicate/exchange data over any physical media technology (data link layer).
What is IP Network Infrastructure?
After the evolution of computers there was a need to exchange data/information between them upon common platform, however underlying layer 2 (data link layer/physical layer) technologies were not common and different vendors using different technologies to transfer data over different media. In order to exchange data on common platform they created virtual areas called networks where networking devices can live and exchange information between them by using any physical layer technology.. forgot to mention that before the invention of IP/networks (virtual areas) we still had layer 2 infra to transfer information from one station/computer to another. So now we know that IP/layer 3 provides common infra to communicate over the different layer 2 technologies. we will cover Layer 2 physical technologies later in this thread under TCP/IP model.
What is IP addressing scheme or Network layer?
As we know that network layer provides common ground to communicate over any physical infra example Ethernet, serial links, ATM, apple talk etc. So we know it exists but what is it?
It is not a wrong statement to say that an IP Addressing scheme is equivalent to network layer.
Network layer = IP Addressing scheme.
let's try to understand IP Addressing Scheme/how network layer works.
IP addressing Scheme is a range of numbers, where first and last number represent a boundary of that range, for example the range starting form 1 and ending at 10, so 1 and 10 representing the first and last number of this range and the numbers in between from 2 to 9 fall under this range.
In simple words 1 represents network number.prefix and from 2 to 9 are the actual IP addresses of this range and 10 represent broadcast IP address, which is used to transfer information to all the IP address in this range.
In simple words 1 represents network number.prefix and from 2 to 9 are the actual IP addresses of this range and 10 represent broadcast IP address, which is used to transfer information to all the IP address in this range.
How do we decide the range? (what should be the first and last number of that range)
The range is decided through subnet-mask in ip addressing scheme that we will discuss later in next post of ip addressing thread.
The range is decided through subnet-mask in ip addressing scheme that we will discuss later in next post of ip addressing thread.
Lets's take an example of real world...
[1 (computer 2 ------------ computer 5) 10 ]
computer 2 and computer 5 are connected to any physical media (Ethernet,serial etc) that is not are concerns since we have network layer which provides common number system to exchange data.
number 2 and number 5 are assigned to computers which shows their existence in the network of 1 since it is start of a range and if we will send traffic to 10 address then both 2 and 5 will receive it, So as you see as far as TCP/IP stack concerns, one IP address can transfer information to other IP address in same network range irrelevance of underlying physical layer.
OSI reference model and TCP/IP stack
OSI reference Model TCP/IP stack (actually being used)
7. Application Application (Includes layer 7,6 & 5)
6. Presentation
5. Session
4. Transport Transport (layer 4 only)
3. Network Internet layer ( layer 3 & 2 )
2. Data Link Layer
1. Physical Network Interface ( Ethernet 802.3, 802.5, FDDI etc. )
Discuss TCP/IP Model.
IP operates at the Internet layer of the TCP/IP suite, which corresponds to the network layer of the OSI reference model. IP provides connectionless data-delivery services, which involve transmission of information from one part of a network to another in units of data known as packets or datagrams.
IP Addressing is an important part of internet layer to provide end to end communication between end devices in same or different network. For any communication the source and destination IP address is required in Internet protocol layer header to understand the target of bi-directional communication.
IP Header caries this source and destination information in the network world, below I am referring the information mentioned in IP header.
So now we know that internet layer provides common ground through IP addressing scheme for two network devices to communicate over any physical media.
IP Addressing is an important part of internet layer to provide end to end communication between end devices in same or different network. For any communication the source and destination IP address is required in Internet protocol layer header to understand the target of bi-directional communication.
IP Header caries this source and destination information in the network world, below I am referring the information mentioned in IP header.
So now we know that internet layer provides common ground through IP addressing scheme for two network devices to communicate over any physical media.
IP Header
For now we just need to concern about the source and destination network layer IP address field which represents the existence of any device in a network which is necessary to communicate between devices in virtual network area, rest of the field will be discussed separately in IP protocol thread.
Let's try to understand that what is Network interface layer?
So as the name suggest Network interface layer means Network interface card and every interface card is associated with link layer technology for example Ethernet NIC which is used to connect devices over Ethernet cable uses Ethernet as link layer technology.
Serial NIC connects network devices over serial cable called wan interface uses either PPP or HDLC as link layer protocol.
So why they use link layer protocol if they are already using network layer?
TO understand this we have to admit that network/internet layer is virtual layer, however in order to copy datagram from one device to another some link layer information is required and these protocol provide this information and then further NIC converts this information to electrical signals and send over to the wire.
what is this link layer information?
To understand the link layer information we need to understand the different types of link layer technology.
1. Ethernet also called broadcast technology.
2. serial also called Point to Point technology.
3. Fiber uses Ethernet technology etc.
Link layer information depends upon the link layer technology, that means Ethernet link layer header information is different than serial because of the nature of technology ! whether it is point to point or broadcast.
Point to Point network type
Only 2 network devices can be in same network and connect together irrelevance of IP address range.
The subnet mask can represent more than 2 IP address but in p2p network type only 2 physical network devices can connect together, so if we assign bigger subnet range we are literally wasting the ip addresses in that range that we can assign somewhere else.
Broadcast network type
More than 2 network devices can connect together here through layer 2 switch.
Lets check the difference through actual packet capture of Ethernet frame or serial frame.
Link layer information of Ethernet Physical media.
1. Encapsulation is Ethernet which tells networking device to gather link layer information for Ethernet broadcast network type only to fill in this header.
2. Source and Destination mac address, since Ethernet is a broadcast type many network device can connect over to same physical media through switch, so on media level we need a separate hardware address information to reach network devices, same as network layer IP address but on physical layer.
3. Type information field is used to understand what should be the next protocol the device should refer in TCP/IP stack in network layer. example of network layer protocols IPv4, Apple talk, IPX, IPv6 etc.
Link layer information of Serial physical media.
PPP Encapsulation Type for serial link
Echo request Packet in ppp frame
Echo reply packet in PPP frame
HDLC Encapsulation type for serial link.
Echo request Packet in HDLC frame
Echo reply packet in HDLC frame
As you can see that we do not need any source and destination mac address in point to point network type, but it is predefined software coded address not like Ethernet which is hard coded on NIC it self, In PPP/HDLC. It is software based predefined address same for both device connected through physical media.
Let's focus on Transport layer of TCP/IP stack.
Up till now we understand about network/internet layer which provides common platform for devices to communicate over different physical media, but then what is transport layer.
Before understanding transport layer we need to understand traffic/data generated by network applications. Network applications are those applications which are capable of exchanging data over network foundation example FTP (file transfer protocol), email, web-browsing, whats app etc.
These application generates network traffic and send it across the network to destination network device.
So now we know that network communication is not only happens in between network devices but one level ahead which is application level communication.
Network layer helps reaching to network devices over any physical media but how to reach any application installed on that network device? The answer available in transport layer header information which is source and destination port numbers. Destination port number is always a well known port number and source is random generated by host machine.
Let's take a real world example to understand how Transport layer works.
computer-A-------------------------computer-B
FTP client FTP server
10.1.1.1/24 10.1.1.2/24
A is connected to B in network 10 where more than 200 host can connect. FTP is network application which is installed on both A and B to transfer data between A and B. One of the computer becomes source and other one becomes destination for this transfer. Since we already know network layer IP address so network layer connectivity is there but how to reach an FTP app on B, the answer is through well known port number of FTP app.
So A should know the well known port no. of ftp (21) which becomes destination port no. and source port no. is randomly generated on A out of 65535 number. So once the traffic is received on B then after having all the below TCP/ip stack layer checked we finally reached to transport layer which takes out the destination port no. from transport header to understand the network application and send the traffic on that specific application session.
How do Network devices use TCP/IP stack practically?
lets take real world example.
computer-A---Ethernet--Cable------computer-B
FTP client 36281 FTP server 21
10.1.1.1/24 10.1.1.2/24
MAC A MAC B
Network communication happens when any network device receives its own TCP/IP stack information in packet/datagram. If A wants to send network datagram to B it has to put B's TCP/IP stack headers information like its MAC address (B), ip address (10.1.1.2) and application port no. 21 and send it across physical Ethernet cable and B also does the same thing with A's information.
Once the network device receives its own information in TCP/IP stack headers only then it allows the data communication. So now we know once a device receives network datagram it compares it's own TCP/IP stack information with datagram on every layer and if its matching only then data connection is allowed.
Let's try to understand the comparison process the device does after receiving the network datagram.
1. when network device receives datagram it first checks data link layer frame to verify if it is receiving it's own mac address or not. Ethernet the mac address should be burnt in mac address and in serial link it should be software coded.
2. To verify the information on network layer the device first needs to identify the network layer protocol types like ipv4, ipv6, ipx, apple talk etc since every protocol describes the ip address differently in its own format. This type field information it receives it from the type field of layer 2 frame.
3. Once the device knows that the network layer protocol is IP from type field it compares the destination IP address field with its own one and that should be matching.
4. Once the comparison is done on the network layer device follows the same process of identifying transport layer protocol like TCP, UDP. from the protocol field of IP header.
5. To further defines the application it compares the port no. in either TCP/UDP protocol destination port no. field and decides which application session we need to refer to. example ftp, http, dns etc.
comparison process explains communication between the layers of TCP/IP stack within same network device.
you can follow the packet capture outputs to refer the information mentioned in this thread.
Please follow my next thread to understand the IPv4 IP addressing and transport layer port numbers.
Thanks for reading.
Ankit Arora
Very good article on the basic, keep it up Ankit
ReplyDeleteExpecting more such lessons from you