TCP/IP PROTOCOL SUITE & APPLICATION LAYER

6.TCP/IP PROTOCOL SUITE & APPLICATION LAYER

6.1 TCP/IP :Introduction

The TCP/IP transport layer transports data between applications on source and destination devices. Familiarity with the transport layer is essential to understand modern data networks. This module will describe the functions and services of this layer.

Many of the network applications that are found at the TCP/IP application layer are familiar to most network users. HTTP, FTP, and SMTP are acronyms that are commonly seen by users of Web browsers and e-mail clients.This module also describes the function of these and other applications from the TCP/IP networking model.

6.1.1 Flow control

As the transport layer sends data segments, it tries to ensure that data is not lost. Data loss may occur if a host cannot process data as quickly as it arrives. The host is then forced to discard the data. Flow control ensures that a source host does not overflow the buffers in a destination host. To provide flow control, TCP allows the source and destination hosts to communicate.The two hosts then establish a data-transfer rate that is agreeable to both.

• TCP/IP Transport Layer
• Session establishment, maintenance, and termination

Applications can send data segments on a first-come, first-served basis. The segments that arrive first will be taken care of first. These segments can be routed to the same or different destinations. Multiple applications can share the same transport connection in the OSI reference model. This is referred to as the multiplexing of upper-layer conversations. Numerous simultaneous upper-layer conversations can be multiplexed over a single connection.

One function of the transport layer is to establish a connection-oriented session between similar devices at the application layer. For data transfer to begin, the source and destination applications inform the operating systems that a connection will be initiated. One node initiates a connection that must be accepted by the other. Protocol software modules in the two operating systems exchange messages across the network to verify that the transfer is authorized and that both sides are ready.

The connection is established and the transfer of data begins after all synchronization has occurred. The two machines continue to communicate through their protocol software to verify that the data is received correctly.

The first handshake requests synchronization.The second handshake acknowledge the initial synchronization request, as well as synchronizing connection parameters in the opposite direction. The third handshake segment is an acknowledgment used to inform the destination that both sides agree that a connection has been established. After the connection has been established, data transfer begins.

Congestion can occur for two reasons:

First, a high-speed computer might generate traffic faster than a network can transfer it.

Second, if many computers simultaneously need to send datagrams to a single destination, that destination can experience congestion, although no single source caused the problem.

When datagrams arrive too quickly for a host or gateway to process, they are temporarily stored in memory. If the traffic continues, the host or gateway eventually exhausts its memory and must discard additional datagrams that arrive.

Instead of allowing data to be lost, the TCP process on the receiving host can issue a “not ready” indicator to the sender. This indicator signals the sender to stop data transmission. When the receiver can handle additional data, it sends a “ready” transport indicator. When this indicator is received, the sender can resume the segment transmission.

At the end of data transfer, the source host sends a signal that indicates the end of the transmission. The destination host acknowledges the end of transmission and the connection is terminated.

6.1.2 Three-way handshake

TCP is a connection-oriented protocol. TCP requires a connection to be established before data transfer begins. The two hosts must synchronize their initial sequence numbers to establish a connection. Synchronization occurs through an exchange of

segments that carry a synchronize (SYN) control bit and the initial sequence numbers. This solution requires a mechanism that picks the initial sequence numbers and a handshake to exchange them.

The synchronization requires each side to send its own initial sequence number (INS) and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side. Each side must also receive the ISN from the other side and send a confirming ACK. The sequence is as follows:

The sending host (A) initiates a connection by sending a SYN packet to the receiving host (B) indicating its INS = X:

A - > B SYN, seq of A = X

B receives the packet, records that the seq of A = X, replies with an ACK of X + 1, and indicates that its INS = Y. The ACK of X + 1 means that host B has received all octets up to and including X and is expecting X + 1 next:

B - > A ACK, seq of A = X, SYN seq of B = Y, ACK = X + 1

A receives the packet from B, it knows that the seq of B = Y, and responds with an ACK of Y + 1, which finalizes the connection process:

A - > B ACK, seq of B = Y, ACK = Y + 1

This exchange is called the three-way handshake.

A three-way handshake is necessary because sequence numbers are not based on a global clock in the network and TCP protocols may use different mechanisms to choose the initial sequence numbers. The receiver of the first SYN would not know if the segment was delayed unless it kept track of the last sequence number used on the connection. If the receiver does not have this information, it must ask the sender to verify the SYN.

6.1.3 Windowing

Data packets must be delivered to the recipient in the same order in which they were transmitted to have a reliable, connection-oriented data transfer. The protocol fails if any data packets are lost, damaged, duplicated, or received in a different order. An easy solution is to have a recipient acknowledge the receipt of each packet before the next packet is sent.If a sender had to wait for an ACK after each packet was sent, throughput would be low. Therefore, most connection-oriented, reliable protocols allow multiple packets to be sent before an ACK is received. The time interval after the sender transmits a data packet and before the sender processes any ACKs is used to transmit more data. The number of data packets the sender can transmit before it receives an ACK is known as the window size, or window.TCP uses expectational ACKs. This means that the ACK number refers to the next packet that is expected.

Windowing refers to the fact that the window size is negotiated dynamically in the TCP session. Windowing is a flow-control mechanism. Windowing requires the source device to receive an ACK from the destination after a certain amount of data is transmitted. The destination host reports a window size to the source host. This window specifies the number of packets that the destination host is prepared to receive. The first packet is the ACK.With a window size of three, the source device can send three bytes to the destination. The source device must then wait for an ACK. If the destination receives the three bytes, it sends an acknowledgment to the source device, which can now transmit three more bytes.If the destination does not receive the three bytes, because of overflowing buffers, it does not send an acknowledgment. Because the source does not receive an acknowledgment, it knows that the bytes should be retransmitted, and that the transmission rate should be decreased.

In Figure , the sender sends three packets before it expects an ACK. If the receiver can handle only two packets, the window drops packet three, specifies three as the next packet, and indicates a new window size of two. The sender sends the next two packets, but still specifies a window size of three. This means that the sender will still expect a three-packet ACK from the receiver. The receiver replies with a request for packet five and again specifies a window size of two.

6.1.4 TCP

TCP is a connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack. In a connection-oriented environment, a connection is established between both ends before the transfer of information can begin. TCP breaks messages into segments, reassembles them at the destination, and resends anything that is not received. TCP supplies a virtual circuit between end-user applications.

The following protocols use TCP:

• FTP
• HTTP
• SMTP
• Telnet

The following are the definitions of the fields in the TCP segment:

• Source port – Number of the port that sends data
• Destination port – Number of the port that receives data
• Sequence number – Number used to ensure the data arrives in the correct order
• Acknowledgment number – Next expected TCP octet
• HLEN – Number of 32-bit words in the header
• Reserved – Set to zero
• Code bits – Control functions, such as setup and termination of a session
• Window – Number of octets that the sender will accept
• Checksum – Calculated checksum of the header and data fields
• Urgent pointer – Indicates the end of the urgent data
• Option – One option currently defined, maximum TCP segment size
• Data – Upper-layer protocol data

6.1.5 UDP

UDP is a simple protocol that exchanges datagrams without guaranteed delivery. It relies on higher-layer protocols to handle errors and retransmit data.

UDP does not use windows or ACKs. Reliability is provided by application layer protocols. UDP is designed for applications that do not need to put sequences of segments together.

The following protocols use UDP:

• TFTP
• SNMP
• DHCP
• DNS

The following are the definitions of the fields in the UDP segment:

• Source port – Number of the port that sends data
• Destination port – Number of the port that receives data
• Length – Number of bytes in header and data
• Checksum – Calculated checksum of the header and data fields
• Data – Upper-layer protocol data

6.2 The Application Layer

6.2.1 Introduction

The session, presentation, and application layers of the OSI model are bundled into the application layer of the TCP/IP model. This means that representation, encoding, and dialog control are all handled in the TCP/IP application layer. This design ensures that the TCP/IP model provides maximum flexibility at the application layer for software developers.

The TCP/IP protocols that support file transfer, e-mail, and remote login are probably the most familiar to users of the Internet. These protocols include the following applications:

• DNS
• FTP
• HTTP
• SMTP
• SNMP
• Telnet

6.2.2 DNS

The Internet is built on a hierarchical addressing scheme. This scheme allows for routing to be based on classes of addresses rather than based on individual addresses. The problem this creates for the user is associating the correct address with the Internet site. It is very easy to forget an IP address to a particular site because there is nothing to associate the contents of the site with the address. Imagine the difficulty of remembering the IP addresses of tens, hundreds, or even thousands of Internet sites.

A domain naming system was developed in order to associate the contents of the site with the address of that site. The Domain Name System (DNS) is a system used on the Internet for translating names of domains and their publicly advertised network nodes into IP addresses. A domain is a group of computers that are associated by their geographical location or their business type. A domain name is a string of characters, number, or both. Usually a name or abbreviation that represents the numeric address of an Internet site will make up the domain name. There are more than 200 top-level domains on the Internet, examples of which include the following:

.us – United States

.uk – United Kingdom

There are also generic names, which examples include the following:

.edu – educational sites

.com – commercial sites

.gov – government sites

.org – non-profit sites

.net – network service

6.2.2 FTP and TFTP

FTP is a reliable, connection-oriented service that uses TCP to transfer files between systems that support FTP. The main purpose of FTP is to transfer files from one computer to another by copying and moving files from servers to clients, and from clients to servers. When files are copied from a server, FTP first establishes a control connection between the client and the server. Then a second connection is established, which is a link between the computers through which the data is transferred. Data transfer can occur in ASCII mode or in binary mode. These modes determine the encoding used for data file, which in the OSI model is a presentation layer task. After the file transfer has ended, the data connection terminates automatically. When the entire session of copying and moving files is complete, the command link is closed when the user logs off and ends the session.

TFTP is a connectionless service that uses User Datagram Protocol (UDP). TFTP is used on the router to transfer configuration files and Cisco IOS images and to transfer files between systems that support TFTP. TFTP is designed to be small and easy to implement. Therefore, it lacks most of the features of FTP. TFTP can read or write files to or from a remote server but it cannot list directories and currently has no provisions for user authentication. It is useful in some LANs because it operates faster than FTP and in a stable environment it works reliably.

6.2.4 HTTP

Hypertext Transfer Protocol (HTTP) works with the World Wide Web, which is the fastest growing and most used part of the Internet. One of the main reasons for the extraordinary growth of the Web is the ease with which it allows access to information. A Web browser is a client-server application, which means that it requires both a client and a server component in order to function. A Web browser presents data in multimedia formats on Web pages that use text, graphics, sound, and video. The Web pages are created with a format language called Hypertext Markup Language (HTML). HTML directs a Web browser on a particular Web page to produce the appearance of the page in a specific manner. In addition, HTML specifies locations for the placement of text, files, and objects that are to be transferred from the Web server to the Web browser.

Hyperlinks make the World Wide Web easy to navigate. A hyperlink is an object, word, phrase, or picture, on a Web page. When that hyperlink is clicked, it directs the browser to a new Web page. The Web page contains, often hidden within its HTML description, an address location known as a Uniform Resource Locator (URL).

In the URL http://www.cisco.com/edu/, the "http://" tells the browser which protocol to use. The second part, "www", is the hostname or name of a specific machine with a specific IP address. The last part, /edu/ identifies the specific folder location on the server that contains the default web page.

A Web browser usually opens to a starting or "home" page. The URL of the home page has already been stored in the configuration area of the Web browser and can be changed at any time. From the starting page, click on one of the Web page hyperlinks, or type a URL in the address bar of the browser. The Web browser examines the protocol to determine if it needs to open another program, and then determines the IP address of the Web server using DNS. Then the transport layer, network layer, data link layer, and physical layer work together to initiate a session with the Web server. The data that is transferred to the HTTP server contains the folder name of the Web page location. The data can also contain a specific file name for an HTML page. If no name is given, then the default name as specified in the configuration on the server is used.

The server responds to the request by sending to the Web client all of the text, audio, video, and graphic files specified in the HTML instructions. The client browser reassembles all the files to create a view of the Web page, and then terminates the session. If another page that is located on the same or a different server is clicked, the whole process begins again.

6.2.5 SMTP

Email servers communicate with each other using the Simple Mail Transfer Protocol (SMTP) to send and receive mail. The SMTP protocol transports email messages in ASCII format using TCP.

When a mail server receives a message destined for a local client, it stores that message and waits for the client to collect the mail. There are several ways for mail clients to collect their mail. They can use programs that access the mail server files directly or collect their mail using one of many network protocols. The most popular mail client protocols are POP3 and IMAP4, which both use TCP to transport data. Even though mail clients use these special protocols to collect mail, they almost always use SMTP to send mail. Since two different protocols, and possibly two different servers, are used to send and receive mail, it is possible that mail clients can perform one task and not the other. Therefore, it is usually a good idea to troubleshoot e-mail sending problems separately from e-mail receiving problems.

When checking the configuration of a mail client, verify that the SMTP and POP or IMAP settings are correctly configured. A good way to test if a mail server is reachable is to Telnet to the SMTP port (25) or to the POP3 port (110). The following command format is used at the Windows command line to test the ability to reach the SMTP service on the mail server at IP address 192.168.10.5:

C:\>telnet 192.168.10.5 25

The SMTP protocol does not offer much in the way of security and does not require any authentication. Administrators often do not allow hosts that are not part of their network to use their SMTP server to send or relay mail. This is to prevent unauthorized users from using their servers as mail relays.

6.2.6 SNMP

The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. SNMP uses UDP as its transport layer protocol.

An SNMP managed network consists of the following three key components:

• Network management system (NMS) – NMS executes applications that monitor and control managed devices. The bulk of the processing and memory resources required for network management are provided by NMS. One or more NMSs must exist on any managed network.
• Managed devices – Managed devices are network nodes that contain an SNMP agent and that reside on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers, access servers, switches, and bridges, hubs, computer hosts, or printers.
• Agents – Agents are network-management software modules that reside in managed devices. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.

6.2.7 Telnet

Telnet client software provides the ability to login to a remote Internet host that is running a Telnet server application and then to execute commands from the command line. A Telnet client is referred to as a local host. Telnet server, which uses special software called a daemon, is referred to as a remote host.

To make a connection from a Telnet client, the connection option must be selected. A dialog box typically prompts for a host name and terminal type. The host name is the IP address or DNS name of the remote computer. The terminal type describes the type of terminal emulation that the Telnet client should perform. The Telnet operation uses none of the processing power from the transmitting computer. Instead, it transmits the keystrokes to the remote host and sends the resulting screen output back to the local monitor. All processing and storage take place on the remote computer.

Telnet works at the application layer of the TCP/IP model. Therefore, Telnet works at the top three layers of the OSI model. The application layer deals with commands. The presentation layer handles formatting, usually ASCII. The session layer transmits. In the TCP/IP model, all of these functions are considered to be part of the application layer.