NET 222: Introduction to Routers and Routing

Chapter 2: Internet Protocols

Objectives:

This chapter discusses several protocols in the TCP/IP suite, binary and hexadecimal numbers, and several aspects of using IP addresses. The objectives important to this chapter are:

1. The Department of Defense networking model
2. TCP/IP on the DoD and OSI models
3. Binary to decimal conversion
4. IP addressing
5. Broadcast addresses
6. Network Address Translation (NAT)

Concepts:

The Internet Protocol suite was developed before the ISO-OSI model. The model used to construct it was the Department of Defense (DoD) model. The Department of Defense was instrumental in the construction of the Internet. Your text describes the DOD model as a condensed version of the OSI model. The chart below shows how the two models relate to each other.

DOD and ISO Models

Functional Description	DOD Layers	ISO Layers
Upper Layer Processes	Process/Application	Application
		Presentation
		Session
Reliable Connections	Host-to-host	Transport
Internetwork Connections	Internet	Network
Hardware/Network Connections	Network Access	Data-Link
		Physical

The four layers of the DOD model address the topics found in the ISO model. If you understand the ISO model, you already understand the DOD model.

The TCP/IP suite does not address topics at the Network Access layer (DOD model). This makes it independent of any networking topology.

On page 62, you see a schematic diagram showing various protocols that operate at each model layer. The text proceeds to discuss the protocols with reference to the DOD model layers where they operate.

Process/Application Layer Protocols (upper 3 layers of the OSI model)

• Telnet - a protocol for connecting to a different computer, and making your workstation a terminal to that other computer
• File Transfer Protocol (FTP) - allows users to copy files as though using local devices. It supports the use of user IDs and passwords.
• Trivial File Transfer Protocol (TFTP) - also allows users to copy files, but does not support User IDs and passwords
• Hypertext Transfer Protocol (HTTP) - the file transfer protocol used on the World Wide Web
• Network File System (NFS) - this protocol allows users on one operating system use files on a device running a different operating system
• Simple Mail Transfer Protocol (SMTP) - this is the standard e-mail transport protocol for TCP/IP stacks. It depends on TCP for message routing. The text points out that SMTP is used for sending e-mail, and Post Office Protocol 3 (POP3) is used on the same systems for retrieving it.
• Line Printer Daemon (LPD) - this protocol receives print jobs and sends them to network printers using TCP/IP
• X Window - X Window is a GUI client interface for running programs on a UNIX server
• Simple Network Management Protocol (SNMP) - a basic network management tool, it generates a lot of traffic about the performance of the network.
• Domain Name System (DNS) - discussed in a previous chapter, converts a registered domain name to an IP address
• Windows Internet Naming Service (WINS) - works like DNS, but it takes NetBIOS names used on Microsoft networks, and converts them to IP addresses
• Dynamic Host Configuration Protocol (DHCP) - DHCP provides not only the IP address, but also configuration settings for the host. DHCP requests are broadcast requests. Broadcast requests are not forwarded by routers, so a DHCP server must be on the same network segment as the device making the request. (Unless we decide to forward those requests, as is often done.)
  The text does not outline the process used to obtain an IP address from a server:
  1. First a workstation broadcasts a DHCPDISCOVER message. This is sent to MAC address FF:FF:FF:FF:FF:FF (broadcast address on the Data Link layer) and IP address 255.255.255.255 (broadcast address on the Network layer).
  2. One or more DHCP servers respond with a DHCPOFFER message, including an available network address.
  3. The workstation receives one or more DHCPOFFER messages from one or more DHCP servers. It chooses one server to accept. The workstation broadcasts a DHCPREQUEST message that identifies the server it has selected.
  4. The DHCP servers listen for the DHCPREQUEST broadcast from the workstation. Servers that were not selected use this message as notification that their offer is declined. The server selected in the DHCPREQUEST message responds with a DHCPACK message containing the address and configuration parameters for the
     client.

  Know this sequence: Discover, Offer, Request, Acknowledgment. DHCP is a connectionless service. It uses UDP for its transmission protocol.

• Bootstrap Protocol (BootP) - BootP is a simpler protocol than DHCP. A device on a network sends its MAC address along with a request for an IP address. A BootP server can only assign an IP address to that device if its MAC address is stored in a BootP table on the server, along with an IP address that is meant for the device. (A DHCP server can service devices dynamically, as long as it has more IP addresses available to assign.)

Host-to-Host Layer Protocols (Transport layer of the OSI model)

• TCP - Transmission Control Protocol provides reliable, connection-oriented delivery service. It creates virtual circuits, which are logically similar to the circuits created for telephone connections. It creates data packages called segments, which include source and destination port numbers, segment numbers, acknowledgement numbers, and checksum information. Your text, of course, does not define what a port number is at this time. Think of a port number as a pointer to a location in the working memory of a device. It stands for the memory address of the program or service you are contacting. Use TCP with services that require guaranteed delivery and proper sequencing of segments, such as Voice over IP.
• UDP - User Datagram Protocol creates segments as well, but they contain only addressing, length, and checksum information in their headers. No numbering, no acknowledgements, no guarantee of delivery. This type of protocol is called connectionless. Compared to TCP it is a thin or light protocol. UDP should be used in conjuction with other protocols that contain their own connection services or that do not need this service. UDP is used with SNMP because SNMP creates a great deal of traffic, and TCP would cause this traffic to consume too much bandwidth. UDP is used with NFS because NFS has its own connection-oriented aspects and does not need TCP to provide this feature.

As noted in other classes, a simple test for whether a protocol under consideration is connnection-oriented or connectionless: if you are asked this question about a protocol, does its name start with a consonant or a vowel? UDP, IPX, and IP are connectionless. TCP, SPX, and NFS are connection-oriented.

The text discusses port numbers, telling us that numbers below 1024 are called well-known port numbers. A port number can be any number from 1 through 65535. Several port numbers are assigned to specific services through conventions established by ICANN. (A listing may be found in RFC 1700. Your text tells us to look at RFC 3232.) If you follow the link above to the list of ports used by specific services, you will find more information than is in your text. You will also find that although the text says that NNTP uses UDP, it also uses TCP.

Some references say ports 1024 through 65535 are Registered ports. Others say that 1024 through 49151 are the Registered ports, and that 49152 through 65535 are Dynamic ports.

Internet Layer Protocols

• Internet Protocol (IP) is a connectionless protocol that supports routing, fragmentation, and reassembly. IP works with other protocols to discover and choose routes for packets bound for other networks. This protocol is responsible for IP addressing, which is used to identify networks and devices in those networks. Network addresses are also called logical addresses and software addresses.
  • The IP protocol receives outgoing segments from TCP and forms them into packets. It receives incoming packets from the the Network Access layer (Data-Link layer) and forms them into segments that it hands to TCP.
  • Packets created by IP include a Time To Live (TTL) value. This is like a countdown timer. If a packet's TTL expires before it is delivered it will be dropped, which prevents it from circulating through bad routes endlessly.
  • The IP protocol packet also includes a field that may be called Protocol or IP Type. It holds a value that tells it which protocol to hand off to when passing data up to the Host-to-Host (Transport) layer. The values in this field do not correspond to other values you may know for these protocols. The text supplies some you may encounter:
    1 - ICMP
    6 - TCP
    9 - IGRP
    17 - UDP
    41 - IPv6
    47 - GRE
    88 - EIGRP
    89 - OSPF
    111 - IPX in IP
    115 - Layer 2 tunnel (L2TP)
• Internet Control Message Protocol (ICMP) is used to send error and control messages to Upper Layer Protocols (because they are concerned with error and flow control). It is also the protocol used by the Ping command, and by routers to signal when packets have exceeded their allowed number of hops, when their buffers are full, and when the destination on a packet is unreachable. The Treceroute utility also uses ICMP to determine the actual route being taken to a destination. The text notes that the data sent by a ping is always the alphabet, and is 100 bytes by default.
• Address Resolution Protocol (ARP) is used on IP networks to resolve an IP address (4 bytes) to a MAC address (6 bytes). Remember that MAC addresses are typically shown as 12-character hexadecimal strings. One byte can be expressed as two hex characters. A later section of this chapter discusses converting hex, binary, and decimal numbers.
• Reverse Address Resolution Protocol (RARP) is the reverse of ARP: it is used to resolve a known MAC address to an unknown IP address. ARP tables are constructed by sending broadcast ARP requests to the network, and recording the responses as IP address/MAC address pairs. RARP and BootP are designed to give an IP address to a workstation on boot. They are typically used on diskless workstations, which have no medium on which to record their IP addresses.

The text moves to a discussion of hexadecimal, binary, and decimal notation. To pass the certification test for this course, you will need to be able to convert decimal notation to binary notation and vice versa. You will need to know a conversion method to pass the test, so we will discuss this one in class.

Values of Positions in a Byte

Bit position:	7	6	5	4	3	2	1	0
Value of Position (if a 1 is in it):	128	64	32	16	8	4	2	1

Like decimal numbers, binary and hex numbers use a positional value scheme. Each digit in a number is worth that digit times the value of the position it occupies. For example, in the decimal number 725, the 7 is worth 7 times 100, the 2 is worth 2 times 10, and the 5 is worth 5 times 1.

Binary is easier, since the only digits we can use are 1s and 0s. The largest number that can be stored in one byte is 255. This is the sum of the values of all the the positions in the byte. Converting a binary number to decimal is simple: add the values of all the positions that hold a one. The only trick is to have a clear memory of the value of each position. They are all powers of two. Start on the right with 1, and double the value for the each new position, moving to the left: 2, 4, 8, 16, 32, 64, and 128.

When you convert a decimal number to binary, do a series of subtraction problems, one for each position in the byte, starting from the left. For example, let's convert 175 to binary.

1. Ask yourself this question for each bit position: Can I subtract the value of this bit from the current number? You must be able to do it without getting a negative result. Remainders are okay.
   So, can you subtract 128 (a bit position value) from 175 (our current number)? Yes, you can. So you write a one in the 128 bit position, and do the math: 175 - 128 = 47.
2. Can you subtract 64 from 47? No, so you write a zero in the 64 bit position.
3. Can you subtract 32 from 47? Yes, so write a one in the 32 bit position, and do the math: 47 - 32 = 15.
4. Can you subtract 16 from 15? No, so you write a zero in the 16 bit position.
5. Can you subtract 8 from 15? Yes, so write a one in the 8 bit position, and do the math: 15 - 8 = 7.
6. Can you subtract 4 from 7? Yes, so write a one in the 4 bit position, and do the math: 7 - 4 = 3.
7. Can you subtract 2 from 3? Yes, so write a one in the 2 bit position, and do the math: 3 - 2 = 1.
8. When you have 1 left, write a one in the 1 bit position. This will always be done for odd numbers.
   If there is no remainder at any of the steps, write a zero in each of the remaining bit positions.

The text makes a point of defining 8 bits as a byte, also called an octet. Half a byte, 4 bits, is called a nibble. It is handy to think about nibbles when converting a binary number to hexadecimal. The section on this in the text made no sense to me. Try this instead. Consider the byte above as two nibbles: 1010 and 1111. Considered independently, each of these nibbles can be converted to one hexadecimal character. First, let's review:

Hexadecimal numbers are written in base 16. It uses single characters for values from 0 through 15. Now, the method.

1. Consider the binary number to convert: 10101111 will do just fine.
2. Break it into two nibbles, preserving the order: 1010 and 1111.
3. What I do next is convert to decimal: 1010 is 10 in decimal (8 plus 2, right?), and 1111 is 15 in decimal (8 plus 4, plus 2, plus 1).
4. Now convert to hex: 10 is A in hex, and 15 is F.
5. So, 10101111 is AF in hex.

Does it get more complex? Not really. Four places of binary notation can't hold a value greater than 15 in decimal notation. This means that each nibble in a byte can be expressed as one hexadecimal character. If you read the four places, and convert to decimal, the only trick is knowing the sixteen characters used in hexadecimal.

To convert hex to binary, consider each pair of hex digits to be the components of one byte. Again, for me, it makes sense to convert a hex character to decimal, because I think in decimal. Then, I convert the decimal number to binary.

(Of course, when possible, you should use Windows calculator, which easily converts from one base to another. When you are practicing these methods, use Windows calculator to check your work. Open the View menu and select Scientific, if you don't see the radio buttons below.)

The text now moves on to IP Addressing.

The purpose of an IP address is to identify each unique node on a network. On an IP network, each device is known as a host, and every host must have an address. The addresses we discuss first are actually IP version 4 addresses. (IPv6 addresses will be 16 bytes, or 128 bits long.)

IP version 4 addresses are numeric addresses, stored as four bytes, which is equal to 32 bits. When we write these addresses, we usually place dots between the bytes, but you must understand that the dots do not exist in the addresses when they are sent in packets. The dot notation is sometimes referred to as dotted octet or dotted quad. (Each byte is called an octet because it has eight bits; there are four bytes in the address, so they are quads.) Remember that an IP address is just a series of numbers, so it can be written in hex, binary, or decimal notation. It is typically sent across networks as binary.

Since the IP protocol stack was invented with networking in mind, IP addresses contain two parts: one to identify the address of the network a host is on, and the other part to identify the host itself. Every network is assigned an address which could be one, two, or three bytes, depending on the class of the network (A, B, or C). The remaining byte or bytes are typically used for hosts on networks. (It gets more complex, this is how we start.)

There are five address classes you need to know. The first three classes can be described by the number of bytes assigned to the network portion of their addresses:

• one byte identifies a class A network
• two bytes identify a class B network
• three bytes identify a class C network

Class D and E addresses use portions of the fourth byte as well for network addressing. You may wish to know that only class A, B, and C addresses are for general use. Class D addresses are for multicasting (messages to groups of machines), and class E addresses are for experimental use.

One way to recognize the class of a given address is to know the range of possible addresses in each class. The five classes of addresses are defined as limited to specific ranges of values of the first byte. The numeric ranges are hard to remember until you see a chart that explains what the ranges have to do with the binary version of the first octet.

Remember the basics of binary notation: a byte has eight bits. Each bit is a digit in a binary number. Since we can only use 1s and 0s in binary notation, we either have (1) or don't have (0) the number of units represented by a position in the binary number.

Values of Positions in a Byte

Bit position:	7	6	5	4	3	2	1	0
Value of Position (if a 1 is in it):	128	64	32	16	8	4	2	1

Reading from left to right, if the first bit (position 7, above) of the first octet is a zero, that octet must represent a number less than 128. This defines a class A address: the first octet must be 127 or less. Consider it this way:

• Class A - first bit is a 0, range for the byte is 0 to 127
• Class B - first bit is a 1, second is a 0, range for the byte is 128 to 191
• Class C - first two bits are 1s, third is a 0, range for the byte is 192 to 223
• Class D - first three bits are 1s, fourth is a 0, range for the byte is 224 to 239
• Class E - first four bits are 1s, fifth is a 0, range for the byte is 240 to 255

So, if you can convert the first octet of an address to binary notation, you can tell the address class by the position of the first 0 in it, reading from left to right.

Most possible network addresses (not host addresses) have been assigned already. We will discuss how network administrators work around this.

The list below shows some specific addresses that have special meanings:

• 0.0.0.0 - the default route, used by Cisco routers
• 127.0.0.0 - reserved for loopback. 127.0.0.1 is the Local Host.
• All network bits set to 0, host bits set to some number - this would mean that the host bits are set to something other than 0, and that we mean that specific host on the current network.
• All host bits set to 0, network bits set to your network number - this is the address for the network itself
• Network bits all set to 1 - this is the equivalent of using wildcards, meaning all nets
• Host bits all set to 1 - this is the equivalent of using wildcards, meaning all hosts (broadcast address)
• 255.255.255.255 - this is all wildcards, but refers to all hosts on this network

Consider the task of assigning addresses to hosts within your network. Host addresses should follow the network address scheme you are assigned. If your network address was 150.60.0.0, you would have a class B address, and all host IP addresses should begin with 150.60.

If you do not have an assigned address, you could use any address scheme you wanted as long as you did not attach to the Internet or any other network. However, in reality, everyone wants or needs the Internet, so you should use a private address scheme, as shown in the chart below. You can choose any address scheme for your network that gives you enough host IDs.

Private addresses work inside a network, but they cannot be routed to other networks, nor can you send signals to another network if you have a private address. (Great, then how do I get to the Internet? More magic in a minute.) To understand this, you need to know that all IP addresses in the world were meant to be unique. These are called registered or public addresses. This scheme would allow any IP addressed machine to contact any other (in theory) because the address would identify the network and the host uniquely. At a certain point, however, the world began to run out of addresses. (It was also believed that there would be networks that would have no need to contact other networks. Yeah, right...)

So the Internet Assigned Numbers Authority (IANA) has designated some address ranges as private or unregistered addresses. They are also called nonroutable addresses:

Class	Private Addresses Begin	Private Addresses End
Class A	10.0.0.0	10.255.255.255
Class B	172.16.0.0	172.31.255.255
Class C	192.168.0.0	192.168.255.255

Any address beginning with a 10, for example, is assumed to be a private address. This is the format used in many networks, because it provides lots of addresses for hosts, and lots of room for subnets. (Covered in chapter 3 of this text.)

Within any organization, addresses in these ranges may be used without registering the addresses with IANA. Each address you use within your network must still be unique in your network. The problem is that there is no guarantee whatsoever that any address I use in my organization is not already in use in your organization, which makes direct networking between our networks unreliable, if not impossible.

The magic part: To access the Internet, traffic from a private address network passes through a router that acts as a proxy server, providing a shared connection with a registered address. That router has both a private address on your network, and a registered public address that lets it communicate with other networks. The proxy server shares its public address with the devices on your network, allowing them to send signals to other networks through it. The service that does this sharing of the address is called Network Address Translation (NAT).

The chapter continues with a discussion of different kinds of broadcasts, described in terms of OSI layers:

• a layer 2 (Data-Link) broadcast is to all hosts on a LAN, but not past a router
• a layer 3 (Network) broadcast is to all hosts on a network, which could be passed to a different network by a router

This is a strange concept, given that a LAN is a network. What the author is saying is that routers can be used inside networks to segment them into subnetworks, but there can still be a kind of broadcast that treats the collection of networks as one.

The text describes a unicast as a broadcast that is converted to a message to a particular device. The example given is of a DHCP request for an IP address. It begins as a broadcast request, but a router (server) tasked with sending the request to a specific designated resource intercepts the original request and sends it to the DHCP server.

The text also describes multicast addresses. For example, all bridges on a network will have their own addresses, but they will also share a single multicast address. Any message sent to that address will be received and acted upon by all of them. This is how bridges send signals to each other.