Communication between Layers of a Protocol (Protocol Data Units) We have learned that in the layered OSI reference model, the top most layer of two machinescommunicate with each other virtually (they appear to be talking with each other directly but they areactually not). In fact, the Application layer requests the services of the presentation layer, which in turnrequests the services of the session layer, which in turn requests the services of the transport layer andso on until the services of the physical layer are requested and this physical layer communicates thecorresponding physical layer of the other machine. In requesting the services of a lower layer, a layer (n+1) will send data to layer (n) that we call Layer(n+1) Protocol Data Unit (or Layer (n+1) PDU). This Layer (n+1) PDU is placed after a header that Layer(n) adds to it and sends to the corresponding Layer (n) in the other machine, which strips the header anduses it in performing its work and send the Layer (n+1) PDU to the upper Layer (n+1) in that machine. IfLayer (n) sends information to the lower layer (n–1), that information would be called Layer (n) PDU,which will be placed after the Layer (n–1) header and sent to the corresponding Layer (n–1) in the othermachine, and so on.

TCP/IP ArchitectureWe have seen in the previous lectures that the OSI reference model is built on having 7 layers that the architecture of the TCP/IP protocol is as shown in the following figure.

The different layers in the TCP/IP protocol are not very well structured as it is the case in the OSIreference model where different layers may interact with other layers skipping layers in between. Thisgives the TCP/IP protocol suite more flexibility. The following figure shows a mapping between thelayers of the TCP/IP and the OSI model. Note that this mapping is not fully agreed on where differenttextbooks and different people use slightly different mappings.

Although the TCP/IP protocols are a specific Transport Layer protocol (TCP) that is running on top of aNetwork Layer protocol (IP), the TCP/IP actually is used to describe a large number of protocols thatinclude the following set of protocols:

We see that some of the protocols of the:• Application Layer: Hyper Text Transfer Protocol (HTTP), Simple Mail Transfer Protocol(SMTP), File Transfer Protocol (FTP), Domain Name System (DNS)protocol, and Real‐time Transfer Protocol (RTP).• Transport Layer: Transport Control Protocol (TCP) which is used by HTTP, SMTP, and FTP, and User Datagram Protocol (UDP) which is used by DNS andRTP.• Internetwork Layer: Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP), and Internet Protocol (IP) which is used by TCP, UDP, and ICMP.• Network Interface Layer: Many systems exist in this layer including LAN, Token Ring, and Asynchronous Transfer Protocol (ATM).

Encapsulation of PDU in TCP/IPAs discussed previously, each layer in the TCP/IP protocol stack sends a Protocol Data Unit (PDU) to thelower layer to its services. The lower layer encapsulates (creates a capsule around) the PDU of the upperlayer and sends it to the lower layer until it reaches the Network Interface Layer, which transmits it overthe network. The encapsulation process includes adding a Header (and possibly a trailer) to the PDU ofthe upper layer. A major purpose of the headers is to add addressing information, and the trailers to adderror detection information.

An encapsulation example is shown below where a web‐client (your Internet browser) is requesting awebsite. This request goes to the lower layers where the transport layer adds port numbers (that allowthe web‐client application to communication with the web‐server application) in addition to otherinformation. The internetwork layer adds source and destination IP addresses (that allow the source anddestination machines to communicate with each other) in addition to other information. Finally, thenetwork Interface layer adds its own source and destination MAC addresses (that allow the differentmachines over the link to communicate with each other) in addition to other information, and also addsa trailer (that allows the detection of errors). This is shown in the following example:

The Internet Protocol (IP)The Internet Protocol (IP) is the backbone protocol of the Internet. Without it, the Internet would nothave evolved to become what it is now. Nevertheless, the IP is very lousy in performing it work. It doesnot guarantee the delivery of packets, if they arrive, it does not guarantee that they will arrive in orderor on time, IP packets are dropped if a specific router becomes congested, error checking is notperformed on the data (it is done only on the IP header). So, basically, you use the services of the IPprotocol at your own risk. The reason for having the IP protocol’s work being so lousy is that this makesit very simple and puts the complexity at the edges of the network (transfers the complexity from thenetwork to the end machines). There are two flavors of the IP that are in use today. Internet Protocolversion 4 (IPv4) is the one that is in wide use now and Internet Protocol version 6 (IPv6) which is the newstandard and is now in its experimental phase.

IP Version 4 (IPv4) HeaderThe interesting part of the IPv4 protocol is its header, which adds all of the functionally that protocolperforms. The header of an IP packet (version 4) is rich in components and is illustrated below:

The length of the header is always a multiple of 4 bytes (multiple of 32 bits), with a minimum length of20 Bytes (160 bits) if no options are present in the header. Therefore, the length of the header can be 20Bytes, 24 Bytes, 28 Bytes, … and so on. The maximum length of the header is 15*4 = 60 Bytes. Whatincreases the header’s length above than the minimum of 20 Bytes is a set of options that may be added

at the end of the header. The following is a description of the different components of the IPv4 header(the length of the component is between parentheses):• Version (4 bits): This is the version of the IP protocol being used which takes values of4 (for IPv4), 5 (for some a specific type of protocols that is not important in our case), or 6 (forIPv6). So, for the following items, we will assume that the version is 4 as other versions havedifferent header structures.• Internet Header Length (4 bits): This specifies the length of the header in multiple of 4 Bytes.That is, if the header length is the minimum of 20 Bytes, this value will be 5, if the headerlength is 24 Bytes, this will be 6, and so on. This specifies the maximum length of the header tobe 15*4 = 60 Bytes.• Type of Service (8 bits): This is used to indicate specific requirements on the type of serviceassociated with the delivery of the packet such as the priority in delivering this packet, … etc.These options are rarely used and most traffic sent over the Internet has all of these bits set to

zero.• Total Length (16 bits): This gives the total length (in BYTES not bits) of the packet including theheader. Since this component of the header has length of 16 bits, the maximum length of thepacket can be (1111 1111 1111 1111)2 = (65535) Bytes. Therefore, the maximum data you canhave in an IP packet is 65535 – 20 = 65515 Bytes (since the minimum header length is 20bytes). However, this maximum length is rarely used because most physical networks havetheir own maximum on the length of the frames, and since packets are encapsulated in framesthe maximum size of a packet must not exceed what the frame size accepts. For example,Ethernet has a maximum of 1500 Bytes.• Identification (16 bits): This component of the header is used by the IP protocol wheneverfragmentation (breaking the packet into smaller pieces called fragments) of a packet isperformed. That is, a long packet is fragmented to smaller pieces because the physicalnetwork over which the packet is to be transmitted does not support the original long packet.Each fragment will be sent over the network as if it is an independent packet. Since fragmentsof many packets may be in transit at the same time (the different pieces of many packets arebeing carried over the network and have not been received yet), an identification that allowsthe receiving machine to know which original packet does each fragment belong to is needed.The identification will be set to a random number (one value out of a possible of 65536 valuescan be used) for each original packet (so all the fragments of specific packet will have thesame identification number) and this specific identification number is not used again for sometime to insure that fragments of the different packets don’t get mixed up (fragments of firstfragmented packet with identification x do not get mixed up with fragments of secondfragmented packet with identification x). To avoid this, sufficiently long time must pass beforereusing the same identification numbers again. If fragments of a specific packet reach aphysical network that supports packet sizes smaller than their size, these fragments will befragmented again. The reassembling of fragments is done only at the destination machinewhere this machine waits until it receives all fragments of a packet and then reassembles thedifferent components to form the original packet. Once the destination machine receives afragment of a packet, it sets a timer. If one or more fragments of the packet are lost (they donot arrive before the timer expires), the destination machine will discard the rest of thepacket.• Flags (3 bits): One bit of flags is not used. Another bit of the flags is (Don’t Fragment) which isused by the source machine to request from the routers carrying the packet not to fragmentthat packet. In this situation, if a router finds that it has to fragment a packet because thephysical layer over which it will send the packet does not support the size of the packet, it willdrop the packet and send back to the source an ICMP message informing it of this situation.The third bit is (More Fragments) which is used by the fragmenting machine to indicate to thedestination machine if there are more fragments or not. That is, all fragments except the lastone will have this bit set to 1, while the last fragment will have this bit set to 0.• Fragment Offset (13 bits): The identification and Flags indicate which packet do fragmentsbelong to and if there are more fragments coming or not. But they do not indicate the order offragments (or the location of a fragment inside the original packet). This is done by thefragment offset, where the fragment offset represent the location of the first byte in thefragment within the data of the original packet. Since the fragment offset is 13 bits (giving 213

values) while the total length of the packet is 16 bits (giving 216 values), the fragmentationprocess is designed such that each fragment (except the last one) must have a size that ismultiple of 8. That is, the fragment offset represents the 13 most significant bits of thelocation of the first byte of the fragment inside the data part of the original packet, where the3 least significant bits are assumed to be 000. Remember that 216/213 = 8. So,o if Fragment Offset = (0000 0000 0000 0)2, this represents the first fragment becausethe first byte in the fragment is the byte (0000 0000 0000 0000)2 in the data part of

original packet.o if Fragment Offset = (0000 0000 0000 1)2, this indicates that the first byte in thefragment is the byte (0000 0000 0000 1000)2 = 8 in data part of the original packet.o if Fragment Offset = (0000 0000 0001 0)2, this indicates that the first byte in thefragment is the byte (0000 0000 0001 0000)2 = 16 in the data part of the originalpacket.o And so on.The process of fragmentation and reassembling fragments is shown in the following figure.

In the above figure, if the Don’t Fragment flag of the packets sent over Network 1 was set tologic 1, all packets will be dropped by the router and ICMP messages will be sent to the sourcemachine.• Time to Live (8 bits): Sometimes packets get lost in the network where routers have troublesending them to the destination, so they keep hopping from one router to another aimlessly.If a sufficient number of packets keep hopping in circles for an indefinite amount of timewithout aim between routers, they may bring down the network. To prevent this fromhappening, the time to live component is set to a specific value (with 8 bits so it has amaximum value of 255) such that each router that the packet passes over decrements thisvalue by one. If the packet does not reach its final destination before this number reaches 0,the packet is dropped (because most likely it was lost) and an ICMP message is sent back tothe source machine to indicate to it that its packet has been dropped.• Protocol (8 bits): This indicates the Transport Layer protocol (TCP, UDP, or even ICMP) thatthe IP packet is carrying inside of it.• Header Checksum (16 bits): It is very important to make sure that the header which containsaddresses and other very important information is free of errors. For this, the IP header

contains a checksum (that is computed using a specific method) to detect errors that mayoccur in the header itself (not the data of the packet). Since there are some components ofthe header that change as the packet travels between routers such as the Time to Live, this

header checksum is recomputed at each router after the modifying the header and the newchecksum is used to replace the old one.� Source IP Address (32 bits): Contains the IP address of the source machine.� Destination IP Address (32 bits): Contains the IP address of the destination machine.� Options (variable length): Allows the source machine to request specific features such as thepath of routers over which the packet is to travel over.� Padding (variable length): This contains no information but it is used to extend the length ofthe header to insure that it is a multiple of 4 bytes (or 32 bits).The following summarizes the different components in the IPv4 header.

IP AddressingThere are several organizations in the world that have the authority for assigning IP addresses toinstitutions that need access to the Internet. When requesting one or more IP addresses, the correspondingorganization responsible for assigning IP addresses will assign to the requesting institution one or more IPaddresses that belong to one of several IP address classes. Three of these classes are for publicdistribution, one class is for multicasting, and one class is for experimentation. The five IP address classesare shown below. Class A addresses have their most significant bit being 0, class B addresses have theirtwo most significant bits being 10, class C addresses have their three most significant bits being 110, classD addresses have their four most significant bits being 1110, and finally class E addresses have their fivemost significant bits being 11110. Note that class A supports very few Network IDs but a large number ofhosts per network, class B supports more Network IDs but less number of hosts per network, and class Csupports a very large number of networks but few hosts per network.

Since IP addresses are 32‐bit long, the total number of theoretical IP addresses is 232 ≈ 4.295 * 109

different IP addresses. Therefore, you can theoretically connect a total number of computers to theInternet that is equal to 4.295 * 109. However, in practice, the above assignment of IP classes is verywasteful. Consider for example the following cases:Class A: Number of Networks ≈ 128, Number of hosts ≈ 16,800,000Class B: Number of Networks ≈ 16,400, Number of hosts ≈ 65,500Class C: Number of Networks ≈ 2,100,000, Number of hosts ≈ 256Class D: Total number of IP addresses reserved for multicasting ≈ 268,000,000,Class E: Total number of IP addresses reserved for experimentation ≈ 134,000,000

Clearly many IP addresses are for multicasting and experimentation purposes. In addition, once anorganization requests an IP address range, they are assigned a network ID that belongs to one of theclasses A, B, or C above and have full control over the whole set of host IDs. If that organization does notuse all of its possible Host Ids, they are theoretically wasted.Note: In fact, this arrangement of IP addresses into classes is OBSOLETE (it is no longer used because it isvery wasteful in assigning IP addresses to Internet users). Another system known as ClasslessInterDomain Routing (CIDR) system was developed to reduce the waste in IP address assignment.Special AddressesThere are some special addresses with specific uses and specific meanings. These special addresses are:� If (Host ID = 111 … 11) � Broadcast the packet to all hosts on the network specified by Net ID� If (Net ID = 111 … 11) and (Host ID = 111 … 11) � Packet is broadcast on the local network� If (Host ID = 000 … 00) � Specifies the network specified by Net ID not a specific host� If (IP Address = 000 … 00) � Used for identifying someone’s own IP address from the MACaddress� If (IP Address = 127.x.x.x) � Used for loopback (packet does not reach the network card of thesource machine but loops back to the same machine)Also, some addresses have been reserved for use in private LANs (one set of addresses for each of theclasses A, B, and C) where such addresses are not routed by Internet routers (routers in the Internetdiscard any IP address in these ranges)� Range 1: 10.0.0.0 to 10.255.255.255 (class A)� Range 2: 172.16.0.0 to 172.31.255.255 (class B)

� Range 3: 192.168.0.0 to 192.168.255.255 (class C)Network address translation (NAT) is used to translate between private IP addresses and global IPaddressesNetwork Address Translation (NAT)The concept of NAT is a very powerful concept for several reasons:� It shields computers in a private LAN from the Internet and therefore reduces the risks that areassociated with connecting a computer to the Internet (hacking attacks).

� More importantly, Internet service providers usually assign one IP address to a home network ormultiple IP addresses to an organization. However, the number of computers on the homenetwork.What NAT does is that local addresses (in one of the 3 ranges of private IP addresses that start with 10,172, or 192) are translated to one public IP address assigned to the home network (in the case of DSLservice) or multiple public IP addresses assigned to the organization by the Internet service provider (inthe case of organizations such as KFUPM ). The NAT system also translates from the public IP address(es)to the corresponding private IP addresses as the packets arrive from the Internet to the private network.In fact, all computers in a network that uses NAT appear to the outside world as having only few IPaddresses. For the case of a home network, all computers in your home network will appear to theoutside world as having a single IP address. If you visit a website that records your IP address from oneof your home network computers and then try to visit the same website from another computer, thewebsite will not be able to distinguish between the two computers. The following are two examples thatshow how NAT works.In the first case, the network is assigned multiple public IP addresses equal to the number of machines inthe network. All that the NAT does is translate each private IP address into one of the public IPaddresses and vice versa. The two situations for outgoing packets (packets going from the privatenetwork to the Internet) and incoming packets (packets going from the Internet to the private network)are shown below. In the second case, the network is assigned a single public IP address that will be usedby all computers in the private network. The two situations for outgoing packets and incoming packetsare shown afterwards.

Subnet AddressingThe subnetting process involves adding another hierarchy (level) to the hierarchical IP address. Welearned that the IP address contains two parts: Network ID and Host ID. A network administrator usuallyhas not control over the Network ID as it is assigned by the Internet service provider or by one of theinstitutes that are authorized to assign IP addresses to requesting organizations. However, the networkadministrator is fully in control of the Host ID part of the IP address. Instead of creating what appears tobe a single network for the complete organization even if it consists of a large number of machines, anetwork administrator can subdivide the Host ID part of the IP address into two parts: Subnet ID andHost ID. By doing this, a third hierarchical level is added to the IP address such that now it contains the 3levels: Network Id, Subnet ID, and Host ID. The Subnet ID subdivides the single network into smallernetworks that are called subnets. Each of these subnets contains its own set of hosts. The great thingabout subnetting is that it is transparent (not seen) to the outside world and a computer on the Internetwould not have to do any extra work to access a computer in a subnetted network. The following figureshows an original IP address in Class B before and after subnetting. It also shows the correspondingsubnet mask. The subnet mask contains a series of 1s that start from the most significant bit of the IPaddress and stop at the end of the Subnet ID. The subnet mask contains 0s in the bits corresponding tothe Host ID as shown below.

Subnetting Example:Consider the simple network shown below. This network is connected to the Internet through theconnection shown to the left. Assume that you are assigned IP addresses in Class B with the 14 bits ofthe network ID being (11 0000 0110 0000)2 , and you have decided to use a Subnet Mask that reserves 4bits of the Host ID for the Subnet ID and leaves 12 bits for the Host ID for the hosts:11111111 11111111 11110000 00000000. Show a possible IP address assignment for the differentcomputers, routers, and show the different subnets indicating on each subnet its subnet address.

IP RoutingRouting is the process performed by routers to transfer packets from the source machine to thedestination. Unlike switches, routers are configured by a network administrator. Routers shareinformation about the different routes and the health of each router among themselves so that all ofthem can draw a picture of the whole network. Each router stores a table known as Routing table thatcontains information about the different routes that the router can send the packet through. Eachmachine on the network has some form of routing table. Routing tables in hosts (computer) usually havefew entries (5 to 10 entries) depending on the number of network interface cards installed. Routingtables in Internet routers may have 100,000 different entries or possibly more.Format of a Routing TableConsider the following network (designed in the previous lecture). There are two routers (Router 1 andRouter 2). Let us look at the format of the routing table in these routers.

2A typical routing table may look something like the following:

Destination Next HopFlags(H = 1 � Destination is a Host)(H = 0 � Destination is a Network)(G = 1 � Next Hop is a Gateway/Router)(G = 0 � Next Hop is not Gateway/Router)NetworkInterfaceMetric� Destination: This list the IP addresses of the possible destinations that the routerknows how to route a packet to.� Next Hop: This gives the next IP address that the packet will be transmittedover.� Flags: These provide information about the devices that are connected tothe router (gateway/router or not) and the type of destination (hostor network).� Network Interface: The port that the router will send the packet over.� Metric: A measure of the quality of the link to help determine the mostefficient link over which to send the packet.Types of Destinations:Generally, there are 3 types of destinations that can be found in routing tables:� Complete Destination IP Address: This represents the complete destination IP address inthe packet.� Destination Network ID: This represents the network ID of destination IP addressof the packet.� Default Gateway: This is where packets with destination IP addresses andNetwork IDs that are not found in the routing table willbe sent.Order of Searching the Routing Table1. Destination column is searched to determine if the table contains an entry with the completedestination IP address � If found, IP packet is forwarded along the next hop using the propernetwork interface2. If the above was not found, the routing table is searched for the destination Net ID � If found,IP packet is forwarded along the next hop using the proper network interfaceAddress Resolution Protocol (ARP)This protocol is used in networks such as Ethernet. To transmit frames in Ethernets, MAC addresses areused which have the format (xx:xx:xx:xx:xx:xx) where each (x) is a hexadecimal number. MACaddresses are unique to each computer in the world since these addresses are linked to the NetworkInterface Cards (NIC). So, a computer that would like to send a packet to another with a specific IPaddress on the network would broadcast an ARP packet on network asking all computers a question thatlooks like “To the machine with IP address x.x.x.x, please inform me (where my MAC address isxx:xx:xx:xx:xx:xx) about your MAC address”. The computer with the particular IP address x.x.x.x willrespond only to the requesting computer with its MAC address.Reverse Address Resolution Protocol (RARP)In specific cases, a host on the network may know the MAC address but not the IP address. In thissituation, a reverse process to that done in the ARP is used to get the IP address assigned to themachine. So, a host may use the RARP protocol to ask the question that looks like “Machine with MACaddress xx:xx:xx:xx:xx:xx, please inform me of the corresponding IP address”.

Internet Control Message Protocol (ICMP)This protocol is responsible for sending control and error messages over the Internet. In many cases,routers fail to route a specific packet to its destination as in the cases:� The Time‐to‐Live counter reaches zero for a specific packet before it reaches its destination.� A router searches its routing table but could not find where to route the packet� A router needs to fragment a packet because the physical network supports smaller packets butthe Don’t Fragment flag bit is set to 1.

TCP Connection EstablishmentThe TCP connection is established in three steps1. Host A send a connection request (SYN) to Host B indicating the initial sequence number(Host A � Seq_No = x � Host B)2. Host B acknowledges the request by sending an (ACK) with an ACK number that is one higherthan x and a request to initiate its own connection with a sequence number of y(Host B � Ack_No = x+1 � Host A)(Host B � Seq_No = y � Host A)3. Host A responds with its own acknowledgment by sending an (ACK) with an ACK number that isone higher than y(Host A � Ack_No = y+1 � Host B)The following figure illustrates the establishment of TCP connections.