As a result, everyone’s software had its own set of Rules of What a Network Should Do and How to Do It.
These sets of rules—and the software written to follow these rules—were broken down into individual rules or languages called protocols.
No single protocol could do everything a network needed to do, so companies lumped together all their necessary protocols under the term protocol suite.
Novell called its protocol suite IPX/SPX; Microsoft’s was called NetBIOS/NetBEUI; Apple called its protocol suite AppleTalk; and the UNIX folks used this wacky protocol suite called TCP/IP
Network Layer Protocols
Internet Protocol (IP) works at the Network layer, where it takes data chunks from the Transport layer (which become the packet’s payload), adds addressing, and creates the final IP packet.
IP then hands the IP packet to the Data Link layer for encapsulation into a frame.
This type of address—four values ranging from 0 to 255, separated by three periods—is known officially as an Internet Protocol version 4 (IPv4) address.
Network Layer Protocols
IPv4 and IPv6 aren’t the only TCP/IP protocols that work at the Network layer. Internet Control Message Protocol (ICMP), for example, plays a role in IP error reporting and diagnostics.
TCP/IP users rarely start a program that uses ICMP (or its IPv6 counterpart, ICMPv6). For the most part, software automatically uses ICMP as needed without direct user action.
You can use ping for: “can my computer communicate with any device at the IP address 192.168.1.15?”
Simplified IP Header
Version: The version (Ver) field defines the IP address type: 4, for IPv4 and 6, for IPv6
Total Length: The total size of the IP packet in octets. This includes the IP header and its payload. This field is 16 bits, which limits the packet size to 65 KB.
Time to Live (TTL): The TTL field prevents an IP packet from indefinitely spinning through the Internet by using a counter that decrements by one every time a packet goes through a router. This number cannot start higher than 255; many operating systems start at 128.
Simplified IP Header
Protocol: In most cases, the protocol field is either TCP or UDP and identifies what’s encapsulated inside the packet. See the next section for more information.
Transport Layer Protocols
When moving data from one system to another, the TCP/IP protocol suite needs to know if the communication is connection-oriented or connectionless.
If the data moving between two systems must get there in good order, a connection-oriented application is the safe bet. If it’s not a big deal for data to miss a bit or two, then connectionless is the way to go
The connection-oriented protocol used with TCP/IP is called the Transmission Control Protocol (TCP). The connectionless one is called the User Datagram Protocol (UDP).
TCP
TCP gets an application’s data from one machine to another reliably and completely. As a result, TCP comes with communication rules that require both the sending and receiving machines to acknowledge the other’s presence and readiness to send and receive data
This process is referred to as the TCP three-way handshake of SYN, SYN-ACK, and ACK
TCP also chops up data into segments, gives the segments a sequence number, and then verifies that all sent segments were received. If a segment goes missing, the receiving system must request the missing segments.
TCP
TCP gets an application’s data from one machine to another reliably and completely. As a result, TCP comes with communication rules that require both the sending and receiving machines to acknowledge the other’s presence and readiness to send and receive data
This process is referred to as the TCP three-way handshake of SYN, SYN-ACK, and ACK
TCP also chops up data into segments, gives the segments a sequence number, and then verifies that all sent segments were received.
If a segment goes missing, the receiving system must request the missing segments.
TCP Header
Port numbers, which range from 1 to 65,535, are used by systems to determine what application needs the received data.
Each application is assigned a specific port number on which to listen/send.
Web servers use port 80 (HTTP) or 443 (HTTPS), for example, whereas port 143 is used to receive e-mail messages from e-mail servers (IMAP4).
The client uses the source port number to remember which client application requested the data.
TCP Header
Sequence number and acknowledgment number: These numbers enable the sending and receiving computers to keep track of the various pieces of data flowing back and forth.
Flags: These individual bits give both sides detailed information about the state of the connection.
Checksum: The recipient can use the checksum to check the TCP header for errors such as bits flipped or lost during transmission.
UDP
UDP is the “fire and forget” missile of the TCP/IP protocol suite.
A UDP datagram header doesn’t possess any of the extra fields TCP segment headers carry to make sure the data is received intact.
UDP works best when you have a lot of data that doesn’t need to be perfect or when the systems are so close to each other that the chances of a problem occurring are too small to bother worrying about
UDP
A few dropped frames on a Voice over IP call, for example, won’t make much difference in the communication between two people.
So, there’s a good reason to use UDP: it’s smoking fast compared to TCP. Two of the most important networking protocols, Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP), use UDP.
Application Layer Protocols
Web servers and Web browsers use HTTP (or, more accurately, HTTPS, a secure version of HTTP wrapped in encryption)
Specifically, this header is a response from a Web server containing a resource the client previously requested. This header—it’s just text—begins with “HTTP/1.1,” which indicates the version of the HTTP protocol in use. The “200 OK” indicates a successful request.
The first blank line separates the end of the header from the beginning of the response body (which contains the requested Web page).
IP and Ethernet
TCP/IP supports simple networks and complex networks. You can use the protocol suite and a switch to connect a handful of computers in the same place into a local area network (LAN).
TCP/IP also enables you to interconnect multiple LANs into a wide area network (WAN).
A LAN generally (but not always) belongs to one household or organization. A LAN covers a limited place—but that can mean anything from two devices in an apartment up to thousands of devices on a multi-building school or business campus.
IP and Ethernet
A WAN in a basic sense means a collection of interconnected LANs.
At the LAN level, every host runs TCP/IP software over Ethernet hardware, creating a situation where every host has two addresses: an IP address and an Ethernet MAC address
While at first this seems redundant, it’s the power behind TCP/IP’s ability to support both LANs and WANs. But again, we’re only talking about LANs at this point.
IP and Ethernet
Imagine a situation where one computer, Computer A, wants to send an IP packet to another computer, Computer B, on the LAN.
To send an IP packet to another computer, the sending computer (Computer A) must insert the IP packet into an Ethernet frame
IP and Ethernet
Note that the IP packet is completely encapsulated inside the Ethernet frame. Also note that the Ethernet header—the initial portion of the frame—has both a destination MAC address and a source MAC address, while the IP packet encapsulated in the Ethernet frame has both a source IP address and a destination IP address.
This encapsulation idea works great, but there’s a problem: Computer A knows Computer B’s IP address, but how does Computer A know the MAC address of Computer B?
ARP
To get Computer B’s MAC address, Computer A sends a special query called an ARP request to MAC address FF-FF-FF-FF-FF-FF, the universal MAC address for broadcast
The switch forwards the broadcast to every connected node.
Computer B responds to the ARP request by sending Computer A an ARP reply Computer B responds to the ARP request by sending Computer A an ARP reply
Once Computer A has Computer B’s MAC address, it starts sending unicast Ethernet frames to Computer B through the switch.
IP and Ethernet
IP addresses provide several benefits that MAC addresses alone cannot offer. First, IP addresses are not a fixed part of the NIC. They can be changed to suit the needs of the network designer.
Second, IP addresses group together sets of computers into logical networks, so you can, for example, distinguish one LAN from another.
Finally, because TCP/IP network equipment understands the IP addressing scheme, computers can communicate with each other across all of the LANs that make up a WAN. Let’s go into more detail on IP addresses.
IP Addresses
The most common type of IP address consists of a 32-bit value. Here’s an example of an IP address: 11000000.10101000.00000100.00000010
Each of these 8-bit values is, in turn, converted into a decimal number between 0 and 255.
Converted, the original value of 11000000.10101000.00000100.00000010 is displayed as 192.168.4.2 in IPv4’s dotted decimal notation. Note that dotted decimal is simply a shorthand way for people to discuss and configure the binary IP addresses computers use.
IP Addresses
Converting the decimal value 42 into binary. Notice the result is 101010—the leading two zeroes do not appear. When you work with IP addresses, you must always have eight digits, so just add two more to the left to get 00101010.
IP Addresses
Just as every MAC address must be unique on a network, every IP address must be unique as well. For logical addressing to work, no two computers on the same network may have the same IP address
In a small network running TCP/IP, every computer has both an IP address and a MAC address
IP Addresses in Action
To make all this work, the IP numbering system must do three things:
Create network IDs, a way to use IP addresses so that each LAN has its own identification
Interconnect the LANs using routers and give those routers some way to use the network ID to send packets to the right network
Use a subnet mask to give each computer on the network a way to recognize if a packet is for the LAN or for a computer on the WAN, so it knows how to handle the packet.
Network IDs
A WAN is nothing more than a group of two or more interconnected LANs. For a WAN to work, each LAN needs some form of unique identifier called a network ID.
To differentiate LANs from one another, each computer on a single LAN must share a very similar, but not identical, IP address. Some parts of the IP address will match all the others on the LAN.
Network IDs
In this example, every computer has an IP address of 202.120.10.x, where the x value is unique for every host, but every host’s IP address starts with 202.120.10. That means the network ID is 202.120.10.0. The x part of the IP address is the host ID.
Combine the network ID (after dropping the ending 0) with the host ID to get an individual system’s IP address. No individual computer can have an IP address that ends with 0 because that is reserved for network IDs.
Interconnecting LANs
To organize all those individual LANs into a larger network, every TCP/IP LAN that wants to connect to another TCP/IP LAN must have a router connection. There is no exception to this critical rule.
A router, therefore, needs an IP address on every LAN that it interconnects, so it can correctly send (route) the packets to the correct LAN.
When you have a router that routes traffic out to other networks, both the router’s interface on a LAN and the router itself are called the default gateway
Interconnecting LANs
In a typical scenario configuring a client to access the network beyond the router, you use the IP address of the default gateway. The default gateway is in the same network ID as the host.
The network administrator who sets up the router must make sure to configure the router’s LAN interface to have an address in the LAN’s network ID
By convention, most network administrators give the LAN-side NIC on the default gateway the lowest or highest host address in the network. Eg network ID is 22.33.4.x, the router might be configured to use the address 22.33.4.1 or 22.33.4.254.
Interconnecting LANs
Routers use network IDs to determine network traffic. Shows a diagram for a small, two-NIC router similar to the ones you see in many homes.
Note that one port (202.120.10.1) connects to the LAN and the other port connects to the Internet service provider’s network (14.23.54.223). Built into this router is a routing table: the actual instructions that tell the router what to do with incoming packets and where to send them.
Interconnecting LANs
Network IDs are very flexible, as long as no two interconnected networks share the same network ID.
If you wished, you could change the network ID of the 202.120.10.0 network to 202.155.5.0, or 202.21.8.0, but only if you can guarantee that no other LAN on the WAN shares the same network ID
On the Internet, powerful governing bodies carefully allocate network IDs to ensure no two LANs share the same network ID.
Interconnecting LANs
So far, you’ve only seen examples of network IDs where the last value is zero. This is common for small networks, but it creates a limitation.
With a network ID of 202.120.10.0, for example, a network is limited to IP addresses from 202.120.10.1 to 202.120.10.254. (202.120.10.255 is a broadcast address used to talk to every computer on the LAN.) This provides only 254 IP addresses
You can simply use a network ID with more zeroes, such as 170.45.0.0 (for a total of 65,534 hosts) or even 12.0.0.0 (for around 16.7 million hosts).
Interconnecting LANs
Network IDs enable you to connect multiple LANs into a WAN. Routers then connect everything together, using routing tables to keep track of which packets go where.
So that takes care of the second task: interconnecting the LANs using routers and giving those routers a way to send packets to the right network.
Subnet Mask
Three friends sit at their computers— Computers A, B, and C—and want to communicate with each other.
The process to get a packet to a local computer is very different from the process to get a packet to a faraway computer. If one computer wants to send a packet to a local computer, it must send a broadcast to get the other computer’s MAC address.
If the packet is for some computer on a faraway network, the sending computer must send the packet to the default gateway
Subnet Mask
Computer A wants to send a packet to Computer B. Computer B is on the same LAN as Computer A, but that begs a question: How does Computer A know this?
Every TCP/IP computer needs a tool to tell the sending computer whether the destination IP address is local or long distance. This tool is the subnet mask.
A subnet mask is nothing more than a string of ones followed by some number of zeroes, always totaling exactly 32 bits, set on every TCP/IP host. Here’s an example of a typical subnet mask:
11111111111111111111111100000000
Subnet Mask: 11111111.11111111.11111111.00000000
Then convert each octet into decimal (use a calculator): 255.255.255.0
When you line up an IP address with a corresponding subnet mask in binary, the portion of the IP address that aligns with the ones of the subnet mask is the network ID portion of the IP address
The portion that aligns with the zeroes is the host ID. With simple IP addresses, you can see this with dotted decimal, but you’ll want to see this in binary for a true understanding of how the computers work.
At this point, you should memorize that 0 = 00000000 and 255 = 11111111.
Subnet Mask:
The IP address 192.168.5.23 has a subnet mask of 255.255.255.0. Convert both numbers to binary and then compare the full IP address to the ones and zeroes of the subnet mask:
Before a computer sends out any data, it first compares its network ID to the destination’s network ID. If the network IDs match, then the sending computer knows the destination is local. If they do not match, the sending computer knows it’s a long-distance call.
computer uses its routing table to accomplish the goal as well
Subnet Mask
Let’s say Computer A wants to send a packet to Computer B. Computer A’s subnet mask is 255.255.255.0. Computer B’s IP address is 192.168.5.45. Convert this address to binary: 11000000101010000000010100101101
Computer A compares its IP address to Computer B’s IP address using the subnet mask:
Computer A’s and Computer B’s network IDs match! It’s a local call. Knowing this, Computer A can now send out an ARP request, which is a broadcast, to determine Computer B’s MAC address.
Subnet Mask
First, Computer A compares Computer C’s IP address to its own using the subnet mask
It sees that the IP addresses do not match in the all-ones part of the subnet mask—meaning the network IDs don’t match; therefore, this is a long-distance call.
Whenever a computer wants to send to an IP address on another LAN, it knows to send the packet to the default gateway. It still sends out an ARP broadcast, but this time it’s to learn the MAC address for the default gateway
nce Computer A gets the default gateway’s MAC address, it then begins to send packets.
Subnet Mask
Subnet masks are represented in dotted decimal like IP addresses—just remember that both are really 32-bit binary numbers.
Most network folks represent subnet masks using shorthand called CIDR notation: a / character followed by a number equal to the number of ones in the subnet mask
Subnet Mask
An IP address followed by the / and number tells you the IP address and the subnet mask in one statement.
For example, 201.23.45.123/24 is an IP address of 201.23.45.123 with a subnet mask of 255.255.255.0. Similarly, 184.222.4.36/16 is an IP address of 184.222.4.36 with a subnet mask of 255.255.0.0.
NOTE: By definition, all computers on the same network have the same subnet mask and network ID.
Class IDs
One challenge for the Internet is to make sure no two devices share the same public IP address. To support the dispersion of IP addresses, an organization called the Internet Assigned Numbers Authority (IANA) was formed to track and disperse IP addresses to those who need them
IANA has grown dramatically and now oversees five Regional Internet Registries (RIRs) that parcel out IP addresses to ISPs and corporations
All end users get their IP addresses from their respective ISPs. IANA manages contiguous chunks called network blocks (or just blocks).