Data Link

Open Systems Interconnection (OSI) is an effort to standardize networking that was started in 1977 by the International Organization for Standardization (ISO), along with the ITU-T. The world has not always been so simple. Once upon a time, there were no networking protocols, including TCP/IP. Vendors created the first networking protocols; these protocols supported only that vendor’s computers, and the details were not even published to the public.

As time went on, vendors formalized and published their networking protocols, enabling other vendors to create products that could communicate with their computers. For instance, IBM published its Systems Network Architecture (SNA) networking model in 1974. After SNA was published, other computer vendors created products that allowed their computers to communicate with IBM computers using SNA. This solution worked, but it had some negatives, including the fact that it meant that the larger computer vendors tended to rule the networking market.

A better solution was to create an open standardized networking model that all vendors would support. The International Organization for Standardization (ISO) took on this task starting as early as the late 1970s, beginning work on what would become known as the Open System Interconnection (OSI) networking model. ISO had a noble goal for the OSI model: to standardize data networking protocols to allow communication between all computers across the entire planet. A second, less formal effort to create a standardized, public networking model sprouted forth from a U.

S. Defense Department contract. Researchers at various universities volunteered to help further develop the protocols surrounding the original department’s work. These efforts resulted in a competing networking model called TCP/IP. By the late 1980s, the world had many competing vendor-proprietary networking models plus two competing standardized networking models. So what happened? TCP/IP won in the end. Proprietary protocols are still in use today in many networks, but much less so than in the 1980s and 1990s.

The OSI model, whose development suffered in part because of a slower formal standardization process as compared with TCP/IP, never succeeded in the marketplace. And TCP/IP, the networking model created almost entirely by a bunch of volunteers, has become the most prolific set of data networking protocols ever. ? OSI provides standards and guidelines for network communication it defines all aspects of network communication. ? Osi model is only a logical concept (set of rules and regulations) ? Osi model is a layered model. Each layers has got it’s own functions.

A group of functions put together is called a layer. ? Model defines the task to be performed on each network device ? Historically, OSI was the first large effort to create a vendor-neutral networking model, a model that was intended to be used by any and every computer in the world, many of the terms used in networking today come from the OSI model. OSI model consists of 7 layers each layer performs set of predefined functions [pic] So with OSI Layer: • Reduces complexity • Standardizes interfaces • Ensures interoperable technology • Accelerates evolution Simplifies teaching and learning Functions of layer in OSI Model: Layer 7: The Application Layer It’s closest to the user. This layer provides network services to the user’s applications. It differs from the other layers in that it does not provide services to any other OSI layer, but only to applications outside the OSI reference model. The application layer establishes the availability of intended communication partners and synchronizes and establishes agreement on procedures for error recovery and control of data integrity. Layer 6: The Presentation Layer

The presentation layer ensures the information that the application layer of one system sends out is readable by the application layer of another system. For example, a PC program communicates with another computer, one using extended binary coded decimal interchange code (EBCDIC) and the other using ASCII to represent the same characters. If necessary, the presentation layer might be able to translate between multiple data formats by using a common format. Layer 5: The Session Layer The session layer establishes, manages, and terminates sessions between two communicating hosts.

It provides its services to the presentation layer. The session layer also synchronizes dialogue between the presentation layers of the two hosts and manages their data exchange. For example, web servers have many users, so many communication processes are open at a given time. Therefore, keeping track of which user communicates on which path is important. In addition to session regulation, the session layer offers provisions for efficient data transfer, class of service, and exception reporting of session layer, presentation layer, and application layer problems.

Layer 4: The Transport Layer The transport layer segments data from the sending host’s system and reassembles the data into a data stream on the receiving host’s system. For example, business users in large corporations often transfer large files from field locations to a corporate site. Reliable delivery of the files is important, so the transport layer breaks down large files into smaller segments that are less likely to incur transmission problems.

The boundary between the transport layer and the session layer can be thought of as the boundary between application protocols and data-flow protocols. Whereas the application, presentation, and session layers are concerned with application issues, the lower four layers are concerned with data-transport issues. The transport layer attempts to provide a data-transport service that shields the upper layers from transport implementation details. Specifically, issues such as reliability of transport between two hosts are the concern of the transport layer.

In providing communication service, the transport layer establishes, maintains, and properly terminates virtual circuits. Transport error detection and recovery and information flow control provide reliable service. Layer 3: The Network Layer The network layer provides connectivity and path selection between two host systems that might be located on geographically separated networks. The growth of the Internet has increased the number of users accessing information from sites around the world, and the network layer manages this connectivity.

Layer 2: The Data Link Layer The data link layer defines how data is formatted for transmission and how access to the network is controlled. This layer is responsible for defining how devices on a common media communicate with one another, including addressing and control signaling between devices. Layer 1: The Physical Layer The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems.

Characteristics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and other similar attributes are defined by physical layer specifications. |Layer |function |examples |Devices | |Application |Network Process to Application: Interface between Network and applications. |Email |Firewall, IDS | | |It also include user authentication. ftp | | | | |tftp | | |Presentation |Data Representation: Define and negotiate data formats Code translation, |ASCII text, | | | |Compression, Encryption |EBCDIC text, binary, BCD, | | | | |and JPEG. | |Session |Inter host Communication: The session layer defines how to establish, maintain, |Sql, nfs, rpc | | | |and terminate conversations (called sessions). etc | | | |This includes the control and management of multiple bidirectional messages so | | | | |that the application can be notified if only some of a series of messages are | | | | |completed. This allows the presentation layer to have a seamless view of an | | | | |incoming stream of data. | | |Transport |End-to-End Connection: |Tcp, udp, | | | |Focuses on issues related to data delivery to another computer— for instance |Spx, etc | | | |Reliable and unreliable data Transfer, | | | | |Error correction but no detection, | | | | |Flow control, | | | | |Segmentation & reassembly | | | |Network |DATA DELIVERY: |Ip, ipx, etc |Router | | |The network layer defines three main features: | | | | |logical addressing, routing (forwarding), and path determination. | | | |The routing concepts define how devices (typically routers) forward packets to | | | | |their final destination. | | | | |Logical addressing defines how each device can have an address that can be used | | | | |by the routing process. | | | | |Path determination refers to the work done by routing protocols by which all | | | | |possible routes are learned, but the best route is chosen for use. | | |Data link |ACCESS TO MEDIA: |Ethernet (IEEE 802. 3), HDLC,|LAN switch, | | |Defines the rules (protocols) that determine when a device can send data over a |Frame Relay, PPP, |wireless access | | |particular medium. |Token ring, Atm, etc |point, cable | | |Data link protocols also define the format of a header and trailer that allows | |modem, DSL modem | | |devices attached to the medium to send and receive data successfully. Frame) | | | | |The data link trailer, which follows the encapsulated data, typically defines a | | | | |Frame Check Sequence (FCS) field, which allows the receiving device to detect | | | | |transmission errors. | | | |Physical |BINARY TRANSNMISSION |RJ-45, EIA/TIA-232, V. 35, |LAN hub, repeater | | |Defines the physical characteristics (Electrical, mechanical, Functional, |Ethernet (IEEE 802. 3) | | | |procedural Characteristics) of the transmission medium, including connectors, |x. 5, rs-232, x-21 | | | |pins, use of pins, electrical currents, encoding, light modulation, and the |etc | | | |rules for how to activate and deactivate the use of the physical medium. | | | What is a protocol? – Protocol is a set of rules which is used by computers to communicate with each other across a network. A protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints Protocol data unit (PDU) has the following meanings: • Information that is delivered as a unit among peer entities of a network and that may contain control information, address information, or data. In a layered system, a unit of data which is specified in a protocol of a given layer and which consists of protocol-control information and possibly user data of that layer. PDUs are relevant in relation to each of the first 4 layers of the OSI model as follows: The Layer 1 (Physical Layer) PDU is the bit The Layer 2 (Data Link Layer) PDU is the frame The Layer 3 (Network Layer) PDU is the packet The Layer 4 (Transport Layer) PDU is the segment (e. g. TCP segment) Layer 5 and above are referred to as data. Header: includes the control unit about the layer i. e. what function each layer did on source computer. Trailer: is used for error detection.

Encapsulation: it is the process of adding header and trailer to the data. De Encapsulation: it is the process of removing headers and trailers On de encapsulation each layer checks only its header and trailers. It is in the destination computer. SAP -> (service access point) it is a software interface between layers. It enables communication between layers. Layer 7: Application Layer: The Application Layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component.

Such application programs fall outside the scope of the OSI model. Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network or the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer.

Some examples of application layer implementations also include: 1. FTP (file transport protocol) : it is used the upload, download a files 2. TFTP (trivial file transport protocol) this also used to exchange files and it is faster than FTP. 3. SMTP (simple mail transfer protocol) it is used to send e-mails. 4. SNMP (simple network management protocol) it used to manage network devices, such as switch router, pc’s etc. 5. TELNET is used to log in to remote devices. 6. HTTP (hypertext transfer protocol) it is used to brows resources 7. DNS (domain name system) is used for name resolution. Name resolution is a process of resolving host names to ip address. Layer 6: Presentation Layer:

The Presentation Layer establishes context between Application Layer entities, in which the higher-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation service data units are encapsulated into session protocol data units, and passed down the stack. This layer provides independence from data representation (e. g. , encryption) by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats and encrypts data to be sent across a network. It is sometimes called the syntax layer.

The original presentation structure used the basic encoding rules of Abstract Syntax Notation One (ASN. 1), with capabilities such as converting an EBCDIC(Extended Binary Coded Decimal Interchange Code )-coded text file to an ASCII(American Standard Code for Information Interchange)-coded file, or serialization of objects and other data structures from and to XML. Layer 5: Session Layer The Session Layer controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures.

The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls. Layer 4: Transport Layer The Transport Layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The Transport Layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This means that the Transport Layer can keep track of the segments and retransmit those that fail.

The Transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. Transport Layer Features • Multiplexing using ports Function that allows receiving hosts to choose the correct application, for which the data is destined, based on the port number. • Error recovery (reliability) Process of numbering and acknowledging data with sequence and Acknowledgment header fields. • Flow control using windowing Process that uses window sizes to protect buffer space and routing devices. • Connection establishment and termination: Process used to initialize port numbers and Sequence and Acknowledgment fields. Ordered data transfer and data segmentation: Continuous stream of bytes from an upper-layer process that is “segmented” for transmission and delivered to upper-layer processes at the receiving device, with the bytes in the same order. Host to host layer protocol: 1. TCP (Transmission Control Protocol) 2. UDP (User Diagram Protocol) TCP has following characteristics: a. tcp is connection oriented, reliable protocol b. it is establishes a virtual ckt before data transfer, which guarantees the delivery of data. c. Segmentation, re-assembly- each segment is identified with the sequence number. d. Destination sends acknowledgement after receiving the data. e. Tcp implement flow control using windowing f. It is slower because it has more overhead UDP has following characteristics a. udp is a connectionless unreliable protocol b. t does not establish virtual ckt. c. Segmentation and reassembly – segments does not use sequence numbers d. No acknowledgements e. No flow control f. Faster than tcp because it has less overheads Port number: In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint. It is used by transport protocols of the Internet Protocol Suite, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). A specific port is identified by its number, commonly known as the port number, the IP address with which it is associated, and the type of transport protocol used for communication.

A well-known range of port numbers is reserved by convention to identify specific service types on host computers. In the client-server model of application architecture this is used to provide a multiplexing service on each port number that network clients connect to for service initiation, after which communication is reestablished on other connection-specific port numbers. Also transport layer identifies its upper layer i. e. (Application layer) by using port number. Every application of tcp/ip requires a unique port number. Port numbers are assigned by IANA (internet assigned number authority). Port number consist of 16 bits and they are represented in decimal digits (0 – 65535) • Number 0 – 1023 are known as well-known ports Number 1024 – 49151 are registered ports. IANA maintains the official list. • Number 49152 – 65535 are private vendor assigned and are dynamic Popular Applications and Their Well-Known Port Numbers Port Number Protocol Application 20TCP FTP data 21TCP FTP control 22 TCP SSH 23 TCP Telnet 25 TCP SMTP 53 UDP, TCP DNS 67, 68 UDP DHCP 69 UDP TFTP 80 TCP HTTP (WWW) 110 TCP POP3 161 UDP, TCPSNMP 443 TCP SSL 16,384–32,767 UDP RTP-based Voice (VoIP) and Video Number above 1023 (1024 – 65535) are known as reply ports or Source or client ports. PC1 Sending Packets to PC2, with Three Applications [pic] TCP and UDP solve this problem by using a port number field in the TCP or UDP header.

Each of PC1’s TCP and UDP segments uses a different destination port number so that PC2 knows which application to give the data to. PC1 Sending Packets to PC2, with Three Applications using port number [pic] Connections between Sockets [pic] netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. [pic] Transmission Control Protocol

When two hosts communicate using TCP, a connection is established before data can be exchanged. After the communication is completed, the sessions are closed and the connection is terminated. The connection and session mechanisms enable TCP’s reliability function. This is why it is called a connection oriented protocol. The host tracks each data segment within a session and exchanges information about what data is received by each host using the information in the TCP header. Each connection represents two one-way communication streams, or sessions. To establish the connection, the hosts perform a three-way handshake. Control bits in the TCP header indicate the progress and status of the connection. The three-way handshake: Establishes that the destination device is present on the network • Verifies that the destination device has an active service and is accepting requests on the destination port number that the initiating client intends to use for the session • Informs the destination device that the source client intends to establish a communication session on that port number In TCP connections, the host serving as a client initiates the session to the server. The three steps in TCP connection establishment are: 1) The initiating client sends a segment containing an initial sequence value, which serves as a request to the server to begin a communications session. ) The server responds with a segment containing an acknowledgement value equal to the received sequence value plus 1, plus its own synchronizing sequence value. The value is one greater than the sequence number because there is no data contained to be acknowledged. This acknowledgement value enables the client to tie the response back to the original segment that it sent to the server. 3) Initiating client responds with an acknowledgement value equal to the sequence value it received plus one. This completes the process of establishing the connection. To understand the three-way handshake process, it is important to look at the various values that the two hosts exchange.

Within the TCP segment header, there are six 1-bit fields that contain control information used to manage the TCP processes. Those fields are: URG – Urgent pointer field significant ACK – Acknowledgement field significant PSH – Push function RST – Reset the connection SYN – Synchronize sequence numbers FIN- No more data from sender These fields are referred to as flags, because the value of one of these fields is only 1 bit and, therefore, has only two values: 1 or 0. When a bit value is set to 1, it indicates what control information is contained in the segment. Using a four-step process, flags are exchanged to terminate a TCP connection. [pic] [pic] Error correction:

In TCP there is segmentation and each segment is identified with sequence numbers. At the destination when error detected at data link layer that frame is discarded so that segment will not reach at transport layer. So the sequence is out or order. So destination will not send ack. So source will resend it. Hence error correction is done. Flow control Using Windowing This is to control the flow of data, if a particular system cannot afford large amount of data. Some data are dropped if the system gets full and ask for re-transfer. In order to avoid this Buffer is used to hold data for a certain extend of time. Thus data flow is controlled. (Buffer is a temporary space in ram)

Window: – It is defined as the amount of data a source can send without receiving an acknowledgement. Or with respect to destination machine the window can define as the amount of data the destination can receive. Destination set the size of window. TCP Header Fields [pic] • Source port (16 bits) – identifies the sending port • Destination port (16 bits) – identifies the receiving port • Sequence number (32 bits) – has a dual role: • If the SYN flag is set (1), then this is the initial sequence number. The sequence number of the actual first data byte and the acknowledged number in the corresponding ACK are then this sequence number plus 1. If the SYN flag is clear (0), then this is the accumulated sequence number of the first data byte of this packet for the current session. • Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end’s initial sequence number itself, but no data. • Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header.

This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data. • Reserved (3 bits) – for future use and should be set to zero • Flags (9 bits) (aka Control bits) – contains 9 1-bit flags • NS (1 bit) – ECN-nonce concealment protection (added to header by RFC 3540). • CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism (added to header by RFC 3168). • ECE (1 bit) – ECN-Echo indicates • If the SYN flag is set (1), that the TCP peer is ECN capable. If the SYN flag is clear (0), that a packet with Congestion Experienced flag in IP header set is received during normal transmission (added to header by RFC 3168). • URG (1 bit) – indicates that the Urgent pointer field is significant • ACK (1 bit) – indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set. • PSH (1 bit) – Push function. Asks to push the buffered data to the receiving application. • RST (1 bit) – Reset the connection • SYN (1 bit) – Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags change meaning based on this flag, and some are only valid for when it is set, and others when it is clear. • FIN (1 bit) – No more data from sender Window size (16 bits) – the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive (see Flow control and Window Scaling) • Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data • Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte • Options (Variable 0-320 bits, divisible by 32) – The length of this field is determined by the data offset field. Options have up to three fields: Option-Kind (1 byte), Option-Length (1 byte), Option-Data (variable). The Option-Kind field indicates the type of option, and is the only field that is not optional. Depending on what kind of option we are dealing with, the next two fields may be set: the Option-Length field indicates the total length of the option, and the Option-Data field contains the value of the option, if applicable.

For example, an Option-Kind byte of 0x01 indicates that this is a No-Op option used only for padding, and does not have an Option-Length or Option-Data byte following it. An Option-Kind byte of 0 is the End Of Options option, and is also only one byte. An Option-Kind byte of 0x02 indicates that this is the Maximum Segment Size option, and will be followed by a byte specifying the length of the MSS field (should be 0x04). Note that this length is the total length of the given options field, including Option-Kind and Option-Length bytes. So while the MSS value is typically expressed in two bytes, the length of the field will be 4 bytes (+2 bytes of kind and length). In short, and MSS option field with a value of 0x05B4 will show up as (0x02 0x04 0x05B4) in the TCP options section. Padding – The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary. The padding is composed of zeros. [6] Some options may only be sent when SYN is set; they are indicated below as [SYN] Option-Kind and standard lengths given as (Option-Kind,Option-Length). • 0 (8 bits) – End of options list • 1 (8 bits) – No operation (NOP, Padding) This may be used to align option fields on 32-bit boundaries for better performance. • 2,4,SS (32 bits) – Maximum segment size (see maximum segment size) [SYN] • 3,3,S (24 bits) – Window scale (see window scaling for details) [SYN][7] • 4,2 (16 bits) – Selective Acknowledgement permitted. SYN] (See selective acknowledgments for details)[8] • 5,N,BBBB,EEEE,… (variable bits, N is either 10, 18, 26, or 34)- Selective ACKnowledgement (SACK)[9] These first two bytes are followed by a list of 1-4 blocks being selectively acknowledged, specified as 32-bit begin/end pointers. • 8,10,TTTT,EEEE (80 bits)- Timestamp and echo of previous timestamp (see TCP timestamps for details)[10] • 14,3,S (24 bits) – TCP Alternate Checksum Request. [SYN][11] • 15,N,… (variable bits) – TCP Alternate Checksum Data. (The remaining options are obsolete, experimental, not yet standardized, or unassigned) TCP flag: – Specifies whether it is Sync /fin. ( Code Bits) URG |The urgent pointer is valid . | |ACK |The acknowledgment number is valid. | |PSH |The receiver should pass this data to the application as soon as possible. | |RST |Reset the connection. | |SYN |Synchronize sequence numbers to initiate a connection. | |FIN |The sender is finished sending data. | Window: – window size TCP’s flow control is provided by each end advertising a window size. This is the number of bytes, starting with the one specified by the acknowledgment number field, that the receiver is willing to accept. This is a 16-bit field, limiting the window to 65535 bytes. Ack no: – next expected sequence number. this is a number which can be send next expected sequence number to source via ack) Since every byte that is exchanged is numbered, the acknowledgment number contains the next sequence number that the sender of the acknowledgment expects to receive. This is therefore the sequence number plus 1 of the last successfully received byte of data. This field is valid only if the ACK flag (described below) is on. Sending an ACK costs nothing because the 32-bit acknowledgment number field is always part of the header, as is the ACK flag. Therefore we’ll see that once a connection is established, this field is always set and the ACK flag is always on. Sequence number : – The number used to ensure correct sequencing the arriving data.

The sequence number identifies the byte in the stream of data from the sending TCP to the receiving TCP that the first byte of data in this segment represents. If we consider the stream of bytes flowing in one direction between two applications, TCP numbers each byte with a sequence number. This sequence number is a 32-bit unsigned number that wraps back around to 0 after reaching 232 – 1. When a new connection is being established, the SYN flag is turned on. The sequence number field contains the initial sequence number (ISN) chosen by this host for this connection. The header length gives the length of the header in 32-bit words. This is required because the length of the options field is variable.

With a 4-bit field, TCP is limited to a 60-byte header. Without options, however, the normal size is 20 bytes. The checksum covers the TCP segment: the TCP header and the TCP data. This is a mandatory field that must be calculated and stored by the sender, and then verified by the receiver The urgent pointer is valid only if the URG flag is set. This pointer is a positive offset that must be added to the sequence number field of the segment to yield the sequence number of the last byte of urgent data. TCP’s urgent mode is a way for the sender to transmit emergency data to the other end Source Port Destination Port sync window ack no seq no data 1026 |80 |sync |Window | |2001 | | |80 |1026 |Sync ack |3 |2002 |3000 | | |1026 |80 |ack | |3001 |2002 | | |1026 |80 | | |3001 |2003 | | |1026 |80 | | |3001 |2004 | | |1026 |80 | | |3001 |2005 | | 80 |1026 | | |2006 |3001 | | |1026 |80 |Fin | | | | | UDP Header [pic] The UDP length field is the length of the UDP header and the UDP data in bytes. The minimum value for this field is 8 bytes. (Sending a UDP datagram with 0 bytes of data is OK. ) This UDP length is redundant. The length of the UDP datagram is this total length minus the length of the IP The UDP checksum covers the UDP header and the UDP data TCP and UDP Headers: [pic] Converting from Sound to Packets with a voice adapter(VA) [pic] Layer 3: Network Layer

The Network Layer provides the functional and procedural means of transferring variable length data sequences from a source host on one network to a destination host on a different network, while maintaining the quality of service requested by the Transport Layer (in contrast to the data link layer which connects hosts within the same network). Functions: 1. Routing: The process of forwarding packets (Layer 3 PDUs). 2. Logical addressing: Addresses that can be used regardless of the type of physical networks used, providing each device (at least) one address. Logical addressing enables the routing process to identify a packet’s source and destination. 3.

Routing protocol: A protocol that aids routers by dynamically learning about the groups of addresses in the network, which in turn allows the routing (forwarding) process to work well. 4. Other utilities: The network layer also relies on other utilities. For TCP/IP, these utilities include Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and ping. OSI does define a unique Layer 3 protocol called Connectionless Network Services (CLNS), but, as usual with OSI protocols, you rarely see it in networks today. In the recent past, you might have seen many other network layer protocols, such as Internet Protocol (IP), Novell Internetwork Packet Exchange (IPX), or AppleTalk Datagram Delivery Protocol (DDP).

Today, the only Layer 3 protocol that is used widely is the TCP/IP network layer protocol—specifically, IP. 1. Routing: [pic] Routing focuses on the end-to-end logic of forwarding data. When PC1 wants to send data to PC2. It will send packet to the nearby router. When a packet comes in to Router it will check destination ip address of packet and search for that entry in routing table. If it found an entry it will place packet to corresponding interface. If it the entry is not found in its routing table, it will drop the packet. For building the routing table we use different kind of routing protocols. [pic] Routing as covered so far has two main concepts: The process of routing forwards Layer 3 packets, also called Layer 3 protocol data units (L3 PDU), based on the destination Layer 3 address in the packet. ? The routing process uses the data link layer to encapsulate the Layer 3 packets into Layer 2 frames for transmission across each successive data link. 2. IP packet: Internet protocol (IP) a) IP creates IP packets and carries data b) IP is responsible for IP addressing c) IP is connectionless Protocol d) Provides best-effort delivery of packets IP Header: [pic] IPv4 Header Fields |Field |Meaning | |Version |Version of the IP protocol.

Most networks use version 4 today. | |IHL |IP Header Length. Defines the length of the IP header, including optional fields. Since this | | |is a 4-bit field, it limits the header to 60 bytes | |DS Field |Differentiated Services Field. It is used for marking packets for the purpose of applying | | |different quality-of-service (QoS) levels to different packets. | |Packet length |Identifies the entire length of the IP packet, including the data. |Identification |Used by the IP packet fragmentation process; all fragments of the original packet contain the| | |same identifier. | |Flags |3 bits used by the IP packet fragmentation process. | |Fragment offset |A number used to help hosts reassemble fragmented packets into the original larger packet. | |TTL |Time to live. A value used to prevent routing loops. | |Protocol |A field that identifies the contents of the data portion of the IP packet. For example, | | |protocol 6 implies that a TCP header is the first thing in the IP packet data field. | |Eg : TCP – 0x6 | | |UDP – 0x17 | | |ICMP – 0x1 | |Header Checksum |A value used to store an FCS value, whose purpose is to determine if any bit errors occurred | | |in the IP header. | |Source IP address |The 32-bit IP address of the sender of the packet. | |Destination IP address |The 32-bit IP address of the intended recipient of the packet. | Addressing: One key feature of network layer addresses is that they were designed to allow logical grouping of addresses.

In other words, something about the numeric value of an address implies a group or set of addresses, all of which are considered to be in the same grouping. With IP addresses, this group is called a network or a subnet. These groupings work just like zip (postal) codes, allowing the routers (mail sorters) to speedily route (sort) lots of packets (letters). Just like postal street addresses, network layer addresses are grouped based on physical location in a network. A routing protocol learns routes and puts those routes in a routing table. A routed protocol defines the type of packet forwarded, or routed, through a network e. g. IP would be the routed protocol. If the routers used Routing Information Protocol (RIP) to learn the routes, RIP would be the routing protocol. Network Layer Utilities

TCP/IP network in the world to help the network layer with its task of routing packets from end to end through an internetwork: ¦ Address Resolution Protocol (ARP) ¦ Domain Name System (DNS) ¦ Dynamic Host Configuration Protocol (DHCP) ¦ Ping The Address Resolution Protocol (ARP) is a computer networking protocol for determining a network host’s Link Layer or hardware address when only its Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on IP addresses when the next-hop router must be determined. ARP was defined by RFC 826 in 1982. [1] It is Internet Standard STD 37. It builds a correlation between an IP address and a MAC address.

ARP has been implemented in many types of networks, such as Internet Protocol (IP), CHAOS, DECNET, Xerox PARC Universal Packet, Token Ring, FDDI, IEEE 802. 11 and other LAN technologies, as well as the modern high capacity networks, such as Asynchronous Transfer Mode (ATM). Due to the overwhelming prevalence of IPv4 and Ethernet in general networking, ARP is most frequently used to translate IPv4 addresses (OSI Layer 3) into Ethernet MAC addresses (OSI Layer 2). In IPv6, ARP’s functionality is provided by the Neighbor Discovery Protocol (NDP). ARP process consist of ARP request -;gt; Broadcast ARP reply -;gt; Unicast R1#show ip arpTo view ARP table in Router R1#arp timeout seconds arp -aTo view ARP table in Windows/Linux [pic]

The Reverse Address Resolution Protocol (RARP) is an obsolete computer networking protocol used by a host computer to request its Internet Protocol (IPv4) address from an administrative host, when it has available its Link Layer or hardware address, such as a MAC address. It is exactly the opposite of ARP. The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www. xample. com translates to the addresses 192. 0. 32. 10 (IPv4) and 2620:0:2d0:200::10 (IPv6). [pic] The Dynamic Host Configuration Protocol (DHCP) is an automatic configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.

Ping (Packet InterNet Groper) is a computer network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. The name comes from active sonar terminology. Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response. In the process it measures the time from transmission to reception (round-trip time)[1] and records any packet loss. The results of the test are printed in form of a statistical summary of the response packets received, including the minimum, maximum, and the mean round-trip times, and sometimes the standard deviation of the mean

ICMP messages: 1. echo 2. echo reply 3. destination unreachable 4. host unreachable Syntax =;gt; ping Ping verifies the connectivity on the network layer. If successful indicates network, data link and physical layer on source and destination is working. Codes that the ping Command Receives in Response to Its ICMP Echo Request: [pic] traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. traceroute outputs the list of traversed routers in simple text format, together with timing information Traceroute is available on most operating systems racert On Windows traceroute On cisco ios ; Linux Layer 2: Data Link Layer Provides Error detection, framing, providing physical addressing, logical topology The Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect errors that may occur in the Physical Layer. Note this layer detects error, but will not correction Use error detection algorithm Eg: CRC: cyclic redundancy check; trailer on the data link layer is used for error detection Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system.

Local area network architecture, which included broadcast-capable multiaccess media, was developed independently of the ISO work in IEEE Project 802. IEEE work assumed sublayering and management functions not required for WAN use. In modern practice, only error detection, not flow control using sliding window, is present in data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks, the IEEE 802. 2 LLC layer is not used for most protocols on the Ethernet, and on other local area networks, its flow control and acknowledgment mechanisms are rarely used. Sliding window flow control and acknowledgment is used at the Transport Layer by protocols such as TCP, but is still used in niches where X. 25 offers performance advantages. The ITU-T G. n standard, which provides high-speed local area networking over existing wires (power lines, phone lines and coaxial cables), includes a complete Data Link Layer which provides both error correction and flow control by means of a selective repeat Sliding Window Protocol. Both WAN and LAN service arrange bits, from the Physical Layer, into logical sequences called frames. Not all Physical Layer bits necessarily go into frames, as some of these bits are purely intended for Physical Layer functions. For example, every fifth bit of the FDDI bit stream is not used by the Layer. WAN Protocol architecture Wan technology defines communication process within Wan Eg: PPP | HDLC } point to point ISDN | Frame relay | X. 25 } multi point Atm | Connection-oriented WAN data link protocols, in addition to framing, detect and may correct errors.

They are also capable of controlling the rate of transmission. A WAN Data Link Layer might implement a sliding window flow control and acknowledgment mechanism to provide reliable delivery of frames; that is the case for SDLC and HDLC, and derivatives of HDLC such as LAPB and LAPD. IEEE 802 LAN architecture: LAN technology defines communication within LAN Eg: Ethernet ( 90 % ) -;gt; uses bus and star physical topology Token passing (ring) (developed by IBM) use ring or star ring physical topology FDDI -;gt; uses ring but with fiber optics Practical, connectionless LANs began with the pre-IEEE Ethernet specification, which is the ancestor of IEEE 802. 3.

This layer manages the interaction of devices with a shared medium, which is the function of a Media Access Control (MAC) sublayer. Above this MAC sublayer is the media-independent IEEE 802. 2 Logical Link Control (LLC) sublayer, which deals with addressing and multiplexing on multiaccess media. While IEEE 802. 3 is the dominant wired LAN protocol and IEEE 802. 11 the wireless LAN protocol, obsolescent MAC layers include Token Ring and FDDI. The MAC sublayer detects but does not correct errors. Operation of Ethernet: Historically speaking, several competing LAN standards existed, including Token Ring, Fiber Distributed Data Interface (FDDI), and Asynchronous Transfer Mode (ATM).

Eventually, Ethernet won out over all the competing LAN standards, so that today when you think of LANs, no one even questions what type— it’s Ethernet. Ethernet was developed by DIX (Digital Equipment Corp (DEC), Intel, Xerox-(Xerox Initiated it 1980’s)) version Ethernet II IEEE (Institute of Electrical and Electronics Engineers) formed a committee IEEE 802. 3 to standardize Ethernet Today’s Most Common Types of Ethernet: [pic] The term Ethernet is often used to mean “all types of Ethernet,” but in some cases it is used to mean “10BASE-T Ethernet. And here T referring to the T in twisted pair. The IEEE formed two committees that worked directly on Ethernet—the 1. IEEE 802. 2 committee (Logical Link Control (LLC)) : Transitions up to the network layer 2. IEEE 802. committee (Media Access Control (MAC)): Transitions down to the physical layer ? LLC Sublayer: The IEEE created the LLC sublayer to allow part of the data link layer to function independently from existing technologies. This layer provides versatility in services to the network layer protocols that are above it, while communicating effectively with the variety of MAC and Layer 1 technologies below it. The LLC, as a sublayer, participates in the encapsulation process. An LLC header tells the data link layer what to do with a packet when it receives a frame. For example, a host receives a frame and then looks in the LLC header to understand that the packet is destined for the IP protocol at the network layer.

The original Ethernet header (prior to IEEE 802. 2 and 802. 3) did not use an LLC header. Instead, it used a type field in the Ethernet header to identify the Layer 3 protocol being carried in the Ethernet frame. ? MAC Sublayer: The MAC sublayer deals with physical media access. The IEEE 802. 3 MAC specification defines MAC addresses, which uniquely identify multiple devices at the data link layer. The MAC sublayer maintains a table of MAC addresses (physical addresses) of devices. To participate on the network, each device must have a unique MAC address. (The 802. 2 standard applied to Ethernet as well as to other IEEE standard LANs such as Token Ring. ) [pic]

Carrier sense multiple access with collision detection (CSMA/CD) is a computer networking access method in which: • a carrier sensing scheme is used. • a transmitting data station that detects another signal while transmitting a frame, stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to send that frame again. CSMA/CD is a modification of pure carrier sense multiple access (CSMA). CSMA/CD is used to improve CSMA performance by terminating transmission as soon as a collision is detected, thus reducing the probability of a second collision on retry. [pic] Ethernet Addressing The IEEE defines the format and assignment of LAN addresses.

IEEE calls them MAC(Media Access Control. ) addresses because the MAC protocols such as IEEE 802. 3 define the addressing details. ) To ensure a unique MAC address, the Ethernet card manufacturers encode the MAC address onto the card, usually in a ROM chip. The first half of the address identifies the manufacturer of the card. This code, which is assigned to each manufacturer by the IEEE, is called the organizationally unique identifier (OUI). Each manufacturer assigns a MAC address with its own OUI as the first half of the address, with the second half of the address being assigned a number that this manufacturer has never used on another card and is called Vendor ID. [pic]

Each LAN card comes with a burned-in address (BIA) that is burned into the ROM chip on the card. BIAs sometimes are called universally administered addresses (UAA) because the IEEE universally administers address assignment. Many people refer to unicast addresses as either LAN addresses, Ethernet addresses, hardware addresses, physical addresses, or MAC addresses. MAC address are used to uniquely identify devices at Layer 2 ; to allow communication between different devices on the same network Ethernet Framing: Framing defines how a string of binary numbers is interpreted. In other words, framing defines the meaning behind the bits that are transmitted across a network.

The physical layer helps you get a string of bits from one device to another. When the receiving device gets the bits, how should they be interpreted? The term framing refers to the definition of the fields assumed to be in the data that is received. In other words, framing defines the meaning of the bits transmitted and received over a network. The process of creating frames is called framing. Data link layer creates frames based on data link layer technology ( eg Ethernet frames, token ring, ppp etc) Framing differs with different data link layer technology. These technologies is stored or mentioned in the data link header. Eg: Ethernet header, token ring header LAN Header Formats 1.

Ethernet II ( by 3 companies DEC, Intel, Xerox) [pic] 2. IEEE 802. 3( by IEEE standard ) [pic] [pic] IEEE 802. 3 Ethernet Header and Trailer Fields: |Field |Field Length in |Description | | |Bytes | | |Preamble |7 |Synchronization | | | |Indicate starting of frame.

It is 101010 pattern, if no frame then 0000 | |Start Frame Delimiter (SFD) |1 |Signifies that the next byte begins the Destination MAC field | |Source and Destination MAC address |6 |Identify the sender and receiver | |Length |2 |Defines the length of the data field of the frame (either length or | | | |type is present, but not both) | |Type |2 |Defines the type of protocol listed inside the frame (eitherlength or type | | | |is present, but not both) |Data and Pad* |46–1500 |Holds data from a higher layer, typically an L3 PDU (generic), and often an| | | |IP packet | |Frame Check |4 |Provides a method for the receiving NIC to determine if the frame | |Sequence (FCS) | |experienced transmission errors | *The IEEE 802. 3 specification limits the data portion of the 802. 3 frame to a maximum of 1500 bytes. The Data field was designed to hold Layer 3 packets; the term maximum transmission unit (MTU) defines the maximum Layer 3 packet that can be sent over a medium. Because the Layer 3 packet rests inside the data portion of an Ethernet frame, 1500 bytes is the largest IP MTU allowed over an Ethernet. To see the MTU size, type the command on Router/Switch: “show interface” Identifying the Data Inside an Ethernet Frame Many different network layer (Layer 3) protocols have been designed.

Most of these protocols were part of larger network protocol models created by vendors to support their products, such as IBM Systems Network Architecture (SNA), Novell NetWare, Digital Equipment Corporation’s DECnet, and Apple Computer’s AppleTalk. Additionally, the OSI and TCP/IP models also defined network layer protocols. All these Layer 3 protocols, plus several others, could use Ethernet. To use Ethernet, the network layer protocol would place its packet (generically speaking, its L3 PDU) into the data portion of the Ethernet frame. Most data-link protocol headers, including Ethernet, have a field with a code that defines the type of protocol header that follows.