Answer to Question #89938 in Computer Networks for matimu

  Function and protocols of the layers of the TCP/IP model.

IP network

The IP network (what the Internet is) differs from global networks in what is compound network from subnets which number is measured by thousands. Use of a stack of protocols not of the reference OSI model, but the reference model of TCP/IP is characteristic of the Internet. In (fig. 1) the stack of protocols of TCP/IP and its compliance to OSI model levels is presented. A distinctive feature of TCP/IP is also that IP packages can be transferred with the use of various technologies of compound networks, including by means of already considered global networks X.25, FR, and ATM which are independent with the protocols, addressing, etc. Another feature is that the reference TCP/IP model, unlike the reference OSI model, was developed under the concrete compound network internet or internet). Subnets, the compound network making this, connect among themselves routers. Both local, and global networks of various technologies can be such subnets.

Applied level of a stack of TCP/IP (level 4) corresponds to three top levels of the OSI model. Treat protocols of applied level the protocol of transfer of files (FTP); protocol of e-mail (SMTP); the protocol used for creation of pages in a world wide web of WWW (HTTP) - a basis for access to the documents connected among themselves; the protocol of transformation (DNS) of text names to network IP addresses, the simple protocol of network management (SNMP), protocols according to the alarm system and data transmission (SIP, RTP/RTCP) in IP-telephony or the speech over IP (VoIP-Voice over IP), etc. Also protocols of information security Kerberos, PGP, SET, etc. belong to protocols of the applied level.

Transport level of a stack TCP/IP

Transport level of a stack of TCP/IP (level 3) provides data transmission between applied processes. Transport level includes two TCP and UDP protocols. The protocol of management of the transfer of TCP (Transmission Control Protocol) is the reliable protocol with the connection establishment allowing to operate a stream i.e. without mistakes to deliver a byte stream from one car to any other car of the compound network. To provide safe delivery of data, the TCP protocol provides the establishment of a logical connection. It allows it to number packages, to confirm their reception with receipts, in case of loss to organize repeated transfers, to distinguish and destroy duplicates, to deliver to applied level in that order in which they were sent. The packages arriving on transport level will be organized in the form of a set of lines to entry points of applied processes. In TCP/IP terminology such turns which are unambiguously defining the appendix within a host are called ports. Behind ports of each standard application number, for example, TCP port No. 21 - behind the protocol of transfer of the FTP file (File Transport Protocol) is defined. Number of the port in total with a number of network and number of the final knot has the name a socket (socket). Each logical connection is identified by a couple of sockets of the interacting processes. The second protocol of transport level - the protocol of users of the datagrams UDP (User Data Protocol) is the elementary datagram protocol (i.e. without connection establishment). The protocol of information security SSL/TLS belongs to the protocol of transport level. Protocols of applied and transport levels of a stack of the TCP/IP levels are established at terminal stations (hosts) of the network.

Network level of a stack TCP/IP

Network level of a stack of TCP/IP (level 2) called by also network level (on the OSI model), is a core of all architecture of TCP/IP. This level which functions correspond to the network level of the OSI model provides transfer of packages of data within all compound network. Protocols of network level support interfaces with overlying transport level, receiving from it requests for data transmission on the compound network. The main protocol of the network level is the network IP protocol (Internet Protocol). It provides an advance of a package between subnets - from one boundary router to another until the package does not get to a destination network. The IP protocol as well as protocols of functions of switching of global communication networks (FR, ATM, etc.), is established not only on terminal points (hosts) but also on all routers of the network. The router represents the processor which connects among themselves two networks (subnets). The protocol of network level works in the mode without connection establishment (the datagram mode) according to which he is not responsible for delivery of a package to appointment knot. At loss of a package in a network, the IP protocol does not try to restore it.

The heading of an IP package contains the IP address of the sender and recipient - on 4 bytes everyone. Also, the protocols performing functions of drawing up and correction of tables of routing of RIP (Routing Internet Protocol), OSPF (Open Shortest Path First), the protocol of the network operating messages of ICMP (Internet Control Message Protocol) belong to the network level. The protocol of information security IPSec belongs to the protocol of the network level.

 Physical access level (Physical level) of a stack of TCP/IP (level 1) is responsible for the organization of the interface with private technologies of subnets of the compound network. It is possible to consider the movement of a package as the sequence of "jumps" from one router to another. On the next router at the physical level, the network address of the router following along a route is defined. To transfer an IP package to this router, it is necessary to transfer it through some subnet. For this purpose, it is necessary to use vehicles of this subnet. The problem of level of network access comes down to encapsulation (investment) of a package in the block of data of this intermediate network and in the transformation of network addresses of boundary routers of this subnet to a new type of the address accepted in the technology of intermediate network.

An example of data migration in the IP network

On the example of IP network (fig. 2), we will show data migration of the terminal station A of a local area network (subnet) of Ethernet to the terminal station In a network (subnet) of ATM. Apparently, from the drawing, this compound network still includes network (subnet) Frame Relay. The example of gateway interaction of Ethernet networks and ATM given in work is the basis for the provided simplified description. In addition, the network (subnet) Frame Relay is entered into this compound network. The principle of routing and the short description of protocols of routing on the Internet are given in the following chapter. In order that the TCP/IP technology could solve a problem of merging of networks, own global system of addressing which is not depending on ways of addressing of knots in separate subnets is necessary for it. Such address is the IP address consisting of the address of a subnet (prefix) and the address of the terminal (host). Let's give an example of addressing a subnet and a host. The IP address 200.15.45.126/25 means that 25 senior bits from the allocated 4 bytes under addressing are the subnet address, and the remained 7 bits mean the host address in this network.

Apparently, from the previous heads, global networks Frame Relay and ATM have various systems of numbering which differ from the system of numbering of the local area network (LAN) of Ethernet technology. Each Ethernet computer has a unique physical address consisting of 48 bits. This address is called the MAC-address and belongs to channel level — management of access to the MAC environment (Media Access Control). For the organization of gateway interaction of subnets of various technology and addressing the routers including IP packages are used. Global IP addresses are a part of these packages. Each interface of the router of the IP network and the terminal includes two addresses – the local address of the terminal of a subnet and the IP address.

Let's consider the advance of an IP package in the network (fig. 2).

1. The user of the computer A of Ethernet network having the IP address                (IP address 1) addresses under the protocol of transfer of the FTP file to the computer B connected to ATM network and the having IP address (IP address 6).

2. The computer A forms Ethernet shot for sending an IP package. The M1 router and the entering interface for transfer of this IP package will be determined by the table of routing in the computer A on the basis of IP addresses A and B. At the same time the M1 router interface IP address becomes known (IP address 2).

3. The computer A sends the IP package encapsulated in a shot of Ethernet and including the following fields (fig. 3) on an Ethernet network.

The MAC-address in the heading off a shot Ethernet occupies 6 bytes. By means of the protocol of permission of the addresses ARP (Address Resolution Protocol), the local addresses MAC-address 1 and MAC-address 2 are determined by the known IP addresses (The IP address 1 and the IP address 2).

4. The shot is accepted on the entrance interface of the M1 router according to the Ethernet protocol. The Ethernet protocol takes the IP package encapsulated in it from the accepted shot. From this IP package, the M1 router takes the IP address of appointment (IP address 6).

5. By means of the table of routing in M1 IP addresses of the output interface from M1 and the entrance interface of the M2 router, i.e. the IP address 3 and the IP address 4 are defined.

6. Local addresses of a subnet Frame Relay the FR address 1 and the FR address 2 are determined by the global addresses IP address 3 and the IP address 4 respectively.

7. The IP package is transferred on a virtual channel of Frame Relay network, using at the same time local addresses the FR address 1 and the FR address 2. This IP package is encapsulated in FR shot.

8. The shot of FR is accepted on the entrance interface of the M2 router according to the protocol of the Frame Relay network. The accepted IP package is taken, having dumped heading of the accepted FR shot. The IP address of appointment (IP address 6) is taken.

9. By means of the table of  M2 router is defined IP addresses of the output interface (IP address 5) of the M2 router and the IP address of appointment (IP address 6). At the same time to global addresses, the local addresses of ATM address corresponding to the 1 and ATM address 2 are defined. The IP package is transferred on a virtual channel of the ATM network, using these local addresses.

10. As a result, the IP package from computer A comes to computer B.

Protocols of TCP/IP

The short description of the protocol of the applied SNMP level and the protocol of the transport TCP level of architecture TCP/IP is given below.

The protocol of the applied SNMP level

Big networks cannot be adjusted and cope manually in respect of change of a configuration of the network, elimination of malfunction in the network, collecting parameters about quality of service. If in a network the equipment of different producers is used, the need for such means becomes especially necessary. In this regard standards of network management were developed. One of the most widely used is the simple protocol of management of SNMP network (Simple Network Management Protocol). Let's provide short data on the architecture of network management. The system of network management includes tools for the solution of tasks of management. At the same time use of already available equipment by the introduction in its additional equipment rooms and software is necessary for the management of the network. This software is placed in hosts, communication processors and other devices of the network.

The model of network management used for SNMP consists of the following elements:

• the station of management which is carrying out an interface role between the network administrator and system of network management. The station of management allows exercising monitoring of network and control by the network. In this station, there is a database with information obtained from information bases of all operated objects of the network;

• the agent of management (hosts, switchboards, etc.) which respond to the requests from the station of management. The agent provides with information to the station and without inquiry;

• the agent supports the database called by MIB (a management information base, Management Information Base) in which the configuration, characteristics and a condition of devices are written down.

The station of management and agents interact under the SNMP protocol. As the management of network a task multi-purpose, we will bring some opportunities for use of the SNMP protocol into Frame Relay networks. The agent supports the database called by MIB (a management information base, Management Information Base) in which the configuration, characteristics and a condition of devices are written down. The forum Frame Relay standardized MIB for Frame Relay devices. In most services Frame Relay the provider collects information from agents of SNMP in each FR switchboard and signs up it in the central base MIB for general use. Thereby the uniform source of statistical information on all connections of virtual channels of the network is provided to the user. It gives the chance to trace the data flow in a network of provider from the switchboard to the switchboard. It is possible to use SNMP for collecting statistics and emergency messages from own equipment connected to the FR network. For this purpose, it is necessary to work with a set of MIB. For data collection on the basis of SNMP, it is possible to use a virtual channel of FR.

SNMP can operate a configuration of the network. For FR network it concerns both physical and logical configuration of the network, including addressing establishment, DLCI definition, the purpose of bandwidth for PVC. SNMP can operate the elimination of malfunctions in the network when receiving by a control system of emergency messages from the agent of the network device.

Ensuring information security of the SNMP protocol

In the document RFC 2574 the USM model is defined (User Security Model – a model of protection of the user) when using the SNMP protocol. USM was developed for the purpose of protection against threats of the following types.

1. Modification of information. On transits of the message generated by the authorized object, some other object can change this message to execute unauthorized operations of management (for example, having established the corresponding values of an object of management). The essence of threat is that an unauthorized object can change any parameters of management, including parameters of a configuration, the performed operations, and control.

2. Imitation. An object can try to execute the operations of management which are not allowed for it, identifying this object with some authorized object.

3. Modification of a flow of messages. The SNMP protocol is intended for work on the transport protocol which is not assuming installation of connections. There is a threat of reordering, a delay or reproduction (duplication) of messages of SNMP for unauthorized management. For example, it is possible to copy and subsequently to reproduce the message causing a restart of the device.

4. Disclosure of information. Watching a data exchange stream between the administrator and the agent, an object can find out values of the operated objects and distinguish the being subject registrations of an event. For example, observation of a set of the teams changing passwords is able to afford to attack to learn new passwords.

The protocol of the transport TCP level

The protocol of the transport TCP level performs the function of management of streams between terminal points as the IP level does not guarantee the correct delivery of datagrams. Datagrams from the IP level can arrive in the wrong order. Restores messages from such datagrams the TCP protocol, providing these the reliable mode of the established connection with a low probability of loss of a package. The mechanism of management of streams used by TSR differs from the mechanism of restoration of the correct sequence of shots in X.25 and is called the scheme of the credits. In this scheme, it is considered that each transferred byte of data has a serial number. Borders between messages do not remain. For example, if the sending applied process writes down four 512-byte portions of data in the TSR-stream, these data can be delivered to the receiving process in the form of four 512-byte portions, either two 1024-byte portions, or one 2048-byte portion. Each legal unit of PDU TCP is called a segment of TCP and includes the port of data source and port of the recipient in segment heading. Values of ports identify the corresponding users (appendix) of two objects of TCP.

Logical communication belongs to this couple of value of ports. In the course of communication, each object traces the TCP segments received from other party or sent to another party to regulate a stream of segments and to restore the lost or damaged segments. A standard number of port unambiguously identifies appendix type, however, it cannot unambiguously identify the applied process of this appendix. One appendix can carry out several processes at the same time. Therefore applied process unambiguously is defined within the network and within the separate computer by a couple (The IP address, number of the port) and is called a socket (socket). The logical TCP connection is unambiguously identified by a couple of sockets determined for this connection by two interacting sockets.

During the work on a host sender, the TCP protocol considers information arriving at it from the level of appendices as an unstructured stream of bytes. These data are buffered by means of TCP. On the IP level segments to which headings are added "are cut out" from the buffer. The segments of SYN and ACK serving for TCP connection establishment are a part of the heading.

For transfer of a segment of data, there are three fields connected with the management of a stream (restoration of the integrity of the accepted message): serial number (SN), number of confirmation (AN) and window (W). When a transport object sends a segment, it places a serial number of the first byte in the data field of a segment. The accepting object confirms receiving a segment by means of the return segment in which (AN=i, W=j) that means:

• all bytes to SN=i-1 are confirmed. The following expected byte has number AN=i.

• it is allowed to send an additional window from W=j of bytes of data, i.e. bytes from I to i+j-1.

Thus, the TCP protocol provides safe delivery of the messages arriving from the network from the unreliable datagram protocol at the gateway level. In X.25 network function of safe delivery is performed by the channel level of the OSI model which was in detail considered in the previous heads, and in Frame Relay network this function fulfills the ITU-T Q.921 protocol.