Computer network foundation, read not afraid of interview

preface

The core content of computer network learning is network protocol learning. A network protocol is a set of rules, standards or conventions established for data exchange in a computer network. Because different user data terminal may adopt different character set, they need to communicate, must be carried out in a certain standard. A good analogy is our language. We are a vast country with a large population and rich local languages, and there are huge differences between dialects. The dialect of region A may not be acceptable to people in region B, so we have to establish A language standard for the communication of people’s names across the country, and that is the role of our Mandarin. Similarly, looking around the world, English is our standard language of communication with foreign friends, so we have to learn English reluctantly and painfully.

Computer network protocols are as diverse as our languages. And ARPA company and 1977 to 1979 launched a network protocol named ARPANET by a wide range of hot, the main reason is that it launched the well-known TCP/IP standard network protocol. TCP/IP has become the “universal language” in the Internet. The following figure shows the communication between different computer groups using TCP/IP.

1. Network hierarchy division

In order to enable computers produced by different computer manufacturers to communicate with each other in order to build computer networks in a larger area, the International Organization for Standardization (ISO) proposed the “Open Systems Interconnection Reference Model” in 1978. The famous OSI/RM Model (Open System Interconnection Reference Model). It divides the communication protocol of computer network architecture into seven layers, from bottom to top: Physics Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer and Presentation Layer Layer, Application Layer. Among them, the fourth layer completes the data transmission service, and the upper three layers to the user.

In addition to the standard OSI seven-layer model, common network layers are divided into TCP/IP four-layer protocol and TCP/IP five-layer protocol. The corresponding relationship between them is shown as follows:

2. OSI seven-layer network model

TCP/IP protocol is undoubtedly the basic protocol of the Internet, without it it is impossible to access the Internet, any operation related to the Internet are inseparable from TCP/IP protocol. Whether it is the OSI seven-layer model or the TCP/IP four-layer or five-layer model, each layer needs its own proprietary protocol to do its own work and communicate with the upper and lower layers. As the OSI seven-layer model is the standard level of network division, so we take OSI seven-layer model as an example from the bottom up to introduce one by one.

1) Physical Layer

Activate, maintain, and close mechanical, electrical, functional, and process characteristics between communication endpoints. ** This layer provides a reliable physical medium for upper-layer protocols to transfer data. Simply put, the physical layer ensures that raw data can be transmitted over a variety of physical media. ** The physical layer remembers two important device names, Repeaters (also called amplifiers) and hubs.

2) Data Link Layer

The data link layer provides services to the network layer on the basis of the services provided by the physical layer. The most basic service of the data link layer is to reliably transmit the data from the network layer to the target computer network layer of adjacent nodes. In order to achieve this goal, the data link must have a series of corresponding functions, mainly including: how to combine data into data blocks, which is called frame in the data link layer, frame is the transmission unit of the data link layer; How to control the transmission of frames on the physical channel, including how to deal with transmission errors, how to adjust the transmission rate to match the receiver; And management that provides the establishment, maintenance, and release of data link paths between two network entities. The data link layer provides reliable transport over unreliable physical media. The functions of this layer include: physical address addressing, data framing, flow control, data error detection, retransmission, etc.

Important facts about the data link layer:

1> The data link layer provides reliable data transmission for the network layer;

2> The basic data unit is frame;

3> Main protocol: Ethernet protocol;

4> Two important device names: bridge and switch.

3) Network Layer

The purpose of the network layer is to realize the transparent transmission of data between two end systems. The specific functions include addressing and routing, connection establishment, maintenance and termination, etc. It provides services that eliminate the need for the transport layer to understand data transfer and switching technologies in the network. If you want to remember the network layer in as few words as possible, it’s “path selection, routing, and logical addressing.”

Many protocols are involved in the network layer, including the most important protocol, which is also the core protocol of TCP/IP – IP protocol. The IP protocol is very simple and provides only unreliable, connectionless transport services. The main functions of IP protocol are connectionless datagram transmission, datagram routing and error control. The function of IP is realized by ARP, RARP, ICMP and IGMP. The specific protocols will be summarized in the following sections. The key points of the network layer are:

1> The network layer is responsible for routing packets between subnets. In addition, the network layer can also realize congestion control, Internet interconnection and other functions.

2> The basic data unit is IP datagram;

3> Main agreements included:

Internet Protocol (IP);

ICMP (Internet Control Message Protocol);

Address Resolution Protocol (ARP);

Reverse Address Resolution Protocol (RARP).

4> Important device: router.

4) Transport Layer

The first is the end-to-end, host-to-host level. The transport layer is responsible for segmenting the upper layer of data and providing end-to-end, reliable or unreliable transport. In addition, the transport layer deals with end-to-end error control and flow control.

The task of the transport layer is to make the best use of network resources according to the characteristics of the communication subnet, provide the function of establishing, maintaining and canceling the transmission connection between the session layer of two end systems, and be responsible for end-to-end reliable data transmission. At this level, the protocol data units through which information is transmitted are called segments or messages.

The network layer only transmits the packets from the source node to the destination node according to the network address, while the transport layer is responsible for transmitting the data reliably to the corresponding port.

Key points about the network layer:

1> The transport layer is responsible for segmenting the upper layer of data and providing end-to-end, reliable or unreliable transmission as well as end-to-end error control and flow control issues;

Transmission Control Protocol (TCP), User Datagram Protocol (UDP);

3> Important device: gateway.

5) The session layer

The session layer manages session processes between hosts, that is, it is responsible for establishing, managing, and terminating sessions between processes. The session layer also implements data synchronization by inserting checkpoints into the data.

6) Presentation layer

The presentation layer transforms the upper-layer data or information to ensure that information from one host application layer can be understood by applications from another host. The data transformation of presentation layer includes data encryption, compression, format transformation and so on.

7) Application layer

Provides an interface for an operating system or network application to access network services.

Session layer, presentation layer and application layer

1> The basic unit of data transmission is packet.

2> Main protocols included: FTP (File Transfer Protocol), Telnet (remote login Protocol), DNS (Domain name resolution Protocol), SMTP (Mail Transfer Protocol), POP3 (Post office Protocol), HTTP (Hyper Text Transfer Protocol).

3. IP address

1) Network address

An IP address consists of a network id (including a subnet id) and a host ID. The host ID of a network address is all zeros, and the network address represents the entire network.

2) Broadcast address

Broadcast addresses are often called direct broadcast addresses to distinguish restricted broadcast addresses.

The broadcast address is the opposite of the host ID of the network address. In a broadcast address, the host ID is all 1. When a message is sent to the broadcast address of a network, all hosts on the network can receive the broadcast message.

3) Multicast address

Class D addresses are multicast addresses.

Class A, B, C, D:

A class A address starts with 00. The first byte is the network number. The IP address ranges from 0.0.0.0 to 127.255.255.255.

A class B address starts with 10 and the first two bytes are the network number. The IP address ranges from 128.0.0.0 to 191.255.255.255.

A class C address starts with 110 and the first three bytes are the network number. The IP address ranges from 192.0.0.0 to 223.255.255.255.

A Class D address starts with 1110 and ranges from 224.0.0.0 to 239.255.255.255. A Class D address is a multicast address (one-to-many communication).

A Class E address starts with 1111 and ranges from 240.0.0.0 to 255.255.255.255. A Class E address is reserved for future use.

Note: Only A,B and C have network numbers and host numbers. Class D addresses and class E addresses do not have network numbers and host numbers.

4) 255.255.255.255

This IP address refers to a restricted broadcast address. The difference between a restricted broadcast address and a common broadcast address (direct broadcast address) is that a restricted broadcast address can only be used on the local network. A router does not forward packets destined for the restricted broadcast address. A general broadcast address can be broadcast locally or across network segments. For example, after a broadcast packet is sent to host 192.168.1.1/30, another network segment 192.168.1.5/30 also receives the packet. If a restricted broadcast datagram is sent, it cannot be received.

Note: Regular broadcast addresses (direct broadcast addresses) can pass through some routers (not all routers, of course), while restricted broadcast addresses cannot pass through routers.

5) 0.0.0.0

It is often used to find its own IP address. For example, in OUR RARP, BOOTP and DHCP protocols, if a diskless machine with an unknown IP address wants to know its own IP address, it takes 255.255.255.255 as the destination address. Sends packets of IP requests to servers that are locally scoped (specifically, scoped by individual routers).

6) Loopback address

127.0.0.0/8 is used as the loopback address. The loopback address represents the local address and is often used for testing the local device, with 127.0.0.1 being the most common.

7) Class A, B, C private address

Private addresses are also called private addresses. They are not used globally but have local meaning.

Class A Private address: 10.0.0.0/8 the value ranges from 10.0.0.0 to 10.255.255.255

Class B private address: 172.16.0.0/12. The value ranges from 172.16.0.0 to 172.31.255.255

Class C Private address: 192.168.0.0/16. The value ranges from 192.168.0.0 to 192.168.255.255

4. Subnet mask and network division

With the expansion of the Internet application, the original IPv4 also gradually exposed the shortcomings, namely the network number to take too much, but the host position number is too little, so it can provide the host address is becoming more and more scarce, now in addition to using NAT in enterprise internal use reserved address allocation, usually of a high class IP address again, To form multiple subnets for user groups of different sizes.

In order to effectively use THE IP address in the case of network segmentation, the high part of the host number is taken as the subnet number, and the subnet mask is expanded or compressed from the common network bit boundary, so as to create more subnets of a certain type of address. However, as more subnets are created, the number of host addresses available on each subnet is reduced.

What is a subnet mask?

A subnet mask is a 32-bit binary address that indicates whether two IP addresses belong to the same subnet. A 1 indicates that the IP address is a network bit, and a 0 indicates that the IP address is a host bit. Like IP addresses, it is expressed in dotted decimal notation. If two IP addresses are the same in bitwise and of the subnet mask, they belong to the same subnet.

When calculating the subnet mask, we should pay attention to the reserved IP address, that is, the “0” address and the broadcast address. They refer to the IP address when the host address or the network address are all “0” or “1”. They represent the local network address and the broadcast address, and generally cannot be counted.

Calculation of subnet mask:

For an IP address that does not need to be divided into subnets, the subnet mask is as follows: For example, if the CLASS B IP address is 10.12.3.0 and the subnet does not need to be divided, the subnet mask of the IP address is 255.255.0.0. If it is a class C address, the subnet mask is 255.255.255.0. Other analogies are not detailed. The following is the key to introduce an IP address, but also need to use its high host bits as the subnet network number, the rest is the host number of each subnet, then how to calculate the mask of each subnet.

Here are some common interview questions about subnet masks and network partitioning:

1) Use the number of subnets to calculate

Before obtaining a subnet mask, you must know the number of subnets to be divided and the number of hosts in each subnet.

(1) Convert the number of subnets to binary to represent;

If you want to divide class B IP address 168.195.0.0 into 27 subnets: 27=11011;

(2) Get the bits of the binary, which is N;

The binary is a five-digit number with N = 5

(3) Obtain the class subnet mask of the IP address, and obtain the subnet mask of the subnet of the IP address by the first N position 1 of the host address part.

Set subnet mask 255.255.0.0 to 255.255.248.0

2) Use the number of hosts to calculate

If you want to divide class B IP address 168.195.0.0 into subnets, each subnet contains 700 hosts:

(1) Convert the number of hosts into binary to represent;

700 = 1010111100;

(2) If the number of hosts is less than or equal to 254 (note that the two reserved IP addresses are omitted), then obtain the binary number of the host, which is N, where N is definitely <8. If it is greater than 254, then N>8, which means that the host address will occupy more than 8 bits;

The binary is ten digits, N=10;

(3) Use 255.255.255.255 to set all the host address bits of this IP address to 1 and set all the N bits to 0, that is, the subnet mask value.

Will the class B IP address subnet mask 255.255.0.0 host address all buy 1, get 255.255.255.255, then from the back forward to 0 after 10 position, namely: 11111111.11111111.11111100.00000000, namely 255.255.252.0. This is the subnet mask of the class B IP address 168.195.0.0 that is to be divided into 700 hosts.

3) There is also a question type, you need to plan the subnet address according to the number of hosts in each network and **** calculate the subnet mask. This can also be calculated according to the above principles.

For example, if a subnet has 10 hosts, the following IP addresses are required for the subnet:

The 10 + 1 + 1 + 1 = 13

Note: the first 1 added refers to the gateway address required for this network connection, and the next two 1’s refer to the network **** connection address and broadcast address respectively.

Since 13 is less than 16 (16 is 2 ^ 4), the host bit is 4 bits. If 256-16 is 240, the subnet mask is 255.255.255.240.

If a subnet has 14 hosts, a common mistake many people make is to still assign a subnet with 16 address Spaces and forget to assign addresses to gateways. This is wrong, because 14+1+1+1 = 17,17 is greater than 16, so we can only allocate subnets with space of 32 addresses (32 = 2 ^ 5). The subnet mask is 255.255.255.224.

ARP/RARP

** Address Resolution Protocol (ARP) is a TCP/IP Protocol that obtains physical addresses based on IP addresses. ** The host broadcasts the ARP request containing the target IP address to all hosts on the network and receives the return message to determine the physical address of the target. After receiving the return message, the IP address and physical address are stored in the LOCAL ARP cache for a period of time. In the next request, the IP address and physical address are queried in the ARP cache to save resources. The IP address resolution protocol is based on the mutual trust between hosts on the network. A host on the network can send AN ARP reply message automatically. When receiving the reply packet, other hosts record it in the LOCAL ARP cache without detecting its authenticity. In this way, an attacker can send a pseudo ARP reply packet to a host, so that the message cannot reach the expected host or the wrong host, which constitutes an ARP spoofing. The ARP command is used to query the mapping between IP addresses and MAC addresses in the LOCAL ARP cache and add or delete static mapping.

Examples of ARP workflow:

The IP address and MAC address of host A are 192.168.1.1 and 0A-11-22-33-44-01.

The IP address and MAC address of host B are 192.168.1.2 and 0A-11-22-33-44-02.

When host A wants to communicate with host B, the IP address resolution protocol resolves the IP address of host B (192.168.1.2) into the MAC address of host B. The workflow is as follows:

(1) Based on the routing table on host A, IP determines that the forwarding IP address used to access host B is 192.168.1.2. Host A then checks host B’s matching MAC address in its local ARP cache.

(2) If host A does not find A mapping in the ARP cache, it will ask for the hardware address of 192.168.1.2, thereby broadcasting ARP request frames to all hosts on the local network. The IP address and MAC address of source host A are included in the ARP request. Each host on the local network receives the ARP request and checks if it matches its OWN IP address. If the host finds that the requested IP address does not match its own IP address, it discards the ARP request.

(3) If host B determines that the IP address in the ARP request matches its own IP address, the IP address and MAC address mapping of host A are added to the local ARP cache.

(4) Host B directly sends an ARP reply message containing its MAC address to host A.

(5) When host A receives an ARP reply message from host B, the ARP cache is updated using the IP address and MAC address mapping of host B. The native cache is lifetime, and the process is repeated once the lifetime is over. Once the MAC address of host B is determined, host A can send IP communication to host B.

Reverse address resolution protocol, namely the RARP, function and the ARP protocol, it transforms the physical address of a host in the local area network (LAN) as the IP address, such as a host in the LAN only know the physical address and IP address, you can through the RARP protocol for its own IP address broadcast request, then the RARP server is responsible for the answer.

Workflow of RARP protocol:

(1) Send a local RARP broadcast to the host, in which the host declares its MAC address and asks any RARP server that receives this request to assign an IP address;

(2) After receiving the request, the RARP server on the local network segment checks the RARP list and searches for the IP address corresponding to the MAC address.

(3) If it exists, the RARP server sends a response packet to the source host and provides the IP address to the other host.

(4) If it does not exist, the RARP server does not respond;

(5) After receiving the response message from the RARP server, the source host uses the obtained IP address to communicate; If no response is received from the RARP server, initialization fails.

6. Routing protocol

Common routing protocols include RIP and OSPF.

RIP**** : The underlying protocol is the Bermanford algorithm, which selects the metric of the route as the hop count. The maximum hop count is 15. If the hop count is greater than 15, the packet is discarded.

OSPF**** is an Open Shortest Path First protocol that uses the Dijkstra algorithm to select routes based on bandwidth and delay.

TCP/IP protocol

TCP/IP is the most basic protocol of the Internet and the basis of the Internet. It consists of IP at the network layer and TCP at the transport layer. In layman’s terms: TCP is responsible for detecting problems in transmission and signaling any problems, requiring retransmission until all data is safely and correctly transmitted to its destination. IP assigns an address to every networked device on the Internet.

The IP layer receives packets from lower layers (network interface layers such as Ethernet device drivers) and sends the packets to higher layers – TCP or UDP. Conversely, the IP layer also carries packets received from the TCP or UDP layer to the lower layer. IP packets are unreliable because IP does nothing to ensure that packets are sent in order or are not corrupted. IP packets contain the address of the host that sent them (source address) and the address of the host that received them (destination address).

TCP is a connection-oriented communication protocol. It establishes a connection through a three-way handshake and disconnects the connection when the communication is complete. Because TCP is connection-oriented, it can only be used for end-to-end communication. TCP provides a reliable data flow service, using the “positive confirmation with retransmission” technology to achieve the reliability of transmission. TCP also uses a method of traffic control called “sliding Windows,” which actually represent the ability to receive, to limit the speed of the sender.

TCP header format:

TCP three-way handshake and four-way wave:

Note: seq: serial number of “Sequance”; Ack :”acknowledge”; SYN:”synchronize” Indicates a request for synchronization. ; 4. ACK: “acknowledge” ** **FIN: “Finally” end flag.

**TCP connection establishment process: ** The Client sends a connection request packet, and the Server responds with an ACK packet after receiving the connection and allocates resources for the connection. After receiving an ACK packet, the Client sends an ACK packet to the Server segment and allocates resources. In this way, a TCP connection is established.

**TCP connection disconnection process: ** Suppose that the Client initiates a connection disconnection request, that is, sends a FIN packet. After the Server receives a FIN packet, it says, “I have no data to send to you from the Client.” If you have incomplete data to send, you can continue to send data without closing the Socket. So you send an ACK, “Tell the Client I received your request, but I’m not ready yet, please continue to wait for my message.” In this case, the Client enters the FIN_WAIT state and waits for the FIN packet from the Server. After confirming that data has been sent, the Server sends a FIN packet to the Client, telling the Client that the data has been sent and the Client is ready to close the connection. After receiving the FIN packet, the Client knows that it can close the connection. However, the Client still does not trust the network and is in TIME_WAIT state for fear that the Server will not close the connection. If the Server does not receive the ACK, it can retransmit the packet. When the Server receives an ACK, it knows it is ok to disconnect. If the Client waits for 2MSL and still does not receive a reply, then the Server is shut down normally. Well, the Client can close the connection. Ok, the TCP connection is closed!

Why wave three times?

In the case of only two “handshakes”, suppose the Client wants to establish a connection with the Server, but the datagram of the connection request is lost halfway through, so the Client has to send it again. At this time, the Server receives only one connection request, so the connection can be established normally. However, sometimes the Client resends the request not because the datagram is lost, but because the data transfer process is blocked due to the large amount of network concurrency. In this case, the Server will receive two requests successively, and continue to wait for two Client requests to send data to it. The problem is here, the Cient side actually only has one request, and the Server side actually has two responses, the extreme case may be because the Client side re-sends the request data for many times, resulting in the Server end to establish N multiple responses waiting, resulting in a great waste of resources! So, the “three handshakes” are necessary!

Why do you wave four times?

Imagine, now you’re the client and you want to disconnect all connections to the Server. What do you do? The first step is to stop sending data to the Server and wait for the Server to reply. However, this is not the end of the matter. Although you do not send data to the Server, he has the initiative to send data to you because you have established an equal connection before. Therefore, the Server must stop actively sending data to you and wait for your confirmation. In fact, to put it bluntly is to ensure the complete implementation of a contract of both parties!

TCP protocols include FTP (file transfer protocol), Telnet (remote login protocol), SMTP (Simple Mail transfer Protocol), POP3 (used to receive emails, as opposed to SMTP), and HTTP.

UDP protocol

**UDP user datagram protocol, is connectionless communication protocol, UDP data includes destination port number and source port number information, because communication does not need to connect, so it can be broadcast. **UDP communication does not need to be confirmed by the receiver, which is an unreliable transmission and may cause packet loss. In practical applications, programmers are required to verify the transmission.

UDP is in the same layer as TCP, but it does not care about packet order, error, or retransmission. Therefore, UDP is not used for connection-oriented services that use virtual circuits, but for query-response services such as NFS. Compared with FTP or Telnet, these services need to exchange less information.

Each UDP packet consists of a UDP header and a UDP data area. The header consists of four 16-bit (2-byte) fields that specify the source port, destination port, packet length, and parity value of the packet. The UDP header consists of four fields, each of which occupies two bytes as follows:

(1) Source port number;

(2) Target port number;

(3) Datagram length;

(4) Check value.

UDP protocols include TFTP, SNMP, DNS, NFS, and BOOTP.

**TCP is a connection-oriented, reliable byte stream service; UDP is a connectionless, unreliable datagram service.

DNS protocol

DNS stands for DomainNameSystem, the system used to name computers and network services organized into a domain hierarchy, and can be understood simply as translating urls into IP addresses. A domain name is a string of words or abbreviations separated by dots. Each domain name corresponds to a unique IP address. There is a one-to-one correspondence between domain names and IP addresses on the Internet. DNS naming is used to search for computers and services using user-friendly names on TCP/IP networks such as the Internet.

10. NAT protocol

Network Address Translation (NAT) is an access wide area Network (WAN) technology, which translates private (reserved) addresses into legitimate IP addresses. It is widely used in various Types of Internet access and networks. The reason is simple. NAT not only perfectly solves the problem of insufficient lP addresses, but also effectively prevents attacks from outside the network and hides and protects computers inside the network.

11. DHCP protocol

The Dynamic Host Configuration Protocol (DHCP) is a local area network (LAN) Protocol that uses UDP. It serves two purposes: Automatically assign IP addresses to internal networks or network service providers, giving users or internal network administrators centralized management of all computers.

12. HTTP protocol

HyperText Transfer Protocol (HTTP) is the most widely used network Protocol on the Internet. All WWW files must comply with this standard.

What requests are included in the HTTP protocol?

GET: Requests to read the information marked by the URL.

POST: Adds information (such as comments) to the server.

PUT: Stores a document at the given URL.

DELETE: Deletes the resource marked by the given URL.

The difference between POST and GET in HTTP

1) Get is to Get data from the server, and Post is to send data to the server.

2) Get is to add the parameter data queue to the URL pointed to by the Action attribute of the submitted form. The value corresponds to each field in the form, which can be seen in the URL.

3) The amount of data transmitted by Get is small and cannot be greater than 2KB; Post transfers a large amount of data and is generally considered unrestricted by default.

4) According to the HTTP specification, GET is used for information retrieval and should be secure and idempotent.

I. Safe means that the operation is used to retrieve information rather than modify it. In other words, GET requests should generally have no side effects. That is, it simply retrieves the resource information, just like a database query, without modifying, adding data, or affecting the state of the resource.

Ii. idempotent means that multiple requests to the same URL should return the same result.

13. An example

The entire process is executed after entering www.baidu.com in the browser

Now suppose that if we enter http://www.baidu.com in the browser of the client (client) and baidu.com is the server (server) to visit, the following is a detailed analysis of a series of operations about the protocol performed by the client in order to access the server:

1) The client browser resolves to the IP address 220.181.27.48 of www.baidu.com through DNS, and finds the path from the client to the server through this IP address. The client browser initiates an HTTP session to 220.161.27.48, then encapsulates the packet via TCP and enters it into the network layer.

2) In the transmission layer of the client, the HTTP session request is divided into packet segments and source and destination ports are added. For example, the server uses port 80 to monitor the request of the client, and the client randomly selects a port such as 5000 to exchange with the server. The server returns the corresponding request to port 5000 of the client. Then use the IP address of the IP layer to find the destination end.

3) client application layer and transport layer network layer without relations, mainly do is through the route table lookup to determine how to reach the server, during may take multiple routers, by the router to complete the work, do not make too much description, is through the route table lookup to determine through the path to the server.

A set of protocol operations performed by the server:

4) the client the link layer, packets sent via the link layer to the router, through neighbor agreements to find the MAC address of a given IP address, and then sends an ARP request to find the destination address, if you get a response after you can use the ARP request response exchange of IP packets can transfer now, then send the IP packet to the address of the server.