TCP/IP

When data is transmitted over a network, it must ultimately be transmitted through a physical medium. Physical medium is the physical means to connect the computer, common optical fiber, twisted-pair, and radio waves, it determines the transmission of electrical signals (0 and 1), the physical medium determines the transmission bandwidth of electrical signals, speed, transmission distance and anti-interference and so on. Network data transmission is like express mail, data is express mail. Your “express” can only be delivered when the road is open, so physical media is the cornerstone of network communication.

To send a package, you first have to weigh and confirm the volume (to confirm the size of the data). Valuables have to be wrapped in layers of stuffing to ensure safety and packaging, then fill in the address of the shipment (the address of the source host) and the address of the shipment (the address of the destination host), and confirm the method of delivery. For remote areas, express delivery can not be direct, but also need to be forwarded halfway. The same is true for network communication, except that these steps are specified into various protocols.

Each layer of the TCP/IP model needs the protocol provided by the next layer to accomplish its purpose. Let’s look at how data is sent from one host to another using the TCP/IP protocol model.

When the user through the HTTP protocol initiate a request to the application layer, transport layer, network layer and the network access layer of the relevant agreements, in turn, the request for packaging and carry corresponding first, eventually generate Ethernet packets in the network access layer, Ethernet packets through the physical media transmission to the host to the other party and the other receives the packet, Then layer by layer using the corresponding protocol for unpacking, and finally the application layer data to the application program processing.

TCP/IP and HTTP

TCP/IP (Transmission Control Protocol/Internet Protocol) is a Protocol cluster that transfers information between multiple networks. TCP/IP is not only TCP and IP, but a protocol cluster consisting of FTP, SMTP, TCP, UDP, and IP. It is called TCP/IP because TCP and IP are the most representative of TCP/IP.

HTTP is an application-layer protocol that deals with how to wrap data.

“IP” stands for the Internet protocol used by TCP and UDP to send packets from one network to another. Think of IP as a kind of highway that allows other protocols to travel on and find exits to other computers. TCP and UDP are the “trucks” on the highway, carrying the cargo of protocols like HTTP, FILE transfer protocol FTP, etc.

TCP UDP
connectivity connection-oriented Oriented disconnection
Transmission reliability reliable unreliable
message Word oriented stream For a message
The efficiency of Low transmission efficiency High transmission efficiency
Flow control The sliding window There is no
Congestion control Slow start, congestion avoidance, fast retransmission, fast recovery There is no
Transmission speed slow fast
applications Scenarios with low requirements for efficiency, high requirements for accuracy, or connections High requirements for efficiency, low requirements for accuracy

Some applications of TCP and UDP.

UDP

UDP packets are called user datagrams and have a fixed header of eight bytes.

The source port number

Port number used by the process running on the source host. 16 bits long.

  • If the source host is the client, in most cases this port number is a temporary port number requested by the process.
  • If the source host is a server, in most cases this port number is a familiar port number.

Destination port number

Port number used by the process running on the destination host. 16 bits long.

  • If the destination host is a server, in most cases this port number is a familiar port number.
  • If the destination host is a client, it is a temporary port number in most cases.

The total length

Defines the total length of a user datagram, with data at the head. The total 16-bit definable length ranges from 0 to 65535 bytes.

UDP provides a connectionless service. Each datagram sent by UDP is an independent datagram. There is no connection between different user datagrams, even if they come from the same source process and go to the same destination. The user datagram is not numbered, and each user datagram can take a different path.

As a result, a process using UDP cannot send a data stream to UDP and cannot expect UDP to split the data stream into many interrelated user datagrams. Instead, each request from the process must be small enough to fit into a user datagram.

UDP does not have flow control, error control, or congestion control.

UDP checks and validates pseudo header, UDP header and data from the application layer. The pseudo header is the part of the header of the IP packet encapsulated in the user datagram.

To send a packet from one process to another, UDP encapsulates and decapsulates the packet.

When a process is started, an inbound and outbound queue is created. On the client, the process terminates, the queue is destroyed, and on the server, the queue is always open. The process sends the packets to the outgoing queue using the source port number. UDP takes the packets out one by one, adds headers, and delivers them to IP. If an overflow occurs, the client process is required to wait and send later.

When the packet reaches the client or server process, the server checks whether the queue in the destination port number is created. If no queue is created, the server discards the packet and requests ICMP to send the port unreachable packet. Packets are placed in the same queue regardless of whether they come from the same or different processes.

There is only one UDP on the host, but multiple processes use the UDP service, so UDP can be reused and reused.

Multiplexing: UDP receives messages from different processes, which are distinguished by the port number assigned to them. After the header is added, the user data is reported to the IP.

Sharing: UDP receives user datagrams from IP. After error checking and stripping the header, UDP delivers each message to the appropriate process based on the port number.

Main features of UDP

  1. UDP is connectionless
  2. Do your best to deliver
  3. Packet oriented. The packets delivered by the application layer are neither merged nor split. Deliver complete packets at a time. The application must select a message of the appropriate size.
  4. No flow control, no error control, no congestion control.
  5. Supports one-to-one, one-to-many, many-to-one, and many-to-many interactive communication.
  6. The first overhead is small, only 8 bytes.

TCP

Establishing and terminating a TCP connection

Although TCP is byte stream oriented, the data unit transmitted by TCP is packet segment. A TCP packet segment is divided into header and data. All functions of TCP are reflected in the functions of the fields in the header.

The first 20 bytes in the header of a TCP packet segment are fixed (as shown in the following figure). The following 4N bytes are optional (n is an integer). Therefore, the minimum length of the TCP header is 20 bytes.

TCP header

  • The source port and destination port, each containing 2 bytes, are written to the source port and destination port respectively.

  • Sequence number (4 bytes). The serial number range is 0,2 ^ 32-1, with a total of 2^32 serial numbers. When the number increases to 2^32-1, the next number goes back to 0. TCP is byte stream oriented. Each byte in the byte stream transmitted over a TCP connection is numbered sequentially. The start serial number of the entire byte stream to be transmitted must be set when the connection is established. The ordinal field value in the header refers to the ordinal number of the first byte of the data sent in the paragraph. For example, the serial number of a packet segment is 301 and the received data contains 100 bytes. This indicates that the first byte of data in this column is numbered 301 and the last byte is numbered 400. Obviously, the data sequence number for the next message segment (if any) should start with 401, that is, the sequence number field value for the next message segment should be 401. The sequence number of this field is also called “message segment sequence number”;

  • An Acknowledge number is a 4-byte sequence number of the first data byte that is expected to receive the next message from the recipient. For example, B receives the packet from A, whose serial number field is 501 and the data length is 200 bytes. This indicates that B correctly receives the data from A up to the serial number 700. Therefore, B expects the next data number from A to be 701, so B sets the confirmation number to 701 in the confirmation message segment sent to A.

  • Data offset, consisting of four bits, indicates the distance between the start of the TCP packet segment and the start of the TCP packet segment.

  • Reserved, accounting for 6 bits, reserved for future use, but should be set to 0 at present;

  • URGent URG (URGent) : When URG=1, the URGent pointer field is valid. Tell the system that there is urgent data in this message segment.

  • ACKnowledgment ACK (ACKnowledgment), the ACKnowledgment number field is valid only when ACK=1. According to TCP, ACK must be set to 1 for all packets transmitted after the connection is established.

  • PuSH PSH (PuSH) : When two application processes communicate interactively, sometimes the application process at one end wants to receive the response immediately after entering a command. In this case, PSH=1;

  • ReSeT RST (ReSeT). If RST is 1, a serious error occurs in the TCP connection and the connection must be released and re-established.

  • SYNchronization SYN (SYN), which is used to synchronize serial numbers when connections are established. If SYN=1, ACK=0, it indicates a connection request packet. If SYN=1, ACK=1 is accepted, the response packet should be SYN=1, ACK=1.

  • Terminates the FIN (FINis) to release the connection.

    If the FIN value is 1, the sender of the packet has finished sending data and wants to release the data.

  • The window, which is two bytes long, tells the receiver how much space you need to send the message to receive it;

  • Checksum, 2 bytes, checkhead and data;

  • Emergency pointer, accounting for 2 bytes, indicating the number of bytes of emergency data in this paragraph;

  • Option, variable length, defines some other optional arguments

TCP is a connection-oriented unicast protocol. Before sending data, communication parties must establish a connection. The so-called “connection” is actually a piece of information about each other, such as IP address and port number, stored in the memory of the client and server.

TCP three-way handshake

Three-way Handshake A TCP connection is established with Three packets sent by the client and server.

The purpose of the three-way handshake is to connect to a specified port on the server, establish a TCP connection, synchronize the serial number and confirmation number of the two connected parties, and exchange TCP window size information.

  • First handshake (SYN=1, seq=x)

    Establish a connection. The client sends a connection request packet with SYN=1 in the header and selects an initial sequence number, seq= X. Then the client process enters the SYN-sent state. According to TCP, the SYN segment (SYN=1) cannot carry data, but consumes a sequence number.

  • Second handshake (SYN=1, ACK=1, seq=y, ACKnum=x+1)

    The server receives a SYN packet from the client. If the server agrees the connection, it sends an acknowledgement packet. ACK=1, SYN=1, ACKnum= X +1, and SYN=1 initialize the sequence number seq= Y. The server puts all the above information into a packet segment (SYN+ACK packet segment) and sends it to the client. The TCP server process enters the SYN-RCVD state. Procedure This message also does not carry data, but again consumes a serial number.

  • Third handshake (ACK=1, ACKnum=y+1)

    After receiving the SYN+ACK packet from the server, the client sends an ACK packet again. The SYN bit is 0, the ACK bit is 1, and the ACK number is ACKnum = Y +1. After this packet is sent, both the client and the server enter the ESTABLISHED state. The TCP three-way handshake is complete.

Why three handshakes two instead of two?

An error occurs in case an invalid connection request segment is suddenly sent to the server.

An example is as follows: Invalid connection request packet segment Is generated in this case: The first connection request packet segment sent by the client is not lost, but is detained on a network node for a long time. As a result, the packet reaches the server at a certain time after the connection is released. Originally, this is an invalid packet segment. However, after the server receives the invalid connection request packet segment, it mistakenly thinks it is a new connection request sent by the client. Then the client sends a confirmation message to agree to establish a connection. Assuming that the “three-way handshake” is not used, a new connection is established as soon as the server sends an acknowledgement. Since the client does not send a connection request, it ignores the server’s confirmation and does not send data to the server. However, the server assumes that the new transport connection has been established and waits for data from the client. As a result, many of the server’s resources are wasted. The three-way handshake prevents this from happening. For example, the client does not issue an acknowledgement to the server’s acknowledgement. When the server receives no acknowledgement, it knows that the client has not requested a connection.”

Talk about SYN timeouts, flood attacks, and resolution strategies

What SYN is a flood attack? In the first step of TCP’s three-way handshake, the client sends a SYN segment to the server. After receiving a SYN packet, the server allocates cache and variables for the TCP. If an attacker sends a large number of SYN packets to the server, the connection resources of the server are exhausted. As a result, the memory overflows and services cannot continue.

Solution: When the server receives a SYN packet segment, it does not directly allocate resources to the TCP packet but opens a half-open socket. It then generates a cookie using the SYN segment’s source Id, destination Id, port number, and a secret function known only to the server, and responds with the cookie as a sequence number to the client.

If the client establishes a connection normally, a packet segment with the cookie + 1 confirmation field is returned. Then the server calculates a result based on the source Id, destination Id, port number, and secret function of the acknowledgement packet. If the value of the result +1 is equal to the value of the acknowledgement field, it proves that the client has just requested a connection and allocates resources to the TCP

In this way, resource space is not allocated for the segment of SYN packets that are attacked, preventing attacks.

Stick package problem

There are several reasons for the sticky package problem:

  • First, the application layer invokes the write method to copy data from the application layer buffer to the socket’s send buffer. The send buffer has a SO_SNDBUF limit. If the buffer size of the application layer is larger than the size of the socket send buffer, the data needs to be sent multiple times.
  • In the second case, the packet segment transmitted by TCP is limited by MSS. If the size of the socket buffer is larger than MSS, the message will also be split.
  • In the third case, data is fragmented at the IP layer due to the MTU, the largest transmission unit at the link layer.

In these cases, a complete application layer data is divided into multiple packets. As a result, the receiving peer does not receive the data as a complete packet.

The solution to the problem of sticky package

The essence of sticky packet problem is that the receiving peer cannot distinguish the boundary between messages. We give the boundary by using a scheme such as:

  • Sends fixed-length packets. If each message is of the same size, the receiving peer simply accumulates the received data until it equals a fixed value as a message.
  • End the package with a \r\n mark. That’s what THE FTP protocol does. The problem, however, is that if the data body also contains \r\n, it will misjudge it as the boundary of the message.
  • The head plus the length of the body. The packet header is 4 bytes of fixed length, indicating the length of the packet body. The receiving peer first receives the packet length and then receives the packet according to the packet length.
  • Use more complex application layer protocols.
TCP waved four times

Removing a TCP connection requires sending Four packets. This is called a four-way handshake, also called improved three-way handshake. The client or server can initiate the wave action.

  • First wave (FIN=1, seq=x)

    Set seq to x for host 1 (client or server) to send a FIN packet to host 2. Host 1 enters the **FIN_WAIT_1 state **. This means that host 1 has no data to send to host 2.

  • Second wave (ACK=1, ACKnum=x+1)

    Host 2 receives the FIN packet from host 1 and sends an ACK packet to host 1. Acknnum= X +1 indicates that host 1 enters the FIN_WAIT_2 state. Host 2 tells host 1 that I “agree” to your shutdown request;

  • Third wave (FIN=1, seq=y)

    Host 2 sends a FIN packet to host 1 to close the connection and enters the **LAST_ACK state **

  • Fourth wave (ACK=1, ACKnum=y+1)

    Host 1 receives the FIN packet from host 2 and sends an ACK packet to host 2. Then host 1 enters **TIME_WAIT state **. Host 2 closes the connection after receiving the ACK packet from host 1. If host 1 still does not receive a reply after waiting for 2MSL, it indicates that the Server is normally CLOSED. Then, host 1 can also close the connection and enter the CLOSED state.

    Host 1 waits for a fixed period of time (two Maximum Segment Lifetime, 2MSL, and 2 Maximum Segment Lifetime), but does not receive an ACK from the server. Therefore, host 1 closes the connection and enters the CLOSED state.

Why is there a three-way handshake when you connect and a four-way handshake when you close?

After receiving a SYN request packet from the Client, the Server sends a SYN+ACK packet. ACK packets are used for reply, and SYN packets are used for synchronization. However, when ** closes the connection, the Server may not close the SOCKET immediately after receiving a FIN packet. Therefore, the Server can only reply with an ACK message telling the Client, “I received the FIN packet you sent.” I can send FIN packets only after all packets on the Server are sent. Therefore, THE FIN packets cannot be sent together. ** Therefore requires a four-step handshake.

The TCP protocol is full-duplex, that is, both the client and the server can initiate disconnection. One disconnection request from each side, plus two confirmations from each side, looks like four waves of the hand.

Why does the TIME_WAIT state take 2MSL to return to CLOSE?

2*MSL(maximum segment lifetime). You can run the cat /proc/sys/net/ipv4/tcp_fin_timeout command to check the value of MSL

First, ensure that the client sends the final ACK packet to reach the server, because the ACK packet may be lost, standing in the server’s perspective, I have already sent the FIN + ACK message request disconnect, the client also did not give me response, should be I send the request of the disconnect message it did not receive, then the server will send a again, The client receives the retransmitted message within the 2MSL period, responds with a message, and restarts the 2MSL timer

Second, prevent “invalid connection request message segment” as mentioned in “three-way handshake” from appearing in this connection. After the client sends the last acknowledgement message, in this 2MSL time, all the message segments generated during the duration of the connection can be removed from the network. In this way, the new connection does not contain the request packets of the old connection.

What if the connection has been established, but the client suddenly fails?

TCP has a keepalive timer, so obviously, if the client fails, the server can’t wait forever and waste resources. The server resets this timer every time it receives a request from the client, usually for two hours. If it does not receive any data from the client within two hours, the server sends a probe segment, which is then sent every 75 minutes. If there is no response after 10 probe packets are sent, the server assumes that the client is faulty and closes the connection.

A large number of CLOSE_WAIT states occur on the server

A large number of CLOSE_WAIT indicates a problem with a program where the socket on the other side has closed the connection but we are too busy reading or writing to close the connection in time and need to check the code, especially the code to release resources or the thread configuration to handle the request.

How does TCP ensure transmission reliability

TCP ensures reliability in the following ways:

  • Packet verification: The purpose is to detect any changes in the data transmission process. If an error is detected, the packet segment is discarded and no response is given. In this case, the TCP sending end will resend data after timeout.
  • Reordering of out-of-order packets: Since TCP packet segments are transmitted as IP datagrams, and IP datagrams may arrive out of order, TCP packet segments may also arrive out of order. TCP will reorder the out-of-order data before handing it to the application layer.
  • Discard duplicate data: Duplicate data can be discarded.
  • Acknowledgement mechanism: When TCP receives data from the other end of the TCP connection, it sends an acknowledgement. This confirmation is not sent immediately and is usually delayed by a fraction of a second;
  • Timeout retransmission: When TCP sends a segment, it starts a timer and waits for the destination to acknowledge receipt of the segment. If an acknowledgement cannot be received in time, the packet segment is resend.
  • Flow control: Each side of the TCP connection has a fixed amount of buffer space. The TCP receiver only allows the other end to send as much data as the buffer on the receiving end can accept. This prevents the fast host from overrunning the buffer on the slow host. This is flow control. TCP uses a variable-size sliding window protocol for flow control.

Timeout retransmission mechanism

After host A sends data to HOST B, the data cannot reach host B due to network congestion. If host A does not receive an acknowledgement from host B within A specified period of time, host A resends the data. However, host A does not receive an acknowledgement from host B, or the ACK may be lost. In this case, host B receives a lot of duplicate data. In this case, TCP needs to identify the duplicate packets and discard the duplicate packets. At this time, using the serial number mentioned above, it is easy to do the weight.

How is the timeout period determined? Ideally, find a minimum time within which the “confirmation reply is guaranteed to return.” However, the length of this time varies with the network environment. If the timeout period is set too long, the overall retransmission efficiency will be affected. If the timeout is set too short, repeated packets may be sent frequently.

TCP dynamically calculates the maximum timeout to ensure high performance communication in any environment.

  • In Linux (and BSD Unix and Windows as well), the timeout is controlled in units of 500ms, and the timeout for each determined timeout retransmission is an integer multiple of 500ms. If no reply is received after the retransmission, wait 2The data will be retransmitted after 500ms. If there is still no reply, wait 4500ms for retransmission. And so on, exponentially increasing. When the number of retransmission times reaches a certain value, TCP considers that the network is abnormal or the peer host is abnormal and forcibly closes the connection.

Sliding window mechanism

If the sender sends data too fast, the receiver may not have time to receive it, which can result in data loss. The so-called flow control is to let the sender send rate is not too fast, to let the receiver in time to receive.

Using the sliding window mechanism, it is very convenient to control the flow of the sender on the TCP connection.

From the picture above, you can see that the groups that have been sent and confirmed are on the left side of the sliding window, and the groups that have not yet been turned are on the right side of the sliding window. The sliding window is also divided into two parts: one is the group that has been sent but has not been confirmed, and the other is the group waiting to be sent in the window. As the sent packets are confirmed, the waiting packets in the window are also sent. The entire window moves to the right, allowing groups that have not yet turned to enter the window.

It can be seen that the sliding window serves as a flow limiting function, that is, the current size of the sliding window determines the current TCP packet sending rate, and the size of the sliding window depends on the minimum value between the congestion control window and the flow control window.

Flow control

TCP is full-duplex, and both the client and the server can act as the sender or the receiver. Let’s explain traffic control in a scenario where the sender sends data to the receiver. First of all, our receiver has a receiving cache. When the data arrives, it will put the data into the cache first, and the upper application will fetch the data from the cache when there is data in the cache. If the sender continuously sends data to the receiver without limitation, and the application program of the receiver does not timely read the data from the receiving cache, there will be cache overflow and data loss. In order to solve this problem, we introduce flow control window.

Suppose the last data sequence number read by the application is lastByteRead, the last data sequence number received in the receive cache is lastByteRcv, and the receive cache size is RcvSize, Therefore, lastByterCv-lastbyteread <= RcvSize is required to ensure that the receive cache will not overflow, so we define the flow window as the remaining space of the receive cache, So Rcv = RcvSize – (lastByteRcv – lastByteRead). As long as the receiver gives the value of this window to the sender in response to the ACK, the sender can know how much space the receiver’s receive cache has, and then set the size of the sliding window.

If RWND =0 is received, the window is closed temporarily. The sender pauses sending data until a new notification is received. If a new notification sent later is lost, a deadlock may occur. So, to prevent deadlocks, TCP sets up a persistent timer for each connection, which starts as soon as one side of the TCP connection receives a zero window notification from the other. If the duration expires, a zero window probe segment (with only one byte of data) is sent, and the current window value is given by the probe segment. If the window remains zero, the party receiving the message segment resets the persistence timer. If the window is not zero, the deadlock can be broken.

Congestion control

Congestion control means that the sender first sets a small window value as the sending rate. When the packet is successfully sent and ACK is received, the size of the sending window increases at an exponential rate until packet loss (timeout/three redundant ACKS) occurs and the window size is adjusted. Doing so maximizes bandwidth usage without overcrowding the network.

The value of the final sliding window will be set to a smaller value in the flow control window and congestion control window.

Sender window = MIN (CWND, RWND), CWND congestion window size, RWND receive window size.

TCP congestion processing

Bandwidth in computer network, cache and processor in switching node are all network resources. At some point in time, if the demand for a resource in the network exceeds the available portion of the resource, the performance of the network deteriorates. This condition is called congestion. Congestion control prevents too much data from being injected into the network so that routers or links in the network do not become overloaded. Note that congestion control is different from flow control in that the former is a global process, while the latter refers to the control of point-to-point traffic. There are four main methods of congestion control:

  1. Slow start: Don’t send a lot of data at the beginning, first detect the extent of network congestion, that is, gradually increase the size of the congestion window from small to large;
  2. Congestion avoidance: The congestion avoidance algorithm makes the congestion window grow slowly, that is, every round trip time RTT increases the congestion window CWND of the sender by 1 instead of doubling, so the congestion window grows slowly according to a linear law.
  3. Fast retransmission: Fast retransmission requires the receiver to send repeated acknowledgements as soon as it receives an out-of-order segment (so that the sender knows early that a segment has not reached the other party) rather than waiting until it sends data with additional acknowledgements. According to the fast retransmission algorithm, the sender should immediately retransmit the unreceived packet segment as long as it receives three consecutive repeated acknowledgements, rather than waiting for the retransmission timer to expire.
  4. Fast recovery: Fast retransmission is used together with the fast recovery algorithm. When the sender receives three consecutive repeated acknowledgments, the “multiplication reduction” algorithm is executed to halve the SSthRESH threshold, but the slow start algorithm is not executed subsequently: The sender now assumes that the network may not be congested because it would not receive multiple duplicate acknowledgements if the network were congested. So instead of executing the slow start algorithm, set CWND to ssTHRESH size, and then execute the congestion avoidance algorithm.

Slow start: Exponential increase

Each time a message segment is acknowledged, the congestion window increases by 1 MSS.

In the slow-start algorithm, the size of the congestion window increases exponentially until it reaches the threshold.

Congestion avoidance: addition increases

When the congestion window size reaches the slow start threshold, the slow start phase stops and the addition increment phase begins.

In the congestion avoidance algorithm, the size of the congestion window increases according to the law of addition until congestion is detected.

Congestion detection: Multiplication is reduced

The threshold drops to half when the RTO timer times out or when three duplicate ACKS are received (fast retransmission, fast recovery).

TCP/IP protocol

The network layer

In fact, the hierarchical structure of computer network can be compared with the express delivery system in real life. Although it is not exactly the same, it has many similarities. The physical layer can be analogous to express trucks, railways, roads and other actual transmission media and physical facilities. This layer knows nothing but mechanical transport. The data link layer is the equivalent of a Courier, a thoughtful person who examines and packages packages, but does not know the details of the packages, and only needs the last small address to deliver the same boxes to the destinations he is responsible for. The network layer is equivalent to a system composed of one distribution center after another. The distribution center needs the big address in front of the express, which is the IP address of the network layer. It needs to be forwarded by each router and sent to different networks.

Express delivery in the delivery of large goods, will consume a lot of manpower and material resources, reduce efficiency. During packet exchange at the network layer, if packets are large, resources are wasted and delay is increased. Therefore, as in real life, large packets are divided into small datagrams (packets) and transmitted one by one, namely in packet switching mode, to improve efficiency. The problem is that these “small packages” are first contacted by the recipient to negotiate a specific route to ensure that these “packages are delivered correctly and arrive in an orderly manner.” Or any route, try to make sure you get it?

Therefore, packet switching of network layer can be divided into virtual circuit mode and datagram mode. Virtual circuits are connection-oriented, similar to circuit switching, except that logical rather than physical connections are established. Datagrams are connectionless.

Virtual circuit mode

When the network layer adopts virtual circuit service:

  • Before a packet is sent, a virtual link (logical link) is established to specify the path through which these datagrams pass, then the data is transmitted, and finally the connection is disconnected.
  • The packet contains not only the source and destination addresses, but also a stream label (a virtual circuit identifier) that specifies the path these datagrams take.
  • The transmitted packets arrive in sequence.

Virtual circuit services provide reliable transport, which is guaranteed by the network layer. Packets belonging to the same virtual circuit are forwarded through the same route. If a node is faulty, all the virtual circuits passing through the node cannot work. Error handling and traffic control can be the responsibility of the network or the user host.

Datagram mode

When the network layer adopts datagram service:

  • Up only provides a simple, flexible, connectionless, best-effort datagram service.
  • There is no need to establish a connection before sending a packet. Each packet (i.e., IP datagram) is sent independently, regardless of the expected packets (not numbered).
  • No promise of quality of service. That is, packets transmitted may be wrong, lost, repeated and out of order (not reaching the destination in order), and of course there is no guarantee of the time of packet transmission.

The network layer does its best to deliver and does not provide reliable transport services. If reliable transport services are required between host processes, the transport layer ensures this. The design of network layer reduces the cost of network greatly.

The network layer of the Internet is a packet switched network.

Each group has a complete address and independently selects routes for forwarding. The failure of a node does not affect the forwarding of other groups. The next grouping will choose other routes, so the groups may not reach the destination in sequence and are not responsible for error handling and flow control, which are all taken charge of by the user host.

So what is the “delivery address” of the network layer? Yes, that’s the IP address.

The IP address

An IP address assigns each host (or router) connected to the Internet a 32-bit identifier that is unique worldwide.

IP address method

IP address of the class

Classify IP addresses into several categories. Each type of address consists of two fixed-length fields, the network number and the host number.

In classification addressing, the address space is divided into five classes: A, B, C, D, and E

Class D addresses are used for multicast and have only one address block.

Class E addresses have only one address block, reserved for future use.

IP address assignment range

To extract a packet’s network address from its destination address, the router uses a default mask to do so.

Some important features of IP addresses:

  1. An IP address is a hierarchical address structure. The advantages of two tiers are as follows:
    • When assigning IP addresses, the IP address management organization assigns only network numbers. Other host numbers are assigned by the organization itself. Facilitates IP address management.
    • The router forwards packets only according to the network number connected to the destination host (regardless of the destination host number), which greatly reduces the number of items in the routing table and thus reduces the storage space occupied by the routing table.
  2. An IP address identifies the interface between a host (or router) and a link.
    • When a host is connected to two networks at the same time, the host is called a multi-host.
    • A router should have at least two different IP addresses.
  3. Several Lans connected by forwarders or Bridges are still one network, so they all have the same network number.
  4. All networks assigned network numbers are equal.

In classification addressing, the address segment assigned to an organization is A block of class A, B, or C addresses. There are problems with this. When assigning A class A address to an organization, no organization can use such A large address block, so it is necessary to further partition and share with other organizations. When assigning a class C address, there are too few hosts. So the idea of subnets came into being.

subnetting

Subnets belong to an internal unit matter. The unit is still represented as a network without subnets. A number of bits are borrowed from the host number as the subnet number, and the host number is reduced by a number of bits.

After subnets are created, the IP addresses are in a three-level structure. Subnets only divide IP addresses into host numbers and do not change the original network numbers.

After subnets are divided, the header of IP packets cannot be used to determine whether the subnets are divided. You can use the subnet mask to find out the subnet part of the IP address.

The subnet mask contains 32 bits. In the IP address, all the bits corresponding to the network id and subnet ID are 1s, and all the bits corresponding to the host ID are 0s.

The network address can be obtained by bit-by-bit sum operation of the IP address and subnet mask. Therefore, the IP address and subnet mask must appear at the same time.

All 0s and all 1s are not used. Some address space is wasted to some extent.

So people also designed a scheme, classification – free addressing.

Unclassified two-level address

The network prefix specifies the network, and the suffix specifies the host. The prefix length can range from 1 to 32.

In unclassified addressing, if we want to find the address block to which the address belongs, we must include its prefix length in each address

One advantage of CIDR is route aggregation. Route aggregation is also called forming a hypernet.

All 0 addresses can only be used as source addresses, and all 1 addresses (restricted broadcast addresses) can only be used as destination addresses. Both are used in DHCP.

127.0.0.0/8 is used as the loopback address, which is used to test the software on the machine. When using this address, the packet never leaves the machine, but is simply returned by the protocol software. Applications like “Ping” can send packets with loopback addresses as destination addresses to test whether IPv4 can receive and process packets.

Private addresses are not recognized globally. A NAT router is required to translate the IP address into a globally recognized public address.

With CIDR, each item in the routing table consists of a “network prefix” and a “next address”. You might get more than one match when you look up the routing table. The route with the longest network prefix should be selected from the matching result: longest prefix match. (also known as longest match or best match)

The router

A router consists of an input port, an output port, a routing processor, and a switching structure.

Host-specific Route: Specifies a route (dedicated line) for a specific host. Using a specific host route makes it easier for the network manager to control and test the network.

Default route: a unified forwarding route (from which all other datagrams that have not found a route are forwarded). Reduce the space occupied by the routing table and the time spent searching the routing table. Useful when a network has few external interfaces.

When a router receives a datagram to be forwarded, it does not enter the IP address of the next-hop router into the datagram, but sends it to the lower-layer network interface software.

The IP datagram

An IP datagram consists of a header and data.

The first part of the header is a fixed length of 20 bytes, which all IP datagrams must have.

** The unit of header length (HLEN) is 4 bytes, the unit of total length is 1 byte, and the unit of slice offset length is 8 bytes. ** Total Length The maximum length of a packet must not exceed the MTU of the maximum transmission unit.

Identifier: Identifies a datagram sent from the source host. When a datagram leaves the host, the combination of this identity and the source IP address must uniquely identify the datagram. To ensure uniqueness, the IP protocol uses a counter to generate labels for datagrams. Counters are kept in main memory to ensure uniqueness. When shard, the label is copied to all shards. To facilitate reinstallation of the destination host.

Lifetime: the maximum number of hops that a router cable passes. This value decreases by 1 each time it passes through a router.

Protocol: Defines the high-level protocol that uses this IP layer service. There are many high-level protocols (such as TCP, UDP, ICMP, and IGMP) that can encapsulate data into IP datagrams.

Flag bit: The first bit is reserved. The second “no sharding” (DF) bit, DF = 1, indicates that sharding cannot be done, DF = 0, indicates that sharding can be done. The third “more fragments” (MF) bit, MF = 1, indicates that there are more fragments; MF = 0, indicating no sharding.

Header check and: only the header is checked, regardless of the data part.