From MikroTik Wiki
Revision as of 11:12, 13 August 2010 by Normis (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction to internetworking

The first chapter will help you understand components and functions of internetworking by focusing on basic operation of the network protocols in the OSI and TCP/IP models. Internetwork can be created by connecting two or more computer networks (LANs) via router (gateway) using common routing technology. In this course we focused on TCP/IP protocol suite which is most notable internetworking protocol standard for Internet today.

1.1 'OSI protocol hierarchy'

Open Systems Interconnection model was developed to enable interconnection and compatibility between different network systems so that different vendor networks could work with each other. Therefore OSI model is the key architectural model for networks building. OSI model is created as seven hierarchical layers model where each layer describes interoperation among the lower and upper layer. It describes step by step communication principles how data from an application on one computer can communicate through network media to another computer. Such a communication OSI model is divides into layers where each layer include set of specific protocols that is responsible for providing data and network information to a lower or upper layer.

Some of advantages of OSI model are following:

· Network components standardization allow interoperation between different network equipment and software manufacturers

· Easy step by step understand network communication process

· Changes in one layer does not affect changes in another layer

Seven layer OSI model with related protocols is shown in the Table 1.1. OSI model can be divided two parts, the top three layer describe communication between host applications (application to application communication), whereas bottom four layer define structure how data is transmitted to the end.

OSI model example Table 1.1

Application layer


Presentation layer

XDR, ASN.1, SMB, AFP etc

Session layer


Transport layer


Network layer


Data link layer

Ethernet, Fast Ethernet, Frame relay, FDDI, PPP, HDLC, ATM

Physical layer

wire, radio link, optical fiber etc.

Application layer

The Application layer is the OSI layer closest to the end user and provides services directly to these applications. Application layer is responsible for identifying communication partners, determining resource availability (such as desktop resource, storage resources) for this communication and also provide synchronizing communication (it means that all communication between applications requires cooperation that is managed by the Application layer.)

Presentation layer

The Presentation layer presents data to Application layer and is responsible for data translation and code formatting. It provides common interface for user applications, including services such as reformatting, data compression and encryption. Computer are configured to receive specific format data that can’t be read directly through applications into Application layer so presentation layer convert the data to native format for actual reading by the Application layer.

Session layer

The Session layer is responsible for establishes, controls and terminates the connections between the Presentation layer entities. This layer controls communication between systems and serves to organize communication by three different modes: simplex (communication that occurs in one direction only), half-duplex (communication in both directions, but only one direction at a time (not simultaneously)) and full-duplex (communication in both directions, simultaneously)

Transport layer

The Transport layer (also called layer 4) provide transparent (hides details of any network-dependent information from the upper layers) data transport between end users, and is responsible for data segmentation and reassembling. This layer also provides reliable data transfer services to the upper layers using acknowledgments, sequencing and flow control.

Acknowledgment - it is a technique that is used for the sender to be sure that transmitted data was received at the destination. It requires transmitting device to send an acknowledgment massage back to the sender when new data is received. Transmitting device also used timer which is set up every time when data segment is sent if this time expired and acknowledgment is not received data segment will be retransmitted.

Sequencing – TCP protocol includes a sequence number in the TCP header of each packet they send by allowing the recipient to sort packets in correct order.

Flow control – primary purpose of flow control is to properly match the transmission rate between sender and receiver and the network to ensuring the best possible performance. For example, flow control prevents from overflowing the buffer in the receiving device. Acknowledgment and windowing are one of the major functions that are used for providing flow control. Operation of windowing will be explained later.

The best-known example of Transport layer protocols are TCP and UDP. The Transport layer operates two different modes: connectionless (such as UDP) and connection-oriented (such as TCP). Main difference between connectionless and connection-oriented communication is that connection-oriented services use acknowledgment and flow control to create session, while connectionless services send data without any acknowledgments or flow control, of course this is unreliable communication, but headers are smaller.

Network layer

The Network layer (also called layer 3) is responsible for transfer traffic between devices that are not locally connected and determines best path to reach the destination and this called as network routing function. The transport layer manages packets routing according to unique/logical network device addresses. Data transmission in this layer are managed like connectionless (hop by hop), therefore it not provides reliable delivery to next hop device.

One of best-known layer 3 protocol is the Internet protocol (IP). Simple description of this routing process using IP can be as follows: First, packet is received on router interface, router lookup destination IP address from IP packet header. If destination IP address is not one of router interface addresses, then router will look up destination network address in the routing table. Routing table include all destination networks that can be reachable form particular router. If router can’t find destination network entry in the routing table, the router drops the packet.

Packets in the Network layer can be divided in two types, dependent on what data are transferred: Data and routing updates packets. Data packets are used to transport user data through the network. Routing update packets that are used to deliver update information of routing protocol to neighbor routers. Routing updates to help to build and maintain routing table of each router.

Data link layer

The Data link layer (also called layer 2) process and prepare data for transmission across the physical environment (wire, radio link, optic) and provides physical addressing. It mean that frames (packet that comes from network layer is encapsulated into the frame (attached additional header)) are delivered to proper device on the LAN using physical (hardware) addresses (into the Ethernet media it is MAC address of network interface). This layer also detects and possibly corrects errors that may occur in the Physical Layer. Unlike the Network layer which analyses logical addresses that determine where globally destination network is and are not changed during process of routing, physical addresses are used to transmit data frame between two local connected network devices. This means that each time when data frames are sent to next router it are encapsulates with new Data link layer header (Ethernet - new source and destination MAC address), but receiving router remove this layer 2 information by changing with new.

Such network devices as Ethernet switch work at the Data link layer by using MAC address for data frame switching.

Physical layer

The Physical layer is lowest layer of OSI model that is responsible for sends and receives bits through different physical medium. The Physical layer can communicates directly with various types of communication media, but different kinds of media represent these bit values in different ways. Therefore are needed specific protocols for type of media that describe bit patterns (e.g. for sender –receiver synchronization), how data encoded to physical media signals that is transmitted over a hardware transmission medium. Physical layer also provides signal modulation, synchronization, multiplexing.

Summary function at each layer of OSI model Table 1.2.

Application layer

Provide type of communication and a user interface

Presentation layer

Data representation and encryption

Session layer

Establishes, controls and terminates inter-host communication

Transport layer

Provides reliable or unreliable end-to-end connections, Provides error correction before retransmit

Network layer

Provides logical addressing, Path determination

Data link layer

Combines packet into frames,

Provides Physical addressing

Performs error detection not correction

Physical layer

Provides , Line coding, modulation, bit-level transmission

1.2 OSI and TCP/IP model comparison'

TCP/IP is description framework for TCP/IP based computer networks. TCP/IP model is composed of four instead of seven layers of OSI model.


The Application of TCP/IP model correspond to top three layer of OSI model and include a large amount of protocols Application layer defines protocols for node to node application communication and also provides user interface.

The Host-to-Host layer includes the same functions as OSI Transport layer. It control and maintain reliable (acknowledgement based) end to end communication, error correction and handle packets sequencing.

The Internet layer from TCP/IP model corresponds to Network layer of OSI model. This layer is the same as Network layer performs two basic functions: host addressing (e.g. IP or IPv6 addresses) and identification as well as packet routing that provides internetworking functionality.

The Network access layer is equivalent the Data link and Physical layer of the OSI model which defines protocols for physical transmission and also provides functionality of Data link such as error detection and physical addressing. The physical layer is not covered by the TCP/IP model because the data link layer the point at which the interface relates between the TCP/IP stack and the underlying networking hardware.

Main factor that each OSI and TCP/IP layered model describe s and includes different protocols with different functions therefore layers can operate transparently to each other and change in one layer can’t impact other layers.

1.3 'Application layer protocols

TCP/IP model with some frequently used protocols at each layer is shown bellow.


In this point we will look at closely Application layer protocol function:


Original purpose of HTTP (Hypertext Transfer Protocol) was to provide a way how to transfer and retrieve HTML pages on the WWW (World Wide Web). HTTP was developed by the World Wide Web Consortium and the Internet Engineering Task Force (IETF) and has series of RFC publications. HTTP operates as request/response protocol between client and server. In this case client is application such as web browser (Internet Explorer, Mozilla FireFox) whereas server stores HTML pages and images and provides response for HTTP requests. HTTP works on TCP port 80. Meaning of port numbers will be described later in this chapter.


FTP (File Transfer Protocol) is commonly used protocol for exchanging files over network that support the TCP/IP protocols. It also acts as server/client protocol that isn’t only protocol but also program file manipulation operations such uploading, downloading files, rename delete and so on. This protocol allows to connects on any computer that support FTP server feature and manipulate with files regardless of which operating system are on remote computer. FTP works on TCP port 21.


Telnet is client/server protocol that was developed for terminal emulation. It allows a user to connect on a remote machine and perform remote configuration. Users begin telnet session by running telnet client software on local machine and then logging into the Telnet server. Interface of telnet terminal is text-based that allows execute proper commands on remote machine that supports telnet server and understand remote machines. One of drawback of telnet is that by default it does not support any data encryption that are sent over network (even passwords are sent by plain text). Today such protocol as SSH that support encryption and is more secure (Secure Shell) has begun to dominate as remote access protocol. Typically telnet is on TCP port 23.


Purpose of SMTP (Simple Message Transfer Protocol) protocol is sending e-mail to e-mail server that stores received massages in the sender’s mailbox. For retrieving e-mail from e-mail server are used others protocols such as POP3 or IMAP. So that providing interoperability, typically e-mail server and client support all of these protocols. Most of known client side products are Microsoft Outlook or Mozilla Thunderbird. SNMP work on TCP port 25.


DNS (Domain Name System) stores and maintains hierarchical naming system for computers and services that are connected to Internet or LANs. Domain name usually consists of two or more parts separated by dots e.g. www.google.lv. Of course, you can to use only IP addresses of any device or server what you want to communicate with, but this server can be placed anywhere by other internet service provider which can change IP address and no one don’t know about new IP address. DNS service allows to solve problem by changing IP address of appropriate item in the DNS server. DNS serves as the phone book for the Internet translating human-friendly domain names (called also Internet names) and computer hostnames into IP addresses. For example, if you want to know the internet address of www.wikipedia.org, DNS can be used to tell you it is DNS use TCP and UDP port 53 to serve requests.


DHCP (Dynamic Host Configuration Protocol) uses client-server architecture and provide by DHCP client (host) to receive IP address from DHCP server and other configuration information such as subnet mask, default gateway, IP address of DNS server etc. DHCP server dynamically assigns network parameters to network devices. DHCP client sends out DHCP discovery massages in order to receive DHCP offer massage of DHCP server. DHCP uses UDP at the Transport layer. DHCP client uses UDP port 67, DHCP server uses UDP port 68.


SNMP (Simple Network Management Protocol) is standard OSI application layer protocol for network management. It can be used by network administrator to monitor huge of different kind of parameters of network devices (like usage, performance, actual data rate, uptime, device identity, availability etc).

There exist more than one SNMP versions: SNMPv1, SNMPv2, SNMPv3 where version 2 and version 3 include new improvements in the areas of security, performance, and communication (message formats). Although SNMPv1 is not compatible with the latest versions, it is widely used and has become as de-facto protocol for network management purposes.

An SNMP-managed network consists of three components:

· Managed device

· SNMP agent

· Network Management System (NMS)

Managed device (SNMP agent (MIB)) <-----------------------------------> Host (NMS (monitoring))

A managed device is a network node (router, switch, IP phone, PC etc.) that supports SNMP protocol and allows unidirectional or bidirectional access to node-specific information.

An SNMP agent is network management software that runs on a managed device. SNMP agent reports requested information via SNMP to the Network Management System. SNMP agents expose management data as variables based on principle (key : value) and these data are stored and organized into the MIB (Management Information Base) database.

Network Management System executes applications that monitor and control managed devices. NMS can be implemented as single software solution. NMS sends SNMP queries to agent and processing and illustrating (graph, table, network diagrams etc.) received management information for network administration purposes.

SNMP uses UDP protocol transporting SNMP data between SNMP agent and NMS


TFTP (Trivial File Transfer Protocol) it is simple file transfer protocol similar FTP, but unlike FTP that is based on TCP, TFTP uses UDP as transport protocol and port 69. TFTP operation consists of three main steps: TFTP connection initialization, data transfer, connection termination.

TFTP requires low protocol overhead and could be implemented using low memory resources, but TFTP has also more unsecured protocol unlike FTP, because here are not authentication and encryption mechanisms as well as it does not include any data re-transmission options.

1.4 'Data encapsulation

When one host sends data through network to another host, the data is handled down by the protocol stack from the Application layer to the underlying Physical layer (see Figure 1.3.).


Each layer communicating with its peer layer adds protocol information to ensure proper delivery. This additional protocol information is called a header because it is placed in front of the data to be transmitted and this process when the new header is added is called the encapsulation. Receiving device on each layer read proper information after that remove this information and handled data to the next layer up – this process called the de-encapsulation. Each layer uses Protocol Data Units (PDUs) to communicate and exchange information. PDU hold control information attached to the data at each layer, it means that PDUs at the each layer are protocol information + data.

When encapsulation process is related to TCP/IP model we can to specify protocol that is in header of each layer. Data which comes from upper layer (Application) are encapsulated with Transport layer header such as TCP or UDP (now piece of data with TCP header called a segment), than each segment is handed-down to the Network (Internet) layer which add next header such as IP (piece of segment called a packet) and handed-down to the Network access layer. If transmission medium is used Ethernet then each packet is encapsulated in a frame that includes Ethernet header.

Remember that Network and Transport layers works together to rebuild data stream to a destination host and router works only until the third (Network) layer by look up logical destination address into packet header to make decision where to transfer packet next.

1.5 'Protocol Headers

Now we need to know how looks like the header in each of layers of TCP/IP networks.

1.5.1 Ethernet (frame) header format

Know how to interpret the data contained in your Ethernet frames by understanding the frame structure. Ethernet headers are attached to PDUs that came down form Network layer. It includes information about physical addressing (source and destination MAC addresses). There are several types of Ethernet frame. Two of them are Ethernet II and IEEE 802.3 frames. The figure below show the frame format of Ethernet II that is also the most common used today.


Preamble – consist of seven bytes all of the same form 10101010 which allow receiving devices to establish bit synchronization.

Start frame delimiter (SFD) – is one octet which is frame flag that indicate the start of new frame. In short, FSD provides frame synchronization.

Destination and source MAC addresses – are 48 bits long, identify receiving device. Every system with Ethernet interface has a unique global MAC address. This destination address can be individual, a broadcast or multicast. Layer 2 broadcast address consist of all 1s or hexadecimal looks like the following ff:ff:ff:ff:ff:ff. Broadcast mean that frame will be send to all hosts on the local network or subnet.

Type – this value provides key difference between Ethernet 802.3 an Ethernet II. In Ethernet 802.3 indicates the number of bytes of data in frame payload (payload length). In Ethernet II this field is used to indicate the protocol type of payload.

Payload data – data set (packet) sent down to the Data Link layer from Network layer.

FCS – this field contains a 4-bytes cyclical redundancy check (CRC) value used for error checking.

1.5.2 IPv4 Header format

IPv4 (IP version 4) header as shown below is 20 bytes long with option can be longer. IPv4 format was defined in RFC 791. IP is one of fundamental Network layer protocol, that provide logical addressing that is used by routing process for choosing best path to next hop.


Version – indentifies the version of IP used to generate the datagram.

Header length – size (in bytes) of IP header

Type of Service – this field designed type of service to provide feature such as prioritized delivery of IP datagrams. This value define how packet should be handled trough network.

Total Length – length of packet included header and data

Identification – uniquely identifies each packet and is common to each of the fragments belonging to particular massage.

Flags – identifies whether fragmentation is used or not.

Fragment offset – this field is used when fragmentation occur and specifies the position of the fragment with the original datagrams.

Time to Live – TTL value (hop count) is set on packet when it is originally generated and specify how much “router hops” packet can perform before TTL expires.

Protocol – identifies a port of upper layer protocols (generally transport layer protocols). For example, TCP port 06 (hex), UDP port 17 (hex) and ICMP port 01 (hex).

Header checksum – it provides cyclic redundancy check (CRC) only for IP header, and it isn’t so complex like CRC used by data link layer and provide only 16-bit checksum.

Source address – 32 bit IP address of the originator of packet

Destination address – 32 bit IP address that identify recipient of packet

Options – includes specific value that can be used for network monitor, testing and more.

Data – consist of upper layer data (e.g. TCP header + data).

1.5.3 TCP and UDP headers

TCP and UDP are application layer protocols. How I mentioned previously TCP provides connection-oriented, reliable with error corrected end to end delivery, whereas UDP provides low-overhead, connectionless end to end delivery service. Protocols defined at this layer accept data from upper layers and can encapsulate it in the TCP or UDP protocol header for deliver data segment to the lower layer protocol (e.g. IP protocol) for routing. The following is a TCP header format.


Source port – the field that identifies port number of program of sender at the Application layer (Port numbers will be explained later in this section).

Destination layer – the field that identifies port number of application of receiving host.

Sequence number – the sequence number used by TCP for checking correct order by receiving host.

Acknowledgment number - this field contains the value of the next sequence number which the sender is expected next.

Data offset – the field identifies where the data begins.

Reserved – reserved for future use, must be zero.

Flags (8 bits field) – Control bits used for set up and terminate TCP connections, contains 8 1-bit flags:

· CWR – Congestion Window Reduced (CWR)

· ECE – ECN-Echo flag (ECN (Explicit Congestion Notification) – allow end-to-end notification of network congestion)

· URG – Urgent pointer field significant

· ACK – Acknowledgment field significant

· PSH – Push function (ask for receiver to create buffer for connection)

· RST – Reset the connection

· SYN – Synchronize sequence numbers (used for start connection)

· FIN – No more data from sender (used for terminate connection)

Window size – the number of bytes which the receiver is willing to accept at the one time without receiving acknowledgment.

Checksum – the field for cyclic redundancy check (16-bit error checking).

Urgent Pointer – used only when URG flag bit is set. This value indicates the offset from the current sequence number, in octets, where the first segment of non-urgent data begins.

Options – options may occupy space at the end of TCP header and always are a multiple of 8 bits in length. Options are used for provide additional information to destination host.

Data – consist of upper layer data (e.g. HTTP, FTP, DNS etc.).

UDP is used when amount of data being transmitted is small, so there are used small header format (more often broadcast oriented services using UDP). Each UDP header, like TCP carries both a source and destination port identifiers, allowing to point to specific applications and services among hosts (look at the figure bellow).


Source port - it indicates the port of the sending process and may be assumed to be the port to which a reply should be addressed back.

Destination port - the field that identifies port number of application of receiving host.

Length – length of UDP header and data

Data – data from upper layer

1.6 'TCP ports numbers and IP protocol numbers

When host receives datagram from another host it analyzes the each header by reading it from lower to Application layer. How TCP or UDP knows to which of application layer protocols appropriate datagram is related. For that reason TCP and UDP uses notion of port numbers to identify sending and receiving application end point on a host (see Figure 1.6). Source port numbers start at 1024 and are dynamically assigned by the sender. Ports numbers from 1-1023 are dynamically assigned, well-known ports which are defined in RFC 3232, some of these well-know are HTTP – port 80, FTP – 21, DNS – 53.

The principles when protocols of each layer needs information about which upper layer protocols are related on that is significant at the each protocol’s. Therefore, headers of the Network layer protocols also include information field such as “protocol” (see Figure 1.5.).


TCP and UDP as transport layer protocols are used when data stream is destined for upper layers application. In this example, as network layer protocol is IP, but also other network layer protocols can be used here, such as ICMP. In this case data stream is directly destined for ICMP.

As was mentioned above when data are sent from the upper to the lower layer in each layer is added in addition protocol header. Ethernet frame structure in the TCP/IP network is in Figure 1.9.


1.6.1 Internet sockets

Basically TCP connection is created between hosts or among server and hosts. This mean that a server needs the option of providing that more than one client could be able to connect on one server and to use the same service as long as several clients can connect to several services. For this purpose arriving TCP data packets are identified as belonging to a specific TCP connection by its sockets which provides to deliver data streams to the appropriate process. The combination of IP address and TCP/UDP port number is called a socket. Full internet socket is consisted of the following:

· Protocol (TCP, UDP)

· Local address

· Local port

· Remote (foreign) address

· Remote port

A given socket number is unique on the internetwork. A connection between two hosts is fully described by the sockets assigned to each end of the connection.

On Microsoft Windows and Unix-like based operating systems provides the netstat command line tool that may be used to list all currently established sockets and related information, the figure below shows list of output from Windows netstat tool.