Internet Info 1993

home *** CD-ROM | disk | FTP | other *** search

/ Internet Info 1993 / Internet Info CD-ROM (Walnut Creek) (1993).iso / inet / rfc / rfc1180 < prev next >

Wrap

Text File | 1991-04-20 | 62.4 KB | 1,571 lines

Network Working Group T. Socolofsky Request for Comments: 1180 C. Kale Spider Systems Limited January 1991 A TCP/IP Tutorial Status of this Memo This RFC is a tutorial on the TCP/IP protocol suite, focusing particularly on the steps in forwarding an IP datagram from source host to destination host through a router. It does not specify an Internet standard. Distribution of this memo is unlimited. Table of Contents 1. Introduction................................................ 1 2. TCP/IP Overview............................................. 2 3. Ethernet.................................................... 8 4. ARP......................................................... 9 5. Internet Protocol........................................... 12 6. User Datagram Protocol...................................... 22 7. Transmission Control Protocol............................... 24 8. Network Applications........................................ 25 9. Other Information........................................... 27 10. References.................................................. 27 11. Relation to other RFCs...................................... 27 12. Security Considerations..................................... 27 13. Authors' Addresses.......................................... 28 1. Introduction This tutorial contains only one view of the salient points of TCP/IP, and therefore it is the "bare bones" of TCP/IP technology. It omits the history of development and funding, the business case for its use, and its future as compared to ISO OSI. Indeed, a great deal of technical information is also omitted. What remains is a minimum of information that must be understood by the professional working in a TCP/IP environment. These professionals include the systems administrator, the systems programmer, and the network manager. This tutorial uses examples from the UNIX TCP/IP environment, however the main points apply across all implementations of TCP/IP. Note that the purpose of this memo is explanation, not definition. If any question arises about the correct specification of a protocol, please refer to the actual standards defining RFC. Socolofsky & Kale [Page 1] RFC 1180 A TCP/IP Tutorial January 1991 The next section is an overview of TCP/IP, followed by detailed descriptions of individual components. 2. TCP/IP Overview The generic term "TCP/IP" usually means anything and everything related to the specific protocols of TCP and IP. It can include other protocols, applications, and even the network medium. A sample of these protocols are: UDP, ARP, and ICMP. A sample of these applications are: TELNET, FTP, and rcp. A more accurate term is "internet technology". A network that uses internet technology is called an "internet". 2.1 Basic Structure To understand this technology you must first understand the following logical structure: ---------------------------- | network applications | | | |... \ | / .. \ | / ...| | ----- ----- | | |TCP| |UDP| | | ----- ----- | | \ / | | -------- | | | IP | | | ----- -*------ | | |ARP| | | | ----- | | | \ | | | ------ | | |ENET| | | ---@-- | ----------|----------------- | ----------------------o--------- Ethernet Cable Figure 1. Basic TCP/IP Network Node This is the logical structure of the layered protocols inside a computer on an internet. Each computer that can communicate using internet technology has such a logical structure. It is this logical structure that determines the behavior of the computer on the internet. The boxes represent processing of the data as it passes through the computer, and the lines connecting boxes show the path of Socolofsky & Kale [Page 2] RFC 1180 A TCP/IP Tutorial January 1991 data. The horizontal line at the bottom represents the Ethernet cable; the "o" is the transceiver. The "*" is the IP address and the "@" is the Ethernet address. Understanding this logical structure is essential to understanding internet technology; it is referred to throughout this tutorial. 2.2 Terminology The name of a unit of data that flows through an internet is dependent upon where it exists in the protocol stack. In summary: if it is on an Ethernet it is called an Ethernet frame; if it is between the Ethernet driver and the IP module it is called a IP packet; if it is between the IP module and the UDP module it is called a UDP datagram; if it is between the IP module and the TCP module it is called a TCP segment (more generally, a transport message); and if it is in a network application it is called a application message. These definitions are imperfect. Actual definitions vary from one publication to the next. More specific definitions can be found in RFC 1122, section 1.3.3. A driver is software that communicates directly with the network interface hardware. A module is software that communicates with a driver, with network applications, or with another module. The terms driver, module, Ethernet frame, IP packet, UDP datagram, TCP message, and application message are used where appropriate throughout this tutorial. 2.3 Flow of Data Let's follow the data as it flows down through the protocol stack shown in Figure 1. For an application that uses TCP (Transmission Control Protocol), data passes between the application and the TCP module. For applications that use UDP (User Datagram Protocol), data passes between the application and the UDP module. FTP (File Transfer Protocol) is a typical application that uses TCP. Its protocol stack in this example is FTP/TCP/IP/ENET. SNMP (Simple Network Management Protocol) is an application that uses UDP. Its protocol stack in this example is SNMP/UDP/IP/ENET. The TCP module, UDP module, and the Ethernet driver are n-to-1 multiplexers. As multiplexers they switch many inputs to one output. They are also 1-to-n de-multiplexers. As de-multiplexers they switch one input to many outputs according to the type field in the protocol header. Socolofsky & Kale [Page 3] RFC 1180 A TCP/IP Tutorial January 1991 1 2 3 ... n 1 2 3 ... n \ | / | \ | | / ^ \ | | / | \ | | / | ------------- flow ---------------- flow |multiplexer| of |de-multiplexer| of ------------- data ---------------- data | | | | | v | | 1 1 Figure 2. n-to-1 multiplexer and 1-to-n de-multiplexer If an Ethernet frame comes up into the Ethernet driver off the network, the packet can be passed upwards to either the ARP (Address Resolution Protocol) module or to the IP (Internet Protocol) module. The value of the type field in the Ethernet frame determines whether the Ethernet frame is passed to the ARP or the IP module. If an IP packet comes up into IP, the unit of data is passed upwards to either TCP or UDP, as determined by the value of the protocol field in the IP header. If the UDP datagram comes up into UDP, the application message is passed upwards to the network application based on the value of the port field in the UDP header. If the TCP message comes up into TCP, the application message is passed upwards to the network application based on the value of the port field in the TCP header. The downwards multiplexing is simple to perform because from each starting point there is only the one downward path; each protocol module adds its header information so the packet can be de- multiplexed at the destination computer. Data passing out from the applications through either TCP or UDP converges on the IP module and is sent downwards through the lower network interface driver. Although internet technology supports many different network media, Ethernet is used for all examples in this tutorial because it is the most common physical network used under IP. The computer in Figure 1 has a single Ethernet connection. The 6-byte Ethernet address is unique for each interface on an Ethernet and is located at the lower interface of the Ethernet driver. The computer also has a 4-byte IP address. This address is located at the lower interface to the IP module. The IP address must be unique for an internet. Socolofsky & Kale [Page 4] RFC 1180 A TCP/IP Tutorial January 1991 A running computer always knows its own IP address and Ethernet address. 2.4 Two Network Interfaces If a computer is connected to 2 separate Ethernets it is as in Figure 3. ---------------------------- | network applications | | | |... \ | / .. \ | / ...| | ----- ----- | | |TCP| |UDP| | | ----- ----- | | \ / | | -------- | | | IP | | | ----- -*----*- ----- | | |ARP| | | |ARP| | | ----- | | ----- | | \ | | / | | ------ ------ | | |ENET| |ENET| | | ---@-- ---@-- | ----------|-------|--------- | | | ---o--------------------------- | Ethernet Cable 2 ---------------o---------- Ethernet Cable 1 Figure 3. TCP/IP Network Node on 2 Ethernets Please note that this computer has 2 Ethernet addresses and 2 IP addresses. It is seen from this structure that for computers with more than one physical network interface, the IP module is both a n-to-m multiplexer and an m-to-n de-multiplexer. Socolofsky & Kale [Page 5] RFC 1180 A TCP/IP Tutorial January 1991 1 2 3 ... n 1 2 3 ... n \ | | / | \ | | / ^ \ | | / | \ | | / | ------------- flow ---------------- flow |multiplexer| of |de-multiplexer| of ------------- data ---------------- data / | | \ | / | | \ | / | | \ v / | | \ | 1 2 3 ... m 1 2 3 ... m Figure 4. n-to-m multiplexer and m-to-n de-multiplexer It performs this multiplexing in either direction to accommodate incoming and outgoing data. An IP module with more than 1 network interface is more complex than our original example in that it can forward data onto the next network. Data can arrive on any network interface and be sent out on any other. TCP UDP \ / \ / -------------- | IP | | | | --- | | / \ | | / v | -------------- / \ / \ data data comes in goes out here here Figure 5. Example of IP Forwarding a IP Packet The process of sending an IP packet out onto another network is called "forwarding" an IP packet. A computer that has been dedicated to the task of forwarding IP packets is called an "IP-router". As you can see from the figure, the forwarded IP packet never touches the TCP and UDP modules on the IP-router. Some IP-router implementations do not have a TCP or UDP module. 2.5 IP Creates a Single Logical Network The IP module is central to the success of internet technology. Each module or driver adds its header to the message as the message passes Socolofsky & Kale [Page 6] RFC 1180 A TCP/IP Tutorial January 1991 down through the protocol stack. Each module or driver strips the corresponding header from the message as the message climbs the protocol stack up towards the application. The IP header contains the IP address, which builds a single logical network from multiple physical networks. This interconnection of physical networks is the source of the name: internet. A set of interconnected physical networks that limit the range of an IP packet is called an "internet". 2.6 Physical Network Independence IP hides the underlying network hardware from the network applications. If you invent a new physical network, you can put it into service by implementing a new driver that connects to the internet underneath IP. Thus, the network applications remain intact and are not vulnerable to changes in hardware technology. 2.7 Interoperability If two computers on an internet can communicate, they are said to "interoperate"; if an implementation of internet technology is good, it is said to have "interoperability". Users of general-purpose computers benefit from the installation of an internet because of the interoperability in computers on the market. Generally, when you buy a computer, it will interoperate. If the computer does not have interoperability, and interoperability can not be added, it occupies a rare and special niche in the market. 2.8 After the Overview With the background set, we will answer the following questions: When sending out an IP packet, how is the destination Ethernet address determined? How does IP know which of multiple lower network interfaces to use when sending out an IP packet? How does a client on one computer reach the server on another? Why do both TCP and UDP exist, instead of just one or the other? What network applications are available? These will be explained, in turn, after an Ethernet refresher. Socolofsky & Kale [Page 7] RFC 1180 A TCP/IP Tutorial January 1991 3. Ethernet This section is a short review of Ethernet technology. An Ethernet frame contains the destination address, source address, type field, and data. An Ethernet address is 6 bytes. Every device has its own Ethernet address and listens for Ethernet frames with that destination address. All devices also listen for Ethernet frames with a wild- card destination address of "FF-FF-FF-FF-FF-FF" (in hexadecimal), called a "broadcast" address. Ethernet uses CSMA/CD (Carrier Sense and Multiple Access with Collision Detection). CSMA/CD means that all devices communicate on a single medium, that only one can transmit at a time, and that they can all receive simultaneously. If 2 devices try to transmit at the same instant, the transmit collision is detected, and both devices wait a random (but short) period before trying to transmit again. 3.1 A Human Analogy A good analogy of Ethernet technology is a group of people talking in a small, completely dark room. In this analogy, the physical network medium is sound waves on air in the room instead of electrical signals on a coaxial cable. Each person can hear the words when another is talking (Carrier Sense). Everyone in the room has equal capability to talk (Multiple Access), but none of them give lengthy speeches because they are polite. If a person is impolite, he is asked to leave the room (i.e., thrown off the net). No one talks while another is speaking. But if two people start speaking at the same instant, each of them know this because each hears something they haven't said (Collision Detection). When these two people notice this condition, they wait for a moment, then one begins talking. The other hears the talking and waits for the first to finish before beginning his own speech. Each person has an unique name (unique Ethernet address) to avoid confusion. Every time one of them talks, he prefaces the message with the name of the person he is talking to and with his own name (Ethernet destination and source address, respectively), i.e., "Hello Jane, this is Jack, ..blah blah blah...". If the sender wants to talk to everyone he might say "everyone" (broadcast address), i.e., "Hello Everyone, this is Jack, ..blah blah blah...". Socolofsky & Kale [Page 8] RFC 1180 A TCP/IP Tutorial January 1991 4. ARP When sending out an IP packet, how is the destination Ethernet address determined? ARP (Address Resolution Protocol) is used to translate IP addresses to Ethernet addresses. The translation is done only for outgoing IP packets, because this is when the IP header and the Ethernet header are created. 4.1 ARP Table for Address Translation The translation is performed with a table look-up. The table, called the ARP table, is stored in memory and contains a row for each computer. There is a column for IP address and a column for Ethernet address. When translating an IP address to an Ethernet address, the table is searched for a matching IP address. The following is a simplified ARP table: ------------------------------------ |IP address Ethernet address | ------------------------------------ |223.1.2.1 08-00-39-00-2F-C3| |223.1.2.3 08-00-5A-21-A7-22| |223.1.2.4 08-00-10-99-AC-54| ------------------------------------ TABLE 1. Example ARP Table The human convention when writing out the 4-byte IP address is each byte in decimal and separating bytes with a period. When writing out the 6-byte Ethernet address, the conventions are each byte in hexadecimal and separating bytes with either a minus sign or a colon. The ARP table is necessary because the IP address and Ethernet address are selected independently; you can not use an algorithm to translate IP address to Ethernet address. The IP address is selected by the network manager based on the location of the computer on the internet. When the computer is moved to a different part of an internet, its IP address must be changed. The Ethernet address is selected by the manufacturer based on the Ethernet address space licensed by the manufacturer. When the Ethernet hardware interface board changes, the Ethernet address changes. 4.2 Typical Translation Scenario During normal operation a network application, such as TELNET, sends an application message to TCP, then TCP sends the corresponding TCP message to the IP module. The destination IP address is known by the Socolofsky & Kale [Page 9] RFC 1180 A TCP/IP Tutorial January 1991 application, the TCP module, and the IP module. At this point the IP packet has been constructed and is ready to be given to the Ethernet driver, but first the destination Ethernet address must be determined. The ARP table is used to look-up the destination Ethernet address. 4.3 ARP Request/Response Pair But how does the ARP table get filled in the first place? The answer is that it is filled automatically by ARP on an "as-needed" basis. Two things happen when the ARP table can not be used to translate an address: 1. An ARP request packet with a broadcast Ethernet address is sent out on the network to every computer. 2. The outgoing IP packet is queued. Every computer's Ethernet interface receives the broadcast Ethernet frame. Each Ethernet driver examines the Type field in the Ethernet frame and passes the ARP packet to the ARP module. The ARP request packet says "If your IP address matches this target IP address, then please tell me your Ethernet address". An ARP request packet looks something like this: --------------------------------------- |Sender IP Address 223.1.2.1 | |Sender Enet Address 08-00-39-00-2F-C3| --------------------------------------- |Target IP Address 223.1.2.2 | |Target Enet Address <blank> | --------------------------------------- TABLE 2. Example ARP Request Each ARP module examines the IP address and if the Target IP address matches its own IP address, it sends a response directly to the source Ethernet address. The ARP response packet says "Yes, that target IP address is mine, let me give you my Ethernet address". An ARP response packet has the sender/target field contents swapped as compared to the request. It looks something like this: Socolofsky & Kale [Page 10] RFC 1180 A TCP/IP Tutorial January 1991 --------------------------------------- |Sender IP Address 223.1.2.2 | |Sender Enet Address 08-00-28-00-38-A9| --------------------------------------- |Target IP Address 223.1.2.1 | |Target Enet Address 08-00-39-00-2F-C3| --------------------------------------- TABLE 3. Example ARP Response The response is received by the original sender computer. The Ethernet driver looks at the Type field in the Ethernet frame then passes the ARP packet to the ARP module. The ARP module examines the ARP packet and adds the sender's IP and Ethernet addresses to its ARP table. The updated table now looks like this: ---------------------------------- |IP address Ethernet address | ---------------------------------- |223.1.2.1 08-00-39-00-2F-C3| |223.1.2.2 08-00-28-00-38-A9| |223.1.2.3 08-00-5A-21-A7-22| |223.1.2.4 08-00-10-99-AC-54| ---------------------------------- TABLE 4. ARP Table after Response 4.4 Scenario Continued The new translation has now been installed automatically in the table, just milli-seconds after it was needed. As you remember from step 2 above, the outgoing IP packet was queued. Next, the IP address to Ethernet address translation is performed by look-up in the ARP table then the Ethernet frame is transmitted on the Ethernet. Therefore, with the new steps 3, 4, and 5, the scenario for the sender computer is: 1. An ARP request packet with a broadcast Ethernet address is sent out on the network to every computer. 2. The outgoing IP packet is queued. 3. The ARP response arrives with the IP-to-Ethernet address translation for the ARP table. Socolofsky & Kale [Page 11] RFC 1180 A TCP/IP Tutorial January 1991 4. For the queued IP packet, the ARP table is used to translate the IP address to the Ethernet address. 5. The Ethernet frame is transmitted on the Ethernet. In summary, when the translation is missing from the ARP table, one IP packet is queued. The translation data is quickly filled in with ARP request/response and the queued IP packet is transmitted. Each computer has a separate ARP table for each of its Ethernet interfaces. If the target computer does not exist, there will be no ARP response and no entry in the ARP table. IP will discard outgoing IP packets sent to that address. The upper layer protocols can't tell the difference between a broken Ethernet and the absence of a computer with the target IP address. Some implementations of IP and ARP don't queue the IP packet while waiting for the ARP response. Instead the IP packet is discarded and the recovery from the IP packet loss is left to the TCP module or the UDP network application. This recovery is performed by time-out and retransmission. The retransmitted message is successfully sent out onto the network because the first copy of the message has already caused the ARP table to be filled. 5. Internet Protocol The IP module is central to internet technology and the essence of IP is its route table. IP uses this in-memory table to make all decisions about routing an IP packet. The content of the route table is defined by the network administrator. Mistakes block communication. To understand how a route table is used is to understand internetworking. This understanding is necessary for the successful administration and maintenance of an IP network. The route table is best understood by first having an overview of routing, then learning about IP network addresses, and then looking at the details. 5.1 Direct Routing The figure below is of a tiny internet with 3 computers: A, B, and C. Each computer has the same TCP/IP protocol stack as in Figure 1. Each computer's Ethernet interface has its own Ethernet address. Each computer has an IP address assigned to the IP interface by the network manager, who also has assigned an IP network number to the Ethernet. Socolofsky & Kale [Page 12] RFC 1180 A TCP/IP Tutorial January 1991 A B C | | | --o------o------o-- Ethernet 1 IP network "development" Figure 6. One IP Network When A sends an IP packet to B, the IP header contains A's IP address as the source IP address, and the Ethernet header contains A's Ethernet address as the source Ethernet address. Also, the IP header contains B's IP address as the destination IP address and the Ethernet header contains B's Ethernet address as the destination Ethernet address. ---------------------------------------- |address source destination| ---------------------------------------- |IP header A B | |Ethernet header A B | ---------------------------------------- TABLE 5. Addresses in an Ethernet frame for an IP packet from A to B For this simple case, IP is overhead because the IP adds little to the service offered by Ethernet. However, IP does add cost: the extra CPU processing and network bandwidth to generate, transmit, and parse the IP header. When B's IP module receives the IP packet from A, it checks the destination IP address against its own, looking for a match, then it passes the datagram to the upper-level protocol. This communication between A and B uses direct routing. 5.2 Indirect Routing The figure below is a more realistic view of an internet. It is composed of 3 Ethernets and 3 IP networks connected by an IP-router called computer D. Each IP network has 4 computers; each computer has its own IP address and Ethernet address. Socolofsky & Kale [Page 13] RFC 1180 A TCP/IP Tutorial January 1991 A B C ----D---- E F G | | | | | | | | | --o------o------o------o- | -o------o------o------o-- Ethernet 1 | Ethernet 2 IP network "development" | IP network "accounting" | | | H I J | | | | --o-----o------o------o-- Ethernet 3 IP network "factory" Figure 7. Three IP Networks; One internet Except for computer D, each computer has a TCP/IP protocol stack like that in Figure 1. Computer D is the IP-router; it is connected to all 3 networks and therefore has 3 IP addresses and 3 Ethernet addresses. Computer D has a TCP/IP protocol stack similar to that in Figure 3, except that it has 3 ARP modules and 3 Ethernet drivers instead of 2. Please note that computer D has only one IP module. The network manager has assigned a unique number, called an IP network number, to each of the Ethernets. The IP network numbers are not shown in this diagram, just the network names. When computer A sends an IP packet to computer B, the process is identical to the single network example above. Any communication between computers located on a single IP network matches the direct routing example discussed previously. When computer D and A communicate, it is direct communication. When computer D and E communicate, it is direct communication. When computer D and H communicate, it is direct communication. This is because each of these pairs of computers is on the same IP network. However, when computer A communicates with a computer on the far side of the IP-router, communication is no longer direct. A must use D to forward the IP packet to the next IP network. This communication is called "indirect". This routing of IP packets is done by IP modules and happens transparently to TCP, UDP, and the network applications. If A sends an IP packet to E, the source IP address and the source Ethernet address are A's. The destination IP address is E's, but because A's IP module sends the IP packet to D for forwarding, the destination Ethernet address is D's. Socolofsky & Kale [Page 14] RFC 1180 A TCP/IP Tutorial January 1991 ---------------------------------------- |address source destination| ---------------------------------------- |IP header A E | |Ethernet header A D | ---------------------------------------- TABLE 6. Addresses in an Ethernet frame for an IP packet from A to E (before D) D's IP module receives the IP packet and upon examining the destination IP address, says "This is not my IP address," and sends the IP packet directly to E. ---------------------------------------- |address source destination| ---------------------------------------- |IP header A E | |Ethernet header D E | ---------------------------------------- TABLE 7. Addresses in an Ethernet frame for an IP packet from A to E (after D) In summary, for direct communication, both the source IP address and the source Ethernet address is the sender's, and the destination IP address and the destination Ethernet address is the recipient's. For indirect communication, the IP address and Ethernet addresses do not pair up in this way. This example internet is a very simple one. Real networks are often complicated by many factors, resulting in multiple IP-routers and several types of physical networks. This example internet might have come about because the network manager wanted to split a large Ethernet in order to localize Ethernet broadcast traffic. 5.3 IP Module Routing Rules This overview of routing has shown what happens, but not how it happens. Now let's examine the rules, or algorithm, used by the IP module. For an outgoing IP packet, entering IP from an upper layer, IP must decide whether to send the IP packet directly or indirectly, and IP must choose a lower network interface. These choices are made by consulting the route table. For an incoming IP packet, entering IP from a lower interface, IP must decide whether to forward the IP packet or pass it to an upper layer. If the IP packet is being forwarded, it is treated as an Socolofsky & Kale [Page 15] RFC 1180 A TCP/IP Tutorial January 1991 outgoing IP packet. When an incoming IP packet arrives it is never forwarded back out through the same network interface. These decisions are made before the IP packet is handed to the lower interface and before the ARP table is consulted. 5.4 IP Address The network manager assigns IP addresses to computers according to the IP network to which the computer is attached. One part of a 4- byte IP address is the IP network number, the other part is the IP computer number (or host number). For the computer in table 1, with an IP address of 223.1.2.1, the network number is 223.1.2 and the host number is number 1. The portion of the address that is used for network number and for host number is defined by the upper bits in the 4-byte address. All example IP addresses in this tutorial are of type class C, meaning that the upper 3 bits indicate that 21 bits are the network number and 8 bits are the host number. This allows 2,097,152 class C networks up to 254 hosts on each network. The IP address space is administered by the NIC (Network Information Center). All internets that are connected to the single world-wide Internet must use network numbers assigned by the NIC. If you are setting up your own internet and you are not intending to connect it to the Internet, you should still obtain your network numbers from the NIC. If you pick your own number, you run the risk of confusion and chaos in the eventuality that your internet is connected to another internet. 5.5 Names People refer to computers by names, not numbers. A computer called alpha might have the IP address of 223.1.2.1. For small networks, this name-to-address translation data is often kept on each computer in the "hosts" file. For larger networks, this translation data file is stored on a server and accessed across the network when needed. A few lines from that file might look like this: 223.1.2.1 alpha 223.1.2.2 beta 223.1.2.3 gamma 223.1.2.4 delta 223.1.3.2 epsilon 223.1.4.2 iota Socolofsky & Kale [Page 16] RFC 1180 A TCP/IP Tutorial January 1991 The IP address is the first column and the computer name is the second column. In most cases, you can install identical "hosts" files on all computers. You may notice that "delta" has only one entry in this file even though it has 3 IP addresses. Delta can be reached with any of its IP addresses; it does not matter which one is used. When delta receives an IP packet and looks at the destination address, it will recognize any of its own IP addresses. IP networks are also given names. If you have 3 IP networks, your "networks" file for documenting these names might look something like this: 223.1.2 development 223.1.3 accounting 223.1.4 factory The IP network number is in the first column and its name is in the second column. From this example you can see that alpha is computer number 1 on the development network, beta is computer number 2 on the development network and so on. You might also say that alpha is development.1, Beta is development.2, and so on. The above hosts file is adequate for the users, but the network manager will probably replace the line for delta with: 223.1.2.4 devnetrouter delta 223.1.3.1 facnetrouter 223.1.4.1 accnetrouter These three new lines for the hosts file give each of delta's IP addresses a meaningful name. In fact, the first IP address listed has 2 names; "delta" and "devnetrouter" are synonyms. In practice "delta" is the general-purpose name of the computer and the other 3 names are only used when administering the IP route table. These files are used by network administration commands and network applications to provide meaningful names. They are not required for operation of an internet, but they do make it easier for us. 5.6 IP Route Table How does IP know which lower network interface to use when sending out a IP packet? IP looks it up in the route table using a search key of the IP network number extracted from the IP destination Socolofsky & Kale [Page 17] RFC 1180 A TCP/IP Tutorial January 1991 address. The route table contains one row for each route. The primary columns in the route table are: IP network number, direct/indirect flag, router IP address, and interface number. This table is referred to by IP for each outgoing IP packet. On most computers the route table can be modified with the "route" command. The content of the route table is defined by the network manager, because the network manager assigns the IP addresses to the computers. 5.7 Direct Routing Details To explain how it is used, let us visit in detail the routing situations we have reviewed previously. --------- --------- | alpha | | beta | | 1 | | 1 | --------- --------- | | --------o---------------o- Ethernet 1 IP network "development" Figure 8. Close-up View of One IP Network The route table inside alpha looks like this: -------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------- |development direct <blank> 1 | -------------------------------------------------------------- TABLE 8. Example Simple Route Table This view can be seen on some UNIX systems with the "netstat -r" command. With this simple network, all computers have identical routing tables. For discussion, the table is printed again without the network number translated to its network name. Socolofsky & Kale [Page 18] RFC 1180 A TCP/IP Tutorial January 1991 -------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------- |223.1.2 direct <blank> 1 | -------------------------------------------------------------- TABLE 9. Example Simple Route Table with Numbers 5.8 Direct Scenario Alpha is sending an IP packet to beta. The IP packet is in alpha's IP module and the destination IP address is beta or 223.1.2.2. IP extracts the network portion of this IP address and scans the first column of the table looking for a match. With this network a match is found on the first entry. The other information in this entry indicates that computers on this network can be reached directly through interface number 1. An ARP table translation is done on beta's IP address then the Ethernet frame is sent directly to beta via interface number 1. If an application tries to send data to an IP address that is not on the development network, IP will be unable to find a match in the route table. IP then discards the IP packet. Some computers provide a "Network not reachable" error message. 5.9 Indirect Routing Details Now, let's take a closer look at the more complicated routing scenario that we examined previously. Socolofsky & Kale [Page 19] RFC 1180 A TCP/IP Tutorial January 1991 --------- --------- --------- | alpha | | delta | |epsilon| | 1 | |1 2 3| | 1 | --------- --------- --------- | | | | | --------o---------------o- | -o----------------o-------- Ethernet 1 | Ethernet 2 IP network "Development" | IP network "accounting" | | -------- | | iota | | | 1 | | -------- | | --o--------o-------- Ethernet 3 IP network "factory" Figure 9. Close-up View of Three IP Networks The route table inside alpha looks like this: --------------------------------------------------------------------- |network direct/indirect flag router interface number| --------------------------------------------------------------------- |development direct <blank> 1 | |accounting indirect devnetrouter 1 | |factory indirect devnetrouter 1 | --------------------------------------------------------------------- TABLE 10. Alpha Route Table For discussion the table is printed again using numbers instead of names. -------------------------------------------------------------------- |network direct/indirect flag router interface number| -------------------------------------------------------------------- |223.1.2 direct <blank> 1 | |223.1.3 indirect 223.1.2.4 1 | |223.1.4 indirect 223.1.2.4 1 | -------------------------------------------------------------------- TABLE 11. Alpha Route Table with Numbers The router in Alpha's route table is the IP address of delta's connection to the development network. Socolofsky & Kale [Page 20] RFC 1180 A TCP/IP Tutorial January 1991 5.10 Indirect Scenario Alpha is sending an IP packet to epsilon. The IP packet is in alpha's IP module and the destination IP address is epsilon (223.1.3.2). IP extracts the network portion of this IP address (223.1.3) and scans the first column of the table looking for a match. A match is found on the second entry. This entry indicates that computers on the 223.1.3 network can be reached through the IP-router devnetrouter. Alpha's IP module then does an ARP table translation for devnetrouter's IP address and sends the IP packet directly to devnetrouter through Alpha's interface number 1. The IP packet still contains the destination address of epsilon. The IP packet arrives at delta's development network interface and is passed up to delta's IP module. The destination IP address is examined and because it does not match any of delta's own IP addresses, delta decides to forward the IP packet. Delta's IP module extracts the network portion of the destination IP address (223.1.3) and scans its route table for a matching network field. Delta's route table looks like this: ---------------------------------------------------------------------- |network direct/indirect flag router interface number| ---------------------------------------------------------------------- |development direct <blank> 1 | |factory direct <blank> 3 | |accounting direct <blank> 2 | ---------------------------------------------------------------------- TABLE 12. Delta's Route Table Below is delta's table printed again, without the translation to names. ---------------------------------------------------------------------- |network direct/indirect flag router interface number| ---------------------------------------------------------------------- |223.1.2 direct <blank> 1 | |223.1.3 direct <blank> 3 | |223.1.4 direct <blank> 2 | ---------------------------------------------------------------------- TABLE 13. Delta's Route Table with Numbers The match is found on the second entry. IP then sends the IP packet directly to epsilon through interface number 3. The IP packet contains the IP destination address of epsilon and the Ethernet Socolofsky & Kale [Page 21] RFC 1180 A TCP/IP Tutorial January 1991 destination address of epsilon. The IP packet arrives at epsilon and is passed up to epsilon's IP module. The destination IP address is examined and found to match with epsilon's IP address, so the IP packet is passed to the upper protocol layer. 5.11 Routing Summary When a IP packet travels through a large internet it may go through many IP-routers before it reaches its destination. The path it takes is not determined by a central source but is a result of consulting each of the routing tables used in the journey. Each computer defines only the next hop in the journey and relies on that computer to send the IP packet on its way. 5.12 Managing the Routes Maintaining correct routing tables on all computers in a large internet is a difficult task; network configuration is being modified constantly by the network managers to meet changing needs. Mistakes in routing tables can block communication in ways that are excruciatingly tedious to diagnose. Keeping a simple network configuration goes a long way towards making a reliable internet. For instance, the most straightforward method of assigning IP networks to Ethernet is to assign a single IP network number to each Ethernet. Help is also available from certain protocols and network applications. ICMP (Internet Control Message Protocol) can report some routing problems. For small networks the route table is filled manually on each computer by the network administrator. For larger networks the network administrator automates this manual operation with a routing protocol to distribute routes throughout a network. When a computer is moved from one IP network to another, its IP address must change. When a computer is removed from an IP network its old address becomes invalid. These changes require frequent updates to the "hosts" file. This flat file can become difficult to maintain for even medium-size networks. The Domain Name System helps solve these problems. 6. User Datagram Protocol UDP is one of the two main protocols to reside on top of IP. It offers service to the user's network applications. Example network applications that use UDP are: Network File System (NFS) and Simple Socolofsky & Kale [Page 22] RFC 1180 A TCP/IP Tutorial January 1991 Network Management Protocol (SNMP). The service is little more than an interface to IP. UDP is a connectionless datagram delivery service that does not guarantee delivery. UDP does not maintain an end-to-end connection with the remote UDP module; it merely pushes the datagram out on the net and accepts incoming datagrams off the net. UDP adds two values to what is provided by IP. One is the multiplexing of information between applications based on port number. The other is a checksum to check the integrity of the data. 6.1 Ports How does a client on one computer reach the server on another? The path of communication between an application and UDP is through UDP ports. These ports are numbered, beginning with zero. An application that is offering service (the server) waits for messages to come in on a specific port dedicated to that service. The server waits patiently for any client to request service. For instance, the SNMP server, called an SNMP agent, always waits on port 161. There can be only one SNMP agent per computer because there is only one UDP port number 161. This port number is well known; it is a fixed number, an internet assigned number. If an SNMP client wants service, it sends its request to port number 161 of UDP on the destination computer. When an application sends data out through UDP it arrives at the far end as a single unit. For example, if an application does 5 writes to the UDP port, the application at the far end will do 5 reads from the UDP port. Also, the size of each write matches the size of each read. UDP preserves the message boundary defined by the application. It never joins two application messages together, or divides a single application message into parts. 6.2 Checksum An incoming IP packet with an IP header type field indicating "UDP" is passed up to the UDP module by IP. When the UDP module receives the UDP datagram from IP it examines the UDP checksum. If the checksum is zero, it means that checksum was not calculated by the sender and can be ignored. Thus the sending computer's UDP module may or may not generate checksums. If Ethernet is the only network between the 2 UDP modules communicating, then you may not need Socolofsky & Kale [Page 23] RFC 1180 A TCP/IP Tutorial January 1991 checksumming. However, it is recommended that checksum generation always be enabled because at some point in the future a route table change may send the data across less reliable media. If the checksum is valid (or zero), the destination port number is examined and if an application is bound to that port, an application message is queued for the application to read. Otherwise the UDP datagram is discarded. If the incoming UDP datagrams arrive faster than the application can read them and if the queue fills to a maximum value, UDP datagrams are discarded by UDP. UDP will continue to discard UDP datagrams until there is space in the queue. 7. Transmission Control Protocol TCP provides a different service than UDP. TCP offers a connection- oriented byte stream, instead of a connectionless datagram delivery service. TCP guarantees delivery, whereas UDP does not. TCP is used by network applications that require guaranteed delivery and cannot be bothered with doing time-outs and retransmissions. The two most typical network applications that use TCP are File Transfer Protocol (FTP) and the TELNET. Other popular TCP network applications include X-Window System, rcp (remote copy), and the r- series commands. TCP's greater capability is not without cost: it requires more CPU and network bandwidth. The internals of the TCP module are much more complicated than those in a UDP module. Similar to UDP, network applications connect to TCP ports. Well- defined port numbers are dedicated to specific applications. For instance, the TELNET server uses port number 23. The TELNET client can find the server simply by connecting to port 23 of TCP on the specified computer. When the application first starts using TCP, the TCP module on the client's computer and the TCP module on the server's computer start communicating with each other. These two end-point TCP modules contain state information that defines a virtual circuit. This virtual circuit consumes resources in both TCP end-points. The virtual circuit is full duplex; data can go in both directions simultaneously. The application writes data to the TCP port, the data traverses the network and is read by the application at the far end. TCP packetizes the byte stream at will; it does not retain the boundaries between writes. For example, if an application does 5 writes to the TCP port, the application at the far end might do 10 reads to get all the data. Or it might get all the data with a single read. There is no correlation between the number and size of Socolofsky & Kale [Page 24] RFC 1180 A TCP/IP Tutorial January 1991 writes at one end to the number and size of reads at the other end. TCP is a sliding window protocol with time-out and retransmits. Outgoing data must be acknowledged by the far-end TCP. Acknowledgements can be piggybacked on data. Both receiving ends can flow control the far end, thus preventing a buffer overrun. As with all sliding window protocols, the protocol has a window size. The window size determines the amount of data that can be transmitted before an acknowledgement is required. For TCP, this amount is not a number of TCP segments but a number of bytes. 8. Network Applications Why do both TCP and UDP exist, instead of just one or the other? They supply different services. Most applications are implemented to use only one or the other. You, the programmer, choose the protocol that best meets your needs. If you need a reliable stream delivery service, TCP might be best. If you need a datagram service, UDP might be best. If you need efficiency over long-haul circuits, TCP might be best. If you need efficiency over fast networks with short latency, UDP might be best. If your needs do not fall nicely into these categories, then the "best" choice is unclear. However, applications can make up for deficiencies in the choice. For instance if you choose UDP and you need reliability, then the application must provide reliability. If you choose TCP and you need a record oriented service, then the application must insert markers in the byte stream to delimit records. What network applications are available? There are far too many to list. The number is growing continually. Some of the applications have existed since the beginning of internet technology: TELNET and FTP. Others are relatively new: X-Windows and SNMP. The following is a brief description of the applications mentioned in this tutorial. 8.1 TELNET TELNET provides a remote login capability on TCP. The operation and appearance is similar to keyboard dialing through a telephone switch. On the command line the user types "telnet delta" and receives a login prompt from the computer called "delta". TELNET works well; it is an old application and has widespread interoperability. Implementations of TELNET usually work between different operating systems. For instance, a TELNET client may be on Socolofsky & Kale [Page 25] RFC 1180 A TCP/IP Tutorial January 1991 VAX/VMS and the server on UNIX System V. 8.2 FTP File Transfer Protocol (FTP), as old as TELNET, also uses TCP and has widespread interoperability. The operation and appearance is as if you TELNETed to the remote computer. But instead of typing your usual commands, you have to make do with a short list of commands for directory listings and the like. FTP commands allow you to copy files between computers. 8.3 rsh Remote shell (rsh or remsh) is one of an entire family of remote UNIX style commands. The UNIX copy command, cp, becomes rcp. The UNIX "who is logged in" command, who, becomes rwho. The list continues and is referred to collectively to as the "r" series commands or the "r*" (r star) commands. The r* commands mainly work between UNIX systems and are designed for interaction between trusted hosts. Little consideration is given to security, but they provide a convenient user environment. To execute the "cc file.c" command on a remote computer called delta, type "rsh delta cc file.c". To copy the "file.c" file to delta, type "rcp file.c delta:". To login to delta, type "rlogin delta", and if you administered the computers in a certain way, you will not be challenged with a password prompt. 8.4 NFS Network File System, first developed by Sun Microsystems Inc, uses UDP and is excellent for mounting UNIX file systems on multiple computers. A diskless workstation can access its server's hard disk as if the disk were local to the workstation. A single disk copy of a database on mainframe "alpha" can also be used by mainframe "beta" if the database's file system is NFS mounted on "beta". NFS adds significant load to a network and has poor utility across slow links, but the benefits are strong. The NFS client is implemented in the kernel, allowing all applications and commands to use the NFS mounted disk as if it were local disk. 8.5 SNMP Simple Network Management Protocol (SNMP) uses UDP and is designed for use by central network management stations. It is a well known fact that if given enough data, a network manager can detect and Socolofsky & Kale [Page 26] RFC 1180 A TCP/IP Tutorial January 1991 diagnose network problems. The central station uses SNMP to collect this data from other computers on the network. SNMP defines the format for the data; it is left to the central station or network manager to interpret the data. 8.6 X-Window The X Window System uses the X Window protocol on TCP to draw windows on a workstation's bitmap display. X Window is much more than a utility for drawing windows; it is entire philosophy for designing a user interface. 9. Other Information Much information about internet technology was not included in this tutorial. This section lists information that is considered the next level of detail for the reader who wishes to learn more. o administration commands: arp, route, and netstat o ARP: permanent entry, publish entry, time-out entry, spoofing o IP route table: host entry, default gateway, subnets o IP: time-to-live counter, fragmentation, ICMP o RIP, routing loops o Domain Name System 10. References [1] Comer, D., "Internetworking with TCP/IP Principles, Protocols, and Architecture", Prentice Hall, Englewood Cliffs, New Jersey, U.S.A., 1988. [2] Feinler, E., et al, DDN Protocol Handbook, Volume 2 and 3, DDN Network Information Center, SRI International, 333 Ravenswood Avenue, Room EJ291, Menlow Park, California, U.S.A., 1985. [3] Spider Systems, Ltd., "Packets and Protocols", Spider Systems Ltd., Stanwell Street, Edinburgh, U.K. EH6 5NG, 1990. 11. Relation to other RFCs This RFC is a tutorial and it does not UPDATE or OBSOLETE any other RFC. 12. Security Considerations There are security considerations within the TCP/IP protocol suite. To some people these considerations are serious problems, to others they are not; it depends on the user requirements. Socolofsky & Kale [Page 27] RFC 1180 A TCP/IP Tutorial January 1991 This tutorial does not discuss these issues, but if you want to learn more you should start with the topic of ARP-spoofing, then use the "Security Considerations" section of RFC 1122 to lead you to more information. 13. Authors' Addresses Theodore John Socolofsky Spider Systems Limited Spider Park Stanwell Street Edinburgh EH6 5NG United Kingdom Phone: from UK 031-554-9424 from USA 011-44-31-554-9424 Fax: from UK 031-554-0649 from USA 011-44-31-554-0649 EMail: TEDS@SPIDER.CO.UK Claudia Jeanne Kale 12 Gosford Place Edinburgh EH6 4BJ United Kingdom Phone: from UK 031-554-7432 from USA 011-44-31-554-7432 EMail: CLAUDIAK@SPIDER.CO.UK Socolofsky & Kale [Page 28]