11/10/2010

14. TCP/IP Protocol Suite

Contents

a. TCP/IP – Internet – OSI

b. Network level – IP protocol

c. Addressing and sub-networks

d. Other network-level protocols

e Transport level
e.

1
 11/10/2010

a. TCP/IP – Internet – OSI

b. Network level – IP protocol

2
 11/10/2010

Position of IPv4 in TCP/IP protocol suite

IPv4 datagram format

3
 11/10/2010

Service type or differentiated services

The precedence subfield was part of

version 4, but never used.

4
 11/10/2010

Types of service

Default types of service

5
 11/10/2010

Values for codepoints

The total length field defines the total

length of the datagram including the
header.

6
 11/10/2010

Encapsulation of a small datagram in an Ethernet frame

Protocol field and encapsulated data

7
 11/10/2010

Protocol values

Example 1

An IPv4 packet has arrived with the first 8 bits as shown:

01000010
Th receiver
The i di
discards
d the
th packet.
k t Why?
Wh ?
Solution
There is an error in this packet.
The 4 leftmost bits (0100) show the version, which is
correct.
The next 4 bits (0010) show an invalid header length (2
× 4 = 8). The minimum number of bytes in the header
must be 20. The packet has been corrupted in
transmission.

8
 11/10/2010

Example 2

In an IPv4 packet, the value of HLEN is 1000 in binary.

How many bytes of options are being carried by this
packet?

Solution
The HLEN value is 8, which means the total number of
bytes in the header is 8 × 4, or 32 bytes.
The first 20 bytes are the base header,
header the next 12
bytes are the options.

Example 3

In an IPv4 packet, the value of HLEN is 5, and the value

of the total length field is 0x0028. How many bytes of
data are being carried by this packet?

Solution
The HLEN value is 5, which means the total number of
bytes in the header is 5 × 4, or 20 bytes (no options)
The total length is 40 bytes,
bytes which means the packet is
carrying 20 bytes of data (40 − 20).

9
 11/10/2010

Example 4

An IPv4 packet has arrived with the first few

hexadecimal digits as shown.
0x45000028000100000102 . . .
How many hops can this packet travel before being
dropped? The data belong to what upper-layer protocol?
Solution
To find the time-to-live field, we skip 8 bytes.
The time-to-live
time to live field is the ninth byte,
byte which is 01.
01
This means the packet can travel only one hop.
The protocol field is the next byte (02), which means
that the upper-layer protocol is IGMP.

Maximum transfer unit (MTU)

10
 11/10/2010

MTUs for some networks

Flags used in fragmentation

11
 11/10/2010

Fragmentation example

Detailed fragmentation example

12
 11/10/2010

Example 5

A packet has arrived with an M bit value of 0. Is this the

first fragment, the last fragment, or a middle fragment?
D we know
Do k if the
th packet
k t was fragmented?
f t d?

Solution
If the M bit is 0, it means that there are no more
fragments; the fragment is the last one.
However, we cannot say iff the original packet was
fragmented or not.
A non-fragmented packet is considered the last
fragment.

Example 6

A packet has arrived with an M bit value of 1. Is this the

first fragment, the last fragment, or a middle fragment?
Do we know if the packet was fragmented?

Solution
If the M bit is 1, it means that there is at least one more
fragment.
This fragment can be the first one or a middle one, but
nott the
th last
l t one.
We don’t know if it is the first one or a middle one; we
need more information (the value of the fragmentation
offset).

13
 11/10/2010

Example 7
A packet has arrived with an M bit value of 1 and a
fragmentation offset value of 0. Is this the first fragment,
the last fragment, or a middle fragment?

Solution
Because the M bit is 1, it is either the first fragment or a
middle one.
Because the offset
ff value is 0, it is the first
f f
fragment.

Example 8

A packet has arrived in which the offset value is 100.

What is the number of the first byte? Do we know the
number of the last byte?

Solution
To find the number of the first byte, we multiply the offset
value by 8.
This means that the first
f byte number is 800.
We cannot determine the number of the last byte unless
we know the length.

14
 11/10/2010

Example 9

A packet has arrived in which the offset value is 100, the

value of HLEN is 5, and the value of the total length field
is 100. What are the numbers of the first byte and the
last byte?

Solution
The first byte number is 100 × 8 = 800.
The total length is 100 bytes, and the header length is
20 bbytes (5 × 4),
4) which
hi h means that
h there
h are 80 b
bytes iin
this datagram.
If the first byte number is 800, the last byte number
must be 879.

c. Addressing and sub-networks

15
 11/10/2010

Note

An IPv4 address is 32 bits long.

Note

The IPv4 addresses are unique

and universal.

16
 11/10/2010

Dotted-decimal notation and binary notation for

an IPv4 address

Numbering systems are reviewed in

Appendix B.

17
 11/10/2010

Example 1

Change the following IPv4 addresses from binary

notation to dotted-decimal notation.

Solution
We replace each group of 8 bits with its equivalent
decimal number ((see Appendix
pp B)) and add dots for
separation.

Example 2
Change the following IPv4 addresses from dotted-
decimal notation to binary notation.

Solution
We replace each decimal number with its binary
equivalent

18
 11/10/2010

Example 3
Find the error, if any, in the following IPv4 addresses.

Solution
a. There must be no leading zero (045).
b. There can be no more than four numbers.
c. Each number needs to be less than or equal to 255.
d. A mixture of binary notation and dotted-decimal
notation is not allowed.

In classful addressing, the address

space is divided into five classes:
A, B, C, D, and E.

19
 11/10/2010

Finding the classes in binary and dotted-

decimal notation

Example 4
Find the class of each address.
a. 00000001 00001011 00001011 11101111
b. 11000001 10000011 00011011 11111111
c. 14.23.120.8
d. 252.5.15.111

Solution
a. The first bit is 0. This is a class A address.
b Th
b. The fi
firstt 2 bits
bit are 1;
1 th
the thi
third
d bit iis 0
0. Thi
This iis a class
l C
address.
c. The first byte is 14; the class is A.
d. The first byte is 252; the class is E.

20
 11/10/2010

Number of blocks and block size in classful

IPv4 addressing

In classful addressing, a large part of the

available addresses were wasted.

21
 11/10/2010

Default masks for classful addressing

Classful addressing, which is almost

obsolete, is replaced with classless
addressing.

22
 11/10/2010

Example 5

The following figure shows a block of addresses, in both

binary and dotted-decimal notation, granted to a small
business that needs 16 addresses.

We can see that the restrictions are applied to this block.

The addresses are contiguous.
The number of addresses is a power of 2 (16 = 24), and
the first address is divisible by 16.
The first address,
address when converted to a decimal number,
number
is 3,440,387,360, which when divided by 16 results in
215,024,210.

A block of 16 addresses granted to a small organization

23
 11/10/2010

In IPv4 addressing, a block of

addresses can be defined as
x.y.z.t /n
in which x.y.z.t
x y z t defines one of the
addresses and the /n defines the mask.

The first address in the block can be

found by setting the rightmost
32 − n bits to 0s.

24
 11/10/2010

Example 6

A block of addresses is granted to a small organization.

We know that one of the addresses is 205.16.37.39/28.
What is the first address in the block?

Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32−28 rightmost bits to 0, we get
11001101 00010000 00100101 0010000
or
205.16.37.32.
This is actually the block shown in figure.

The last address in the block can be

found by setting the rightmost
32 − n bits to 1s.

25
 11/10/2010

Example 7
Find the last address for the block in Example 19.6.

Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32 − 28 rightmost bits to 1, we get
11001101 00010000 00100101 00101111
or
205.16.37.47
This is actually the block shown in figure.

Configuration and addresses in a subnetted network

26
 11/10/2010

Three-level hierarchy in an IPv4 address

Example

An ISP is granted a block of addresses starting with

190.100.0.0/16 (65,536 addresses). The ISP needs to
distribute these addresses to 3 groups of customers
as follows:
a. The first group has 64 customers; each needs 256
addresses.
b. The second group has 128 customers; each needs
128 addresses.
c. The third g
group
p has 128 customers;; each needs 64
addresses.
Design the subblocks and find out how many addresses
are still available after these allocations.

27
 11/10/2010

Example
Solution
Figure shows the situation.

Group 1
For this group, each customer needs 256 addresses.
This means that 8 (log2 256) bits are needed to define
each host. The prefix length is then 32 − 8 = 24. The
addresses are

Example

Group 2
For this group, each customer needs 128 addresses.
Thi means that
This th t 7 (log2
(l 2 128) bits
bit are needed
d d to
t define
d fi
each host. The prefix length is then 32 − 7 = 25. The
addresses are

28
 11/10/2010

Example
Group 3
For this group, each customer needs 64 addresses. This
means that 6 (log264) bits are needed to each host. The
prefix length is then 32 − 6 = 26.
26 The addresses are:

Number of granted addresses to the ISP: 65,536

Number of allocated addresses by the ISP: 40,960
Number of available addresses: 24,576

An example of address allocation and distribution by an ISP

29
 11/10/2010

T bl Addresses
Table. Add for
f private
i t networks
t k

A NAT implementation

30
 11/10/2010

Addresses in a NAT

NAT address translation

31
 11/10/2010

Table. Five-column translation table

d. Other network-level protocols

32
 11/10/2010

Position of UDP, TCP, and SCTP in TCP/IP suite

ARP and RARP

33
 11/10/2010

ARP operation

ARP packet

34
 11/10/2010

Encapsulation of ARP packet

Four cases using ARP

35
 11/10/2010

Example
A host with IP address 130.23.43.20 and physical
address B2:34:55:10:22:10 has a packet to send to
another host with IP address 130.23.43.25 and physical
address A4:6E:F4:59:83:AB. The two hosts are on the
same Ethernet network. Show the ARP request and reply
packets encapsulated in Ethernet frames.

Solution
The following figure shows the ARP request and reply
packets. Note that the ARP data field in this case is 28
bytes, and that the individual addresses do not fit in the
4-byte boundary. That is why we do not show the regular
4-byte boundaries for these addresses.

Example. An ARP request and reply

36
 11/10/2010

Proxy ARP

RARP operation

37
 11/10/2010

RARP packet

Encapsulation of RARP packet

38
 11/10/2010

BOOTP client and server on the same and different networks

General format of ICMP messages

39
 11/10/2010

Error-reporting messages

Redirection concept

40
 11/10/2010

Query messages

IGMP message types

41
 11/10/2010

IGMP message format

IGMP type field

42
 11/10/2010

IGMP operation

Example
Imagine there are three hosts in a network, as shown in
the following figure.
A query message was received at time 0; the random
delay time (in tenths of seconds) for each group is
shown next to the group address.
Show the sequence of report messages.

Solution
The events occur in this sequence:
a. Time 12: The timer for 228.42.0.0 in host A expires,
and a membership report is sent, which is received
by the router and every host including host B which
cancels its timer for 228.42.0.0.

43
 11/10/2010

Example
b. Time 30: The timer for 225.14.0.0 in host A expires,
and a membership report is sent which is received by
the router and every host including host C which
cancels
l itits ti
timer ffor 225
225.14.0.0.
14 0 0

c. Time 50: The timer for 238.71.0.0 in host B expires,

and a membership report is sent, which is received
by the router and every host.

d. Time 70: The timer for 230.43.0.0 in host C expires,

and a membership report is sent, which is received
by the router and every host including host A which
cancels its timer for 230.43.0.0.

Example

44
 11/10/2010

e. Transport level

The transport layer is responsible for

process-to-process delivery.

45
 11/10/2010

Types of data deliveries

Port numbers

46
 11/10/2010

IP addresses versus port numbers

IANA ranges

47
 11/10/2010

Socket address

Multiplexing and demultiplexing

48
 11/10/2010

Error control

Position of UDP, TCP, and SCTP in TCP/IP suite

49
 11/10/2010

Well-known ports used with UDP

User datagram format

50
 11/10/2010

UDP length
= IP length – IP header’s length

Pseudoheader for checksum calculation

51
 11/10/2010

Well-known ports used by TCP

Stream delivery

52
 11/10/2010

Sending and receiving buffers

TCP segments

53
 11/10/2010

The bytes of data being transferred in

each connection are numbered by TCP.
The numbering starts with a randomly
generated number
number.

Example
The following shows the sequence number for each
segment:

54
 11/10/2010

TCP segment format

Control field

55
 11/10/2010

Description of flags in the control field

Connection establishment using three-way handshaking

56
 11/10/2010

A SYN segment cannot carry data, but it

consumes one sequence number.

A SYN + ACK segment cannot

carry data, but does consume one
sequence number.

57
 11/10/2010

An ACK segment, if carrying no data,

consumes no sequence number.

Data transfer

58
 11/10/2010

Connection termination using three-way handshaking

Half-close

59
 11/10/2010

Normal operation

Lost segment

60
 11/10/2010

Fast retransmission

SCTP

Stream Control Transmission Protocol (SCTP) is a

new reliable,, message-oriented
g transport
p layer
y
protocol.

SCTP, however, is mostly designed for Internet

applications that have recently been introduced.

These new applications need a more sophisticated

service than TCP can provide.

61
 11/10/2010

SCTP is a message-oriented, reliable

protocol that combines the best features
of UDP and TCP.

Some SCTP applications

62