Introduction

1.1 Introduction

The TCP/IP protocol suite allows computers of all sizes, from many different computer
vendors, running totally different operating systems, to communicate with each other. It is
quite amazing because its use has far exceeded its original estimates. What•started in the late
1960s as a government-financed research project into packet switching networks has, in the
1990s, turned into the most widely used form of networking between computers. It is truly
an open system in that the definition of the protocol suite and many of its implementations are
publicly available at little or no charge. It forms the basis for what is called the worldwide
Internet, or the Internet, a wide area network (WAN) of more than one million computers that
literally spans the globe.
This chapter provides an overview of the TCP/IP protocol suite, to establish an ade -
quate background for the remaining chapters. For a historical perspective on the early
development of TCP/IP see [Lynch 1993].

1.2 Layering

Networking protocols are normally developed in layers, with each layer responsible for a
different facet of the communications. A protocol suite, such as TCP/IP, is the combination of
different protocols at various layers. TCP/IP is normally considered, to be a 4-layer system,
as shown in Figure 1.1.
 2 Introduction
Chapter 1

Application Telnet, FTP, e-mail,

Transport etc. TCP, UDP

Network IP, ICMP, IGMP

Link
device driver and interface card

Figure 1.1 The four layers of the TCP/IP protocol suite.

Each layer has a different responsibility.

1. The link layer, sometimes called the data-link layer or network interface layer, normally
includes the device driver in the operating system and the corresponding network interface
card in the computer. Together they handle all the hardware details of physically
interfacing with the cable (or whatever type of media is being used).

2. The network layer (sometimes called the internet layer) handles the movement of packets
around the network. Routing of packets, for example, takes place here. IP (Internet
Protocol), ICMP (Internet Control Message Protocol), and IGMP (Internet Group
Management Protocol) provide the network layer in the TCP/IP protocol suite.

3. The transport layer provides a flow of data between two hosts, for the application layer
above. In the TCP/IP protocol suite there are two vastly different transport protocols: TCP
(Transmission Control Protocol) and UDP (User Datagram Protocol).

TCP provides a reliable flow of data between two hosts. It is concerned with things such as
dividing the data passed to it from the application into appropriately sized chunks for the
network layer below, acknowledging received packets, setting timeouts to make certain the
other end acknowledges packets that are sent, and so on. Because this reliable flow of data is
provided by the transport layer, the application layer can ignore all these details.

UDP, on the other hand, provides a much simpler service to the application layer. It just sends
packets of data called datagrams from one host to the other, but there is no guarantee that the
datagrams reach the other end. Any desired reliability must be added by the application layer.

There is a use for each type of transport protocol, which we'll see when we look at the different
applications that use TCP and UDP
Section 3.2 Layering 3

4. The application layer handles the details of the particular application. There are
many common TCP/IP applications that almost every implementation provides:

Telnet for remote login,

FTP, the File Transfer Protocol,

SMTP, the Simple Mail Transfer protocol, for electronic

and many more,
mail, sometheofSimple
SNMP, which we cover Management
Network in later chapters.
Protocol,
If we have two hosts on a local area network (LAN) such as an Ethernet, both run-
ning FTP, Figure 1.2 shows the protocols involved.

handles
user application
processes details

Figure 1.2 Two hosts on a LAN running FTP.

We have labeled one application box the FTP client and the other the FTP server.
Most network applications are designed so that one end is the client and the other side the
server. The server provides some type of service to clients, in this case access to files on
the server host. In the remote login application, Telnet, the service provided to the client
is the ability to login to the server's host.
Each layer has one or more protocols for communicating with its peer at the same
layer. One protocol, for example, allows the two TCP layers to communicate, and another
protocol lets the two IP layers communicate.
On the right side of Figure 1.2 we have noted that normally the application layer is a
user process while the lower three layers are usually implemented in the kernel (the
operating system). Although this isn't a requirement, it's typical and this is the way it's
done under Unix.
4 Introduction Chapter 1

There is another critical difference between the top layer in Figure 1.2 and the lower
three layers. The application layer is concerned with the details of the application and not
with the movement of data across the network. The lower three layers know nothing
about the application but handle all the communication details.
We show four protocols in Figure 1.2, each at a different layer. FTP is an application
layer protocol, TCP is a transport layer protocol, IP is a network layer protocol, and the
Ethernet protocols operate at the link layer. The TCP/IP protocol suite is a combination of
many protocols. Although the commonly used name for the entire protocol suite is
TCP/IP, TCP and IP are only two of the protocols. (An alternative name is the Internet
Protocol Suite.)
The purpose of the network interface layer and the application layer are obvious-the
former handles the details of the communication media (Ethernet, token ring, etc.) while
the latter handles one specific user application (FTP, Telnet, etc.). But on first glance the
difference between the network layer and the transport layer is somewhat hazy. Why is
there a distinction between the two? To understand the reason, we have to expand our
perspective from a single network to a collection of networks.
One of the reasons for the phenomenal growth in networking during the 1980s was
the realization that an island consisting of a stand-alone computer made little sense. A
few stand-alone systems were collected together into a network. While this was progress,
during the 1990s we have come to realize that this new, bigger island consisting of a
single network doesn't make sense either. People are combining multiple networks
together into an internetwork, or an internet. An internet is a collection of networks that
all use the same protocol suite.
The easiest way to build an internet is to connect two or more networks with a
router. This is often a special-purpose hardware box for connecting networks. The nice
thing about routers is that they provide connections to many different types of physical
networks: Ethernet, token ring, point-to-point links, FDDI (Fiber Distributed Data Inter-
face), and so on.
These boxes are also called II' routers, but we'll use the term
router.
Historically these boxes were called gateways, and this term is used throughout much of the
TCP/IP literature. Today the term gateway is used for an application gateway: a process that
connects two different protocol suites (say, TCP/IP and IBM's SNA) for one particular
application (often electronic mail or file transfer).

Figure 1.3 shows an internet consisting of two networks: an Ethernet and a token
ring, connected with a router. Although we show only two hosts communicating, with the
router connecting the two networks, any host on the Ethernet can communicate with any
host on the token ring.
In Figure 1.3 we can differentiate between an end system (the two hosts on either
side) and an intermediate system (the router in the middle). The application layer and the
transport layer use end-to-end protocols. In our picture these two layers are needed only
on the end systems. The network layer, however, provides a hop-by-hop protocol and is
used on the two end systems and every intermediate system.
 Section 1.2 Layering
5

____,

i IP
i
i
_Ethernet
protocol ' I driver I I driver 17

Figure 1.3 Two networks connected with a router.

In the TCP/IP protocol suite the network layer, IP, provides an unreliable service. That
is, it does its best job of moving a packet from its source to its final destination, but there are
no guarantees. TCP, on the other hand, provides a reliable transport layer using the unreliable
service of IP. To provide this service, TCP performs timeout and retransmission, sends and
receives end-to-end acknowledgments, and so on. The transport layer and the network layer
have distinct responsibilities.
A router, by definition, has two or more network interface layers (since it connects two
or more networks). Any system with multiple interfaces is called multihomed. A host can also
be multihomed but unless it specifically forwards packets from one interface to another, it is
not called a router. Also, routers need not be special hardware boxes that only move packets
around an internet. Most TCP/IP implementations allow a multihomed host to act as a router
also, but the host needs to be specifically configured for this to happen. In this case we can
call the system either a host (when an application such as FTP or Telnet is being used) or a
router (when it's forwarding packets from one network to another). We'll use whichever term
makes sense given the context.
One of the goals of an internet is to hide all the details of the physical layout of the
internet from the applications. Although this isn't obvious from our two-network inter net in
Figure 1.3, the application layers can't care (and don't care) that one host is on an Ethernet,
the other on a token ring, with a router between. There could be 20 routers between, with
additional types of physical interconnections, and the applications would run the same. This
hiding of the details is what makes the concept of an internet so powerful and useful.
6 Introduction Chapter 6

Another way to connect networks is with a bridge. These connect networks at the
link layer, while routers connect networks at the network layer. Bridges makes multiple
LANs appear to the upper layers as a single LAN.
TCP/IP internets tend to be built using routers instead of bridges, so we'll focus on
routers. Chapter 12 of [Perlman 1992] compares routers and bridges.

1.3 TCP/IP Layering

There are more protocols in the TCP/IP protocol suite. Figure 1.4 shows some of the
additional protocols that we talk about in this text.

media
Figure 1.4 Various protocols at the different layers in the TCP/IP protocol suite.

TCP and UDP are the two predominant transport layer protocols. Both use IP as the
network layer.
TCP provides a reliable transport layer, even though the service it uses (IP) is unreli-
able. Chapters 17 through 22 provide a detailed look at the operation of TCP We then
look at some TCP applications: Telnet and Rlogin in Chapter 26, FTP in Chapter 27, and
SMTP in Chapter 28. The applications are normally user processes.
 Section 7.4 Internet Addresses
7

UDP sends and receives datagrams for applications. A datagram is a unit of infor-
mation (i.e., a certain number of bytes of information that is specified by the sender) that
travels from the sender to the receiver. Unlike TCP, however, UDP is unreliable. There is
no guarantee that the datagram ever gets to its final destination. Chapter 11 looks at
UDP, and then Chapter 14 (the Domain Name System), Chapter 15 (the Trivial File
Transfer Protocol), and Chapter 16 (the Bootstrap Protocol) look at some applications
that use UDP SNMP (the Simple Network Management Protocol) also uses UDP, but
since it deals with many of the other protocols, we save a discussion of it until Chapter
25.
IP is the main protocol at the network layer. It is used by both TCP and UDP Every piece
of TCP and UDP data that gets transferred around an internet goes through the IP layer at both
end systems and at every intermediate router. In Figure 1.4 we also show an application
accessing IP directly. This is rare, but possible. (Some older routing protocols were
implemented this way. Also, it is possible to experiment with new transport layer protocols
using this feature.) Chapter 3 looks at IP, but we save some of the details for later chapters
where their discussion makes more sense. Chapters 9 and 10 look at how IP performs routing.
ICMP is an adjunct to IP It is used by the IP layer to exchange error messages and other
vital information with the IP layer in another host or router. Chapter 6 looks at ICMP in more
detail. Although ICMP is used primarily by IP, it is possible for an application to also access it.
Indeed we'll see that two popular diagnostic tools, Ping and Traceroute (Chapters 7 and 8), both
use ICMP
IGMP is the Internet Group Management Protocol. It is used with multicasting: sending a
UDP datagram to multiple hosts. We describe the general properties of broadcasting (sending 'a
UDP datagram to every host on a specified network) and multicasting in Chapter 12, and then
describe IGMP itself in Chapter 13.
ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) are
specialized protocols used only with certain types of network interfaces (such as Ethernet and
token ring) to convert between the addresses used by the IP layer and the addresses used by the
network interface. We examine these protocols in Chapters 4 and 5, respectively.

1.4 Internet Addresses

Every interface on an internet must have a unique Internet address (also called an IP address).
These addresses are 32-bit numbers. Instead of using a flat address space such as 1, 2, 3, and so
on, there is a structure to Internet addresses. Figure 1.5 shows the five different classes of
Internet addresses.
These 32-bit addresses are normally written as four decimal numbers, one for each byte of
the address. This is called dotted-decimal notation. For example, the class B address of the
author's primary system is 140.252.13.33.
The easiest way to differentiate between the different classes of addresses is to look at the
first number of a dotted-decimal address. Figure 1.6 shows the different classes, with the first
number in boldface.
 Section 1.8 Internet Addresses
7

UDP sends and receives datagrams for applications. A datagram is a unit of infor-
mation (i.e., a certain number of bytes of information that is specified by the sender) that
travels from the sender to the receiver. Unlike TCP, however, UDP is unreliable. There is
no guarantee that the datagram ever gets to its final destination. Chapter 11 looks at UDP,
and then Chapter 14 (the Domain Name System), Chapter 15 (the Trivial File Transfer
Protocol), and Chapter 16 (the Bootstrap Protocol) look at some applications that use
UDP. SNMP (the Simple Network Management Protocol) also uses UDP, but since it
deals with many of the other protocols, we save a discussion of it until Chapter 25.
IP is the main protocol at the network layer. It is used by both TCP and UDP Every
piece of TCP and UDP data that gets transferred around an internet goes through the IP
layer at both end systems and at every intermediate router. In Figure 1.4 we also show an
application accessing IP directly. This is rare, but possible. (Some older routing protocols
were implemented this way. Also, it is possible to experiment with new transport layer
protocols using this feature.) Chapter 3 looks at IP, but we save some of the details for
later chapters where their discussion makes more sense. Chapters 9 and 10 look at how IP
performs routing.
ICMP is an adjunct to IP It is used by the IP layer to exchange error messages and
other vital information with the IP layer in another host or router. Chapter 6 looks at
ICMP in more detail. Although ICMP is used primarily by IP, it is possible for an appli-
cation to also access it. Indeed we'll see that two popular diagnostic tools, Ping and
Traceroute (Chapters 7 and 8), both use ICMP
IGMP is the Internet Group Management Protocol. It is used with multicasting: sending a
UDP datagram to multiple hosts. We describe the general properties of broadcasting (sending a
UDP datagram to every host on a specified network) and multicasting in Chapter 12, and then
describe IGMP itself in Chapter 13.
ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) are
specialized protocols used only with certain types of network interfaces (such as Ethernet and
token ring) to convert between the addresses used by the IP layer and the addresses used by the
network interface. We examine these protocols in Chapters 4 and 5, respectively.

1.4 Internet Addresses

Every interface on an internet must have a unique Internet address (also called an IP address).
These addresses are 32-bit numbers. Instead of using a flat address space such as 1, 2, 3, and so
on, there is a structure to Internet addresses. Figure 1.5 shows the five different classes of
Internet addresses.
These 32-bit addresses are normally written as four decimal numbers, one for each byte of
the address. This is called dotted-decimal notation. For example, the class B address of the
author's primary system is 140.252.13.33.
The easiest way to differentiate between the different classes of addresses is to look at the
first number of a dotted-decimal address. Figure 1.6 shows the different classes, with the first
number in boldface.
6 Introduction Chapter 1

Another way to connect networks is with a bridge. These connect networks at the link
layer, while routers connect networks at the network layer. Bridges makes multiple LANs
appear to the upper layers as a single LAN.
TCP/IP internets tend to be built using routers instead of bridges, so we'll focus on
routers. Chapter 12 of [Perlman 1992] compares routers and bridges.

1.3 TCP/IP Layering

There are more protocols in the TCP/IP protocol suite. Figure 1.4 shows some of the
additional protocols that we talk about in this text.

media
Figure 1.4 Various protocols at the different layers in the TCP/IP protocol suite. i

TCP and UDP are the two predominant transport layer protocols. Both use IP as the
network layer.
TCP provides a reliable transport layer, even though the service it uses (IP) is unreli -
able. Chapters 17 through 22 provide a detailed look at the operation of TCP We then
look at some TCP applications: Telnet and Rlogin in Chapter 26, FTP in Chapter 27, and
SMTP in Chapter 28. The applications are normally user processes.
pter 1 Section 1.4 Internet Addresses 10

t the UDP sends and receives datagrams for applications. A datagram is a unit of infor-
ltiple mation (i.e., a certain number of bytes of information that is specified by the sender) that
travels from the sender to the receiver. Unlike TCP, however, UDP is unreliable. There is
.is on no guarantee that the datagram ever gets to its final destination. Chapter. 11 looks at UDP,
and then Chapter 14 (the Domain Name System), Chapter 15 (the Trivial File Transfer
Protocol), and Chapter 16 (the Bootstrap Protocol) look at some applications that use
UDP SNMP (the Simple Network Management Protocol) also uses UDP, but since it
deals with many of the other protocols, we save a discussion of it until Chapter 25.
IP is the main protocol at the network layer. It is used by both TCP and UDP Every
f the piece of TCP and UDP data that gets transferred around an internet goes through the IP
layer at both end systems and at every intermediate router. In Figure 1.4 we also show an
application accessing IP directly. This is rare, but possible. (Some older routing protocols
were implemented this way. Also, it is possible to experiment with new transport layer
protocols using this feature.) Chapter 3 looks at IP, but we save some of the details for
later chapters where their discussion makes more sense. Chapters 9 and 10 look at how IP
performs routing.
ICMP is an adjunct to IP It is used by the IP layer to exchange error messages and
other vital information with the IP layer in another host or router. Chapter 6 looks at
ICMP in more detail. Although ICMP is used primarily by IP, it is possible for an appli-
cation to also access it. Indeed we'll see that two popular diagnostic tools, Ping and
Traceroute (Chapters 7 and 8), both use ICMP.
IGMP is the Internet Group Management Protocol. It is used with multicasting:
sending a UDP datagram to multiple hosts. We describe the general properties of
broadcasting (sending a UDP datagram to every host on a specified network) and
multicasting in Chapter 12, and then describe IGMP itself in Chapter 13.
ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution
Protocol) are specialized protocols used only with certain types of network interfaces
(such as Ethernet and token ring) to convert between the addresses used by the IP layer
and the addresses used by the network interface. We examine these protocols in Chapters
4 and 5, respectively.

1.4 Internet Addresses

Every interface on an internet must have a unique Internet address (also called an IP
address). These addresses are 32-bit numbers. Instead of using a flat address space such as
1, 2, 3, and so on, there is a structure to Internet addresses. Figure 1.5 shows the five
different classes of Internet addresses.
fP as These 32-bit addresses are normally written as four decimal numbers, one for each
byte of the address. This is called dotted-decimal notation. For example, the class B address
ireli- of the author's primary system is 140.252.13.33.
then The easiest way to differentiate between the different classes of addresses is to look
and at the first number of a dotted-decimal address. Figure 1.6 shows the different classes,
with the first number in boldface.
 Chapter 1 Se

7 bits 24 bits
Class A 0 netid hostid
Section 1.6 Encapsulation
14 bits 16 bits
9
Class B 1 0 netid hostid
In Section 3.4 we'll extend our description of IP addresses to include subnetting, after
21 bits
describing IP routing. Figure 3.9 shows the special case IP8 addresses:
bits host IDs and network
ClassIDs
C of 1all 1zero
0 bits or all one bits.
netid hostid

28 bits

Class D 1
1.51 The Domain Name
10
System
multicast group ID

Although the network interfaces on a host, 27 bits

and therefore the host itself, are known by IP
addresses,
Class E 1 1 humans
11 work
0 best using the name of a host.
(reserved for future use) In the TCP/IP world the Domain Name
System (DNS) is a distributed database that provides the mapping between IP addresses and
hostnames. Chapter 14 looks into the DNS in detail.
Figure 1.5 The five different classes of Internet addresses.
For now we must be aware that any application can call a standard library function to
look up the IP address (or addresses) corresponding to a given hostname. Similarly a
function is provided
Class to do the reverse
Range lookup-given an IP address, look up the corre sponding
hostname. A 0.0.0.0 to 127.255.255.255
Most applications
B that take
128.0.0.0 a hostname as an argument also take an IP address. When
to 191.255.255.255
C 192.0.0.0 to 223.255.255.255
we use the Telnet client in Chapter 4, for example, one time we specify a host name and
D 224.0.0.0 to 239.255.255.255
another time we specify
E
an IP address.
240.0.0.0 to 247.255.255.255

1.6 Encapsulation
Figure 1.6 Ranges for different classes of IP addresses.

It is worth reiterating
When anthat a multihomed
application sends data host using
will have TCP, multiple
the dataIPisaddresses:
sent downone theperprotocol stack, through
interface.
Since every interface on an internet must have a unique IP address, there must layer
each layer, until it is sent as a stream of bits across the network. Each be . adds information
to the data by prepending headers (and sometimes
one central authority for allocating these addresses for networks connected to the adding trailer information) to the data that
it receives. Figure 1.7 shows this process. The
worldwide Internet. That authority is the Internet Network Information Center, called theunit of data that TCP sends to IP is called a
TCP segment. The unit of data that IP sends to
InterNIC. The InterNIC assigns only network IDs. The assignment of host IDs is up to the network interface is called an IP datagram.
The stream
the system administrator. of bits that flows across the Ethernet is called a frame.
The numbers at the bottom of the headers and trailer of the Ethernet frame in Fig ure 1.7
are the typical
Registration services sizes
for the of the (IP
Internet headers
addresses in and
bytes.
DNS We'll
domain have
names)more
used totobesay about each of these
handled
headers
by the NIC,inat later sections.
nic. ddn. mil. On April 1, 1993, the InterNIC was created. Now the NIC handles
these requests only forproperty
A physical the D e f e n sof an
e D a t aEthernet (DDN). is
N e t w o r k frame Allthat
otherthe
Internet
sizeusers
of itsnow use must
data the be between 46
InterNIC registration services, at
and 1500 bytes. We'll encounter this minimum in Section 4.5 and we cover the maximum in
rs. internic. net.

There
Sectionare actually
2.8. three parts to the InterNIC: registration services (rs.internic . net),
directory and database services (ds.internic .net), and information services (is. i n t e r n i c .
net). See Exercise 1.8 for additional information on the InterNIC.
All the Internet standards and most books on TCP/IP use the term octet instead of byte. The use of this cute, but
There are threeterm
baroque types of IP addresses:
is historical, since much unicast (destined
of the early work on for a single
TCP/IP was donehost), broadcast
on systems such as the DEC-10, which
(destined for did
all not
hosts
use on
8-bita bytes.
givenSince
network), and midticast
almost every (destined
current computer foruses
system a set
8-bitofbytes,
hostswe'll
thatuse the term byte in this
belong to a multicast
text. group). Chapters 12 and 13 look at broadcasting and multicasting
in more detail.
To be completely accurate in Figure 1.7 we should say that the unit of data passed between IP and the network
interface is a packet. This packet can be either an IP datagram or a fragment of an IP datagram. We discuss
fragmentation in detail in Section 11.5.

We could draw a nearly identical picture for UDP data. The only changes are that the unit
of information that UDP passes to IP is called a UDP datagram, and the size of the UDP
header is 8 bytes.